#!/bin/bash

DIR_RO_SOURCES='/etc/named'

DIR_RW_SOURCES='/var/named'

FILE_RO_SOURCES='/etc/pki/dnssec-keys /etc/named.conf
/etc/named.dnssec.keys /etc/named.rfc1912.zones /etc/rndc.key
/etc/named.iscdlv.key /etc/named.root.key'

FILE_RW_SOURCES=''

if [ `arch` = 'x86_64' ]; then
    DIR_RO_SOURCES="$DIR_RO_SOURCES /usr/lib64/bind /usr/lib64/openssl"
else
    DIR_RO_SOURCES="$DIR_RO_SOURCES /usr/lib/bind /usr/lib/openssl"
fi

# allow sources to be overridden
if [ -f /etc/sysconfig/named ]; then
	. /etc/sysconfig/named
fi

usage()
{
    echo
    echo 'This script setups chroot environment for BIND'
    echo 'Usage: setup-named-chroot.sh ROOTDIR [on|off]'
}

if ! [ "$#" -eq 2 ]; then
    echo 'Wrong number of arguments'
    usage
    exit 1
fi

ROOTDIR="$1"

# Exit if ROOTDIR isn't defined
if ! [ -n "$ROOTDIR" ]; then
    echo "Root directory not defined"
    usage
    exit 1
fi

# Exit if ROOTDIR doesn't exist
if ! [ -d "$ROOTDIR" ]; then
    echo "Root directory $ROOTDIR doesn't exist"
    usage
    exit 1
fi

mount_chroot_conf()
{
    for source in $FILE_RO_SOURCES; do
        # skip if source does not exist
        [ ! -f $source ] && continue

        target=$ROOTDIR$source
        # skip if target exists and is not empty
        [ -e $target ] && [ `stat -c'%s' $target` -ne 0 ] && continue

        touch $target
        mount --bind $source $target
        mount -o remount,ro,bind $source $target
    done

    for source in $FILE_RW_SOURCES; do
        # skip if source does not exist
        [ ! -f $source ] && continue

        target=$ROOTDIR$source
        # skip if target exists and is not empty
        [ -e $target ] && [ `stat -c'%s' $target` -ne 0 ] && continue

        touch $target
        mount --bind $source $target
    done

    for source in $DIR_RO_SOURCES; do
        # skip if source does not exist
        [ ! -d $source ] && continue

        target=$ROOTDIR$source
        # skip if target is not empty.
        [ `ls -1A $target | wc -l` -ne 0 ] && continue

        mount --bind $source $target
        mount -o remount,ro,bind $source $target
    done

    for source in $DIR_RW_SOURCES; do
        # skip if source does not exist
        [ ! -d $source ] && continue

        target=$ROOTDIR$source
        # skip if target is not empty.
        [ `ls -1A $target | wc -l` -ne 0 ] && continue

        mount --bind $source $target
    done
}

umount_chroot_conf()
{
    for source in $DIR_RO_SOURCES $DIR_RW_SOURCES $FILE_RO_SOURCES; do
        target=$ROOTDIR$source
        # Check if file is mount target. Do not use /proc/mounts because
        # detecting of modified mounted files can fail.
        if mount | grep -q '.* on '$target' .*'; then
            umount $target
            # Remove temporary created files
            [ -f $source ] && rm -f $target
        fi
    done
}

case "$2" in
    on)
        mount_chroot_conf
        ;;
    off)
        umount_chroot_conf
        ;;
    *)
        echo 'Second argument has to be "on" or "off"'
        usage
        exit 1
esac

exit 0