# Fabos profile
# if the operator has logged in as 'root' or 'factory' attempt to
# display some indemnifying remarks


if [ $SHLVL -eq 1 ]; then
	if [ "$SWLOGNAME" = "root"  -o  "$SWLOGNAME" = "factory" ]; then
		if [ -f /fabos/share/disclaimer ]; then
			/bin/cat /fabos/share/disclaimer  2> /dev/null
		fi
	fi

#	display RRD triggered information to telnet user if it is.
	/sbin/bootcount -c 2>/dev/null
fi

#Check for FIPS mode
checkFipsMode() {
    	# "config get" for fips mode returns value only if called from
   	# default VF. So, temporarily set FABOS_SWITCHNO to 0 and then
    	# revert it back to its original value after "config get"
    	FABOS_SWITCHNO_TEMP=$FABOS_SWITCHNO
    	FABOS_SWITCHNO=0
    	retVal1=`/fabos/cliexec/config get fips.mode 2`
    	retVal2=`/fabos/cliexec/config get fips.simulate 2`
    	FABOS_SWITCHNO=$FABOS_SWITCHNO_TEMP
	retVal=0

	if [ $retVal1 -eq 1 ]; then
		return $retVal1
	elif [ $retVal2 -eq 1 ];  then
		return $retVal2
	else 
		return $retVal
	fi

}
# Set below variable to 1 to not print bootprom and root account status at login
# if either of them are disabled
fips_check_enable=1

if [ $fips_check_enable -ne 1 ]; then

	FABOS_SWITCHNO_TEMP=$FABOS_SWITCHNO
	FABOS_SWITCHNO=0
	checkFipsMode
	retVal=$?
	if [ $retVal -eq 1 ]; then
		fipsmode=1
		selftests_message_delimiter=", "
		fipsmode_message="FIPS mode enabled"
	else
		fipsmode=0
	fi
	FIPSCFGFILE="/etc/fabos/fips_selftests.conf"
	if [ -r $FIPSCFGFILE ]; then
		read retVal <$FIPSCFGFILE
	else
		retVal=0
	fi
	if [ $retVal -eq 3 ]; then
		fipsselftests=1
		selftests_message="Selftests enabled"
		fipsselftests_message="$selftests_message_delimiter$selftests_message"
	else
		fipsselftests=0
	fi
	FABOS_SWITCHNO=$FABOS_SWITCHNO_TEMP

	/sbin/bootenv AutoLoadTimeout 2>/dev/null | grep -x 0 1>/dev/null
	AutoLoadTimeoutEnabled=`echo $?`
	if [ $AutoLoadTimeoutEnabled -eq 0 ]; then
		bootpromdisable=1
		bootpromdisable_message="Bootprom access disabled"
		rootdisable_message_delimiter=", "
	else
		bootpromdisable=0
	fi

	/fabos/bin/userconfig --show root 2>/dev/null | grep -x "Enabled: No" 1>/dev/null
	RootEnabled=`echo $?`
	if [ $RootEnabled -eq 0 ]; then
		rootdisable=1
		root_message="Root account is disabled"
		rootdisable_message="$rootdisable_message_delimiter$root_message"
	else
		rootdisable=0
	fi

	if [ $fipsmode -eq 1 ] || [ $fipsselftests -eq 1 ] || [ $bootpromdisable -eq 1 ] || [ $rootdisable -eq 1 ]; then
		display_message="#####INFO: Following FIPS configuration is active:#####"
		display_end_message="#######################################################"
		/bin/echo $display_message
		/bin/echo "$fipsmode_message$fipsselftests_message"
		/bin/echo "$bootpromdisable_message$rootdisable_message"
		/bin/echo $display_end_message
	fi
fi

export OPENSSL_CONF="/etc/fabos/openssl.cnf"

# Unset the function checkFipsMode, so that it is not exported as CLI
unset -f checkFipsMode
