#! /bin/bash
# /usr/sbin/satan-suidconfig  taken from 
# /usr/sbin/gnuplotconfig - configuration script for suid bit of gnuplot.
# author: tibor simko <simko@debian.org>.
# note: this script modifies `/etc/satan/suid.conf' configuration file.
# -------- 
# with modifications by Javier Fernndez-Sanguino Pea <jfs@computer.org>

SUID_FILE=/etc/satan/satan.cf
PROGRAM=SATAN
PROGRAM_LOCATION=/usr/lib/satan/satan
# Take note that /usr/sbin/satan is just a wrapper script in Debian
REASON="In order to access certain services in privileged ports,\nand to manipulate packets at raw level,SATAN needs to have root\nprivileges when run by a normal user."

set -e
set -C

if [ "root" != "`whoami`" ]
then 
   echo "Sorry, only root can run this script.  Exiting."
   exit 1
fi

echo "$PROGRAM suid configuration:"
echo

if [ ! -e $SUID_FILE ] 
then 
   echo "Sorry, $SUID_FILE not found.  Exiting."
   exit 1
fi

rm -f $SUID_FILE.tmp
trap "rm -f $SUID_FILE.tmp" EXIT INT HUP TERM

# Here it should check whether it had this parameter
# and do nothing if it did not have it (or add it to EOF)
# Currently, if the parameter is not on the conffile (old connfile, eg.)
# it will not be able to set it even if it says so
# (no error checking is done)
# - jfs

if grep -q "^\$satan_is_suid=\"y\".*$" $SUID_FILE; then old=y; else old=n; fi

while true; do

if [ "$old" = "y" ] 
then 
   echo "  Currently, $PROGRAM is set up as setuid root, beware!"
else 
   echo "  Currently, $PROGRAM is not set up as setuid root.  Good."
fi
echo -n "  Do you want to change it?  (y/n/?) [n] "
read yn
echo
test -n "$yn" || yn="n"
case "$yn" in
   [Nn]*)
          echo "Okay, keeping the old configuration."
          exit 0
          ;;
   [Yy]*)
          if [ "$old" = "n" ]
          then 
            sed -e "s/^\$satan_is_suid=.*$/\$satan_is_suid=\"y\";/" < $SUID_FILE > $SUID_FILE.tmp
            mv $SUID_FILE.tmp $SUID_FILE 
            if [ -e /etc/suid.conf -a -x /usr/sbin/suidregister ]; then
               echo "Hmm, you seem to have suidmanager installed.  Will use it."
               suidregister -s $PROGRAM $PROGRAM_LOCATION root root 4755
               echo "Okay, $PROGRAM is now set up and registered as setuid root."
            else
               echo "Hmm, you don't seem to have suidmanager installed."
               echo "Please consider installing suidmanager in the future."
               chown root.root $PROGRAM_LOCATION
               echo "Okay, $PROGRAM is now manually set up as setuid root."
            fi
            exit 0
          else
            sed -e "s/^\$satan_is_suid=.*$/\$satan_is_suid=\"n\";/" < $SUID_FILE > $SUID_FILE.tmp
            mv $SUID_FILE.tmp $SUID_FILE 
            chmod u-s $PROGRAM_LOCATION
            if [ -e /etc/suid.conf -a -x /usr/sbin/suidunregister ]; then
               echo "Unregistering $PROGRAM from suidmanager database."
               suidunregister -s $PROGRAM $PROGRAM_LOCATION
            fi
            echo "Okay, $PROGRAM is not set up as setuid root anymore."
            exit 0
          fi
          ;;
      *)
          echo -e "$REASON"
          echo -e "    Please note that this is usually considered to be\n a security hazard."
          echo
          ;;
esac

done
