#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/checkexim.pl                    Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

#
package scripts::checkexim;

use strict;
use Cpanel::FileUtils::TouchFile ();
use Cpanel::SafetyBits::Chown    ();
use Cpanel::Lchown               ();

__PACKAGE__->main() unless caller;

sub main {
    checkeximlogs();
    checkeximperms();
}

sub checkeximlogs {
    require Cpanel::PwCache;
    my $mailnull_uid = ( Cpanel::PwCache::getpwnam('mailnull') )[2];

    my $mail_gid = ( getgrnam('mail') )[2];
    if ( opendir( my $exim_dir_fh, '/var/log' ) ) {
        my %log_files = map { $_ => undef } grep { /^exim_/ } readdir($exim_dir_fh);
        $log_files{'exim_mainlog'}   = undef;
        $log_files{'exim_paniclog'}  = undef;
        $log_files{'exim_rejectlog'} = undef;
        foreach my $log_file ( keys %log_files ) {
            my ( $mode, $uid, $gid ) = ( stat( '/var/log/' . $log_file ) )[ 2, 4, 5 ];
            if ( !$mode ) { Cpanel::FileUtils::TouchFile::touchfile( '/var/log/' . $log_file ) }
            Cpanel::Lchown::lchown( $mailnull_uid, $mail_gid, '/var/log/' . $log_file ) if ( $uid != $mailnull_uid || $gid != $mail_gid );
            chmod( 0640, '/var/log/' . $log_file )                                      if ( $mode & 00777 != 0640 );
        }
    }
}

sub checkeximperms {
    my $no_chown_spool = shift;

    require Cpanel::PwCache;
    if ( Cpanel::PwCache::getpwnam("mailnull") ) {
        my $mailnull_uid = ( Cpanel::PwCache::getpwnam('mailnull') )[2];
        my $mail_gid     = ( getgrnam('mail') )[2];

        checkeximlogs();

        # Only chown what really needs it: directories under /var/spool/exim.
        # Chowning everything takes too long on systems with large queues.
        unless ($no_chown_spool) {
            safe_chown_maxdepth( '/var/spool/exim', $mailnull_uid, $mail_gid, 2 );

            # scripts/updatemailscanner needs this. If it's not installed, this will just return.
            safe_chown_maxdepth( '/var/spool/exim_incoming',       $mailnull_uid, $mail_gid, 1 );
            safe_chown_maxdepth( '/var/spool/exim_incoming/db',    $mailnull_uid, $mail_gid, 1 );
            safe_chown_maxdepth( '/var/spool/exim_incoming/input', $mailnull_uid, $mail_gid, 1 );
        }

        chown $mailnull_uid, $mail_gid, '/etc/exim.crt', '/etc/exim.key';
    }
}

sub safe_chown_maxdepth {
    my ( $path, $uid, $gid, $depth ) = @_;
    return if $depth == 0;
    return unless -e $path;

    my @files_to_chown = ($path);
    my @dirs_to_search;

    opendir( my $dh, $path ) or return 0;
    foreach ( grep { /^[^.]/ } readdir($dh) ) {
        if ( -d "$path/$_" ) { push @dirs_to_search, "$path/$_" }
        push @files_to_chown, "$path/$_";
    }

    Cpanel::SafetyBits::Chown::safe_chown( $uid, $gid, @files_to_chown );

    foreach (@dirs_to_search) {
        safe_chown_maxdepth( $_, $uid, $gid, $depth - 1 );
    }
}

1;