#!/bin/bash
# 
# ***** BEGIN LICENSE BLOCK *****
# Zimbra Collaboration Suite Server
# Copyright (C) 2010, 2012, 2013, 2014, 2016 Synacor, Inc.
#
# This program is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free Software Foundation,
# version 2 of the License.
#
# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
# without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU General Public License for more details.
# You should have received a copy of the GNU General Public License along with this program.
# If not, see <https://www.gnu.org/licenses/>.
# ***** END LICENSE BLOCK *****
# 
#
# Change password for zimbra_mysql_password, and optionally for
# mysql_root_password.  Updates both the Zimbra local config file and
# MySQL.
#
source `dirname $0`/zmshutil || exit 1
zmsetvars

antispam_mysql_enabled=`echo ${antispam_mysql_enabled} | tr [:upper:] [:lower:]`
if [ "${antispam_mysql_enabled}x" != "truex" ]
then
    echo "Spamassassin is not set up to use MySQL backend database!  Aborting..."
    exit 1
fi

#
# Usage.
#
usage() {
    cat<<EOF
Usage: $ zmantispamdbpasswd [ --root ] newpassword

By default, this script changes antispam_mysql_password.  If the --root
option is specified, then antispam_mysql_root_password is changed.  In both
cases, MySQL is updated with the new passwords.  This script can not bail
you out of a situation where you have lost your mysql root password -
consult MySQL documentation to see how you can start the server
temporarily to skip grant tables, so you can override the root
password.

EOF
}

#
# Parse command line
#
if [ "x$1" = "x--root" ]; then
    password_key="antispam_mysql_root_password"
    shift # lose --root option
else
    password_key="antispam_mysql_password"
fi

if [ $# -ne 1 ]; then
    usage
    exit 1
fi
newpassword="$1"

#
# For antispam_mysql_password
#
if [ ${password_key} = antispam_mysql_password ]; then 
    # Change the password in mysql.
    cat <<EOF | /opt/zimbra/bin/antispam-mysql -u root --password="${antispam_mysql_root_password}"
SET PASSWORD FOR '${antispam_mysql_user}' = PASSWORD('${newpassword}');
SET PASSWORD FOR '${antispam_mysql_user}'@'127.0.0.1' = PASSWORD('${newpassword}');
SET PASSWORD FOR '${antispam_mysql_user}'@'localhost' = PASSWORD('${newpassword}');
SET PASSWORD FOR '${antispam_mysql_user}'@'localhost.localdomain' = PASSWORD('${newpassword}');
EOF
    if [ $? = 0 ]; then
        echo '*' Changed antispam mysql user password
    else
        echo '****' PASSWORD CHANGE FAILED
        exit 1
    fi
fi

#
# For mysql_root_password
#
if [ ${password_key} = antispam_mysql_root_password ]; then
    echo /opt/zimbra/bin/antispam-mysqladmin -u root --password="${antispam_mysql_root_password}" password "${newpassword}"
    /opt/zimbra/bin/antispam-mysqladmin -u root --password="${antispam_mysql_root_password}" password "${newpassword}"
    if [ $? = 0 ]; then
        echo '*' Changed antispam mysql root user password
    else
        echo '****' PASSWORD CHANGE FAILED
        exit 1
    fi
    # Change for localhost socket clients also - useful for dev.
    cat <<EOF | /opt/zimbra/bin/antispam-mysql -u root --password="${newpassword}"
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('${newpassword}');
SET PASSWORD FOR 'root'@'localhost.localdomain' = PASSWORD('${newpassword}');
EOF
    if [ $? = 0 ]; then
        echo '*' Changed antispam mysql root user password root@localhost
    else
        echo '****' PASSWORD CHANGE FAILED FOR root@localhost
        exit 1
    fi
fi

#
# Change the password in local config.  TODO: notify app server that
# the password has changed, for now you will have to restart mailboxd
#
if ! /opt/zimbra/bin/zmlocalconfig -f -e "${password_key}=${newpassword}"; then
    echo Error: command failed: /opt/zimbra/bin/zmlocalconfig -f -e ${password_key}='#'
    exit 1
fi

