#!/bin/sh
#
# ident "@(#)preremove	1.2 03/02/07 SMI"
#
# Copyright 2002 Sun Microsystems, Inc.  All rights reserved.
#
# This script enables and disables sunray usage for CDE
# (dtlogin and dtsession). It modifies CDE X properties to
# add or remove properties that specify whether or not to use
# sunray, and it edits /etc/pam.conf to add or remove
# pam_sunray.so actions.
#
# This script requires that the following CDE patches be installed:
#
#	108919 (minimum -14)
#	109354 (minimum -13)
#

BASENAME="/bin/basename"
     MOD="`$BASENAME $0`"

EGREP="/bin/egrep"
   RM="/bin/rm -f"
  AWK="/bin/awk"
   MV="/bin/mv"
 ECHO="/bin/echo"
MKDIR="/bin/mkdir"
   CP="/bin/cp"
  SED="/bin/sed"

STRING="# Commented out by the patch 111891 "

   # if PKG_INSTALL_ROOT is not assigned from the env then
   # set it to an empty string, set -u in effect below
   #
   if [ -z "$PKG_INSTALL_ROOT" ]; then
	PKG_INSTALL_ROOT=""
   fi

   set -u

   SUNWUTLIB="${PKG_INSTALL_ROOT}${BASEDIR}/SUNWut/lib"

   # override these variables for debugging
   SCETC="/etc"
   SCTMP="/var/run"

     TMP="$SCTMP/$MOD.$$"
 TMP_SR="$TMP.PAMsr"
TMP_CONF="$TMP.pam.conf"

# CDE application names in pam.conf
  DTLOGIN="dtlogin-SunRay"
DTSESSION="dtsession-SunRay"
  DTLOGIN_OLD="dtlogin"
DTSESSION_OLD="dtsession"

PAM_CONF="$SCETC/pam.conf"

# PAM client name X server class (dtlogin/dtsession)
# requires fix for 4452627
XCONFIG_ETC_DIR="/etc/dt/config"
PROTO_XCONFIG="Xconfig.SUNWut.prototype"
VALID_PAM_CLASS_TAG="Dtlogin.validPAMclasses"
SUNRAY_XSERVER_CLASS_TYPE="SunRay"

# dtsession autounlock from PAM
# requires fix for 4430559
USR_CDE_DEFAULTS_DIR="/usr/dt/app-defaults/C"
ETC_CDE_DEFAULTS_DIR="/etc/dt/app-defaults/C"
DTSESSION_DEFAULTSFILE="Dtsession"
PAM_PROMPT_NOLOCK_PROP="noPamPromptNoLock"

# PAM modules info
SRLIB="${SUNWUTLIB}/pam_sunray.so"
SRLIBso="`$BASENAME $SRLIB | $AWK -F. '{print $1\".\"$2}'`"
PAM_UNIX='/usr/lib/security/$ISA/pam_unix.so.1'
PAM_UNIXso="`$BASENAME $PAM_UNIX | $AWK -F. '{print $1\".\"$2}'`"

SRTAG="SunRay Server Software"

#
# Remove the appname from the passed file
#
#    Usage: remove_PAM_prop {filename} {appname}
#
remove_PAM_prop ()
{

    FNAME="$1"
    APPNAME="$2"
    PROPNAME="$3"

    $AWK "{
	if (!(\$1 == \"$APPNAME\" && index(\$4, \"$PROPNAME\") > 0))
	    printf( \$0 \"\n\" );
	}" $FNAME >$TMP_SR 2>/dev/null

    if [ "$?" = 0 ] ; then
	$EGREP -v "$SRTAG" $TMP_SR >$FNAME
	$RM $TMP_SR
    else
	$RM $TMP_SR
	$ECHO "$MOD: error updating $FNAME"
	exit 1
    fi

}

#
# Remove sunray authentication for CDE from $PAM_CONF
#
remove_sr_from_PAM ()
{

    remove_PAM_prop $PAM_CONF $DTLOGIN 	`$BASENAME $SRLIBso`
    remove_PAM_prop $PAM_CONF $DTSESSION `$BASENAME $SRLIBso`
    remove_PAM_prop $PAM_CONF $DTLOGIN 	`$BASENAME $PAM_UNIXso`
    remove_PAM_prop $PAM_CONF $DTSESSION `$BASENAME $PAM_UNIXso`
    remove_PAM_prop $PAM_CONF $DTLOGIN_OLD `$BASENAME $SRLIBso`
    remove_PAM_prop $PAM_CONF $DTSESSION_OLD `$BASENAME $SRLIBso`

}

########################################################################
#                                                                      #
#			Main code starts here.                         #
#                                                                      #
########################################################################

    #
    # Check for some files and directories that we must have
    # to make this all work.
    #
    if test ! -f $PAM_CONF ; then
	$ECHO "$MOD: $PAM_CONF does not exist"
	exit 1
    fi

    # Restore the old $SRLIBso entries.
    $SED "/^$STRING/s///" $PAM_CONF > $TMP_SR
    $MV $TMP_SR $PAM_CONF

    #
    # CDE is considered disabled for sunray authentication
    # if the token $SRLIBso is not in $PAM_CONF
    #
    remove_sr_from_PAM

    #
    # Remove $SUNRAY_XSERVER_CLASS_TYPE from Xconfig.
    #
    # This requires the following bugfix to be installed:
    #	4452627 dtlogin should register with PAM using a different
    #		client name when on SunRay
    #
    # XXX Note that this will only look for the valid class property
    # XXX which may or may not contain $SUNRAY_XSERVER_CLASS_TYPE.
    # XXX It is possible that other classes are in that property as
    # XXX well and we should preserve those.
    # XXX This is a bug which should be fixed.
    #
    # XXX Should we do a diff between the config file in /etc and
    # XXX the one in /usr, and if they are the same, then remove
    # XXX the file in /etc?
    #
    if test -f $XCONFIG_ETC_DIR/$PROTO_XCONFIG ; then
	$EGREP -is $VALID_PAM_CLASS_TAG $XCONFIG_ETC_DIR/$PROTO_XCONFIG
	if [ $? -ne 1 ]; then
	    $EGREP -vi "$VALID_PAM_CLASS_TAG" $XCONFIG_ETC_DIR/$PROTO_XCONFIG >$TMP_SR
	    $MV $TMP_SR $XCONFIG_ETC_DIR/$PROTO_XCONFIG
	fi
    fi

    #
    # Remove the property that tells dtsession that it's OK to
    # unlock the screen without requiring user input if the PAM
    # module has validated the user.
    #
    # This requires the following bugfix to be installed:
    #	4430559 dtsession requires user input even if PAM says user
    #		is authenticated
    #
    # XXX How do we know what "language" to use for the dtsession
    # XXX defaults file? This is $LANG???
    #
    # XXX Should we do a diff between the config file in /etc and
    # XXX the one in /usr, and if they are the same, then remove
    # XXX the file in /etc?
    #
    # XXX Note that this makes the assumption that the property we
    # XXX want to remove is only in the /etc config file. Is this
    # XXX the best approach to take? This package's postinstall
    # XXX script only adds the property to the /etc file.
    #
    if test -f $ETC_CDE_DEFAULTS_DIR/$DTSESSION_DEFAULTSFILE ; then
	$EGREP -vi "$PAM_PROMPT_NOLOCK_PROP" $ETC_CDE_DEFAULTS_DIR/$DTSESSION_DEFAULTSFILE >$TMP_SR
	$MV $TMP_SR $ETC_CDE_DEFAULTS_DIR/$DTSESSION_DEFAULTSFILE
    fi

    exit 0
