#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/spamassassin_dbm_cleaner        Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

use Cpanel::Rlimit             ();
use Cpanel::PwCache::Helpers   ();
use Cpanel::PwCache::Build     ();
use Cpanel::AccessIds::SetUids ();
use Cpanel::PwCache            ();
use Cpanel::LoginDefs          ();
use DB_File                    ();
use strict;

my $VERSION            = '1.0';
my $MAX_MEMORY_ALLOWED = 134217728;               #128M Allowed for dbsize + this perlcode,  We allow 256M for spamd+dbs+email
my $MAX_DB_SIZE        = ( 1024 * 1024 * 96 );    #96M is the max size before spamd falls apart

print "$0: version $VERSION\n";

Cpanel::Rlimit::set_rlimit_to_infinity();

my $canary = '--cpanel_sa_test_key';
my $pwcache_ref;

if ( !$ARGV[0] ) {
    Cpanel::PwCache::Helpers::no_uid_cache();    #uid cache only needed if we are going to make lots of getpwuid calls
    Cpanel::PwCache::Build::init_passwdless_pwcache();
    $pwcache_ref = Cpanel::PwCache::Build::fetch_pwcache();
}
else {
    my $user    = $ARGV[0];
    my @pw_data = Cpanel::PwCache::getpwnam($user);
    if ( !$pw_data[0] ) {
        die "Usage: $0 [user]";
    }
    $pwcache_ref = [ \@pw_data ];
}
print "Checking SpamAssassin dbm databases....";

my ( $ok_count, $broken_count, $user_count );
my $now     = time();
my $uid_min = Cpanel::LoginDefs::get_uid_min();
my ( $user, $uid, $gid, $homedir );
foreach my $pwref ( grep { $_->[2] >= $uid_min } @$pwcache_ref ) {
    ( $user, $uid, $gid, $homedir ) = ( (@$pwref)[ 0, 2, 3, 7 ] );
    if ( $homedir ne '/' && -e $homedir . '/.spamassassin' ) {
        my ( $ok_files, $broken_files ) = _test_sa_dbm_files( $user, $uid, $gid, $homedir );
        $user_count++;
        $ok_count     += scalar @$ok_files     if $ok_files;
        $broken_count += scalar @$broken_files if $broken_files;
        if ( $broken_files && @$broken_files ) {
            if ( my $pid = fork() ) {
                waitpid( $pid, 0 );
            }
            else {
                Cpanel::AccessIds::SetUids::setuids( $uid, $gid )
                  || die "Failed to setuid to $user";
                foreach my $file_data_ref (@$broken_files) {
                    print "\n\t$user: $file_data_ref->{'file'} has problem: $file_data_ref->{'error'}.  Moving to $file_data_ref->{'file'}.broken.$now";
                    rename(
                        $file_data_ref->{'file'},
                        "$file_data_ref->{'file'}.broken.$now"
                    );
                }
                exit(0);
            }
        }
    }

}

print "\n" if $broken_count;
print "Done\n";
print "Checked " . ( $ok_count + $broken_count ) . " files for $user_count user(s), $ok_count ok, $broken_count broken\n";

sub _test_sa_dbm_files {
    my ( $user, $uid, $gid, $homedir ) = @_;

    my $test_files = _get_matching_files(
        "$homedir/.spamassassin",
        '(?:bayes_|auto-)[^\.]+$'
    );
    my ( $test_canary, $file, $data, $error );
    my ( @ok_files, @broken_files );

    @$test_files = grep( !/_journal/, @$test_files );    #special journal file

    return if !@$test_files;
    my $loop_count = 0;
    while ( @$test_files && ++$loop_count <= 5 ) {
        my $readpid = open( my $child_rdr, '-|' );
        if ($readpid) {
            while (<$child_rdr>) {
                chomp($_);
                next if !$_;
                ( $test_canary, $file, $data, $error ) = split( /:/, $_, 4 );
                if ( $test_canary eq $canary ) {
                    if ($file) {
                        @$test_files = grep { $_ ne $file } @$test_files;
                        if ( $data eq 'ok' ) {
                            push @ok_files, { 'file' => $file, 'status' => 1 };
                        }
                        else {
                            push @broken_files,
                              {
                                'file'   => $file,
                                'status' => 0,
                                'error'  => "$data:$error"
                              };
                        }
                    }
                }
                else {
                    print STDERR "Error from child process for $user: $_\n";
                }

                #print "DEBUG: $_\n";;
            }
            close($child_rdr);
        }
        else {
            alarm(60);
            Cpanel::Rlimit::set_rlimit($MAX_MEMORY_ALLOWED);
            Cpanel::AccessIds::SetUids::setuids( $uid, $gid )
              || die "Failed to setuid to $user";
            while ( my $test_file = pop(@$test_files) ) {
                print "\n";
                my %test_hash;
                print "${canary}:$test_file:";
                if ( ( stat($test_file) )[7] > $MAX_DB_SIZE ) {
                    print "toobig:database too large:\n";
                }
                elsif ( my $result = tie %test_hash, 'DB_File', $test_file, &DB_File::O_RDONLY ) {
                    print "ok\n";
                    untie %test_hash;
                }
                else {
                    print "failed:$!:$result\n";
                }
                print "\n";
            }
            exit(0);
        }
    }
    return ( \@ok_files, \@broken_files );
}

# From pkgacct
sub _get_matching_files {
    my $dir   = shift;
    my $regex = shift;
    my $compiled_regex;
    eval { $compiled_regex = qr/$regex/; };
    if ( !$compiled_regex ) {
        print "Failed to compile regex $regex\n";
        return;
    }
    my $dot_files_regex = qr/^\.\.?$/;
    opendir( my $dir_h, $dir );
    my @files =
      map { "$dir/$_" }
      grep { $_ !~ $dot_files_regex && $_ =~ $compiled_regex } readdir($dir_h);
    closedir($dir_h);
    return \@files;
}