#! /bin/sh
#
# Copyright 12/02/97 Sun Microsystems, Inc.  All Rights Reserved.
#
#ident "@(#)privsetup.sh   1.8     97/12/02 SMI"
#
#

# Define msg. file name and location
TEXTDOMAIN=TEXT_DOMAIN;  export TEXTDOMAIN
# this line used for testing
#TEXTDOMAINDIR=${ROOT}MESSAGE_DIR;  export TEXTDOMAINDIR
TEXTDOMAINDIR=MESSAGE_DIR;  export TEXTDOMAINDIR

ID=/usr/bin/id
RCP="/usr/bin/rcp -p"
RSH=/usr/bin/rsh 

TMPFILE=/tmp/nsmail.privsetup.$$

PROG="nsmail `basename $0`"


PKGNAME=SUNWhansm
HABIN=/opt/SUNWhadf/bin
HACLUST=/opt/SUNWhadf/clust_progs
HADSCONF=/etc/opt/SUNWhansm/hadsconf

ETCSKEY=/etc/skeykeys
BAKSKEY=/etc/skeykeys.`date '+%H.%M_%b%d%y'`
POSTSKEY=

HANSM=hansmail

# Netscape Mail config file
NSM_CONF=

# Netscape Mail daemon
NSM_PROG=NscpMail
LHOST=

MASTER=
MASTERPRIV=
NONMASTERS=
NONMASTERSPRIV=

MAILHOST=
MAILHOSTPRIV=
NONMAILHOSTS=
NONMAILHOSTSPRIV=


MYHOST=
MYHOSTPRIV=

MTAUID=
MTAGID=

STARTTAG="Start of lines added by Solstice HA-NSM"
ENDTAG="End of lines added by Solstice HA-NSM"


################################################################################
#
# message printing utilities
#
################################################################################
msgt()
{
	echo "\t\t  $*"
}

msg()
{
	echo  "$PROG: $*"
}

errmsg()
{
	errstr=`gettext "ERROR:"`
	msg  "$errstr $*" >&2
}

################################################################################
#
# cleanup [exitstatus]
#
################################################################################
cleanup()
{

	rm -f $TMPFILE >/dev/null 2>&1

	if [ "$1" -a "$1" != "0" ]; then
		if [ "$2" ]; then
			msg   "$2"
		fi
		msg `gettext "Did NOT complete successfully!"`
	fi

	if [ "$1" ]; then
		exit $1
	else
		exit 0
	fi

	return 0
}

################################################################################
#
# getprivlink <hostname>
#
# Find a working private link to hostname
#
################################################################################
getprivlink()
{
	if [ $# -ne 1 ]; then
		errmsg `gettext "getprivlink: should be called with 1 argument"`
		return 1
	fi 
	
	gpl_host=$1
	plink=""
	plinks="`haget -f private_links -h $gpl_host`"
	if [ $? -ne 0 ]; then
		MSGSTR=`gettext 'haget -f private_links -h %s failed'`
		errmsg `printf "$MSGSTR\n" "$gpl_host"`
		return 1
	fi
	for plink in $plinks ; do
		if ping $plink >/dev/null 2>&1 ; then
			echo $plink
			return 0
		fi
	done
	MSGSTR=`gettext 'Could not find a private working link to host "%s"'`
	errmsg `printf "$MSGSTR\n" "$gpl_host"`
	return 1
}

################################################################################
#
# remcopy <file> <src_host> <dest_host_list>
#
# Distribute a file from a source host to a list of destination hosts.
# 
################################################################################
remcopy()
{
	file=$1
	src_host=$2
	dest_hosts=$3

	for host in $dest_hosts; do
		#
		# Work around the fact specifying our local host name in a
		# rsh/rcp command will cause a permission error.
		#
		if [ "$host" = "$MYHOSTPRIV" ]; then
			host_str=
		else
			host_str="$host:"
		fi
	
		if [ "$src_host" = "$MYHOSTPRIV" ]; then
			src_host_str=
		else
			src_host_str="$src_host:"
		fi
		$RCP ${src_host_str}${file} ${host_str}${file}
		if [ $? -ne 0 ]; then
			MSGSTR=`gettext 'Failed to copy file "%s" from "%s" to "%s"'`
			errmsg `printf "$MSGSTR\n" "$file" "$src_host" "$host"`
			return 1
		fi 
	done
	return 0
}

################################################################################
#
# runonhost [-y] <host> <command> [ <args> ... ]
#
# Execute a command with it's arguments on a particular host.
# If the host is the local host, the command will execute locally,
# otherwise, the routine will use "rsh" to execute the command on the
# remote host.
#
# The return code of this routine will be the return code of the
# executed command.
#
# Normally, the rsh will execute with the -n option, unless this routine
# is called with -y as it's first argument.
#
# 
################################################################################
runonhost()
{
(
	if [ "$1" = "-y" ]; then
		shift
	else
		RSH="$RSH -n"
	fi

	rmhost=$1
	shift
	rmcmd=$1

	#
	# If rmhost is the local host, execute the command locally
	#
	if [ "$rmhost" = "$MYHOSTPRIV" ]; then
		eval $*
		return $?
	fi
	$RSH $rmhost sh -c "'$* ; echo \$? '" > $TMPFILE
	if [ $? -ne 0 ]; then
		MSGSTR=`gettext '%s failed to execute command "%s" on "%s"'`
		errmsg `printf "$MSGSTR\n" "$RSH" "$rmcmd" "$rmhost"`
		#
		# This is an rsh failure. We do not want to return to the caller
		# with an error code, because the caller might think that the remote
		# command failed and take on an erroneous code path, so we just exit.
		#
		cleanup 1; exit 1
	fi
	rmret=`tail -1 $TMPFILE`
	linecnt=`wc -l <$TMPFILE`
	linecnt=`expr $linecnt - 1`
	head -${linecnt}  $TMPFILE
	return $rmret
)	
}

################################################################################
#
# runonmany <hosts_list> <command> [ <args> ... ]
#
# Execute a command with it's argument on several hosts, provided in the 
# hosts_list.
#
# It will stop execution on the first failure and return the error code of this
# failure, otherwise will return 0.
#
################################################################################
runonmany ()
{
	rmhostlist=$1
	shift
	rmcmd=$1
	for rhost in $rmhostlist; do
		runonhost $rhost $*
		if [ $? -ne 0 ]; then
			MSGSTR=`gettext 'Remote command "%s" failed on "%s"'`
			errmsg `printf "$MSGSTR\n" "$rmcmd" "$rhost"`
			return 1
		fi
	done
	return 0
}

################################################################################
#
# hupit <host> <prog>
#
# Send a HUP signal to <prog> running on <host>.
# Note: uses ps -e to get pid.
#
################################################################################
hupit()
{
	huphost=$1
	hupprog=$2

	huppid=`runonhost $huphost "ps -e|grep $hupprog" 2>/dev/null`
	if [ -z "$huppid" ]; then
		MSGSTR=`gettext 'Failed to get process id of "%s" on "%s"'`
		errmsg `printf "$MSGSTR\n" "$hupprog" "$huphost"`
		return 1
	fi
	huppid=`echo $huppid | awk '{print $1}'`
	runonhost $huphost kill -HUP $huppid 2>/dev/null
	return $?
}

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

################################################################################
#
# initvars
#
# Initialize some variables
#
################################################################################
initvars() 
{

	PATH=${PATH}:${HABIN}:${HACLUST}
	export PATH

	. ds_utilities
	if [ $? -ne 0 ]; then
		errmsg `gettext "Error while sourcing ds_utilities"`
		return 1
	fi

	source_env_file $HADSCONF || return 1

	#
	# We can have only one instance of Netscape Mail configured
	#
	inst_count=`echo $_INST_LIST | wc -w`
	if [ $inst_count -ne 1 ]; then
		MSGSTR=`gettext '%s should contain one instance only, instead found %s instances'`
		errmsg `printf "$MSGSTR\n" "$HADSCONF" "$inst_count"`
		return 1
	fi

	LHOST=`get_config_param $_INST_LIST LOGICAL_HOST`
	NSM_CONF=`get_config_param $_INST_LIST CONF_FILE`

	#
	# Get the local host primary and private names.
	# We pick the first private name haget gives us.
	#
	MYHOST=`uname -n`
	MYHOSTPRIV=`getprivlink $MYHOST` || return 1
	

	MASTER="`haget -f master -h $LHOST`" ||  return 1
	if [ -z "$MASTER" ]; then
		MSGSTR=`gettext 'There is no current master for logical host "%s"'`
		errmsg `printf "$MSGSTR\n" "$LHOST"`
		return 1
	fi
	MASTERPRIV=`getprivlink $MASTER` || return 1

	#
	# Get a list of all non-master hosts that have this package installed.
	# From this list we create an equivalent list of private link names.
	#
	allhosts="`haget -f all_physical_hosts`" || return 1
	for h in $allhosts ; do
		if [ "$h" = "$MASTER" ]; then
			# Exclude the master from this list
			continue
		fi
		privh=`getprivlink $h` || return 1
		runonhost $privh pkginfo $PKGNAME >/dev/null 2>&1
		if [ $? -ne 0 ]; then
			# This host doesn't have the package installed. Ignore it.
			continue
		fi
		NONMASTERS="$NONMASTERS $h"
		NONMASTERSPRIV="$NONMASTERSPRIV $privh"
	done
		
	#
	# We want to make sure that the data service is in its "off" state
	# since we are pulling the rug under it
	#
	service=` nawk -F"=|;" ' { for(i=1;i<NF+1;i++) printf("%s ", $i); print "";} ' \
		$HADSCONF | nawk ' $1=="SERVICE" { print $2 } ' `
	if [ -z "$service" ]; then
		MSGSTR=`gettext 'Could not get service name from %s'`
		errmsg `printf "$MSGSTR\n" "$HADSCONF"`
		return 1
	fi
		
	#
	# if service not registered (which is ok with us), svc_on will be empty, 
	# so we treat is as  as a string.
	#
	svc_on=`haget -f service_is_on -s $service 2>/dev/null`
	if [ "$svc_on" = "1" ]; then
		MSGSTR=`gettext 'Service "%s" is in "on" state. Aborting.'`
		errmsg `printf "$MSGSTR\n" "$service"`
		return 1
	fi

	return 0
}

################################################################################
#
# confirm
#
# Confirm with the user that he wants us to do the work.
#
################################################################################ 
confirm()
{
	msg `gettext "This utility is about to replicate the changes to the private"`
	MSGSTR=`gettext 'file systems that were done on host "%s" by the Netscape Mail'`
	msgt `printf "$MSGSTR\n" "$MASTER"`
	MSGSTR=`gettext 'Server installation software, on host(s) "%s".'`
	msgt `printf "$MSGSTR\n" "$NONMASTERS"`
	MSGSTR=`gettext 'It assumes that host "%s", which is the current master'`
	msgt `printf "$MSGSTR\n" "$MASTER"`
	MSGSTR=`gettext 'of logical host "%s", is the host that the Netscape installation'`
	msgt `printf "$MSGSTR\n" "$LHOST"`
	msgt `gettext "was run on.  If this is not the case, or you just don't want to run"`
	msgt `gettext "this utility, answer \"n\" to the prompt. Otherwise, press <CR> or"`
	msgt `gettext "\"y\" to continue."`
	echo

	prompt=`gettext "Do you want to continue (y|n) [y] ?"`
	res=`ckyorn -d y -p "$prompt" `
	case $res in
	y)
		#
		# We will use through the rest of the program the MAIL*
		# variables when we want to refer to the host that Netscape Mail
		# was originally installed on, so we can replicated the installation
		# in the other potential masters.
		# The distinction between the current master and the mail host
		# will allow us in the future to support running this program
		# even when the logical host was moved from the original installation
		# host.
		#
		MAILHOST=$MASTER
		MAILHOSTPRIV=$MASTERPRIV
		NONMAILHOSTS=$NONMASTER
		NONMAILHOSTSPRIV=$NONMASTERSPRIV
		return 0
		;;
	n|q)
		msg `gettext "Quiting."`
		return 1
		;;
	esac

}
################################################################################
#
# checkcomm
#
# Check that we are able to communicate with sibling
#
################################################################################
checkcomm()
{

	runonmany "$NONMAILHOSTSPRIV" /usr/bin/true
	if [ $? -ne 0 ]; then
		errmsg `gettext "Failed communication test"`
		return 1
	fi

	msg `gettext "Passed communication check"`

	return 0
}

################################################################################
#
# cpmailconf()
# 
# Copy from the mail host the netscape.mail.conf config file to other hosts
# and source it in.
#  
# Sourcing this file adds the following variables:
# DomainName, PostOffice, ProgramDir, MailboxDir, MailUserName, NewUserForms
#
################################################################################
cpmailconf() 
{

	#
	# Fix for Netscape Mail 3.0: the value of the new variable 'MessageHostName' 
	# in /etc/netscape.mail.conf needs to be changed from the physical
	# host to the logical host.
	#
	runonhost $MAILHOSTPRIV "grep MessageHostName=$MAILHOST $NSM_CONF" >/dev/null 2>&1
	if [ $? -eq 0 ] ; then
		runonhost -y $MAILHOSTPRIV ed -s $NSM_CONF <<EOF 2>/dev/null
/^MessageHostName=/s/=$MAILHOST/=$LHOST/
w
q
.
EOF
	fi

	remcopy  $NSM_CONF $MAILHOSTPRIV "$NONMAILHOSTSPRIV" || return 1

	MSGSTR=`gettext 'Copied %s'`
	msg `printf "$MSGSTR\n" "$NSM_CONF"`
	. $NSM_CONF
	if [ $? -ne 0 ]; then
		MSGSTR=`gettext 'Error while sourcing %s'`
		errmsg `printf "$MSGSTR\n" "$NSM_CONF"`
		return 1
	fi

	return 0
}

################################################################################
#
# vrfyids
# 
# Verify that the uid and gid of the mail system, as specified in 
# netscape.mail.conf, exist on all hosts and are the same as on the mail host.
#  
################################################################################
vrfyids() 
{

	temp=`runonhost $MAILHOSTPRIV $ID $MailUserName 2>/dev/null`
	if [ $? -ne 0 ]; then
		MSGSTR=`gettext 'User "%s" does not exist on host "%s"'`
		errmsg `printf "$MSGSTR\n" "$MailUserName" "$MAILHOST"`
		return 1
	fi
	
	MTAUID=`echo $temp | sed 's/uid=\([0-9]*\).*/\1/'`
	MTAGID=`echo $temp | sed 's/.*gid=\([0-9]*\).*/\1/'`

	for host in $NONMAILHOSTSPRIV ; do
		temp=`runonhost $host $ID $MailUserName 2>/dev/null`
		if [ $? -ne 0 ]; then
			MSGSTR=`gettext 'User "%s" does not exist on host "%s"'`
			errmsg `printf "$MSGSTR\n" "$MailUserName" "$host"`
			return 1
		fi
		temp2=`echo $temp | sed 's/uid=\([0-9]*\).*/\1/'`
		if [ $MTAUID -ne $temp2 ]; then
			MSGSTR=`gettext 'The user id of user "%s" on host "%s" does not match'`
			errmsg `printf "$MSGSTR\n" "$MailUserName" "$host"` 
			MSGSTR=`gettext 'the one on the mail server "%s"'`
			msgt `printf "$MSGSTR\n" "$MAILSERVER"`
			return 1
		fi
		temp2=`echo $temp | sed 's/.*gid=\([0-9]*\).*/\1/'`
		if [ $MTAGID -ne $temp2 ]; then
			MSGSTR=`gettext 'The group id of user "%s" on host "%s" does not match'`
			errmsg `printf "$MSGSTR\n" "$MailUserName" "$host"` 
			MSGSTR=`gettext 'the one on the mail server "%s"'`
			msgt `printf "$MSGSTR\n" "$MAILSERVER"`
			return 1
		fi
	done

	MSGSTR=`gettext 'Verified that user "%s" has the same uid (%s) and gid (%s)'`
	msg `printf "$MSGSTR\n" "$MailUserName" "$MTAUID" "$MTAGID"`
	msgt `gettext 'on all possible mail servers'`

	return 0
}

################################################################################
#
# stopnsmail
#
# stop Nestscape Mail if it is running
#
################################################################################
stopnsmail()
{

	for host in $MAILHOSTPRIV $NONMAILHOSTSPRIV; do
		nsmail_pid=`runonhost $host "ps -e|grep $NSM_PROG" 2>/dev/null`
		if [ ! -z "$nsmail_pid" ]; then
			nsmail_pid=`echo $nsmail_pid | awk '{print $1}'`
			runonhost $host kill $nsmail_pid 2>/dev/null
			MSGSTR=`gettext 'Shutdown existing Netscape Mail process on "%s"'`
			msg `printf "$MSGSTR\n" "$host"`
		fi
	done
}

################################################################################
#
# skeys
#
# Set up the file /etc/skeykeys on all machines to be a symbolic link
# to a file in the multi-host disk. We will put it in our HA subdir of the $Postffice
# directory.
#
################################################################################
skeys() 
{
	POSTSKEY=$PostOffice/$HANSM/skeykeys

	runonhost $MAILHOSTPRIV  ls $ETCSKEY >/dev/null 2>&1
	if [ $? -ne 0 ]; then
		#
		# It turns out that Netscape Mail 3.0 does not install
		# this file, so if we don't find it, we bail out
		# of this routine.
		#
		IS_SKEY=0
		return 0
	fi

	IS_SKEY=1
	runonhost $MAILHOSTPRIV test  -d $PostOffice/$HANSM  
	if [ $? -ne 0 ]; then
		# directory does not exist, create it
		runonhost $MAILHOSTPRIV mkdir $PostOffice/$HANSM || return 1
	fi

	runonhost $MAILHOSTPRIV test -h $ETCSKEY
	if [ $? -eq 0 ]; then
		#
		# The file in /etc is a symlink. Could be from a previous run.
		# We'll remove it at re-link just in case something changed.
		# If the file on the multi-host disk does not exist, create it.
		#
		cmd="test -f $POSTSKEY || touch $POSTSKEY; rm $ETCSKEY;  \
			ln -s $POSTSKEY $ETCSKEY"
		runonhost $MAILHOSTPRIV "$cmd" || return 1
	else
		#
		# The file in /etc is a regular file. Back it up and make a symlink to
		# the file in the multi-host disk. If the later file does not exist,
		# make a copy from the file in /etc.
		#
		cmd="test -f $POSTSKEY || cp $ETCSKEY $POSTSKEY; mv $ETCSKEY $BAKSKEY;  \
			ln -s $POSTSKEY $ETCSKEY"
		runonhost $MAILHOSTPRIV "$cmd" || return 1
	fi

		

	for host in $NONMAILHOSTSPRIV; do
		runonhost $host ls $ETCSKEY >/dev/null 2>&1
		if [ $? -ne 0 ]; then
			runonhost $host ln -s $POSTSKEY $ETCSKEY || return 1
		else
			runonhost $host test -h $ETCSKEY
			if [ $? -eq 0 ]; then
				runonhost $host "rm $ETCSKEY; ln -s $POSTSKEY $ETCSKEY"  \
					|| return 1
			else
				runonhost $host "mv $ETCSKEY $BAKSKEY; ln -s $POSTSKEY $ETCSKEY" \
					|| return 1
			fi
		fi
	done

	MSGSTR=`gettext 'Linked %s to %s'`
	msg `printf "$MSGSTR\n" "$ETCSKEY" "$POSTSKEY"`

	return 0
}

################################################################################
#
# libs
#
# Make symbolic links from /usr/lib to the Nescape libraries
#
################################################################################
libs() 
{

	#
	# To add a new library, just add a variable that it's value is the
	# library path in /usr/lib, a corresponding LH_* empty variable, 
	# and update the variable LIBVARS with the varibale name.
	#
	LIBMAIL=/usr/lib/libNSmail.so; LH_LIBMAIL=
	LIBMATCH=/usr/lib/libNSmatch.so; LH_LIBMATCH=
	LIBCACHE=/usr/lib/liblcache10.so; LH_LIBCACHE=
	LIBLDAP=/usr/lib/libldap10.so; LH_LIBLDAP=

	LIBVARS="LIBMAIL LIBMATCH LIBCACHE LIBLDAP"

	DATESTR=`date '+%H.%M_%b%d%y'`

	#
	# Get the symbolic links for all the libraries from the mail server
	#
	for libvar in $LIBVARS; do
		eval "lib=\$$libvar"	
		runonhost $MAILHOSTPRIV test -h $lib
		if [ $? -ne 0 ]; then
			#
			# LIBMAIL and LIBMATCH should be in any Netscape Mail server, from
			# NS-Mail 2.0 and onwards.
			# This is a minimal attempt to do some sanity check
			# of the Netscape Mail Server installation, without making
			# the code specific to each NS-Mail version.
			# 
			if [ "$libvar" = "LIBMAIL" -o "$libvar" = "LIBMATCH" ]; then
				MSGSTR="`gettext 'File %s should be a symbolic link on host %s, but it is not'`"
				errmsg `printf "$MSGSTR\n" "$lib" "$MAILHOST"`
				return 1
			else
				continue
			fi
		fi
		temp="`runonhost $MAILHOSTPRIV ls -l $lib`"
		# extract the symbolic link string
		temp=`echo $temp | sed 's/.*->[ 	]*//'`
		# asign the symlink to the corresponding LH_* variable
		eval "LH_$libvar=$temp"
	done

	for libvar in $LIBVARS ; do
		for host in $NONMAILHOSTSPRIV; do
			eval "lib=\$$libvar"
			eval "lhlib=\$LH_${libvar}"
			if [ -z "$lhlib" ]; then
				continue 2
			fi
			runonhost $host test -f $lib -a ! -h $lib
			if [ $? -eq 0 ]; then
				#
				# This is a real file. back it up and
				# create the symlink.
				#
				runonhost $host "mv $lib $lib.$DATESTR; ln -s $lhlib $lib" \
					|| return 1
			else
				#
				# Either a symlink or does not exist. 
				#
				runonhost $host "rm -f $lib; ln -s $lhlib $lib" \
					|| return 1
			fi 
		done
		MSGSTR=`gettext 'Linked %s to %s'`
		msg `printf "$MSGSTR\n" "$lib" "$lhlib"`
	done
	return 0
			
}

################################################################################
#
# fingerd
#
# Disable fingerd on this server (if it's disbaled on the sibling).
#
################################################################################
fingerd()
{

	INETDCONF=/etc/inetd.conf
	tmpinet=/tmp/inetd.conf.$$

	cmd="grep \"^[ \t]*finger\" $INETDCONF"
	runonhost $MAILHOSTPRIV "$cmd" >/dev/null 2>&1
	case $? in
	0)
		# fingerd is enabled on mail host
		mh_finger=1
		;;
	1)
		# fingerd is disabled on mail host
		mh_finger=0
		;;
	*)
		MSGSTR=`gettext 'Could not access "%s" on "%s"'`
		errmsg `printf "$MSGSTR\n" "$INETDCONF" "$MAILHOSTPRIV"`
		return 1
		;;
	esac

	for host in $NONMAILHOSTSPRIV; do
		runonhost $host "$cmd" >/dev/null 2>&1
		case $? in
		0)
			# fingerd is enabled on this host
			nonmh_finger=1
			;;
		1)
			# fingerd is disabled on $host
			nonmh_finger=0
			;;
		*)
			MSGSTR=`gettext 'Could not access "%s" on "%s"'`
			errmsg `printf "$MSGSTR\n" "$INETDCONF" "$host"`
			return 1
			;;
		esac


		if [ $mh_finger -eq 1 -a $nonmh_finger -eq 0 ]; then
			#
			# mail host has fingerd enabled, and $host has it disabled.
			# Enable fingerd on $host.
			#
			runonhost $host grep \"$STARTTAG\" $INETDCONF >/dev/null 2>&1
			grepstat=$?
			if [ $grepstat -eq 2 ]; then
				MSGSTR=`gettext 'Could not access "%s" on "%s"'`
				errmsg `printf "$MSGSTR\n" "$INETDCONF" "$host"`
				return 1
			fi

			if [ $grepstat -eq 0 ]; then
				cmd2="cp $INETDCONF $tmpinet; sed -e \"/$STARTTAG/,/$ENDTAG/d\" \
					$tmpinet > $INETDCONF; rm -f $tmpinet"
				runonhost $host "$cmd2"
				if [ $? -ne 0 ]; then
					MSGSTR=`gettext 'Failed to edit "%s" on "%s"'`
					errmsg `printf "$MSGSTR\n" "$INETDCONF" "$host"`
					return 1
				fi
			fi

			runonhost -y $host "cat >> $INETDCONF" <<EOF
# $STARTTAG
finger	stream	tcp	nowait	nobody	/usr/sbin/in.fingerd	in.fingerd
# $ENDTAG
EOF
			if [ $? -ne 0 ]; then
				MSGSTR=`gettext 'Failed to modify "%s" on "%s"'`
				errmsg `printf "$MSGSTR\n" "$INETDCONF" "$host"`
				return 1
			fi

			hupit $host inetd || return 1
			MSGSTR=`gettext 'Enabled "fingerd" on "%s"'`
			msg `printf "$MSGSTR\n" "$host"`

		elif [ $mh_finger -eq 0 -a $nonmh_finger -eq 1 ]; then
			#
			# mail host has fingerd disbaled, and $host has it enabled.
			# Disbale it on $host.
			#
			cmd2="cp $INETDCONF $tmpinet; sed -e \"/$STARTTAG/,/$ENDTAG/d\" \
				-e \"/^[ \t]*finger/d\" $tmpinet > $INETDCONF; rm -f $tmpinet"
			runonhost $host "$cmd2"
			if [ $? -ne 0 ]; then
				MSGSTR=`gettext 'Failed to edit "%s" on "%s"'`
				errmsg `printf "$MSGSTR\n" "$INETDCONF" "$host"`
				return 1
			fi

			hupit $host inetd || return 1
			MSGSTR=`gettext 'Enabled "fingerd" on "%s"'`
			msg `printf "$MSGSTR\n" "$host"`

		fi
	done
			
	return 0
}

################################################################################
#
# mvsendmail
#
# Stop sendmail.
# Move the Solaris sendmail to a backup file and make a link to Netscape sendmail.
# Start the solaris sendmail in a queue drain mode. 
#
################################################################################
mvsendmail() 
{

	SENDMAIL=/usr/lib/sendmail

	for host in $NONMAILHOSTSPRIV; do
		runonhost $host /etc/init.d/sendmail stop >/dev/null 2>&1

		runonhost $host  test -f $SENDMAIL -a ! -h $SENDMAIL
		if [ $? -eq 0 ]; then
			runonhost $host "mv $SENDMAIL ${SENDMAIL}.bak; \
				ln -s $ProgramDir/bin/sendmail $SENDMAIL" || return 1
		else
			runonhost $host "test -h $SENDMAIL && rm -f $SENDMAIL; \
				ln -s $ProgramDir/bin/sendmail $SENDMAIL" || return 1
		fi

		runonhost $host /etc/init.d/SUNWhansm start || return 1
	done

	runonhost $MAILHOSTPRIV /etc/init.d/SUNWhansm start || return 1

	MSGSTR=`gettext 'Linked %s to %s'`
	msg `printf "$MSGSTR\n" "$SENDMAIL" "$ProgramDir/bin/sendmail"`
	msg `gettext 'Started Solaris sendmail to drain private mail queue'`
	return 0
}


################################################################################
#
# chgperm
#
# Chnage permissions and ownership on some files
#
################################################################################
chgperm() 
{

	if [ $IS_SKEY -eq 1 ]; then
		runonhost $MAILHOSTPRIV chmod 750 $PostOffice/$HANSM
		runonhost $MAILHOSTPRIV chown $MTAUID $PostOffice/$HANSM
		runonhost $MAILHOSTPRIV chgrp $MTAGID $PostOffice/$HANSM

		runonhost $MAILHOSTPRIV chmod 664 $POSTSKEY
		runonhost $MAILHOSTPRIV chgrp $MTAGID $POSTSKEY

		runonmany "$NONMAILHOSTSPRIV" chgrp -h $MTAGID $ETCSKEY
	fi

	runonmany "$NONMAILHOSTSPRIV" chgrp $MTAGID $NSM_CONF
	runonmany "$NONMAILHOSTSPRIV" chmod 444 $NSM_CONF

	runonmany "$NONMAILHOSTSPRIV" chgrp -h $MTAGID /usr/lib/sendmail

	runonmany "$NONMAILHOSTSPRIV" chmod g+s /var/mail

	msg `gettext "Changed permissions on a few files"`

	return 0
}


################################################################################
#
# Main
#
################################################################################

TRAPSIGNALS="1 2 3 15"
trap "cleanup 1" $TRAPSIGNALS


#
# Check for root
#
uid=`${ID}` 
if [ $? -ne 0 ]; then 
	errmsg `gettext "Cannot get user id"` 
	cleanup 1 
fi       
uid=`set -- ${uid}; echo $1` 
if [ "${uid}" != "uid=0(root)" ]; then
	errmsg `gettext "This program must be executed by root"` 
	cleanup 1 
fi

initvars || cleanup 1
confirm || cleanup 1
checkcomm || cleanup 1
cpmailconf || cleanup 1
vrfyids || cleanup 1
stopnsmail || cleanup 1
skeys || cleanup 1
libs || cleanup 1
fingerd || cleanup 1
mvsendmail || cleanup 1
chgperm || cleanup 1

msg `gettext "Completed successfully!"`
cleanup 0
