#!/bin/sh
#
# ident "@(#)postinstall.src	1.17 02/10/22 SMI"
#
# Copyright 2001-2002 Sun Microsystems, Inc.  All rights reserved.
#
# This script enables sunray usage for CDE (dtlogin). It modifies a
# CDE X property that tells dtlogin (and dtsession) to register
# with PAM using the "-SunRay" extension to the PAM client name.
#
# This script also edits /etc/pam.conf to add pam_sunray.so actions.
#
# Properties for dtsession are controlled via the Xsession.d/0100.SUNWut
# script.
#
# This script requires that the following CDE patches be installed:
#
#	108919 (minimum -14)
#	109354 (minimum -13)
#

BASENAME="/bin/basename"
     MOD="`$BASENAME $0`"
 DIRNAME="/bin/dirname"

EGREP="/bin/egrep"
   MV="/bin/mv"
   RM="/bin/rm -f"
  AWK="/bin/awk"
 ECHO="/bin/echo"
MKDIR="/bin/mkdir"
   CP="/bin/cp"

   # if PKG_INSTALL_ROOT is not assigned from the env then
   # set it to an empty string, set -u in effect below
   #
   if [ -z "$PKG_INSTALL_ROOT" ]; then
	PKG_INSTALL_ROOT=""
   fi

   BASEDIR="`/usr/bin/pkgparam SUNWutps BASEDIR`"

   set -u

   SUNWUTLIB="${PKG_INSTALL_ROOT}${BASEDIR}/SUNWut/lib"

   # override these variables for debugging
   SCETC="/etc"
   SCTMP="/var/run"

     TMP="$SCTMP/$MOD.$$"
 TMP_SR="$TMP.PAMsr"
TMP_CONF="$TMP.pam.conf"

# CDE application names in pam.conf
  DTLOGIN="dtlogin-SunRay"
DTSESSION="dtsession-SunRay"

PAM_CONF="$SCETC/pam.conf"

# PAM client name X server class (dtlogin/dtsession)
# requires fix for 4452627
XCONFIG_USR_DIR="/usr/dt/config"
XCONFIG_ETC_DIR="/etc/dt/config"
GENERIC_XCONFIG="Xconfig"
PROTO_XCONFIG="Xconfig.SUNWut.prototype"
VALID_PAM_CLASS_TAG="Dtlogin.validPAMclasses"
SUNRAY_XSERVER_CLASS_TYPE="SunRay"

# PAM modules info
SRLIB="${SUNWUTLIB}/pam_sunray.so"
SRLIBso="`$BASENAME $SRLIB | $AWK -F. '{print $1\".\"$2}'`"
# note single quotes so that $ISA doesn't get expanded by the shell
PAM_UNIX='/usr/lib/security/$ISA/pam_unix.so.1'

SRTAG="SunRay Server Software"

#
# Enable sunray authentication for CDE by adding Sun Ray PAM module
# to both dtlogin and dtsession.
#
add_sr_to_PAM ()
{

    REQ_S="sufficient"
    REQ_R="required"

	for TYPE in auth
	    do
		$AWK   "BEGIN {
			    dtlogin_added=0
			    dtsession_added=0
			}

			/^[ \t]*$DTLOGIN[ \t]*$TYPE/ {
			    if (dtlogin_added == 0)
				print \"# $SRLIBso added to $DTLOGIN by $SRTAG\";
				print \"$DTLOGIN $TYPE $REQ_S $SRLIB\";
				print \"$DTLOGIN $TYPE $REQ_R $PAM_UNIX\";
			    dtlogin_added=1;
			}

			/^[ \t]*$DTSESSION[ \t]*$TYPE/ {
			    if (dtsession_added == 0)
				print \"# $SRLIBso added to $DTSESSION by $SRTAG\";
				print \"$DTSESSION $TYPE $REQ_S $SRLIB syncondisplay\";
				print \"$DTSESSION $TYPE $REQ_R $PAM_UNIX\";
			    dtsession_added=1;
			}

			{ print }

			END {

			    if (dtlogin_added == 0) {
				print \"# $SRLIBso added to $DTLOGIN by $SRTAG\";
				print \"$DTLOGIN $TYPE $REQ_S $SRLIB\";
				print \"$DTLOGIN $TYPE $REQ_R $PAM_UNIX\";
			    }

			    if (dtsession_added == 0) {
				print \"# $SRLIBso added to $DTSESSION by $SRTAG\";
				print \"$DTSESSION $TYPE $REQ_S $SRLIB syncondisplay\";
				print \"$DTSESSION $TYPE $REQ_R $PAM_UNIX\";
			    }

			}

			" $PAM_CONF >$TMP_SR 2>/dev/null

		if [ "$?" = 0 ] ; then
		    $MV $TMP_SR $PAM_CONF
		else
		    $RM $TMP_SR
		    $ECHO "$MOD: error updating $PAM_CONF"
		    exit 1
		fi

	    done

}

########################################################################
#                                                                      #
#			Main code starts here.                         #
#                                                                      #
########################################################################

    #
    # Check for some files and directories that we must have
    # to make this all work.
    #
    if test ! -f $PAM_CONF ; then
	$ECHO "$MOD: $PAM_CONF does not exist"
	exit 1
    fi

    # enable sunray authentication for CDE in $PAM_CONF

    # add Sun Ray PAM module if not already added
    # XXX important to also copy whatever dtlogin (no X server class)
    # XXX is using so that "dtlogin-SunRay" does the right thing
    $EGREP -is $SRLIBso $PAM_CONF
    if [ $? -eq 1 ]; then
	add_sr_to_PAM
    fi

    #
    # Tell dtlogin that SunRay is a valid X server class so that
    # it can register with PAM as the client name "dtlogin-SunRay".
    # This will also take care of dtsession, which will register
    # with PAM as the client name "dtsession-SunRay".
    #
    # This requires the following bugfix to be installed:
    #	4452627 dtlogin should register with PAM using a different
    #		client name when on SunRay
    #
    # Xconfig changes that need to be preserved over reboots need
    # to be made to a prototype Xconfig file. If that file does
    # not exist, we create it.
    #
    # XXX Note that this will only look for the valid class property
    # XXX which may or may not contain $SUNRAY_XSERVER_CLASS_TYPE.
    # XXX It is possible that other classes are in that property as
    # XXX well and we should preserve those.
    # XXX This is a bug which should be fixed.
    #
    if test ! -f $XCONFIG_ETC_DIR/$PROTO_XCONFIG ; then
	$MKDIR -p $XCONFIG_ETC_DIR
	$CP $XCONFIG_USR_DIR/$GENERIC_XCONFIG $XCONFIG_ETC_DIR/$PROTO_XCONFIG
    fi

    $EGREP -is "$VALID_PAM_CLASS_TAG" $XCONFIG_ETC_DIR/$PROTO_XCONFIG
    if [ $? -eq 1 ]; then
	$ECHO "$VALID_PAM_CLASS_TAG: $SUNRAY_XSERVER_CLASS_TYPE" \
					>> $XCONFIG_ETC_DIR/$PROTO_XCONFIG
    fi

    exit 0
