#!/bin/sh
#
#    Copyright (c) 2004-2007 Brocade Communications Systems, Inc.
#    All rights reserved.
#
#    Module name: netlogincp.sh
#
#    This script will copy the /etc/pam.d/netlogin file and perform
#    the necessary shell logout. It is called by the PDM converter
#
PATH=/fabos/sbin:/fabos/bin:/bin:/usr/bin:/sbin

get_values()
{
	arg=$1
	if [ $arg -eq 1 ]; then
#		radius configuration
		lib_file="pam_radius_auth.so"
	elif [ $arg -eq 2 ]; then 
#		ldap configuration
		lib_file="pam_adldap_auth.so"
	elif [ $arg -eq 3 ]; then 
#		tacacs+ configuration
		lib_file="pam_tacplus_auth.so"
	else
#		niether radius nor ldap
		return
	fi

	grep $lib_file $PAM_CONF_LOGIN 2>&1 > /dev/null
	curr_val=$?
	grep $libfile $PAM_CONF_LOGIN | grep "optional" 2>&1 > /dev/null
	curr_local=$?
	grep $lib_file $PAM_CONF_LOGIN_NEW 2>&1 > /dev/null
	new_val=$?

	grep $lib_file $PAM_CONF_LOGIN_NEW | grep "optional" 2>&1 > /dev/null
	plus_local=$?

	if [ $arg -eq 1 ]; then
		grep "pam_fabos_log.so" $PAM_CONF_LOGIN_NEW | grep "radius_local" 2>&1 > /dev/null
	elif [ $arg -eq 2 ]; then
		grep "pam_fabos_log.so" $PAM_CONF_LOGIN_NEW | grep "adldap_local$" 2>&1 > /dev/null
	elif [ $arg -eq 3 ]; then
		grep "pam_fabos_log.so" $PAM_CONF_LOGIN_NEW | grep "tacplus_local$" 2>&1 > /dev/null
	fi
	plus_local2=$?
}

if [ $# -lt 3 ]; then
	exit
fi

echo "$0 $*"

PAM_CONF_LOGIN_NEW=$1
PAM_CONF_LOGIN=`echo "$1"| sed s%/mnt%%`
grep "pam_radius_auth.so" $PAM_CONF_LOGIN_NEW 2>&1 > /dev/null
radius_conf=$?
grep "pam_adldap_auth.so" $PAM_CONF_LOGIN_NEW 2>&1 > /dev/null
ldap_conf=$?
grep "pam_tacplus_auth.so" $PAM_CONF_LOGIN_NEW 2>&1 > /dev/null
tac_conf=$?
if [ "$PAM_CONF_LOGIN" == "/etc/pam.d/sshd" ]; then
	PAM_CONF_LOCAL="/etc/pam.d/sshd.noradius"
	PAM_CONF_RADIUS="/etc/pam.d/sshd.radius"
	PAM_CONF_RADIUS_LOCAL="/etc/pam.d/sshd.radius-local"
	PAM_CONF_RADIUS_LOCAL2="/etc/pam.d/sshd.radius-local2"
	PAM_CONF_LDAP="/etc/pam.d/sshd.adldap"
	PAM_CONF_LDAP_LOCAL="/etc/pam.d/sshd.adldap-local"
	PAM_CONF_LDAP_LOCAL2="/etc/pam.d/sshd.adldap-local2"
	PAM_CONF_TACACS="/etc/pam.d/sshd.tacplus"
	PAM_CONF_TACACS_LOCAL="/etc/pam.d/sshd.tacplus-local"
	PAM_CONF_TACACS_LOCAL2="/etc/pam.d/sshd.tacplus-local2"
else
	PAM_CONF_LOCAL="/etc/pam.d/login.noradius"
	PAM_CONF_RADIUS="/etc/pam.d/login.radius"
	PAM_CONF_RADIUS_LOCAL="/etc/pam.d/login.radius-local"
	PAM_CONF_RADIUS_LOCAL2="/etc/pam.d/login.radius-local2"
	PAM_CONF_LDAP="/etc/pam.d/login.adldap"
	PAM_CONF_LDAP_LOCAL="/etc/pam.d/login.adldap-local"
	PAM_CONF_LDAP_LOCAL2="/etc/pam.d/login.adldap-local2"	
	PAM_CONF_TACACS="/etc/pam.d/login.tacplus"
	PAM_CONF_TACACS_LOCAL="/etc/pam.d/login.tacplus-local"
	PAM_CONF_TACACS_LOCAL2="/etc/pam.d/login.tacplus-local2"	
fi
fver=$2
tver=$3
echo $PAM_CONF_LOGIN_NEW $PAM_CONF_LOGIN

if [ $radius_conf -eq 0 ]; then
	get_values 1
fi

if [ $ldap_conf -eq 0 ]; then
	get_values 2
fi

if [ $tac_conf -eq 0 ]; then
	get_values 3
fi

if [ $radius_conf -eq 0 ]; then
	if [ $plus_local -eq 0 ] && [ $plus_local2 -eq 0 ] && [ -f $PAM_CONF_RADIUS_LOCAL2 ]; then
		cp $PAM_CONF_RADIUS_LOCAL2 $PAM_CONF_LOGIN
	elif [ $plus_local -eq 0 ]; then
		cp $PAM_CONF_RADIUS_LOCAL $PAM_CONF_LOGIN
	elif [ $new_val -eq 0 ] && [ $plus_local -ne 0 ]; then
		cp $PAM_CONF_RADIUS $PAM_CONF_LOGIN
	fi
elif [ $ldap_conf -eq 0 ]; then 
	if [ $plus_local -eq 0 ] && [ $plus_local2 -eq 0 ] && [ -f $PAM_CONF_LDAP_LOCAL2 ]; then
		cp $PAM_CONF_LDAP_LOCAL2 $PAM_CONF_LOGIN
	elif [ $plus_local -eq 0 ]; then
		cp $PAM_CONF_LDAP_LOCAL $PAM_CONF_LOGIN
	elif [ $new_val -eq 0 ] && [ $plus_local -ne 0 ]; then
		cp $PAM_CONF_LDAP $PAM_CONF_LOGIN
	fi
elif [ $tac_conf -eq 0 ]; then 
	if [ $plus_local -eq 0 ] && [ $plus_local2 -eq 0 ] && [ -f $PAM_CONF_TACACS_LOCAL2 ]; then
		cp $PAM_CONF_TACACS_LOCAL2 $PAM_CONF_LOGIN
	elif [ $plus_local -eq 0 ]; then
		cp $PAM_CONF_TACACS_LOCAL $PAM_CONF_LOGIN
	elif [ $new_val -eq 0 ] && [ $plus_local -ne 0 ]; then
		cp $PAM_CONF_TACACS $PAM_CONF_LOGIN
	fi
else 
	cp $PAM_CONF_LOCAL $PAM_CONF_LOGIN
fi

sync

if [ $curr_val -eq 0 -a $new_val -ne 0 ] || [ $curr_val -ne 0 -a $new_val -eq 0 -a $plus_local -ne 0 ] || [ $curr_local -eq 0 -a $plus_local -ne 0 ]; then
		/fabos/libexec/usrlogout
fi
