#!/bin/ksh -p
#
# ident "@(#)utconfig.ksh	1.155 05/08/14 SMI"
#
# Copyright 1999-2005 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#

unset JAVA_HOME
unset CLASSPATH
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
PROGRAM_ID=$(basename $0)
THIS_HOST=$(uname -n)

# For Debug output uncomment the next 2 lines 
#PS4='[$LINENO]+ '
#set -x

# 
# See if G_MEDIA_DIR is already defined.
#
# Must be named G_MEDIA_DIR to match the install framework
# because sras_config depends on it and is also invoked
# from the M20SRAS install module.
#
if [[ -z $G_MEDIA_DIR ]] ; then

  # get the full pathname of the command
  typeset THIS_COMMAND=$(whence $0)

  # location of this package (ex. /opt/SUNWut, cdrom)
  typeset PRODUCT_DIR=${THIS_COMMAND%/*}
  PRODUCT_DIR=${PRODUCT_DIR:-`pwd`}/..


  # pathname of the install library directory
  G_MEDIA_DIR=${PRODUCT_DIR}/lib

fi # -z $G_MEDIA_DIR

ETC_OPT_UT="/etc/opt/SUNWut"
VAR_OPT_UT="/var/opt/SUNWut"
UT_HTTP_BIN="/opt/SUNWut/http/bin"	# XXX Needs to be relocatable <===
UT_HTTP_ETC="$ETC_OPT_UT/http"
UT_HTTP_VAR="$VAR_OPT_UT/http"
UT_SRDS_ETC="$ETC_OPT_UT/srds"

TMP_DIR_PATH="${VAR_OPT_UT}/tmp"
TMP_PROGID=${TMP_DIR_PATH}/$PROGRAM_ID.$$

trap "rm -rf ${TMP_PROGID}.*; stty echo </dev/tty; exit 1" HUP INT QUIT TERM

TMP_FILE="${TMP_PROGID}.tmp"
TMP_CONF_FILE="${TMP_PROGID}.conf"
TMP_INSERT_FILE="${TMP_PROGID}.insert"
TMP_REP_FILE="${TMP_PROGID}.rep"

BEFORE="before.$PROGRAM_ID"
DBM_FILES_PATH="${VAR_OPT_UT}/ndbm"
SMARTCARD_FILES_PATH="${ETC_OPT_UT}/smartcard"
AUTHPROPS="${ETC_OPT_UT}/auth.props"
UTADMIN_GROUP="utadmin"
HTTP_CFG=$UT_HTTP_ETC/utadmin.httpd.conf
ADMINGID=""

# This file is created by the command /opt/SUNWbb/bin/bbmkuser 
USER_CONF=/var/opt/SUNWbb/users.conf

# Kiosk.conf file
KIOSK_CONF_TEMPLATE=${VAR_OPT_UT}/kiosk/kiosk.conf.template
KIOSK_CONF=${VAR_OPT_UT}/kiosk/kiosk.conf


Usage() {
  print -u2 "Usage: $PROGRAM_ID $PROGRAM_OPTS"
  exit 1
}

CheckUidIsZero() {
  case "$(id)" in
    'uid=0('*) return 0;;  # uid is zero
    *)         Fatal "must be run as UID 0 (root)";;
  esac
}

CleanupAndExit() {
  rm -rf ${TMP_PROGID}.*
  exit $1
}

Fatal() {
  print -u2 "$PROGRAM_ID: fatal, $1"
  exit 1
}

Note() {
  print -u2 "$PROGRAM_ID: note, $1"
  return 0
}

#
# Platform dependencies set here
#
SetPlatformDependencies () {
  UT_BASEDIR="$(cd ${ETC_OPT_UT}/basedir; /bin/pwd)"
  #
  # !!!!!! Note: must use '/bin/pwd' in above, shell built-n does not
  # report the "real" directory path.

  # Define the command to start and stop the SRDS daemon
  #
  UTDSD_CMD=/etc/init.d/utds

  case "$OS" in # {
  SunOS)
    # Define Solaris specific LDAP variables
    #
    LCL_PACKAGE="SUNWlldap"

    # Define Linux versions of LDAP client commands
    #
    # XXX NOTE: Need to address Solaris beyond 9	<===
    #
    LDAPADD="/usr/bin/ldapadd"
    LDAPSEARCH="/usr/bin/ldapsearch -L"
    LDAPMODIFY="/usr/bin/ldapmodify"

    # Define Solaris specific filenames
    #
    ETCSERVICES="/etc/inet/services"
    DHCPCONFIG="/var/dhcp/dhcptab"

    # On Linux gdbm is used instead of ndbm. Only one file is
    # needed for gdbm instead of the two needed for ndbm.
    #
    DBM_DSTATUS="dstatus.dir"
    DBM_DSTATUS_PAG="dstatus.pag"
    DBM_USTATUS="ustatus.dir"
    DBM_USTATUS_PAG="ustatus.pag"
    ;;

  Linux)
    # Define Linux specific LDAP variables
    # Determine which LDAP client package is installed
    #
    LCL_PACKAGE="$(rpm -qf /usr/bin/ldapadd 2>/dev/null)"

    # Define Linux versions of LDAP client commands
    #
    # openldap-clients default to SASL authentication but SRDS does not
    # support it.  Need to use -x to use the older simple authentication.
    #
    LDAPADD="/usr/bin/ldapadd -h ${THIS_HOST} -x"
    LDAPSEARCH="/usr/bin/ldapsearch -h ${THIS_HOST} -x -LLL"
    LDAPMODIFY="/usr/bin/ldapmodify -h ${THIS_HOST} -x"

    # Define Linux specific filenames
    #
    ETCSERVICES="/etc/services"
    DHCPCONFIG="/etc/dhcpd.conf"
    #
    # On Linux gdbm is used instead of ndbm. Only one file is
    # needed for gdbm instead of the two needed for ndbm.
    #
    DBM_DSTATUS="dstatus"
    DBM_DSTATUS_PAG=""
    DBM_USTATUS="ustatus"
    DBM_USTATUS_PAG=""
    ;;

  *)
    Fatal "unknown OS name $OS"
    ;;
  esac # }
}

UTInstalled() {
  ${G_MEDIA_DIR}/utprodinfo -t installed SUNWuta
  return $?
}

LdapClientInstalled() {
  ${G_MEDIA_DIR}/utprodinfo -t installed $LCL_PACKAGE 2> /dev/null
  return $?
}

LdapClientInstallPartial() {
  ${G_MEDIA_DIR}/utprodinfo -t partial $LCL_PACKAGE
  return $?  
}

SRDSInstalled() {
  ${G_MEDIA_DIR}/utprodinfo -t installed $SRDS_PACKAGE
  return $?
}

SRDSInstallPartial() {
  ${G_MEDIA_DIR}/utprodinfo -t partial $SRDS_PACKAGE
  return $?  
}

SRDSVersion() {
  INSTALLED_VERSION="$(${G_MEDIA_DIR}/utprodinfo -p $SRDS_PACKAGE PRODVERS)"
  #
  # above var is global, used in calling func error msg

  case "$INSTALLED_VERSION" in
    $1) return 0;;
    *)  return 1;;
  esac
}

KioskInstalled() {
  ${G_MEDIA_DIR}/utprodinfo -t complete $UT_KIOSK_PACKAGE
  return $?
}

UTPasswordExists() {
   [[ -r ${ETC_OPT_UT}/utadmin.pw ]] && return 0 || return 1
}


SetUTFilePerms() {
  if [[ -z $1 ]]; then
    Fatal "configuration file parameter not specified"
  elif [[ ! -f $1 ]]; then
    Fatal "$1 is not a file"
  fi
  chmod 660 $1
  chgrp utadmin $1
}


PreviousUTDataStore() {

   if [[ -d ${VAR_OPT_LDAP_DBM_UT}/id2entry.dbb ||
		-f ${UT_SRDS_ETC}/current/utdsd.run ]]; then
       return 0	    
   else
       return 1
   fi
}

EncryptPasswd() {
  typeset STATUS=0

  if [[ $# != 1 ]] ; then
    print -u2 "EncryptPasswd() invoked without a password"
    return 1
  fi
  print "$1" | ${SRDS_BASEDIR}/srds/lib/utencode
  return $STATUS
}

PleaseTryAgain() {
  print -u2 "\nError: $1, please try again."
  return $?
}


IsValidAlphanumeric()
{
   (($# == 1 && ${#1} <= 24)) || return 1

   param=$(echo $1 | tr ' ' '\000')
   [[ $param == [a-zA-Z0-9]+([_a-zA-Z0-9-]) && $1 != *- ]]
}

IsValidInteger()
{
   (($# == 1 && ${#1} <= 24)) || return 1

   param=$(echo $1 | tr ' ' '\000')
   [[ $param == +([0-9]) ]]
}

IsValidCAMUserPrefix()
{
   (($# == 1 && ${#1} <= 4)) || return 1

   param=$(echo $1 | tr ' ' '\000')
   [[ $param == *([a-zA-Z0-9])[a-zA-Z]*([a-zA-Z0-9]) ]]
}

SetPASSWD() {
  typeset STATUS=0
  typeset ERROR_CODE=0
  typeset ENTRY REPLY1 REPLY2

  while true; do
    case $ERROR_CODE in
      1) PleaseTryAgain "entries must be at least 5 characters in length";;
      2) PleaseTryAgain "entry contains invalid characters";;
      3) PleaseTryAgain "entries were not the same";;
    esac

    for ENTRY in "Enter" "Re-enter"; do
      print -n "$ENTRY $1 password: "
      stty -echo
      read -r
      stty echo
      print ""
      case "$ENTRY" in
        Enter) REPLY1="$REPLY";;
        *)     REPLY2="$REPLY";;
      esac
    done

    # use "utpw -V" to validate length and char set of entry
    #
    print "$REPLY1" |$UTA_BASEDIR/sbin/utpw -V
    case $? in
      0) ;; 
      1) ERROR_CODE=1; continue;;
      2) ERROR_CODE=2; continue;;
      *) print -n "Password validation, utpw failed with unknown exit status $?"; continue;;
    esac
    if [[ "$REPLY1" != "$REPLY2" ]]; then
      ERROR_CODE=3
      continue
    fi

    PASSWD="$REPLY1"
    break
  done

  return $STATUS
}

PromptForParameters() {
  typeset STATUS=0

  if $FORCE; then
    if [[ -z "$PASSWD" ]]; then
      Fatal "PASSWD file does not exist"
    elif [[ $(expr "$PASSWD" : '.*') -lt 5 ]]; then
      Fatal "PASSWD must be at least 5 characters in length"
    fi
  else
    fmt <<-!

	This script automates the configuration of the $UT_PROD_NAME
	software and related software products.  Before proceeding, you
	should have read the $UT_PROD_NAME $UT_VERSION Installation
	Guide and filled out the Configuration Worksheet.  This script
	will prompt you for the values you filled out on the Worksheet.
	For your convenience, default values (where applicable) are
	shown in brackets. 
	!
    if [ -z "$utconfig_warning" ] ; then
      if ! ReplyIsYes "\nContinue"; then
        CleanupAndExit 0
      fi
    else
      print "\n$utconfig_warning"
      if ReplyIsNo "\nContinue"; then
        CleanupAndExit 0
      fi
    fi
  fi

  ROOTNAME="${ROOTENTRY#o=}"
  ROOTNAME="${ROOTNAME%%,*}"

  SKIP_SRDS=false

  if ! $FORCE ; then
     if PreviousUTDataStore; then
              SKIP_SRDS=true
     else
        SetPASSWD "Sun Ray admin"
     fi
  else
        SKIP_SRDS=true
  fi

  case "$PASSWD" in
    *\\*) UTPASSWD="$(print "$PASSWD" |sed 's:\\:\\\\:g')";; # escape backslashs
    *)    UTPASSWD="$PASSWD";;
  esac

  ROOTDN="cn=admin,$ROOTENTRY"

  ROOTPW="$PASSWD"
  CRYPTD_ROOTPW="$(EncryptPasswd "$ROOTPW")"

  if [[ $? != 0 ]]; then
    Fatal "internal error, could not encrypt password '$ROOTPW'"
  fi
  case "$CRYPTD_ROOTPW" in
    "") Fatal "internal error, encrypted password is empty";;
  esac

  # Only prompt SRAS if not autoconfigure
  if ! $FORCE; then
      $SUNWUTLIB/utwsadm prompt -o $TMP_DIR_PATH/http.conf	
      CONFIG_APACHE=$?
      #
      # Possible return values from utwsadm prompt:
      # 0 - Use user prompted values and apply config to Apache installation.
      # 1 - Use user prompted values but do not apply the config to Apache.
      # 2 - Use existing config and apply to Apache.
      # 3 - Use existing config but do not apply to Apache.
      # 4 - Do not config.
      # 5 - Error
      #
      if [[ $CONFIG_APACHE -eq 5 ]] ; then
	Fatal "internal error, failed configuring the administration interface"
      fi
  fi

  if $KIOSK_INSTALLED ; then
    InitKioskVars

    if ! $FORCE; then
        PromptForKioskParameters
    fi
  fi	# $KIOSK_INSTALLED

  return $STATUS
}

SubstituteMacros() {
  typeset PW
  case $UTPASSWD in
    *\&*) # escape ampersands only for updating the datastore
	  PW="$(print "$UTPASSWD" |sed 's:\&:\\\&:g')";;
    *) PW=$UTPASSWD;;
  esac
  sed "
    s
@(ROOTENTRY)
$ROOTENTRY
g
    s
@(ROOTNAME)
$ROOTNAME
g
    s
@(HOSTNAME)
$HOSTNAME
g
    s
@(THIS_HOST)
$THIS_HOST
g
    s
@(LDAP_PORT)
$LDAP_PORT
g
    s
@(UTPASSWD)
$PW
g
    s
@(VERSIONENTRY)
$VERSIONENTRY
g
    s
,o=v[1-9][^,]*,
,o=v$VERSIONENTRY,
g
    s
@(ROOTDN)
$ROOTDN
g
    s
{sunds}NOTSET
$CRYPTD_ROOTPW
g
    s
@(HTTPCFGFILE)
$HTTPCFGFILE
g
    s
@(HTTPPORT)
$UT_PORT
g
    s
@(SSLENABLE)
$SSLENABLE
g
  " $1

  return $?
}

InsertFile(){
    grep '^# SUNWutrep begin' $1 >/dev/null 2>&1
    if [[ $? -eq 0 ]]; then
	# Replication block exists, insert before SUNWutrep block
	ed - $1 <<-EOE 2>/dev/null 1>&2
	/^# SUNWutrep begin/
	-
	.r $2
	w
	q
	EOE
    else
	# Replication block not defined, append at the end of the file
	cat $2 >> $1
    fi
}

#
#  Restores SRDS configuration files from the default directory:
#	/etc/opt/SUNWut/srds/default
#
RestoreSRDSConf() {
    for confile in utdsd.acl.conf utdsd.at.conf utdsd.conf utdsd.oc.conf utdsd.ini
    do
	if [[ ! -f ${SRDS_LDAP_CURRENT}/${confile} ]]; then
    	    cp ${SRDS_LDAP_DEFAULT}/${confile} ${SRDS_LDAP_CURRENT}/${confile}
	fi
    done
    LDAP_PORT=$(get_ldap_port)
}

#
#  Sync up the SRDS port number in the /etc/inet/services file
#
SyncEtcServices() {
    grep "^utdsd[ 	][ 	]*${LDAP_PORT}/" ${ETCSERVICES} >/dev/null 2>&1
    if [[ $? -ne 0 ]]; then
    	TMP_SERVICES_FILE="${TMP_DIR_PATH}/services.SUNWut.prototype"
	# need to update the SRDS port number
	sed -e "s/^\(utdsd[	 ][	 ]*\)[0-9][0-9]*\(\/.*\)$/\1${LDAP_PORT}\2/" \
		${UTO_BASEDIR}/lib/prototype/services.SUNWut.prototype \
		> $TMP_SERVICES_FILE
	${UTO_BASEDIR}/lib/utrepair -a -d ${TMP_DIR_PATH} ${ETCSERVICES}
	rm $TMP_SERVICES_FILE 2> /dev/null
    fi
}

AppendAndCopySchema() {
  typeset STATUS=0
  typeset CONF_FILE="$SRDS_LDAP_CURRENT/$1"

  CreateBeforeFile $CONF_FILE

  DeleteUTEntry $CONF_FILE >$TMP_CONF_FILE

  # append Sun Ray entry on tmp file
  #
  cat $UT_TEMPLATE_LDAP/$1 >>$TMP_CONF_FILE

  ReplaceFile $CONF_FILE $TMP_CONF_FILE

  cp $UT_TEMPLATE_LDAP/$2 $SRDS_LDAP_CURRENT/$2
  
  return $STATUS
}

UnappendAndRmSchema() {
  typeset STATUS=0
  typeset CONF_FILE="$SRDS_LDAP_CURRENT/$1"

  DeleteUTEntry $CONF_FILE >$TMP_CONF_FILE

  ReplaceFile $CONF_FILE $TMP_CONF_FILE

  rm -f $SRDS_LDAP_CURRENT/$2

  DestroyBeforeFile $CONF_FILE
  
  return $STATUS
}

UpdateSchema() {
  typeset STATUS=0

  print "\nUpdating $SRDS_PROD_NAME schema ..."

  AppendAndCopySchema utdsd.oc.conf utdsd.oc.ut.conf
  AppendAndCopySchema utdsd.at.conf utdsd.at.ut.conf

  return $STATUS
}

DowndateSchema() {
  typeset STATUS=0

  print "\nRemoving Sun Ray related portions of $SRDS_PROD_NAME schema ..."

  UnappendAndRmSchema utdsd.oc.conf utdsd.oc.ut.conf
  UnappendAndRmSchema utdsd.at.conf utdsd.at.ut.conf

  return $STATUS
}

UpdateAcls() {
  typeset STATUS=0
  typeset CONF_FILE="$SRDS_LDAP_CURRENT/utdsd.acl.conf"

  print "\nUpdating $SRDS_PROD_NAME ACL's ..."

  CreateBeforeFile $CONF_FILE

  DeleteUTEntry $CONF_FILE >$TMP_CONF_FILE

  sed '/^access /,$d' $TMP_CONF_FILE >$TMP_INSERT_FILE
  #
  # delete from the first "access" line to the last line

  SubstituteMacros $UT_TEMPLATE_LDAP/utdsd.acl.conf >>$TMP_INSERT_FILE

  sed -n '/^access /,$p' $TMP_CONF_FILE >>$TMP_INSERT_FILE
  #
  # only print from the first "access" line to the last line

  ReplaceFile $CONF_FILE $TMP_INSERT_FILE
  
  return $STATUS
}

DowndateAcls() {
  typeset STATUS=0
  typeset CONF_FILE="$SRDS_LDAP_CURRENT/utdsd.acl.conf"

  if ! $FORCE ; then
     print "\nRemoving Sun Ray related portions of $SRDS_PROD_NAME ACL's ..."
  fi

  DeleteUTEntry $CONF_FILE >$TMP_CONF_FILE
  ReplaceFile $CONF_FILE $TMP_CONF_FILE
  DestroyBeforeFile $CONF_FILE
  
  return $STATUS
}

CreateDatastoreConfig() {
  typeset STATUS=0

  print "\nCreating $SRDS_PROD_NAME Datastore ..."

  CreateBeforeFile $DS_CONF_FILE

  DeleteUTEntry $DS_CONF_FILE >$TMP_CONF_FILE
  SubstituteMacros $UT_TEMPLATE_LDAP/utdsd.conf >${TMP_CONF_FILE}_1

  InsertFile $TMP_CONF_FILE ${TMP_CONF_FILE}_1
  /bin/rm -f ${TMP_CONF_FILE}_1 2>/dev/null 1>&2
  ReplaceFile $DS_CONF_FILE $TMP_CONF_FILE
  SetUTFilePerms $DS_CONF_FILE

  mkdir -p $VAR_OPT_LDAP_DBM_UT

#
# when configuring SRDS during the upgrade, make sure that replog file
# are more recent than the configuration file (utdsd.conf). Otherwise,
# this file will be deleted when restarting SundDS services.
  if [[ $SRDS_UPGRADE_FLAG = "YES" && \
        -s ${VAR_OPT_LDAP_REPLOG}/utpushd.replog ]]; then
     touch ${VAR_OPT_LDAP_REPLOG}/utpushd.replog
  fi
  
  return $STATUS
}

DestroyDatastoreConfig() {
  typeset STATUS=0

  if ! $FORCE ; then
     print "\nRemoving $SRDS_PROD_NAME Datastore ..."
  fi

  DeleteUTEntry $DS_CONF_FILE >$TMP_CONF_FILE

  ReplaceFile $DS_CONF_FILE $TMP_CONF_FILE
  chmod 660 $DS_CONF_FILE

  DestroyBeforeFile $DS_CONF_FILE
  
  return $STATUS
}

RestartSRDS() {
  typeset STATUS=0

  print "\nRestarting $SRDS_PROD_NAME ..."

  ${UTDSD_CMD} stop
  ${UTDSD_CMD} start
  
  return $STATUS
}


# remove "Corona" name from the utmodel attribute
CoronaNameChange()
{
	SUBTREE="utname=desktops,utname=${HOSTNAME},o=v1,${ROOTENTRY}"
	${LDAPSEARCH} -p $LDAP_PORT -b "$SUBTREE" "utmodel=corona*" dn | grep -i '^dn:' | while read dn
	do
		if [ -z $dn ]
		then
			continue
		fi
		${LDAPMODIFY} -p $LDAP_PORT -D "$ROOTDN" \
				-w $ROOTPW <<-! 2>/dev/null 1>&2
		dn: $dn
		changetype: modify
		delete: utmodel

		!
	done
}

CheckPolicyString()
{

	POLICYSTR=$($UTGLPOLICY \
	    | sed -n 's,^${UTO_BASEDIR}/sbin/utpolicy,,p' \
	    2>/dev/null)
	if [ ! -z $POLICYSTR ]
	then
		$UTGLPOLICY $POLICYSTR > /dev/null 2>&1
	fi
}


LoadDatastore()
{

  typeset STATUS=0
  typeset -i newLdapEntries=0
  typeset S="${LDAPADD} -p $LDAP_PORT -D $ROOTDN"

  TMP_MODS_FILE="${VAR_OPT_UT}/tmp/ldap.mods.tmp"

  # Break up ldap.mods into chunks and search before adding
  # each defined LDAP base entry.

  if ! $FORCE ; then
     print "\nLoading $SRDS_PROD_NAME ..."
     print "\nExecuting '$S' ..."
  fi

  while read ldifLine
  do
     ENTRY_EXISTS=""
     if [[ -z $ldifLine && -f $TMP_MODS_FILE ]]
     then
	 # Pull out the DN value for each base entry

         DN_VALUE=$(SubstituteMacros $TMP_MODS_FILE |\
         awk ' $1 ~ /dn:/ { print $2}' | sed -e 's/ 	//g' )

	 if [[ -z $DN_VALUE ]]; then
	    rm -f $TMP_MODS_FILE
	    continue
         fi

	 # Search for existing base entry
         ENTRY_EXISTS=$(${LDAPSEARCH} -p $LDAP_PORT \
                         -b $DN_VALUE -s base 'objectclass=*' 2>/dev/null) 

	 if [[ -z $ENTRY_EXISTS ]]; then
            SubstituteMacros $TMP_MODS_FILE |
            ${LDAPADD} -p $LDAP_PORT -D "$ROOTDN" -w $ROOTPW
            (( newLdapEntries +=1 ))
	 else
	     rm -f $TMP_MODS_FILE
	     continue
	 fi

	 rm -f $TMP_MODS_FILE
     else
         echo $ldifLine >> $TMP_MODS_FILE
     fi

  done < $MODS_FILE

  if [[ $newLdapEntries -gt 0 ]]; then
    print "\nAdded $newLdapEntries new LDAP entries." 
  fi

  return $STATUS
}


UnloadDatastore() {
  typeset STATUS=0

  print "\nUnloading $SRDS_PROD_NAME Datastore ..."

  rm -rf $VAR_OPT_LDAP_DBM_UT
  
  return $STATUS
}


ConfigUtadmin() {
  typeset STATUS=0
  typeset CONF_FILE="utadmin.conf"
  typeset PW_FILE="utadmin.pw"
  typeset FILE MODE

  print "\nCreating $UT_PROD_NAME Configuration ..."

  for FILE in $CONF_FILE $PW_FILE; do
    case "$FILE" in
      $PW_FILE) 
		if ! $SKIP_SRDS ; then
		   print "$UTPASSWD" | $UTA_BASEDIR/sbin/utpw -f >/dev/null 2>&1
		fi  ;;
      *)        SubstituteMacros $ETC_OPT_UT/$FILE.template >$ETC_OPT_UT/$FILE;;
    esac

    case "$FILE" in
      $PW_FILE) chown root:$UTADMIN_GROUP $ETC_OPT_UT/$FILE;;
      *) chown root:sys $ETC_OPT_UT/$FILE;;
    esac

    case "$FILE" in
      $PW_FILE) MODE="660";;
      *)        MODE="644";;
    esac
    chmod $MODE $ETC_OPT_UT/$FILE
  done

  return $STATUS
}

PromptForKioskParameters() {

  if $KIOSK_INSTALLED ; then
	if [[ -e $USER_CONF ]]
       	then
		UT_KIOSK=yes
        	if ReplyIsYes "\nPrevious Controlled Access Mode configuration exists.\nDo you wish to preserve it?"
              	then
                    	return
            	else
                  	KIOSK_CONF_CHANGED=true
              	fi
     	else
		if ! ReplyIsNo "\nConfigure Controlled Access Mode?"; then
          		KIOSK_CONF_CHANGED=true
			UT_KIOSK=yes
		else
			return
		fi
     	fi

	print ""
                
      	UT_PREFIX_OK=false
                
     	while ! $UT_PREFIX_OK
     	do
		print -n "Enter user prefix [$DEFAULT_UT_PREFIX]: "
              	read -r
            	case "$REPLY" in
            		"")	UT_PREFIX="$DEFAULT_UT_PREFIX"
				echo $UT_PREFIX >> $LOGFILE
               			UT_PREFIX_OK=true;;
              		*)
				echo $REPLY >> $LOGFILE
                    		if IsValidCAMUserPrefix $REPLY ; then
                         		UT_PREFIX_OK=true 
                             		UT_PREFIX="$REPLY"
                      		else
                           		print -n "User prefix must be alphanumeric and no more than four characters"
                             		print -n "\nRe-"
                      		fi
                                          
                	;;
             	esac
    	done
                
	print ""

    	UT_IDSTART_OK=false
                
     	while ! $UT_IDSTART_OK
      	do
		print -n "Enter userID range start [$DEFAULT_UT_IDSTART]: "
             	read -r
             	case "$REPLY" in
                  	"")	UT_IDSTART="$DEFAULT_UT_IDSTART"
				echo $UT_IDSTART >> $LOGFILE
				UT_IDSTART_OK=true;;
                       	*)
				echo $REPLY >> $LOGFILE
                     		if IsValidInteger $REPLY && (( $REPLY > 100 )); then
                       			UT_IDSTART_OK=true 
                                      	UT_IDSTART="$REPLY"
                            	else
                                    	print -n "UserID's must start after 100 and must be an integer"
                                     	print -n "\nRe-"
                              	fi
                     	;;
           	esac
      	done

	print ""
                
   	UT_IDCOUNT_OK=false
                
     	while ! $UT_IDCOUNT_OK
      	do
		print -n "Enter number of users [$DEFAULT_UT_IDCOUNT]: "
              	read -r
              	case "$REPLY" in
             		"")	UT_IDCOUNT="$DEFAULT_UT_IDCOUNT"
				echo $UT_IDCOUNT >> $LOGFILE
				UT_IDCOUNT_OK=true;;
             		*)
				echo $REPLY >> $LOGFILE
               			if IsValidInteger $REPLY && (( $REPLY >= 1 )); then
                                    	UT_IDCOUNT_OK=true 
                                     	UT_IDCOUNT="$REPLY"
                             	else
                                  	print -n "Number of users must be an integer greater than 0"
                                    	print -n "\nRe-"
                            	fi
                   	;;
             	esac
     	done

	print ""
  fi	# $KIOSK_INSTALLED
}

ConfigKiosk() {		
  if $KIOSK_INSTALLED ; then
	cp $KIOSK_CONF_TEMPLATE $KIOSK_CONF
	/etc/init.d/bbinit  start
	/etc/init.d/bbutdev start
	${UT_BASEDIR}/lib/create_files
	${VAR_OPT_UT}/kiosk/browserprefs
	RemoveKioskConfig
	CreateKioskConfig
  fi	# $KIOSK_INSTALLED
}

CreateKioskConfig() {
	RemoveStaleUsers
	STATUS=$?

	if [[ $STATUS = 0 ]]; then
		 print "\nAdding new Controlled Access Mode configuration ...\n"
         	/opt/SUNWbb/bin/bbmkuser -c $UT_PREFIX $UT_IDSTART $UT_IDCOUNT
		RET=$?
		if [[ $RET != 0 ]]; then
			PrintKioskAddErrorMsg
		fi
	fi
}

RemoveKioskConfig() {

	print "\nChecking for previous Controlled Access Mode configuration ...\n"
      	/opt/SUNWbb/bin/bbmkuser -d
	RemoveStaleUsers
}

RemoveStaleUsers() {
	typeset STATUS=1

	stale_users=`/opt/SUNWbb/bin/bbmkuser -t 2> /dev/null`
	if [[ $? = 0 ]]; then
		return 0
	fi
	/opt/SUNWbb/bin/bbmkuser -r
	if [[ $? != 0 ]]; then
		PrintKioskRemoveErrorMsg
	else
       		STATUS=0
       	fi
        
	return $STATUS
}

PrintKioskAddErrorMsg() {
cat <<-!

	Controlled Acccess Mode configuration failed!  Please remove all 
	users with the comment field 'ControlledAccessUser' from the 
	/etc/passwd file and run utconfig to create a Controlled Access 
	Mode configuration.
	!
}

PrintKioskRemoveErrorMsg() {
cat <<-!
 
	Removal of Controlled Access Mode configuration has failed!
	Please remove all users with the comment field 'ControlledAccessUser'
	from the /etc/passwd file before attempting to configure
	Controlled Access Mode again. 
	!
}

UnconfigKiosk() {
  if $KIOSK_INSTALLED ; then
    if [[ -f $KIOSK_CONF ]]; then
       print "\nRemoving Controlled Access Mode configuration ..."
       UNCONFIG_DONE=true
       # remove kiosk config
       RemoveKioskConfig
    else
       # kiosk.conf file does not exist.  Remove kiosk config anyway
       # but don't display anything on the screen
       RemoveKioskConfig 2>&- >&-
    fi
    rm -rf ${VAR_OPT_UT}/kiosk/config/*
    cat /dev/null > ${VAR_OPT_UT}/kiosk/preferences
    cat /dev/null > ${VAR_OPT_UT}/kiosk/useapps
    cat /dev/null > ${VAR_OPT_UT}/kiosk/availapps
    rm -f $KIOSK_CONF
  fi	# $KIOSK_INSTALLED
}	

UnconfigUtadmin() {
  typeset STATUS=0
  typeset CONF_FILE="utadmin.conf"
  typeset PW_FILE="utadmin.pw"

  if [[ -f $ETC_OPT_UT/$CONF_FILE || -f $ETC_OPT_UT/$PW_FILE ]]; then
     UNCONFIG_DONE=true
     print "\nRemoving $UT_PROD_NAME Configuration files ..."
  fi

  # remove anyway
  rm -f $ETC_OPT_UT/$CONF_FILE $ETC_OPT_UT/$PW_FILE

  return $STATUS
}

ConfigSRDS() {
  typeset STATUS=0

  RestoreSRDSConf
  UpdateSchema
  UpdateAcls

  CreateDatastoreConfig
  touch ${UT_SRDS_ETC}/current/utdsd.run
  SyncEtcServices

  RestartSRDS

  LoadDatastore

  return $STATUS
}


UnconfigSRDSConf() {

  DestroyDatastoreConfig
  DowndateAcls
  DowndateSchema
}


UnconfigSRDS() {
  typeset STATUS=0

  ${UTDSD_CMD} stop

  UnloadDatastore
  UnconfigSRDSConf
  /bin/rm ${UT_SRDS_ETC}/current/utdsd.run 2> /dev/null

  ${UTDSD_CMD} start

  return $STATUS
}

# Import XConfig preferences from flat-file legacy config files into LDAP 

ImportUTPrefs() {

   UT_PREF_DIR=${VAR_OPT_UT}/preferences
   typeset STATUS=0
   if [[ ! -d $UT_PREF_DIR ]]; then
	return
   fi

   PREF=$(find $UT_PREF_DIR ! -name "DEFAULT" -a -type f -print)

   # For each preference file build up the utxconfig command
   # invocation to import the preferences into LDAP

   print "Importing XConfig settings into LDAP"

   for cfg in $PREF
   do
      tokenID=$(basename $cfg)
      dirpath=$(dirname $cfg)
      tokenType=$(basename $dirpath)
      importPrefCmd="${UTO_BASEDIR}/bin/utxconfig -t \
	${tokenType}.${tokenID} -c ${cfg}"

      eval $importPrefCmd

      if [[ $? -ne 0 ]]; then
         STATUS=1 
      fi
   done

   # Handle the special case, DEFAULT file

   if [[ -f ${UT_PREF_DIR}/DEFAULT ]]; then
      ${UTO_BASEDIR}/bin/utxconfig -a -c ${UT_PREF_DIR}/DEFAULT
      if [[ $? -ne 0 ]]; then
         STATUS=1 
      fi
   fi

   # Summary report on any utxconfig failures encountered.
   if [[ $STATUS -ne 0 ]]; then
      print "Some problems encountered while attempting to add utxconfig preferences into LDAP"
   fi
}

RemoveOldBackupFiles() {

  # Remove backup files generated during running of utconfig.

  GMSIGFILEPATH=`eval get_current_gmSignaturefile`

  [[ -f ${GMSIGFILEPATH}.bak ]] && rm -f ${GMSIGFILEPATH}.bak
  [[ -f "$AUTHPROPS.bak" ]] && rm -f $AUTHPROPS.bak
}

ConfigDbm() {
  if [[ ! -d $DBM_FILES_PATH ]]; then
    mkdir -m 755 -p $DBM_FILES_PATH
  fi
  chgrp $UTADMIN_GROUP $DBM_FILES_PATH

  if [[ ! -f $DBM_FILES_PATH/$DBM_DSTATUS ]]; then
    cat /dev/null > $DBM_FILES_PATH/$DBM_DSTATUS
  fi
  chgrp $UTADMIN_GROUP $DBM_FILES_PATH/$DBM_DSTATUS
  chmod 664 $DBM_FILES_PATH/$DBM_DSTATUS

  #
  # On Linux gdbm is used instead of ndbm. Only one file is
  # needed for gdbm instead of the two needed for ndbm.
  #
  if [[ ! -z $DBM_DSTATUS_PAG ]]; then
    if [[ ! -f $DBM_FILES_PATH/$DBM_DSTATUS_PAG ]]; then
      cat /dev/null > $DBM_FILES_PATH/$DBM_DSTATUS_PAG
    fi
    chgrp $UTADMIN_GROUP $DBM_FILES_PATH/$DBM_DSTATUS_PAG
    chmod 664 $DBM_FILES_PATH/$DBM_DSTATUS_PAG
  fi

  if [[ ! -f $DBM_FILES_PATH/$DBM_USTATUS ]]; then
    cat /dev/null > $DBM_FILES_PATH/$DBM_USTATUS
  fi
  chgrp $UTADMIN_GROUP $DBM_FILES_PATH/$DBM_USTATUS
  chmod 664 $DBM_FILES_PATH/$DBM_USTATUS

  if [[ ! -z $DBM_USTATUS_PAG ]]; then
    if [[ ! -f $DBM_FILES_PATH/$DBM_USTATUS_PAG ]]; then
      cat /dev/null > $DBM_FILES_PATH/$DBM_USTATUS_PAG
    fi
    chgrp $UTADMIN_GROUP $DBM_FILES_PATH/$DBM_USTATUS_PAG
    chmod 664 $DBM_FILES_PATH/$DBM_USTATUS_PAG
  fi

}

ConfigLog() {

  # Configure admin log. New with Sun Ray 1.1 

  typeset TMPFILE_LOG=${TMP_FILE}.log

  ${SUNWUTLIB}/utlog -a \
	-s all -f local1.info -d ${VAR_OPT_UT}/log/admin_log -z;

  if [[ $? -ne 0 ]]; then
	print "Problem encountered while attempting to enable admin syslog."
	return 1
  fi

  # Update log rotation task.
  case "$OS" in
    SunOS)      # Update Solaris cron entries

		(
		   crontab -l root 2>/dev/null 
		   print "33 3 * * * $SUNWUTLIB/utlog -c -d ${VAR_OPT_UT}/log/admin_log 2>/dev/null 1>/dev/null";
		) > $TMPFILE_LOG

		crontab $TMPFILE_LOG
		rm -f $TMPFILE_LOG 2>/dev/null;
		;;      # end case SunOS

   Linux)	# Add Linux cron file in /etc/cron.d
		typeset CRONFILE_LOG="/etc/cron.d/SUNWut.cron"
		(
		   grep -v admin_log ${CRONFILE_LOG} 2>/dev/null
		   print "33 3 * * * root $SUNWUTLIB/utlog -c -d ${VAR_OPT_UT}/log/admin_log 2>/dev/null 1>/dev/null"
		) > $TMPFILE_LOG

		rm $CRONFILE_LOG 2>/dev/null
		cp $TMPFILE_LOG $CRONFILE_LOG
		rm -f $TMPFILE_LOG 2>/dev/null;

		;;      # end case Linux

    *)          # Unknown OS
		Note "unknown OS name $OS, cron for utlog not added"
  esac

}

UnconfigGroup() {
  GMSIGFILEPATH=`eval get_current_gmSignaturefile`

  if [[ -s $GMSIGFILEPATH ]]; then
	UNCONFIG_DONE=true
	print "\nRemoving the group signature ..."
  fi

  # reset anyway
  rm -f $GMSIGFILEPATH
  touch $GMSIGFILEPATH
  chmod 600 $GMSIGFILEPATH

} 

UnconfigDbm() {
  if [[ -d $DBM_FILES_PATH ]]; then
    rm -rf $DBM_FILES_PATH
  fi
}

ConfigSmartCard() {

  if [[ -d $SMARTCARD_FILES_PATH ]]; then
      chgrp $UTADMIN_GROUP $SMARTCARD_FILES_PATH
  else
      Note "Smartcard config file directory doesn't exist"
  fi

  if [[ -f $SMARTCARD_FILES_PATH/probe_order.conf ]]; then
     chgrp $UTADMIN_GROUP $SMARTCARD_FILES_PATH/probe_order.conf
     chmod g+w $SMARTCARD_FILES_PATH/probe_order.conf
  else
      Note "Smartcard config probe order configuration file doesn't exist"
  fi
}

ConfigGroup() {
  if [[ "$UT_GROUP" == "yes" ]]; then
	# all group members must have the same signature 
        groupsig_MSG
        $UTO_BASEDIR/sbin/utgroupsig
  else
	# group of one needs a unique signature
	generate_groupsig
  fi  
}

InitKioskVars() {
	DEFAULT_UT_PREFIX="utcu"
	DEFAULT_UT_IDSTART="150000"
	DEFAULT_UT_IDCOUNT="25"
	UT_KIOSK=no		# UT_KIOSK tells you if CAM is configured, unconfigured, or preserved
	KIOSK_CONF_CHANGED=false # KIOSK_CONF_CHANGED tells you if CAM configuration has been changed.

	return 0
}	

setPerms () {

  if [[ -f $1 ]]; then
      chgrp $ADMINGID $1
      chmod $2 $1
      if ls $1.? >/dev/null 2>/dev/null ; then
          chgrp $ADMINGID $1.?
          chmod $2 $1.?
      fi
  fi
}

# Set permissionsi/group for all log files
chgPermsLogFiles () {

  ADMINGID=`$SUNWUTLIB/utadmingid`

  setPerms ${VAR_OPT_UT}/log/admin_log $1
	
  setPerms ${VAR_OPT_UT}/log/messages $1

  setPerms ${VAR_OPT_UT}/log/auth_log $1

  setPerms ${VAR_OPT_UT}/log/utmountd.log $1

  setPerms ${VAR_OPT_UT}/log/utstoraged.log $1

}
# XXX REview the SWS bits that might be necessary for 
# non-upgrade auto configure.
DoAutoConfig() {
  FORCE=true

  # Extract password
  UTPasswordExists && PASSWD=$(cat ${ETC_OPT_UT}/utadmin.pw 2>&- | 
    tr [a-z][A-Z] [n-z][a-m][N-Z][A-M])

  CreateUTTempDir

  PromptForParameters 

  # Normally done as part of SRAS config.
  # However it may be needed in SunDs silent config.
  ConfigUtadmin

  if [[ ! -f "${VAR_OPT_UT}/log/admin_log" && -f ${DHCPCONFIG} ]]; then
       ConfigLog
  fi
 
  # This section of code applies to administration upgrade.
  # Preserve existing password before unlocking datastore with temporary pw

  # Set upgrade flag
  SRDS_UPGRADE_FLAG="YES"

  SAVED_CRYPTDPW=$(awk '/^# SUNWut begin/ {found=1}\
     found==1 && $1=="rootpw" {print $2}' $DS_CONF_FILE)
  
  # A temporary password is required to gain privilege to
  # unlock datastore during upgrade.
  ROOTPW="UpgradePW"
  CRYPTD_ROOTPW="$(EncryptPasswd "$ROOTPW")"


  # Strip away 'ut' specific SRDS configuration
  UnconfigSRDSConf 
  # Configure the schema + LDAP base entries
  ConfigSRDS
  ConfigDbm
  # check for utpolicy string in the LDAP policystring attribute.
  # This is added to fix a 1.1 bug which is carried forward during
  # the upgrade.
  CheckPolicyString
  CoronaNameChange

  # shutdown SRDS for the remaining operations
  ${UTDSD_CMD} stop

  # Re-index the utgroupid and utgrouptype attributes.
  # This is needed because these 2 attributes were mis-indexed in 1.x.
  # We only re-index if the database files for both utgroupid and
  # utgrouptype do not exist.
  if [ ! -f ${VAR_OPT_LDAP_DBM_UT}/utgroupid.dbb -o \
	! -f ${VAR_OPT_LDAP_DBM_UT}/utgrouptype.dbb ]; then
     ${SRDS_BASEDIR}/srds/lib/utidxgen -a utGroupId utGroupType
  fi

  # To revert to orginal rootPW we need to reconfigure utdsd.conf

  CRYPTD_ROOTPW="$SAVED_CRYPTDPW"
  DestroyDatastoreConfig

  CreateDatastoreConfig

  ConfigSmartCard

  if [[ ! -s "${ETC_OPT_UT}/gmSignature" ]]; then
    UT_GROUP=no
    ConfigGroup
  fi

  ${UTDSD_CMD} start

  ImportUTPrefs

  # For now, we only configure the PAM to use DS authentication.  We need
  # to add Sunray administrator "admin" user for backward compatibility.
  # We first check if authorized user list exists.  If it exists, this means
  # we are ugprading from a server already supporting the authorized list and
  # no need to update the list.  Otherwise, we add the Sunray administrator
  # "admin" to the authroized user list.
  ADMIN_LIST=`${UTO_BASEDIR}/sbin/utadminuser`
  if [ -z "$ADMIN_LIST" ]; then
     ${UTO_BASEDIR}/sbin/utadminuser -a admin
  fi

  if [[ ! -f "${VAR_OPT_UT}/log/messages" ]]; then
     touch ${VAR_OPT_UT}/log/messages
  fi

  if [[ ! -f "${VAR_OPT_UT}/log/admin_log" ]]; then
     touch ${VAR_OPT_UT}/log/admin_log
  fi

  # Set permission to 640 and group to utadmin
  chgPermsLogFiles 640

  # end of the upgrade, reset the flag.
  SRDS_UPGRADE_FLAG="NO"

  return 0
}

DoConfig() {
  typeset STATUS=0

  if grep '^pu.._replica' $DS_CONF_FILE >/dev/null 2>&1 || [ -f $UTCONF_FILE ]
  then
    utconfig_warning="WARNING: SunRay Datastore is enabled. This script may clobber the current configuration.\n"
  fi

  print "\nConfiguration of $UT_PROD_NAME Software"

  CreateUTTempDir

  PromptForParameters

  if ReplyIsNo "\nConfigure this server for a failover group?"; then
    UT_GROUP=no
  else
    UT_GROUP=yes
  fi

  print "\nAbout to configure the following software products:"

  cat <<-!

	$SRDS_PROD_NAME $SRDS_VERSION
	    Hostname: $THIS_HOST
	    $UT_ROOT_S entry: $ROOTENTRY
	    $UT_ROOT_S name: $ROOTNAME
	    Sun Ray $ROOTNAME admin password: (not shown)
	    $SRDS_ROOTDN_S: $ROOTDN
	!
   
  if ! $FORCE; then
    if [[ $CONFIG_APACHE -lt 4 ]]; then
      print ""
      $SUNWUTLIB/utwsadm info 
      $SUNWUTLIB/utwsadm display -i $TMP_DIR_PATH/http.conf
    fi
  fi

  print "\n$UT_PROD_NAME $UT_VERSION"
  print "    Failover group: $UT_GROUP"
  if $KIOSK_INSTALLED ; then
    print "    Controlled Access Mode: $UT_KIOSK"

    if $KIOSK_CONF_CHANGED;then   
      cat <<-!

	Controlled Access Mode Configuration
	    User prefix: $UT_PREFIX
	    First userID number: $UT_IDSTART
	    Number of users: $UT_IDCOUNT
	!
    fi
  fi	# $KIOSK_INSTALLED

  if ! $FORCE && ! ReplyIsYes "\nContinue"; then
    CleanupAndExit 0
  fi

  if ! $SKIP_SRDS ; then
     RestoreSRDSConf
     ConfigSRDS
  fi

  ConfigUtadmin

  ADD_AUTHUSER=false
  if ! $FORCE; then
    if [[ $CONFIG_APACHE -lt 4 ]]; then
      if [[ $CONFIG_APACHE == "1" || $CONFIG_APACHE == "3" ]]; then
	$SUNWUTLIB/utwsadm update -i $TMP_DIR_PATH/http.conf -n
      else
	$SUNWUTLIB/utwsadm update -i $TMP_DIR_PATH/http.conf 
      fi
    fi
    # mark it so that we will add the admin user after starting the SRDS
    ADD_AUTHUSER=true
    rm -f $TMP_DIR_PATH/http.conf
  fi

  ConfigDbm
  ConfigSmartCard

  ConfigGroup

  RestartSRDS
  if ${ADDAUTHUSER}; then
     # For now, we only configure the PAM to use DS authentication.  We need
     # to add Sunray administrator "admin" user for backward compatibility.
     ${UTO_BASEDIR}/sbin/utadminuser -a admin
  fi

  if [[ $SSL_ENABLE_S == Enabled ]]; then
    ssl_enabled_MSG
  fi

  # Determine current auth policy settings
  CURR_POLICY=$(${UTO_BASEDIR}/sbin/utpolicy | awk '/^#/ {next} {print}')
 
  # Determine if failover group enabled.
  GROUP_POLICY_SET=$(echo $CURR_POLICY | grep "\-g")

  if [[ "$UT_GROUP" == "yes" && -z $GROUP_POLICY_SET ]] ;then
    eval "${UTO_BASEDIR}/sbin/utpolicy $CURR_POLICY -g >/dev/null 2>&1"
  else 
    eval "${UTO_BASEDIR}/sbin/utpolicy $CURR_POLICY >/dev/null 2>&1"
  fi

  POLICY=$(${UTO_BASEDIR}/sbin/utpolicy | awk '/^#/ {next} {print}')

  ${UTO_BASEDIR}/lib/utgenpolicy $POLICY >/dev/null 2>&1

  if $KIOSK_INSTALLED ; then
    if $KIOSK_CONF_CHANGED;then
      ConfigKiosk
      ${UT_BASEDIR}/sbin/utkiosk -i kiosk
    fi
  fi	# $KIOSK_INSTALLED

  # Set permissionto 640 and group to utadmin
  chgPermsLogFiles 640

  utpolicy_MSG

  print "\nConfiguration of $UT_PROD_NAME has completed.  Please check"
  print "the log file, $LOGFILE, for errors."
  
  return $STATUS
}

DoUnconfig() {
  typeset STATUS=0

  UNCONFIG_DONE=false

  print "\nUnconfiguration of $UT_PROD_NAME Software"

  if grep '^pu.._replica' $DS_CONF_FILE >/dev/null 2>&1
  then      
    Fatal "SunRay Datastore is enabled. You must firstly disable using utreplica -u"
  fi

  print "\nAbout to unconfigure the SunRay server."

  if ! $FORCE && ! ReplyIsYes "Continue"; then
    CleanupAndExit 0
  fi

  print "\nChecking $UT_PROD_NAME configuration ..."

  UnconfigGroup

  $UTO_BASEDIR/lib/utgenpolicy -a -g -z both -t clear > /dev/null 2>&1 

  UnconfigDbm
  UnconfigUtadmin

  $SUNWUTLIB/utwsadm remove 2>/dev/null
  ${UTO_BASEDIR}/sbin/utadminuser -r >/dev/null 2>&1

  # check to see if we need to unconfigure the datastore
  if PreviousUTDataStore; then
      UNCONFIG_DONE=true
      UnconfigSRDS
  fi

  RemoveOldBackupFiles

  UnconfigKiosk

  # Set permissionto 600 and group to other
  chgPermsLogFiles 600

  if $UNCONFIG_DONE; then
     utpolicy_MSG
     print "\nUnconfiguration of $UT_PROD_NAME has completed."
  else
     print "\nThe server is already unconfigured."
  fi
  print "Please check the log file, $LOGFILE, for errors."
  
  return $STATUS
}


get_current_gmSignaturefile(){
	typeset gmSignatureFile=""
	gmSignatureFile=$(sed -n '
		s/^[ 	]*//
		s/[ 	]*$//
		s/#.*$//
		s/[ 	][ 	]*=[ 	][ 	]*/=/
		s/^gmSignatureFile=\(.*\)$/\1/p
		' $AUTHPROPS)
	# a reasonable default just in case	
	print ${gmSignatureFile:-"$ETC_OPT_UT/gmSignature"}
}


generate_groupsig() {
	typeset GMSIGFILEPATH=""
	typeset UMASK_ORIG=$(umask)
	# set umask to create with correct permissions
	umask $UMASK_ROOT

	GMSIGFILEPATH=`eval get_current_gmSignaturefile`
	
	# We're going to create a unique new gmSignature
	# save it if there is one there already
	if [[ -s ${GMSIGFILEPATH:-} ]]; then
	   mv $GMSIGFILEPATH $GMSIGFILEPATH.bak
	   print "\nSaving $GMSIGFILEPATH to $GMSIGFILEPATH.bak"
	fi
	
	# make signature  unique
	echo 'gmSignature automatically generated'    > $GMSIGFILEPATH 
	echo $THIS_HOST  `date` `hostid`   >> $GMSIGFILEPATH 

	# generate a unique signature 
	if [[ -s /dev/random ]]; then
		DEVICE=/dev/random
		OFFSET=1
		SEEK=skip
	elif [[ -z `whence swap` ]]; then
	# we don't have /dev/random or swap command so we'll get the bits
	# out of root filesystem offset by the available space 
		DEVICE=`df -k / | awk ' NR==2 { print $1 }' `
		BLOCKS=`df -k / | awk ' NR==2 { print $2 }'`
		OFFSET=`df -k / | awk ' NR==2 { print $4 }'` 
		# if root filesystem is unused then use blocks%proc_id as offset
		[[ $BLOCKS = $OFFSET ]] && (( (OFFSET%=$$) ))
		SEEK=iseek
	else
	# we don't have /dev/random so we'll get the bits
	# out of swap offset by the free space 
		DEVICE=`swap -l | awk ' NR==2 { print $1 }' `
		BLOCKS=`swap -l | awk ' NR==2 { print $4 }'`
		OFFSET=`swap -l | awk ' NR==2 { print $5 }'` 
		# if swap is unused then use blocks%proc_id as offset
		[[ $BLOCKS = $OFFSET ]] && (( (OFFSET%=$$) ))
		SEEK=iseek
	fi

	dd if=$DEVICE bs=1k count=1 $SEEK=$OFFSET >> $GMSIGFILEPATH 2> /dev/null
	#make doubly sure that ownership and perms are correct
	chown root:root $GMSIGFILEPATH
	chmod 400 $GMSIGFILEPATH
	umask $UMASK_ORIG
	print "\nUnique \"$GMSIGFILEPATH\" has been generated."
}


# function used by utpolicy to change an auth.props entry takes 
# "key=value" argument -- modified to make the change in place
editAuthProps() {
	typeset kv=${1}
	typeset key=${kv%=*}
	if [[ ! -w $(dirname $AUTHPROPS) ]]
	then
		print -u2 Cannot update $AUTHPROPS
		return 1
	fi
	[[ -f "$AUTHPROPS.bak" ]] && rm -f $AUTHPROPS.bak
	[[ -f "$AUTHPROPS" ]] && cp -p $AUTHPROPS $AUTHPROPS.bak
	chmod 644 $AUTHPROPS
	# the "-" after ed tells ed that this is not interactive
	ed - $AUTHPROPS <<-! 2>/dev/null 1>&2
	g/^$key.*/s//$kv/
	.
	w
	q
	!
	return $?
}


#
# function to get the LDAP port number from the utdsd.ini file
#
get_ldap_port() {
	if [[ -f ${SRDS_LDAP_CURRENT}/utdsd.ini ]]; then
		sed -n -e 's/^LdapPort=//p' ${SRDS_LDAP_CURRENT}/utdsd.ini
	else
		# utdsd.init does not exist under /etc/opt/SUNWut/srds/current
		# directory.  This can only happen when the system is being
		# configured the first time.  We get the default port from
		# the default directory.
		sed -n -e 's/^LdapPort=//p' ${SRDS_LDAP_DEFAULT}/utdsd.ini
	fi
}

#
# Messages
#
groupsig_MSG(){
cat <<-!

You have chosen to configure this server for a failover group.

All servers in a failover group must share a unique signature, 
which is a string of 8 or more characters where at least two 
characters are letters and at least one is not.
 
!
}

utpolicy_MSG(){
cat <<-!

***********************************************************
The current policy has been modified.  You must restart the 
authentication manager to activate the changes. 
***********************************************************

!
}


#
# main {
#

# UMASKS
UMASK_ROOT=066
UMASK_WORLD=022

umask $UMASK_WORLD

OPTSTR=":ufs:"
PROGRAM_OPTS="[-u]"

MODE="configure"
FORCE=false
OS=`/bin/uname -s`

while getopts $OPTSTR OPT; do
  case "$OPT" in
    u) MODE="unconfigure";;
    f) FORCE=true;;
    s) if [ "$OPTARG" == "silent" ]; then
         MODE="autoconfigure"
       fi;;
   \?) Usage;;
  esac
done
shift $(($OPTIND - 1))

if (( $# != 0 )); then
  Usage
fi

CheckUidIsZero

#
# Set platform dependencies
#
SetPlatformDependencies

# Source the Web Server library.
. ${G_MEDIA_DIR}/support_lib/sras_config

UT_PROD_NAME="Sun Ray server"
UT_VERSION="3.1"

if ! UTInstalled; then
  Fatal "$UT_PROD_NAME is not installed on this host"
fi

UTA_BASEDIR="$(${G_MEDIA_DIR}/utprodinfo -r SUNWuta)/SUNWut"
UTO_BASEDIR="$(${G_MEDIA_DIR}/utprodinfo -r SUNWuto)/SUNWut"


SUNWUTLIB="$UTA_BASEDIR/lib"
UTGLPOLICY="$SUNWUTLIB/utglpolicy"
UT_TEMPLATE_LDAP="$UTA_BASEDIR/etc/template/ldap"


SRDS_PROD_NAME="Sun Ray Data Store"
SRDS_VERSION="2.1"
SRDS_PACKAGE="SUNWutdso"

if ! SRDSInstalled; then
  Fatal "$SRDS_PROD_NAME is not installed on this host"
elif ! SRDSVersion $SRDS_VERSION; then
  Fatal "version $SRDS_VERSION of $SRDS_PROD_NAME is not installed on this host"
elif SRDSInstallPartial; then
  Fatal "$SRDS_PROD_NAME version $SRDS_VERSION is only partially installed"
fi

SRDS_BASEDIR="$(${G_MEDIA_DIR}/utprodinfo -r $SRDS_PACKAGE)/SUNWut"

LCL_PROD_NAME="LDAP Client Libraries"

if ! LdapClientInstalled; then
  Fatal "$LCL_PROD_NAME is not installed on this host"
elif LdapClientInstallPartial; then
  Fatal "$LCL_PROD_NAME is only partially installed"
fi

UT_ROOT_S="Sun Ray root"
DEFAULT_ROOTENTRY="o=utdata"

ROOTENTRY=""
ROOTNAME=""
ROOTPW=""
CRYPTD_ROOTPW=""
SRDS_ROOTDN_S="SRDS 'rootdn'"
DEFAULT_ROOTDN=""   # gets assigned later, constructed with $ROOTENTRY
ROOTDN=""
UTPASSWD=""
VERSIONENTRY="1"


UTCONF_FILE=${ETC_OPT_UT}/"utadmin.conf"
MODS_FILE="$UT_TEMPLATE_LDAP/ldap.mods"
VAR_OPT_LDAP_DBM_UT="${VAR_OPT_UT}/srds/dbm.ut"
VAR_OPT_LDAP_REPLOG="${VAR_OPT_UT}/srds/replog"
SRDS_UPGRADE_FLAG="NO"

SRDS_LDAP_DEFAULT="${ETC_OPT_UT}/srds/default"
SRDS_LDAP_CURRENT="${ETC_OPT_UT}/srds/current"
DS_CONF_FILE="$SRDS_LDAP_CURRENT/utdsd.conf"

LDAP_PORT=$(get_ldap_port)

#
# XXX	Note: the doc packages are not relocatable at present	<===
#
EN_DOC_DIR="${UT_BASEDIR}/doc/en/html"
JA_DOC_DIR="${UT_BASEDIR}/doc/ja/html"

LOCAL_EN_DOC_DIR="lib/locale/en_US/docdir"
LOCAL_FR_DOC_DIR="lib/locale/fr/docdir"
LOCAL_JA_DOC_DIR="lib/locale/ja/docdir"
LOCAL_ZH_DOC_DIR="lib/locale/zh/docdir"

UT_KIOSK_PACKAGE="SUNWutkio"
KIOSK_INSTALLED=true
if ! KioskInstalled; then
  KIOSK_INSTALLED=false
fi

if [[ -d /var/adm/log ]] ; then
  LOG_DIR="/var/adm/log"
elif [[ -d /var/log/SUNWut ]] ; then
  LOG_DIR="/var/log/SUNWut"
else
  LOG_DIR="/var/log"
fi


LOGFILE="${LOG_DIR}/${PROGRAM_ID}.$(date '+%Y_%m_%d_%H:%M:%S').log"

if [[ $MODE != "autoconfigure" ]]; then
	print "# Script: ${PROGRAM_ID}\tVersion: 3.1_32.18,REV=2005.08.24.08.55\n" > $LOGFILE
fi



 # When upgrading an existing directory the hostname
 # used to re-build the relavent SRDS files should
 # be derived from the original hostname embedded in
 # the LDAP directory and *not* obtained from uname


if [[ -f $UTCONF_FILE ]]; then
   DSHOST=$(awk -F= '$1~/admin.subtree/ {print $3}' $UTCONF_FILE|\
    awk -F, '{print $1}')
   if [[ -n $DSHOST ]]; then
	HOSTNAME="$DSHOST"
   fi
else
   HOSTNAME=$(uname -n)
fi

#  When upgrade from 1.1, should preserve the suffix, which could be
#  customized during 1.1 utconfig.

if [[ -f $DS_CONF_FILE ]]; then
   ROOTENTRY=$(awk '/^# SUNWut begin/ {found=1}\
	found==1 && $1=="suffix" {print $2}' $DS_CONF_FILE | sed 's/\"//g')
fi
if [[ -z $ROOTENTRY ]]; then
   ROOTENTRY="$DEFAULT_ROOTENTRY"
fi

case "$MODE" in
  configure)   	   DoConfig     2>&1 |tee -a $LOGFILE;;
  autoconfigure)   DoAutoConfig ;; # No explicit logfile in silent mode.
  unconfigure)     DoUnconfig   2>&1 |tee -a $LOGFILE;;
esac

CleanupAndExit 0

# }
