#! /usr/bin/env python
#
# Copyright (C) 1998,1999,2000 by the Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
# 
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software 
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

"""Check the permissions for the Mailman installation.

Usage: %(PROGRAM)s [-f] [-v] [-h]

With no arguments, just check and report all the files that have bogus
permissions or group ownership.  With -f (and run as root), fix all the
permission problems found.  With -v be verbose.

"""

import sys
import os
import errno
import getopt
import pwd
import grp
from stat import *

try:
    import paths
except ImportError:
    print '''Could not import paths!

This probably means that you are trying to run check_perms from the source
directory.  You must run this from the installation directory instead.
'''
    raise
from Mailman import mm_cfg
from Mailman.mm_cfg import MAILMAN_UID, MAILMAN_GID

try:
    MAILMAN_GRPNAME = grp.getgrgid(MAILMAN_GID)[0]
except KeyError:
    MAILMAN_GRPNAME = '<anon gid %d>' % MAILMAN_GID
try:
    MAILMAN_OWNER = pwd.getpwuid(MAILMAN_UID)[0]
except KeyError:
    MAILMAN_OWNER = 'uid %d' % MAILMAN_UID

PROGRAM = sys.argv[0]



class State:
    FIX = 0
    VERBOSE = 0
    ERRORS = 0

STATE = State()

DIRPERMS = S_ISGID | S_IRWXU | S_IRWXG | S_IROTH | S_IXOTH



def statmode(path):
    return os.stat(path)[ST_MODE]

def statgidmode(path):
    stat = os.stat(path)
    return stat[ST_MODE], stat[ST_GID]

def checkwalk(arg, dirname, names):
    for name in names:
        path = os.path.join(dirname, name)
        if arg.VERBOSE:
            print '    checking gid and mode for', path
        try:
            mode, gid = statgidmode(path)
        except OSError, e:
            if e.errno <> errno.ENOENT: raise
            continue
        if gid <> MAILMAN_GID:
            try:
                groupname = grp.getgrgid(gid)[0]
            except KeyError:
                groupname = '<anon gid %d>' % gid
            arg.ERRORS = arg.ERRORS + 1
            print path, 'bad gid (has: %s, expected %s)' % (
                groupname, MAILMAN_GRPNAME),
            if STATE.FIX:
                print '(fixing)'
                os.chown(path, -1, MAILMAN_GID)
            else:
                print
        # all directories must be at least rwxrwsr-x.  Don't check the private
        # archive directory or database directory themselves since these are
        # checked in checkarchives below.
        private = mm_cfg.PRIVATE_ARCHIVE_FILE_DIR
        if path == private or (os.path.commonprefix((path, private)) == private
                               and os.path.split(path)[1] == 'database'):
            continue
        if S_ISDIR(mode) and (mode & DIRPERMS) <> DIRPERMS:
            arg.ERRORS = arg.ERRORS + 1
            print 'directory permissions must be at least 02775:', path,
            if STATE.FIX:
                print '(fixing)'
                os.chmod(path, mode | DIRPERMS)
            else:
                print

def checkall():
    # first check PREFIX
    if STATE.VERBOSE:
        print 'checking mode for', mm_cfg.PREFIX,
    dirs = {}
    for d in (mm_cfg.PREFIX, mm_cfg.EXEC_PREFIX, mm_cfg.VAR_PREFIX):
        dirs[d] = 1
    for d in dirs.keys():
        mode = statmode(d)
        if (mode & DIRPERMS) <> DIRPERMS:
            STATE.ERRORS = STATE.ERRORS + 1
            print 'directory must be at least 02775:', d,
            if STATE.FIX:
                print '(fixing)'
                os.chmod(d, mode | DIRPERMS)
            else:
                print
        # check all subdirs
        os.path.walk(d, checkwalk, STATE)


def checkarchives():
    private = mm_cfg.PRIVATE_ARCHIVE_FILE_DIR
    if STATE.VERBOSE:
        print 'checking perms on', private
    # private archives must not be other readable
    mode = statmode(private)
    if mode & S_IROTH:
        STATE.ERRORS = STATE.ERRORS + 1
        print private, 'must not be other-readable',
        if STATE.FIX:
            print '(fixing)'
            os.chmod(private, mode & ~S_IROTH)
        else:
            print


def checkarchivedbs():
    # The archives/private/listname/database file must not be other readable
    # or executable otherwise those files will be accessible when the archives
    # are public.  That may not be a horrible breach, but let's close this off
    # anyway.
    for dir in os.listdir(mm_cfg.PRIVATE_ARCHIVE_FILE_DIR):
        if dir[-5:] == '.mbox':
            continue
        dbdir = os.path.join(mm_cfg.PRIVATE_ARCHIVE_FILE_DIR, dir, 'database')
        try:
            mode = statmode(dbdir)
        except OSError, e:
            if e.errno not in (errno.ENOENT, errno.ENOTDIR): raise
            continue
        if mode & S_IRWXO:
            STATE.ERRORS = STATE.ERRORS + 1
            print dbdir, '"other" perms must be 000',
            if STATE.FIX:
                print '(fixing)'
                os.chmod(dbdir, mode & ~S_IRWXO)
            else:
                print


def checkcgi():
    if STATE.VERBOSE:
        print 'checking cgi-bin permissions'
    exes = os.listdir(mm_cfg.CGI_DIR)
    for f in exes:
        path = os.path.join(mm_cfg.CGI_DIR, f)
        if STATE.VERBOSE:
            print '    checking set-gid for', path
        mode = statmode(path)
        if mode & S_IXGRP and not mode & S_ISGID:
            STATE.ERRORS = STATE.ERRORS + 1
            print path, 'must be set-gid',
            if STATE.FIX:
                print '(fixing)'
                os.chmod(path, mode | S_ISGID)
            else:
                print

def checkmail():
    wrapper = os.path.join(mm_cfg.WRAPPER_DIR, 'wrapper')
    if STATE.VERBOSE:
        print 'checking set-gid for', wrapper
    mode = statmode(wrapper)
    if not mode & S_ISGID:
        STATE.ERRORS = STATE.ERRORS + 1
        print wrapper, 'must be set-gid',
        if STATE.FIX:
            print '(fixing)'
            os.chmod(wrapper, mode | S_ISGID)

def checkadminpw():
    adminpw = os.path.join(mm_cfg.DATA_DIR, 'adm.pw')
    targetmode = S_IFREG | S_IRUSR | S_IWUSR | S_IRGRP
    if STATE.VERBOSE:
        print 'checking permissions on', adminpw
    try:
        mode = statmode(adminpw)
    except OSError, e:
        if e.errno <> errno.ENOENT: raise
        return
    if mode <> targetmode:
        STATE.ERRORS = STATE.ERRORS + 1
        print adminpw, 'permissions must be exactly 0640 (got %s)' % oct(mode)
        if STATE.FIX:
            print '(fixing)'
            os.chmod(adminpw, targetmode)

def checkdata():
    targetmode = S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP
    checkfiles = ['config.db', 'config.db.last',
                  'next-digest', 'next-digest-topics']
    if STATE.VERBOSE:
        print 'checking permissions on list data'
    for dir in os.listdir(mm_cfg.LIST_DATA_DIR):
        for file in checkfiles:
            path = os.path.join(mm_cfg.LIST_DATA_DIR, dir, file)
            if STATE.VERBOSE:
                print '    checking permissions on:', path
            try:
                mode = statmode(path)
            except OSError, e:
                if e.errno <> errno.ENOENT: raise
                continue
            if (mode & targetmode) <> targetmode:
                STATE.ERRORS = STATE.ERRORS + 1
                print 'file permissions must be at least 660:', path,
                if STATE.FIX:
                    print '(fixing)'
                    os.chmod(path, mode | targetmode)
                else:
                    print



def usage(code=0, msg=''):
    print __doc__ % globals()
    if msg:
        print msg
    sys.exit(code)


if __name__ == '__main__':
    try:
        opts, args = getopt.getopt(sys.argv[1:],
                                   'fvh',
                                   ['fix', 'verbose', 'help'])
    except getopt.error, msg:
        usage(1, msg)

    for opt, arg in opts:
        if opt in ('-h', '--help'):
            usage()
        elif opt in ('-f', '--fix'):
            STATE.FIX = 1
        elif opt in ('-v', '--verbose'):
            STATE.VERBOSE = 1

    checkall()
    checkarchives()
    checkarchivedbs()
    checkcgi()
    checkmail()
    checkdata()
    checkadminpw()

    if not STATE.ERRORS:
        print 'No problems found'
    else:
        print 'Problems found:', STATE.ERRORS
        print 'Re-run as', MAILMAN_OWNER, '(or root) with -f flag to fix'
