#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/compilers                       Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

use strict;
use warnings;

use Cpanel::DataStore ();
use Cpanel::NSCD      ();
use Cpanel::SSSD      ();

my $set     = 0;
my $enabled = int getcompilerstatus();
my $opt     = $ARGV[0] // q{};
if ( $opt eq 'off' ) { $enabled = 0; $set = 1; }
if ( $opt eq 'on' )  { $enabled = 1; $set = 1; }

my $cstatus = Cpanel::DataStore::fetch_ref('/var/cpanel/compilerstatus.db');
if ( !defined $cstatus->{'enabled'} ) {
    $cstatus->{'enabled'} = $enabled;
    Cpanel::DataStore::store_ref( '/var/cpanel/compilerstatus.db', $cstatus );
}
if ( $opt eq 'restore' ) { $enabled = int $cstatus->{'enabled'}; $set = 1; }
if ( !$set ) {
    showcompilerstatus();
    exit();
}

$cstatus->{'enabled'} = int $enabled;
Cpanel::DataStore::store_ref( '/var/cpanel/compilerstatus.db', $cstatus );

my @COMPILERS   = qw( gcc cc c89 c99 cc1 g++ c++ kgcc .*-c++ .*-g++ ld );
my @SEARCHDIRS  = qw( /usr/bin /usr/local/bin );
my @PROTECTDIRS = qw( /usr/lib/gcc-lib /usr/local/lib/gcc-lib );

if ( !getgrnam('compiler') ) {
    if ( -e '/usr/sbin/pw' ) {
        system( '/usr/sbin/pw', 'groupadd', 'compiler' );
    }
    else {
        system( '/usr/sbin/groupadd', '-r', 'compiler' );
    }
    Cpanel::NSCD::clear_cache('group');
    Cpanel::SSSD::clear_cache();
}

my $gid = int( ( getgrnam('compiler') )[2] );

foreach my $dir (@SEARCHDIRS) {
    foreach my $compiler (@COMPILERS) {
        if ( -e "${dir}/${compiler}" ) {
            if ($enabled) {
                chmod( 0755, "${dir}/${compiler}" );
            }
            else {
                chmod( 0750, "${dir}/${compiler}" );
                chown 0, $gid, "${dir}/${compiler}";
            }
        }
    }
}
foreach my $protectdir (@PROTECTDIRS) {
    next unless opendir( PD, $protectdir );
    my @FL = readdir(PD);
    @FL = grep( !/^\./, @FL );
    close(PD);
    foreach my $fl (@FL) {
        if ($enabled) {
            chmod( 0755, "${protectdir}/${fl}" );
        }
        else {
            chmod( 0750, "${protectdir}/${fl}" );
            chown 0, $gid, "${protectdir}/${fl}";
        }
    }
}

showcompilerstatus();

sub getcompilerstatus {
    my $cc = '/usr/bin/cc';
    while ( readlink($cc) ) {
        $cc = readlink($cc);
    }
    if ( $cc !~ /^\// ) { $cc = '/usr/bin/' . $cc; }
    my $mode = ( stat($cc) )[2] & 0777;
    if ( $mode > 0750 ) {
        return 1;
    }
    return 0;
}

sub showcompilerstatus {
    if ( getcompilerstatus() ) {
        print "Compilers are enabled for unprivileged users.\n";
    }
    else {
        print "Compilers are disabled for unprivileged users.\n";
    }
}