#!/bin/ksh
#
#ident	"@(#)postinstall	1.21	05/05/25 SMI"
#
# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#

# variables
sdir=/opt/SUNWstaf
nettestdir=/opt/SUNWstaf/tests/net/nettest/bin
version=`/usr/bin/uname -r|awk -F. '{print $2}'`
stafservice=/tmp/staf-tcp.conf
retrycount=0

# functions
setup_anon_ftp()
{
    setup_main()
    {	
	/usr/bin/id | grep -w 'uid=0' >/dev/null 2>&1
	if [ "$?" != "0" ]; then
        	echo
       		 exit 1
	fi
	# handle the optional command line argument
	case $# in

	# the default location for the anon ftp comes from the passwd file
        0) ftphome="`getent passwd ftp | cut -d: -f6`"
           ;;

        1) if [ "$1" = "start" ]; then
              ftphome="`getent passwd ftp | cut -d: -f6`"
           else
		ftphome=$1
		fi
           ;;

        *) echo "Usage: $0 [anon-ftp-root]"
           exit 1
           ;;
	esac

	if [ -z "${ftphome}" ]; then
        	echo "$0: ftphome must be non-null"
       	 	exit 2
	fi

	case ${ftphome} in
        /*) # ok
            ;;

        *) echo "$0: ftphome must be an absolute pathname"
           exit 1
           ;;
	esac

	# This script assumes that ftphome is neither / nor /usr so ...
	if [ -z "${ftphome}" -o "${ftphome}" = "/" -o "${ftphome}" = "/usr" ]; then
        	echo "$0: ftphome must be non-null and neither / or /usr"
        	exit 2
	fi

	# If ftphome does not exist but parent does, create ftphome
	if [ ! -d ${ftphome} ]; then
         	# lack of -p below is intentional
         	mkdir ${ftphome}
	fi
	chown root ${ftphome}
	chmod 555 ${ftphome}

#	echo Setting up anonymous ftp area ${ftphome}

	# Ensure that the /usr directory exists
	if [ ! -d ${ftphome}/usr ]; then
        	 mkdir -p ${ftphome}/usr
	fi
	# Now set the ownership and modes to match the man page
	chown root ${ftphome}/usr
	chmod 555 ${ftphome}/usr

	# Ensure that the /usr/bin directory exists
	if [ ! -d ${ftphome}/usr/bin ]; then
         	mkdir -p ${ftphome}/usr/bin
	fi
	# Now set the ownership and modes to match the man page
	chown root ${ftphome}/usr/bin
	chmod 555 ${ftphome}/usr/bin

	# Ensure that the /tmp directory exists
	if [ ! -d ${ftphome}/tmp ]
	then
		mkdir -p ${ftphome}/tmp
	fi
	# Now set the ownership and modes to match the man page
	chown root ${ftphome}/tmp
	chmod 777 ${ftphome}/tmp

	# this may not be the right thing to do
	# but we need the bin -> usr/bin link
	rm -f ${ftphome}/bin
	ln -s usr/bin ${ftphome}/bin

	# Ensure that the /usr/lib and /etc directories exist
	if [ ! -d ${ftphome}/usr/lib ]; then
         	mkdir -p ${ftphome}/usr/lib
	fi
	chown root ${ftphome}/usr/lib
	chmod 555 ${ftphome}/usr/lib

	if [ ! -d ${ftphome}/etc ]; then
         	mkdir -p ${ftphome}/etc
	fi
	chown root ${ftphome}/etc
	chmod 555 ${ftphome}/etc

	if [ ! -d ${ftphome}/incoming ]; then
        	 mkdir -p ${ftphome}/incoming
	fi
	chown root ${ftphome}/incoming
	chmod 777 ${ftphome}/incoming

	# a list of all the commands that should be copied to ${ftphome}/usr/bin
	# /usr/bin/ls is needed at a minimum.
	ftpcmd="
	/usr/bin/ls
	"

	# ${ftphome}/usr/lib needs to have all the libraries needed by the above
	# commands, plus the runtime linker, and some name service libraries
	# to resolve names. We just take all of them here.

	ftplib="`ldd $ftpcmd | nawk '$3 ~ /lib/ { print $3 }' | sort | uniq`"
	ftplib="$ftplib /usr/lib/nss_* /usr/lib/straddr* /usr/lib/libmp.so*"
	ftplib="$ftplib /usr/lib/libnsl.so.1 /usr/lib/libsocket.so.1 /usr/lib/ld.so.1"
	ftplib="`echo $ftplib | tr ' ' '\n' | sort | uniq`"

	cp ${ftplib} ${ftphome}/usr/lib
	chmod 555 ${ftphome}/usr/lib/*

	cp ${ftpcmd} ${ftphome}/usr/bin
	chmod 111 ${ftphome}/usr/bin/*

	# echo entries to /etc/passwd and /etc/shadow
	#modified for judging existence of ftp entry. 
	if [ -z "`getent passwd ftp`" ]
	then
		echo ftp:x:30000:30000:Anonymous FTP User:$ftphome: >> /etc/passwd
		chmod 444 /etc/passwd
	fi

	if [ -z "`grep 'ftp:NP:6445::::::' /etc/shadow `" ]
	then
		echo ftp:NP:6445:::::: >> /etc/shadow
		chmod 400 /etc/shadow
	fi


	# you also might want to have separate minimal versions of passwd and group
	cp /etc/passwd /etc/group /etc/netconfig ${ftphome}/etc
	chmod 444 ${ftphome}/etc/*

	# need /etc/default/init for timezone to be correct
	if [ ! -d ${ftphome}/etc/default ]; then
       		 mkdir ${ftphome}/etc/default
	fi
	chown root ${ftphome}/etc/default
	chmod 555 ${ftphome}/etc/default
	cp /etc/default/init ${ftphome}/etc/default
	chmod 444 ${ftphome}/etc/default/init

	# Copy timezone database
	mkdir -p ${ftphome}/usr/share/lib/zoneinfo
	(cd ${ftphome}/usr/share/lib/zoneinfo
	(cd /usr/share/lib/zoneinfo; find . -print |
	cpio -o) 2>/dev/null | cpio -imdu 2>/dev/null
	find . -print | xargs chmod 555
	find . -print | xargs chown root
	)

	# Ensure that the /dev directory exists
	if [ ! -d ${ftphome}/dev ]; then
        	 mkdir -p ${ftphome}/dev
	fi

	# make device nodes. ticotsord and udp are necessary for
	# 'ls' to resolve NIS names.

	for device in zero tcp udp ticotsord ticlts
	do
        	line=`ls -lL /dev/${device} | sed -e 's/,//'`
       	 	major=`echo $line | awk '{print $5}'`
       		minor=`echo $line | awk '{print $6}'`
        	rm -f ${ftphome}/dev/${device}
        	mknod ${ftphome}/dev/${device} c ${major} ${minor}
	done
	chmod 666 ${ftphome}/dev/*

	## Now set the ownership and modes
	chown root ${ftphome}/dev
	chmod 555 ${ftphome}/dev
    }
## Added for Solaris 9 and 10 to make anonymous ftp work.
# Check if version is 5.9 or 5.10, run ftpconfig and change the ftpaccess file
# Give delete, overwrite, upload, retrieve permissions to anonymous
   setup_ftpaccess()
   {
	ftpconfig > /dev/null 2>&1
	awk ' {
        if ( ($1 == "overwrite") && ($3 == "anonymous") )
		$2 = "      yes            ";
        if ( ($1 == "delete") && ($3 == "anonymous") )
		$2 = "         yes            ";
        if( ($1 == "upload") && ($2 == "class=anonusers") )
{ $2= "         class=anonusers"; $3 = "   *"; $5  = "yes"; $6 = "  dirs"; }
        if( ($1 == "allow-retrieve") && ($2 == "absolute") && ($3 == "class=anonusers") && ($4 == "/export/home/ftp") )
              next;
      print $0
      }' /etc/ftpd/ftpaccess > /tmp/ftpaccess
      		echo "allow-retrieve  absolute        class=anonusers         /export/home/ftp" >> /tmp/ftpaccess
     		 mv /tmp/ftpaccess /etc/ftpd/ftpaccess
   }

#Added for redesigning new package 
    setup_main /export/home/ftp

#Added for Bug 5046754 

    if [ $version -gt 8 ]
    then
		setup_ftpaccess
    fi
    
#end added 
	
}
#end setup anonymous ftp 

# kill the named process(es)
killproc() {
        pid=`/usr/bin/ps -e |
             /usr/bin/grep -w $1 |
             /usr/bin/sed -e 's/^  *//' -e 's/ .*//'`
        [ "$pid" != "" ] && kill -HUP $pid
}

### MAIN ###

# edit /etc/inet/services
if [ -z "`grep staf /etc/inet/services`" ]
then
	echo "staf            777/tcp" >> /etc/inet/services
fi

# edit /etc/inet/inetd.conf
if [ -z "`grep staf /etc/inet/inetd.conf`" ]
then
	echo "staf    stream  tcp     nowait  root    $sdir/staf.eng       staf.eng" >> /etc/inet/inetd.conf
fi

# restart inetd
killproc inetd


#Create dir /export/home if some system without this dir. 

if [ ! -d /export/home ]
then
	mkdir -p -m 755 /export/home
fi

#move to here redesigning package SUNWstaf 
# Create directories for nfs share/mount points
if [ ! -d /export/home/nfs ] 
then
#	echo "Creating directories for nfs share/mount points"
	if [ ! -d /mnt/nfstest ]
	then
		mkdir /mnt/nfstest
	fi
	mkdir -m 777 /export/home/nfs
	share -o anon=0 /export/home/nfs
	if [ `grep -c '/export/home/nfs' /etc/dfs/dfstab` = 0 ]
	then
        	echo 'share -F nfs -o anon=0 -d "HCTS NFS share" /export/home/nfs' >> /etc/dfs/dfstab
	fi
fi
#end moving 

# setup NFS server
if [ -z "`grep staf /etc/dfs/dfstab`" ]
then
	
        echo 'share -F nfs -d "staf" /tmp' >> /etc/dfs/dfstab
	/etc/init.d/nfs.server start
fi

/usr/sbin/shareall  #added for solaris 10 

# setup FTP
if [ -z "`grep 'nobody:zFs1NS7haBA3w:::::::' /etc/shadow`" ]
then
	mv /etc/shadow /etc/shadow.bak
        cat /etc/shadow.bak | sed -e /nobody/d > /etc/shadow
        echo "nobody:zFs1NS7haBA3w:::::::" >> /etc/shadow
fi

#add for redesigning SUNWstaf package 


# Setup anonymous ftp
if [ ! -d /export/home/ftp ] 
then
	setup_anon_ftp
fi

# Allow remote root logins
#echo "\nChanging setup to allow remote root logins\n"
cat /etc/default/login | sed -e 's/^CONSOLE=/#CONSOLE=/' > /tmp/etc_default_login
mv /tmp/etc_default_login /etc/default/login
echo "+ +" > /.rhosts


# Create directory for rcp
if [ ! -d /export/home/tmp ] 
then
	mkdir -m 777 /export/home/tmp
fi


#Check hostname in /etc/net/ticlts /etc/net/ticots /etc/net/ticotsord 
for i in "/etc/net/ticlts/hosts" "/etc/net/ticots/hosts" "/etc/net/ticotsord/hosts"
do
     hostname=`hostname`
     hoststr=`grep $hostname $i`
     if [ -z "$hoststr" ]
     then
	echo "$hostname $hostname" >>$i	
     fi
done


if [ -d /dev/cua ]
then
	chown -h nobody /dev/cua/*
	chown nobody /dev/cua/*
	chgrp -h root /dev/cua/*
	chgrp root /dev/cua/*
fi


if [ $version  -gt 9 ]
then
	cd $nettestdir
	ln -s ./5.10/nettest nettest
else
	cd $nettestdir
	ln -s ./5.9/nettest nettest
fi

if [ $version -gt 9 ]
then
	stafflag=`/usr/bin/svcs -a |grep staf`
	if [ $? -eq 0 ]
	then
		onlinestatus=`/usr/bin/svcs -a |grep staf|awk '{print $1}'`
		servicename=`/usr/bin/svcs -a |grep staf|awk '{print $3}'`
		if [ $onlinestatus != "online" ]
		then 
			if [ $onlinestatus = "maintenance" ]
			then
				/usr/sbin/svcadm clear $servicename >/dev/null
			fi
		fi
	else
		echo "staf    stream  tcp     nowait  root    $sdir/staf.eng       staf.eng" >$stafservice
		/usr/sbin/inetconv -f -i $stafservice >/dev/null
		if [ $? != 0 ]
		then
			echo "ERROR:"
			echo "staf -> /var/svc/manifest/network/staf-tcp.conf"
			echo "Importing staf-tcp.conf ...Failed"
			exit 3
		fi
	fi

	ftpflag=`/usr/bin/svcs -a |grep "\<ftp:default\>"`
	if [ $? -eq 0 ]
	then
		servicename=`/usr/bin/svcs -a |grep "\<ftp:default\>"|awk '{print $3}'`
		onlinestatus=`/usr/bin/svcs -a |grep "\<ftp:default\>"|awk '{print $1}'`
		
		if [ $onlinestatus != "online" ]
		then 
			if [ $onlinestatus = "maintenance" ]
			then
				/usr/sbin/svcadm clear $servicename >/dev/null
				if [ $? -ne 0 ]
				then
					echo "WARNING:"
					echo "ftp service can't be started successfully"
					echo "Please make sure the ftp service start successfully and reinstall HCTS 2.4"
				fi 
			else 
				/usr/sbin/svcadm enable $servicename
				onlinestatus=`/usr/bin/svcs -a |grep "\<ftp:default\>"|awk '{print $1}'`
				while [ $onlinestatus != "online" ]
				do
					sleep 2
					retrycount=`expr $retrycount + 1`
					onlinestatus=`/usr/bin/svcs -a |grep "\<ftp:default\>"|awk '{print $1}'`
					if [ $onlinestatus != "online" -a $retrycount = "3" ]
					then
						echo "WARNING:"
						echo "ftp service can't be started successfully"
						echo "Please make sure the ftp service start successfully and reinstall HCTS 2.4"
					fi 
				done
			fi
			
		fi
	else
		echo "ERROR:"        
        	echo "Ftp service is not found in the current system."
		echo "Ftp service is required for network certification."
		echo "Ensure the ftp service is running and then reinstall HCTS."
		exit 3
	fi

	sprayflag=`/usr/bin/svcs -a |grep "\<spray:default\>"`
	if [ $? -eq 0 ]
	then
		servicename=`/usr/bin/svcs -a |grep "\<spray:default\>"|awk '{print $3}'`
		onlinestatus=`/usr/bin/svcs -a |grep "\<spray:default\>"|awk '{print $1}'`
		
		if [ $onlinestatus != "online" ]
		then 
			if [ $onlinestatus = "maintenance" ]
			then
				/usr/sbin/svcadm clear $servicename >/dev/null
				if [ $? -ne 0 ]
				then
					echo "WARNING:"
					echo "spray service can't be started successfully"
					echo "Please make sure the spray service start successfully and reinstall HCTS 2.4"
				fi
			else 
				retrycount=0
				/usr/sbin/svcadm enable $servicename
				onlinestatus=`/usr/bin/svcs -a |grep "\<spray:default\>"|awk '{print $1}'`
				while [ $onlinestatus != "online" ]
				do
					sleep 2
					retrycount=`expr $retrycount + 1`
					onlinestatus=`/usr/bin/svcs -a |grep "\<spray:default\>"|awk '{print $1}'`
					if [ $onlinestatus != "online" -a $retrycount = "3" ]
					then
						echo "WARNING:"
						echo "spray service can't be started successfully"
						echo "Please make sure the spray service start successfully and reinstall HCTS 2.4"
					fi
				done
			fi
		fi
	else
		echo "ERROR:"        
        	echo "Spray service is not found in the current system."
		echo "Spray service is required for network certification."
		echo "Ensure the spray service is running and then reinstall HCTS."
		exit 3
	fi
	
fi


#Setup for sshd - secure shell daemon
#------------------------------------------------------------------------------------------
#Modify /etc/ssh/ssh_config and set StrictHostKeyChecking from ask to no
awk '{ if(($2=="StrictHostKeyChecking")&&($3!="no")) {$1=""; $3="no";};print $0}' \
/etc/ssh/ssh_config > /tmp/ssh_config
mv /tmp/ssh_config /etc/ssh/ssh_config
/usr/bin/chgrp sys /etc/ssh/ssh_config

#Root logins permitted using sshd.Modify /etc/ssh/sshd_config and set
#PermitRootLogin from no to yes
awk '{if($1=="PermitRootLogin") $2="yes";print $0}' /etc/ssh/sshd_config>/tmp/sshd_config
mv /tmp/sshd_config /etc/ssh/sshd_config
/usr/bin/chgrp sys /etc/ssh/sshd_config

#Restart sshd service.sshd rereads its configuration file when it receives a hangup signal, SIGHUP.
sshdpid=`ps -ef|grep "sshd"|grep -v "grep"|awk '{print $2}'`

if [ -z "$sshdpid" ]
then
	echo "ERROR:"
	echo "The sshd service is not found in the current system."
	echo "The sshd service is required for system and network certification."
	echo "Ensure the sshd service is running and then reinstall HCTS."	
	exit 3
fi

/usr/bin/kill -HUP $sshdpid

if [ $? -ne 0 ]
then
	echo "ERROR:"
	echo "Restart sshd service failed!"
	echo "The sshd service is required for system and network certification."
	echo "Ensure the sshd service is running and then reinstall HCTS."
	exit 3
fi

if [ $version -gt 9 ]
then		
	onlinestatus=`/usr/bin/svcs -a |grep "\<ssh:default\>"|awk '{print $1}'`
	if [ $onlinestatus != "online" ]
	then
		echo "WARNING:"
		echo "The sshd service can't be started"
		echo "Please make sure the sshd service start successfully" 
		/usr/bin/sleep 3
	fi
else
	sleep 3
	checksshd=`ps -ef|grep "sshd"|grep -v "grep"`

	if [ -z "$checksshd" ]
	then
		echo "WARNING:"
		echo "The sshd service can't be started."
		echo "Please make sure the sshd service start successfully."
		/usr/bin/sleep 3
	fi

fi

#--------------------------------------------------------------------------------------
#Setup for sshd End


echo "\n>>> HCTS Install - End <<<\n"
