#!/usr/bin/perl -w

use strict;
use Errno;
use esmith::ConfigDB;
use esmith::util;
use esmith::db;
use Data::Validate::IP;
my $validator=Data::Validate::IP->new;

my $event = $ARGV [0];
my $ip = $ARGV [1];
my $whitelist = $ARGV [2];
my $debug=0;

die "IP missing" unless defined ($ip);
die "Not an IP" unless ($validator->is_ipv4($ip));


die "IP $ip not banned" unless (system("grep $ip /etc/hosts.deny_ssh ".'>/dev/null 2>&1') == 0);
die "can not stop denyhost" unless ( system("/etc/init.d/denyhosts","stop") ==0);

# unlist
my @files = ('/etc/hosts.deny_ssh', '/var/lib/denyhosts/hosts', '/var/lib/denyhosts/hosts-restricted' , '/var/lib/denyhosts/hosts-root', '/var/lib/denyhosts/hosts-valid', '/var/lib/denyhosts/users-hosts' );
foreach my $file (@files) {

	if (system("grep $ip $file".' >/dev/null 2>&1') == 0) {
		print "$ip removed from $file\n" if (system("sed -i '/$ip/d' $file") == 0  && $debug )
	}
}

#(optional, whitelist)  /var/lib/denyhosts/allowed-hosts
if (defined($whitelist)) {
	# add to db
	my $db = esmith::ConfigDB->open
    	|| warn "Couldn't open configuration database (permissions problems?)";
	
    	my $rec = $db->get('denyhosts');
    	if ($rec)
    	{
	
    	my $prop = $rec->prop('ValidFrom') || '';
	
    	my @vals = split /,/, $prop;
    	unless (grep /^$ip$/, @vals) 
	{ # already have this entry
        	if ($prop ne '')
        	{
            		$prop .= ",$ip";
        	}
        	else
        	{
         	   	$prop = "$ip";
        	}
    		$rec->set_prop('ValidFrom', $prop);
	
		system("/sbin/e-smith/expand-template /var/lib/denyhosts/allowed-hosts");
		print "Add to whitelist: $ip \n";
	}
	}
}
# /etc/init.d/denyhosts start
system("/etc/init.d/denyhosts","start");