#!/bin/sh
#
# ident "@(#)preremove.src	1.16 02/10/17 SMI"
#
# Copyright 2001-2002 Sun Microsystems, Inc.  All rights reserved.
#
# This script disables sunray usage for CDE (dtlogin). It removes a
# CDE X property that tells dtlogin (and dtsession) to register
# with PAM using the "-SunRay" extension to the PAM client name.
#
# This script also edits /etc/pam.conf to remove pam_sunray.so actions.
#
# Properties for dtsession are controlled via the Xsession.d/0100.SUNWut
# script.
#
# This script requires that the following CDE patches be installed:
#
#	108919 (minimum -14)
#	109354 (minimum -13)
#

BASENAME="/bin/basename"
     MOD="`$BASENAME $0`"

EGREP="/bin/egrep"
   RM="/bin/rm -f"
  AWK="/bin/awk"
   MV="/bin/mv"
 ECHO="/bin/echo"
MKDIR="/bin/mkdir"
   CP="/bin/cp"

   # if PKG_INSTALL_ROOT is not assigned from the env then
   # set it to an empty string, set -u in effect below
   #
   if [ -z "$PKG_INSTALL_ROOT" ]; then
	PKG_INSTALL_ROOT=""
   fi

   set -u

   SUNWUTLIB="${PKG_INSTALL_ROOT}${BASEDIR}/SUNWut/lib"

   # override these variables for debugging
   SCETC="/etc"
   SCTMP="/var/run"

     TMP="$SCTMP/$MOD.$$"
 TMP_SR="$TMP.PAMsr"
TMP_CONF="$TMP.pam.conf"

# CDE application names in pam.conf
  DTLOGIN="dtlogin-SunRay"
DTSESSION="dtsession-SunRay"

PAM_CONF="$SCETC/pam.conf"

# PAM client name X server class (dtlogin/dtsession)
# requires fix for 4452627
XCONFIG_ETC_DIR="/etc/dt/config"
PROTO_XCONFIG="Xconfig.SUNWut.prototype"
VALID_PAM_CLASS_TAG="Dtlogin.validPAMclasses"
SUNRAY_XSERVER_CLASS_TYPE="SunRay"

# PAM modules info
SRLIB="${SUNWUTLIB}/pam_sunray.so"
SRLIBso="`$BASENAME $SRLIB | $AWK -F. '{print $1\".\"$2}'`"

SRTAG="SunRay Server Software"

#
# Remove the appname from the passed file
#
#    Usage: remove_PAM_prop {filename} {appname}
#
remove_PAM_prop ()
{

    FNAME="$1"
    APPNAME="$2"

    $AWK "{
	if (!(\$1 == \"$APPNAME\"))
	    printf( \$0 \"\n\" );
	}" $FNAME >$TMP_SR 2>/dev/null

    if [ "$?" = 0 ] ; then
	$EGREP -v "$SRTAG" $TMP_SR >$FNAME
	$RM $TMP_SR
    else
	$RM $TMP_SR
	$ECHO "$MOD: error updating $FNAME"
	exit 1
    fi

}

#
# Remove sunray authentication for CDE from $PAM_CONF
#
remove_sr_from_PAM ()
{

    remove_PAM_prop $PAM_CONF $DTLOGIN		# `$BASENAME $SRLIBso`
    remove_PAM_prop $PAM_CONF $DTSESSION	# `$BASENAME $SRLIBso`

}

########################################################################
#                                                                      #
#			Main code starts here.                         #
#                                                                      #
########################################################################

    #
    # Check for some files and directories that we must have
    # to make this all work.
    #
    if test ! -f $PAM_CONF ; then
	$ECHO "$MOD: $PAM_CONF does not exist"
	exit 1
    fi

    #
    # CDE is considered disabled for sunray authentication
    # if the token $SRLIBso is not in $PAM_CONF
    #
    remove_sr_from_PAM

    #
    # Remove $SUNRAY_XSERVER_CLASS_TYPE from Xconfig.
    #
    # This requires the following bugfix to be installed:
    #	4452627 dtlogin should register with PAM using a different
    #		client name when on SunRay
    #
    # XXX Note that this will only look for the valid class property
    # XXX which may or may not contain $SUNRAY_XSERVER_CLASS_TYPE.
    # XXX It is possible that other classes are in that property as
    # XXX well and we should preserve those.
    # XXX This is a bug which should be fixed.
    #
    # XXX Should we do a diff between the config file in /etc and
    # XXX the one in /usr, and if they are the same, then remove
    # XXX the file in /etc?
    #
    if test -f $XCONFIG_ETC_DIR/$PROTO_XCONFIG ; then
	$EGREP -is $VALID_PAM_CLASS_TAG $XCONFIG_ETC_DIR/$PROTO_XCONFIG
	if [ $? -ne 1 ]; then
	    $EGREP -vi "$VALID_PAM_CLASS_TAG" $XCONFIG_ETC_DIR/$PROTO_XCONFIG >$TMP_SR
	    $MV $TMP_SR $XCONFIG_ETC_DIR/$PROTO_XCONFIG
	fi
    fi

    exit 0
