#! /bin/sh
#
# @(#)bsmconv.sh 1.2 93/03/11 SMI
#
PROG=bsmunconv
STARTUP=/etc/security/audit_startup

permission()
{
cd /usr/lib
WHO=`id | cut -f1 -d" "`
if [ ! "$WHO" = "uid=0(root)" ]
then
	echo "$PROG: you must be super-user to run this script."
	exit 1
fi

RESP="x"
while [ "$RESP" != "y" -a "$RESP" != "n" ]
do
echo "This script is used disable the Basic Security Module (BSM)."
echo "Shall we continue the reversion to a non-BSM system now? [y/n]"
read RESP
done

if [ "$RESP" = "n" ]
then
	echo "$PROG: INFO: aborted, due to user request."
	exit 2
fi
}

bsmunconvert()
{
# Move the startup script aside

echo "$PROG: INFO: moving aside ${ROOT}/etc/security/audit_startup."
if [ -f ${ROOT}/etc/security/audit_startup ]
then
mv ${ROOT}/etc/security/audit_startup ${ROOT}/etc/security/audit_startup.sav
fi

# restore volume manager init file moved aside by bsmconv to prevent
# running volume manager when bsm is enabled

if [ ! -f ${ROOT}/etc/rc2.d/S92volmgt ]
then
    echo "$PROG: INFO: restore ${ROOT}/etc/rc2.d/S92volmgt."
    if [ -r ${ROOT}/etc/security/spool/S92volmgt ]
    then
	mv ${ROOT}/etc/security/spool/S92volmgt ${ROOT}/etc/rc2.d/S92volmgt
    else
	echo "$PROG: INFO: unable to restore file ${ROOT}/etc/rc2.d/S92volmgt."
    fi
fi

# Turn off auditing in the loadable module

if [ -f ${ROOT}/etc/system ]
then
	echo "$PROG: INFO: removing c2audit:audit_load from ${ROOT}/etc/system."
	grep -v "c2audit:audit_load" ${ROOT}/etc/system > /tmp/etc.system.$$
	mv /tmp/etc.system.$$ ${ROOT}/etc/system
else
	echo "$PROG: ERROR: can't find ${ROOT}/etc/system."
	echo "$PROG: ERROR: audit module may not be disabled."
fi
}

# main

permission

if [ $# -eq 0 ]
then
	ROOT=
	bsmunconvert
	echo
	echo "The Basic Security Module has been disabled."
	echo "Reboot this system now to come up without BSM."
else
	for ROOT in $@
	do
		bsmunconvert $ROOT
	done
	echo
	echo "The Basic Security Module has been disabled."
	echo "Reboot each system that was disabled to come up without BSM."
fi

exit 0
