#!/usr/bin/perl
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2015-2016  IPFire Development Team                            #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

use strict;
use Switch;

require Guardian::Base;
require Guardian::Daemon;
require Guardian::Socket;

use warnings;

# Define version.
my $version ="@PACKAGE_VERSION@";

# Assign given command line arguments some pretty variable names.
my ($command, $opt_argument) = @ARGV;

# Process given command from command line.
switch($command) {
	case "status" { &HandleStatus(); }

	case "block" { &HandleBlockUnblockCommand($command, $opt_argument); }
	case "unblock" { &HandleBlockUnblockCommand($command, $opt_argument); }

	case "flush" { &SendCommand("flush"); }
	case "reload" { &SendCommand("reload"); }
	case "reload-ignore-list" { &SendCommand("reload-ignore-list"); }
	case "logrotate" { &SendCommand("logrotate"); }

	# Print usage / help text.
	else {
		print "Guardian $version \n";
		print "Usage: guardianctrl <command> <optional arguments>\n";
		print " block <address>\tBlock the given IP-address.\n";
		print " unblock <address>\tUnblock the given IP-address.\n\n";

		print " flush\t\t\tUnblock/Flush all blocked IP-addresses.\n";
		print " status\t\t\tDisplay weather guardian is running and some details.\n\n";

		print " reload\t\t\tReload the configuration.\n";
		print " reload-ignore-list\tForce guardian to reload/regenerate it's ignore list.\n";
		print " logrotate\t\tTell guardian that the monitored files have been rotated by logrotate.\n";
	}
}

#
## The SendCommand function.
#
## This function is responsible for sending commands to guardian by using the provided
## client function from guardian's socket module. It also does a check if guardian has
## been launched, before trying to sent the desired command.
#
sub SendCommand ($) {
	my ($command) = @_;

	# Abort if no guardian instance is running.
	unless (&Guardian::Daemon::IsRunning()) {
		print STDERR "No running guardian instance found. Aborting!\n";
		return;
	}
		
	# Use the Socket client to transmitt the requested command to the daemon.
	&Guardian::Socket::Client($command);
}

#
## HandleBlockUnblockCommand function.
#
## This function mostly does the input validation for blocking and unblocking addresses
## before using the SendCommand() function to submit the desired command to the running
## guardian process.
#
sub HandleBlockUnblockCommand ($$) {;
	my ($command, $address) = @_;

	# Check if an address has been given.
	unless ($address) {
		print STDERR "No address has been given.\n";
		return;
	}

	# Check if the provided address is valid.
	# The called function will return 4 or 6 for the used IP-protocol
	# version if the address is valid.
	unless (&Guardian::Base::DetectIPProtocolVersion($address)) {
		print STDERR "$address is not a valid IPv4 nor IPv6 address.\n";
		return;
	}

	# Check if the given address is localhost.
	if (($address eq "127.0.0.1") || ($address eq "::1")) {
		print STDERR "$address is localhost and must not be blocked.\n";
		return;
	}

	# Check if block/unblock has been called.
	if (($command eq "block") || ($command eq "unblock")) {
		# Call subfunction to send the command through the socket.
		&SendCommand("$command $address");
	}
}

#
## HandleStatus function.
#
## This function just checks if guardian is running and will print some additional details.
#
sub HandleStatus () {
	# Check if guardian is running.
	unless (&Guardian::Daemon::IsRunning()) {
		print STDERR "Guardian is not running yet.\n";
		return;
	}

	# Grab process-id.
	my $pid = &Guardian::Daemon::GetPid();

	# Print out grabbed details.
	print "Guardian is running with process-id ($pid).\n";
}