#!/bin/sh
#
# clement	This shell script takes care of starting and stopping
#		clement daemon.
#
# chkconfig:  - 92 10
#
# description: 'clement' is a daemon to catch SMTP request
#	        Check for viruses and spam then request
#		advices from remote Mentor to give a
#		final acceptance/rebutal E-mail while
#		remote SMTP client is still on-line.
# processname:  clement
	       
# real time.
# Source function library.

[ -f  /etc/rc.d/init.d/functions ] && . /etc/rc.d/init.d/functions

#takin care of mentor2 specific.
PROG=clement
PLOCK=/var/lock/subsys
DST_CRON_SCRIPT=/etc/cron.d/mail

[ -f /etc/sysconfig/$PROG ] && . /etc/sysconfig/$PROG

#----------------------------------------------------------------------
#Detecting local SMTP daemon and adding 127.0.0.25 listening port
#----------------------------------------------------------------------
do_addmail()

{
for mailer in "exim" "postfix" "sendmail" ; do
  case "$mailer" in
    "sendmail" ) 	#adding at the end
       if [ -f /etc/mail/$mailer.cf ] ; then 
         cat /etc/$APPNAME-$VERS/$mailer.cf >> /etc/mail/$mailer.cf
	 fi
       ;;

    "postfix"  )	#adding at the end
       if [ -f /etc/postfix/master.cf ] ; then 
         cat /etc/$APPNAME-$VERS/$mailer.cf >> /etc/postfix/master.cf
	 fi
       ;;

    "exim"     )	#adding at the begining
       if [ -f /etc/$mailer.conf ] ; then 
         cat /etc/$APPNAME-$VERS/$mailer.cf \
	     /etc/$mailer.conf > /etc/$mailer.conf.$$
	 mv -f /etc/$mailer.conf.$$ /etc/$mailer.conf
	 fi
       ;;
    esac
  if [ -f $PLOCK/$mailer ] ; then	
    service $mailer restart
    fi
  done

}
#----------------------------------------------------------------------
#creating clement local certificat
#----------------------------------------------------------------------
do_mkcert()

{
	if [ ! -f /etc/pki/$APPNAME-$VERS/$PROG.pem ] ; then
	  echo -n $"Preparing $PROG certificat: "
	  /usr/lib/$APPNAME-$VERS/support/dummy-cert \
		 /etc/pki/$APPNAME-$VERS/$PROG.pem
	  chown $APPNAME.$APPNAME /etc/pki/$APPNAME-$VERS/$PROG.pem
	  success $"certs generation"
	  echo
          fi
}
#----------------------------------------------------------------------
#setting local clement configuration
#----------------------------------------------------------------------
do_mkconf()

{
	if [ ! -f /etc/$APPNAME-$VERS/config.done ] ; then
	  do_addmail ;
	  echo -n $"Preparing $PROG config: "
	  /usr/lib/$APPNAME-$VERS/support/addconf.sh
	  date > /etc/$APPNAME-$VERS/config.done
	  success $"conf addition"
	  echo
	  if [ -f $PLOCK/httpd ] ; then
	    service httpd restart
	    fi
	  fi

}
#----------------------------------------------------------------------
#procedure to check if freshclam is up and running
#----------------------------------------------------------------------
chk_freshclam()

{
if [ ! -f $PLOCK/freshclam ] ; then
  echo -n $"freshclam daemon NOT up and running (please check this)" 
  warning $"Start freshclam"
  echo
fi
}
#----------------------------------------------------------------------
#procedure to update iptable according information
#available within /etc/$APPNAME-$VERS/iptables.conf
#----------------------------------------------------------------------
do_ipt()

{
list=`grep ^IPT /etc/$APPNAME-$VERS/iptables.conf | cut -d'=' -f2`
if [ ! -z "$list" ] ; then
  case "$1" in
    "start")
       /sbin/iptables -N clement
       /sbin/iptables -N clement -t nat
       ;;
    "stop")
       /sbin/iptables -F clement -t nat
       /sbin/iptables -F clement
       ;;
    esac
  for ENT in $list
    do
    iface=`echo $ENT | cut  -d',' -f1`;
    host=`echo $ENT | cut  -d',' -f2`;
    eport=`echo $ENT | cut -d',' -f3`;
    iport=`echo $ENT | cut -d',' -f4`;
    if [ "$host" = "*" ] ; then
      DESTIN="--to :$iport"
    else
      DESTIN="--to $host:$iport -d $host"
    fi
    case "$1" in
      "start")
         /sbin/iptables -I clement -i $iface -p tcp --dport $iport -j ACCEPT
         /sbin/iptables -I clement -i $iface -p tcp --dport $eport \
		        -j DNAT -t nat $DESTIN
         ;;
      "stop")
        ;;
      esac
    done
  if [ ! -z "$iface" ] ; then
    case "$1" in
      "start")
         /sbin/iptables -I INPUT -j clement
         /sbin/iptables -I PREROUTING -j clement -t nat
         ;;
      "stop")
         /sbin/iptables -D PREROUTING -j clement -t nat
         /sbin/iptables -D INPUT -j clement
         /sbin/iptables -X clement -t nat
         /sbin/iptables -X clement
         ;;
      esac
    fi
  fi
}
#----------------------------------------------------------------------
#Script main part 
#----------------------------------------------------------------------
start()
{
	do_mkcert;
	do_mkconf;
	chk_freshclam;
	do_ipt start;
	echo -n $"Starting $PROG:"
	$PROG $OPTIONS && success || failure
	RETVAL=$?
        [ "$RETVAL" = 0 ] && touch /var/lock/subsys/$PROG
        echo
}

stop()

{
	if [ -f /var/lock/$APPNAME-$VERS/$PROG-lock ] ; then
    	  echo -n $"Stopping $PROG:"
	  do_ipt stop
          kill -TERM `cat /var/lock/$APPNAME-$VERS/$PROG-lock`
          RETVAL=$?
	  sleep 3
          if [ "$RETVAL" = 0 ] ; then
	    success $"clement stop"
	    rm -f /var/lock/subsys/$PROG
	  else
	    failure $"clement stop"
	    fi
          echo
	  fi
}

#----------------------------------------------------------------------
# See how we were called.
case "$1" in
  start)
	start
	;;

  stop)
	stop
	;;

  restart)
	stop
	sleep 5
	start
	;;

  reload)
	stop
	sleep 5
	start
	;;

  status)
	status $PROG
	;;
  *)
	echo "Usage: $PROG {start|stop|restart|status}"
	exit 1
	;;
  esac
exit 0

