#!/bin/ksh -
#
# @(#)mk-afs-login	1.21 (hursley) 3/6/98
# /afs/hursley.ibm.com/common/src/afs/@cell/asys/usr/local/sbin/mk-afs-login/SCCS/s.mk-afs-login
#
# NAME		mk-afs-login
# AUTHOR	Paul Blackburn           http://acm.org/~mpb
# PURPOSE	Configure this host with AFS authenticating login.
# USAGE		Normally invoked as part of system installation.
# ASSUMPTIONS   Make sure you have correctly defined AFS installation
#               parameters for your system. The file containing these
#               ($AFSICF) is defined in:
#			${afs_install_base}/usr/local/sbin/mk-afs-cf
#
#		The first AFS fileserver *must* have already been installed.
#
#		For rs_aix4[12], when switching back to default AIX login
#		it is assumed that "login.cfg" contains the following:
#
# -- login.cfg snippet start
#
#	AFS:
#		program = /usr/vice/etc/afs_dynamic_auth
#		retry = 3
#		timeout = 30
#		retry_delay = 10
#
# -- login.cfg snippet end
#
# USAGE		mk-afs-login afs   # switch to AFS authenticating login
#		mk-afs-login aix   # switch to default AIX login

X=${afs_install_base}/usr/local/sbin/mk-afs-cf

if [[ ! -f ${X} ]]; then
	echo "${X} not found - fatal error" >&2
	exit 1
fi

# source global config for AFS installation

. ${X}

do_afs_login()
{

case ${sysname} in
	rs_aix32 )
		# Check if we already have AFS login

		doit "cmp /usr/afsws/bin/login.noafs /bin/login"
		if [[ ${retcode} -eq 0 ]]; then
			fatal "AFS login already configured"
		fi

		tstamp "Configure AFS authenticating login for ${sysname}"
		X=/usr/afsws/bin/login.afs
		if [[ -x "${X}" ]]; then
			tstamp "Configure AFS authenticating login"
			tstamp "AFS Installation Guide, page 4-27"
			doit "mv /bin/login /bin/login.orig"
			doit "cp /usr/afsws/bin/login.noafs /bin/login"
			doit "mv /etc/getty /etc/getty.orig"
			doit "mv /etc/tsm /etc/tsm.orig"
			doit "ln -s /bin/login /etc/getty"
			doit "ln -s /bin/login /etc/tsm"
			doit "cp ${X} /bin/login.afs"
			doit "ln -s /bin/login.afs /etc/afsok"
		else
			fatal "missing: ${X}"
		fi
		;;
	rs_aix41 | rs_aix42 | rs_aix43 )
		# Check if we already have AFS login
                TF2=/etc/security/user_default_only
                TF3=/etc/security/user_sans_default_$$
		file=/etc/security/user
	doit "grep -p \"^default:\" ${file} | grep -v \"registry =\" > ${TF2}"

		tstamp "Configure AFS authenticating login for ${sysname}"

		tstamp "First, edit the extracted \"default:\" stanza file"
		file=${TF2}
		ed - ${file} << %
/auth1
d
i
	auth1 = SYSTEM
.
/SYSTEM =
d
i
	SYSTEM = "AFS OR AFS [UNAVAIL] AND compat [SUCCESS]"
.
$
i
	registry = AFS
.
w
q
%
		doit "echo >> ${file} # append a blank line at end of stanza"

		file=/etc/security/user
		doit "cp ${file} ${file}- # preserve original copy for later"

	tstamp "Create a copy of /etc/security/user without a default: stanza"
		doit "grep -v -p default: ${file} > ${TF3}"

tstamp "Edit the \"default:less\" copy and insert the new default: stanza"
tstamp "Also, set root's registry to be local files not AFS."

# NB following "ed" is constrained to use fixed filename
# because we cannot do shell variable substitution in ed :-(

		file=${TF3}
		ed - ${file} << %
/^$
.r /etc/security/user_default_only
w
1
/^root:
a
	registry = files
.
w
q
%
		doit "rm ${TF2}	# remove temporary default: stanza file"

tstamp "Now, replace /etc/security/user with editted version: $TF3"
		doit "cp ${TF3} /etc/security/user"
		doit "rm ${TF3}"

		file=/etc/security/login.cfg
		string=afs_dynamic_auth
		doit "grep ${string} ${file} 2>&1"
		if [[ ${retcode} = 0 ]]; then
			warning "${file} already has ${string}, no change made"
		else
			tstamp "adding AFS stanza to ${file}"
			doit "cp ${file} ${file}-"
			ed - ${file} << %
$
i

AFS:
	program = /usr/vice/etc/afs_dynamic_auth
	retry = 3
	timeout = 30
	retry_delay = 10

.
w
q
%
		fi
		;;
	* )
		fatal "unknown system type: ${sysname}"
		;;
esac

}

do_aix_login()
{
# Check if we already have default AIX login

case ${sysname} in
        rs_aix32 )
		doit "cmp /usr/afsws/bin/login.noafs /bin/login"
		if [[ $retcode -ne 0 ]]; then
			fatal "default ${sysname} login already configured"
		fi

		# Here, we must be switching back to AIX login from AFS login.
		# Check the original versions are where we left them when AFS
		# login was set.

		for i in /bin/login.orig /etc/getty.orig /etc/tsm.orig; do
			if [[ ! -f ${i} ]]; then
				fatal "${i} missing! Aborted: no changes made."
			fi
		done

		tstamp "Configure default AIX login for ${sysname}"
		doit "rm /bin/login"
		doit "mv /etc/tsm.orig /etc/tsm"
		doit "mv /etc/getty.orig /etc/getty"
		doit "mv /bin/login.orig /bin/login"
		;;
	rs_aix41 | rs_aix42 | rs_aix43 )
		TF2=/etc/security/user_default_$$
		doit "grep -p \"^default:\" /etc/security/user > ${TF2}"
		doit "grep \"SYSTEM = .compat.\" $TF2"
		if [[ $retcode = 0 ]]; then
			doit "rm ${TF2}"
			fatal "default ${sysname} login already configured"
		fi
		doit "rm ${TF2}"

		# Switch back to default AIX login for AIX 4.1
		tstamp "Configure default AIX login for ${sysname}"
		file=/etc/security/user
		doit "cp ${file} ${file}+"
		ed - ${file} << %
/^default:
a
* dummy comment 1 - deleted if "registry = AFS" is missing in default: stanza
.
/registry = AFS
d
?dummy comment 1
/SYSTEM = "AFS
d
a
	SYSTEM = "compat"
.
1
/^root:
a
* dummy comment 2 - deleted if "registry = files" is missing in root: stanza
.
/registry = files
d
w
q
%

		file=/etc/security/login.cfg
		doit "cp ${file} ${file}+"
		ed - ${file} << %
$
?^AFS:
d
d
d
d
d
.
w
q
%
		;;

	* )
		fatal "unknown system type: ${sysname}"
		;;
esac



}

tstamp "version 1.21 commenced on $(date '+%a %d %h %y')"

if [[ -z "${1}" ]]; then
	warning "You failed to specify which login to set."
	warning "Choose: \"${CMD} afs\" or \"${CMD} aix\""
	fatal "aborted"
fi

case ${1} in
	aix | AIX )
		do_aix_login
		;;
	afs | AFS )
		do_afs_login
		;;
	*)
		warning "Invalid argument \"${1}\""
		warning "Choose: \"${CMD} afs\" or \"${CMD} aix\""
		fatal "aborted"
		;;
esac

T=/tmp/${CMD}.mail.$$
cat <<eeooff >${T}
Greetings,
${HOST}, ${sysname}, has now been configured for ${1} login.

You will find a log of this process in:

        ${LOG}
--
Sincerely,
${CMD} program
eeooff
doit "mail -s \"${HOST}: ${CMD} completed\" ${NOTIFY} <${T}"
cat ${T}
rm ${T}

tstamp "completed"
