#! /sbin/sh
########
#
# (c) Copyright Hewlett-Packard Company, 1993
#
#######$

func_val=0


enable_man ()
{

MAN_DIR=$1
FILE_SET=$2
ROOT_DIR=$3
exitval=0

for file in  \
       $MAN_DIR/man1.Z/ftp.1 \
       $MAN_DIR/man1.Z/rcp.1 \
       $MAN_DIR/man1.Z/remsh.1 \
       $MAN_DIR/man1.Z/rlogin.1 \
       $MAN_DIR/man1.Z/telnet.1 \
       $MAN_DIR/man1m.Z/ftpd.1m \
       $MAN_DIR/man1m.Z/remshd.1m \
       $MAN_DIR/man1m.Z/rlogind.1m \
       $MAN_DIR/man1m.Z/telnetd.1m 

      do
          if [[ -f $file ]]
          then
# move (not remove) the regular InternetSrvcs manpages for safekeeping
# into *.safe files and change the permissions so no one can see them 
#
              mv -f $file $file.safe
              chmod 000 $file.safe
              retval=$?
              if [[ $retval -ne 0 ]]
              then
# move failed for some reason
                  print "WARNING: Could not move \"$file\""
                  [[ $exitval -ne 1 && $retval -ne 0 ]] && exitval=$retval
		  remove_files $ROOT_DIR
		  func_val=$FAILURE
		  return
              fi
# rename the secure InternetSrvcsSec manpages 
# except for sis.5
#
        name=${file##*/}
        dir=${file%/*}
        mv -f $dir/k$name $file
              retval=$?
              if [[ $retval -ne 0 ]]
              then
# move failed for some reason
                  print "WARNING: Could not move \"$dir/k$name\""
                  [[ $exitval -ne 1 && $retval -ne 0 ]] && exitval=$retval
		  remove_files $ROOT_DIR
		  func_val=$FAILURE
		  return
              fi
		echo "NOTE:    A secure version of $dir/$name"
		echo "         has been placed on the system."
          fi
      done
#
# remove the regular InternetSrvcs manpages from the cat* directories
#


for file in   \
	$ROOT_DIR/usr/share/man/cat1.Z/ftp.1 \
	$ROOT_DIR/usr/share/man/cat1.Z/rcp.1 \
	$ROOT_DIR/usr/share/man/cat1.Z/remsh.1 \
	$ROOT_DIR/usr/share/man/cat1.Z/rlogin.1 \
	$ROOT_DIR/usr/share/man/cat1.Z/telnet.1 \
	$ROOT_DIR/usr/share/man/cat1m.Z/ftpd.1m \
	$ROOT_DIR/usr/share/man/cat1m.Z/remshd.1m \
	$ROOT_DIR/usr/share/man/cat1m.Z/rlogind.1m \
	$ROOT_DIR/usr/share/man/cat1m.Z/telnetd.1m 

do
          if [[ -f $file ]]
          then
              rm -r -f $file 
	      retval=$?
	      if [[ $retval -ne 0 ]]
	      then
	      #remove failed for some reason
	      print "WARNING: Could not remove \"$file\""
	      [[ $exitval -ne 1 && $retval -ne 0 ]] && exitval=$retval 
		  remove_files $ROOT_DIR
		  func_val=$FAILURE
		  return
	      fi
	   fi
done

echo Modifying definition of file set InternetSrvcs.$FILE_SET
swmodify -xfiles="$MAN_DIR/man1.Z/ftp.1 $MAN_DIR/man1.Z/rcp.1 $MAN_DIR/man1.Z/remsh.1 $MAN_DIR/man1.Z/rlogin.1 $MAN_DIR/man1.Z/telnet.1 $MAN_DIR/man1m.Z/ftpd.1m $MAN_DIR/man1m.Z/remshd.1m $MAN_DIR/man1m.Z/rlogind.1m $MAN_DIR/man1m.Z/telnetd.1m" InternetSrvcs.$FILE_SET

if [ $? = "1" ]
then
	echo "WARNING! unable to modify definition of file set
	echo  InternetSrvcs.$FILE_SET".
fi

func_val=$exitval
}

disable_man ()
{
MAN_DIR=$1
FILE_SET=$2
ROOT_DIR=$3
exitval=0

for file in  	\
		$MAN_DIR/man1.Z/ftp.1 \
		$MAN_DIR/man1.Z/rcp.1 \
		$MAN_DIR/man1.Z/remsh.1 \
		$MAN_DIR/man1.Z/rlogin.1 \
		$MAN_DIR/man1.Z/telnet.1 \
		$MAN_DIR/man1m.Z/ftpd.1m \
		$MAN_DIR/man1m.Z/remshd.1m \
		$MAN_DIR/man1m.Z/rlogind.1m \
		$MAN_DIR/man1m.Z/telnetd.1m 
                    
      do
          if [[ -f $file ]]
          then
# move the secure InternetSrvcsSec manpages 
#
              name=${file##*/}
              dir=${file%/*}
              mv -f $file $dir/k$name
              retval=$?
              if [[ $retval -ne 0 ]]
              then
# move failed for some reason
		echo  Error! could not move  \"$file\" to \"k$file\".
		echo  Error! Product InternetSvcSec cannot be disabled.
		echo  Suspending disabling process.
                  [[ $exitval -ne 1 && $retval -ne 0 ]] && exitval=$retval
		func_val=$FAILURE
		return
              fi
# restore the regular versions from InternetSrvcs from the *.safe files
# restore permissions
#
              mv -f $file.safe $file
              chmod 444 $file
              retval=$?
              if [[ $retval -ne 0 ]]
              then
# move failed for some reason
		echo  Error! could not restore \"$file\".
		echo  Error! Product InternetSvcSec cannot be disabled.
		echo  Suspending disabling process.
                  [[ $exitval -ne 1 && $retval -ne 0 ]] && exitval=$retval
		func_val=$FAILURE
		return
              fi

          fi
      done

      for file in   $ROOT_DIR/usr/share/man/cat1.Z/ftp.1 \
                    $ROOT_DIR/usr/share/man/cat1.Z/rcp.1 \
                    $ROOT_DIR/usr/share/man/cat1.Z/remsh.1 \
                    $ROOT_DIR/usr/share/man/cat1.Z/rlogin.1 \
                    $ROOT_DIR/usr/share/man/cat1.Z/telnet.1 \
                    $ROOT_DIR/usr/share/man/cat1m.Z/ftpd.1m \
                    $ROOT_DIR/usr/share/man/cat1m.Z/remshd.1m \
                    $ROOT_DIR/usr/share/man/cat1m.Z/rlogind.1m \
                    $ROOT_DIR/usr/share/man/cat1m.Z/telnetd.1m 
                    
      do
         if [[ -f $file ]]
         then
             rm -r -f $file
             retval=$?
             if [[ $retval -ne 0 ]]
             then
             #remove failed for some reason
             print "WARNING: Could not remove \"$file\""
             [[ $exitval -ne 1 && $retval -ne 0 ]] && exitval=$retval 
             fi
         fi
      done

echo Modifying definition of file set InternetSrvcs.$FILE_SET
swmodify -xfiles="$MAN_DIR/man1.Z/ftp.1 $MAN_DIR/man1.Z/rcp.1 $MAN_DIR/man1.Z/remsh.1 $MAN_DIR/man1.Z/rlogin.1 $MAN_DIR/man1.Z/telnet.1 $MAN_DIR/man1m.Z/ftpd.1m $MAN_DIR/man1m.Z/remshd.1m $MAN_DIR/man1m.Z/rlogind.1m $MAN_DIR/man1m.Z/telnetd.1m" InternetSrvcs.$FILE_SET

if [ $? = "1" ]
then
	echo "WARNING! unable to modify definition of file set
	echo  InternetSrvcs.$FILE_SET".
fi
func_val=$exitval
}

remove_man ()
{
MAN_DIR=$1
ROOT_DIR=$2
for file in  \
	$MAN_DIR/man1.Z/ftp.1 \
	$MAN_DIR/man1.Z/rcp.1 \
	$MAN_DIR/man1.Z/remsh.1 \
	$MAN_DIR/man1.Z/rlogin.1 \
	$MAN_DIR/man1.Z/telnet.1 \
	$MAN_DIR/man1m.Z/ftpd.1m \
	$MAN_DIR/man1m.Z/remshd.1m \
	$MAN_DIR/man1m.Z/rlogind.1m \
	$MAN_DIR/man1m.Z/telnetd.1m 
do
	if [ -f $file.safe ]
	then
		name=${file##*/}
		dir=${file%/*}
		rm -f $file
		mv  $dir/$name.safe $file
		chmod 444 $file
	fi
done
}

remove_files ()
{
ROOT_DIR=$1
for file in \
	$ROOT_DIR/usr/bin/remsh \
	$ROOT_DIR/usr/bin/rcp \
	$ROOT_DIR/usr/bin/rlogin \
	$ROOT_DIR/usr/bin/ftp \
	$ROOT_DIR/usr/bin/telnet 
do
	if [ -f $file.noauth ]
	then
		name=${file##*/}
		dir=${file%/*}
		rm -f $file
		mv  $dir/$name.noauth $file
		if [ $name = "ftp" -o  $name = "telnet" ]
		then 
			
			chmog 555 bin bin $file
		else
			chmog 4555 root bin $file
		fi
	fi
done

for file in \
	$ROOT_DIR/usr/lbin/remshd \
	$ROOT_DIR/usr/lbin/rlogind \
	$ROOT_DIR/usr/lbin/ftpd \
	$ROOT_DIR/usr/lbin/telnetd
do
	if [ -f $file.noauth ]
	then
		name=${file##*/}
		dir=${file%/*}
		rm -f $file
		mv  $dir/$name.noauth $file
		chmog 544 bin bin $file
	fi
done

	remove_man  $ROOT_DIR/usr/share/man $ROOT_DIR
	if [ -d $ROOT_DIR/usr/share/man/ja_JP.SJIS ]
	then
		remove_man  $ROOT_DIR/usr/share/man/ja_JP.SJIS $ROOT_DIR
	fi

	if [ -d $ROOT_DIR/usr/share/man/ja_JP.eucJP ]
	then
		remove_man $ROOT_DIR/usr/share/man/ja_JP.eucJP $ROOT_DIR
	fi
}

enable_product ()
{
sretval=0 
#Copy and remove the existing internet services to svcname.noauth 
#change mode of the svc to 700
SUCCESS=0
ERROR=1
WARNING=2


ROOT_DIR=$1

UTILS="/usr/lbin/sw/control_utils"
if [[ ! -f $UTILS ]]
then
        echo "ERROR:   Cannot find $UTILS"
        exit 1
fi
. $UTILS

PATH=$PATH:/usr/bin;export PATH

for file in \
	$ROOT_DIR/usr/bin/remsh \
	$ROOT_DIR/usr/bin/rcp \
	$ROOT_DIR/usr/bin/rlogin \
	$ROOT_DIR/usr/bin/ftp \
	$ROOT_DIR/usr/bin/telnet\
	$ROOT_DIR/usr/lbin/remshd \
	$ROOT_DIR/usr/lbin/rlogind \
	$ROOT_DIR/usr/lbin/ftpd \
	$ROOT_DIR/usr/lbin/telnetd
do
	if [ -f $file.noauth ]
	then
		echo $file.noauth exists.
		echo Error! Product InternetSvcSec has already been enabled.
		echo To re-enable, invoke \"inetsvcs_sec disable\" and then
		echo inesvcs_sec  invoke \"inetsvcs_sec enable\".
		func_val=$FAILURE
		return
	fi
done


for file in \
	$ROOT_DIR/usr/bin/remsh \
	$ROOT_DIR/usr/bin/rcp \
	$ROOT_DIR/usr/bin/rlogin \
	$ROOT_DIR/usr/bin/ftp \
	$ROOT_DIR/usr/bin/telnet\
	$ROOT_DIR/usr/lbin/remshd \
	$ROOT_DIR/usr/lbin/rlogind \
	$ROOT_DIR/usr/lbin/ftpd \
	$ROOT_DIR/usr/lbin/telnetd
do 
	/usr/bin/mv  $file $file.noauth
	retval=$?
	if [ $retval != "0" ] 
	then
		echo  Error! could not move  $file to $file.noauth.
		echo  Error! Product InternetSvcSec cannot be enabled.
		echo  Suspending enabling process.
		remove_files $ROOT_DIR
		func_val $FAILURE
		return
	fi

	chmog 700 root bin $file.noauth
	name=${file##*/}
	dir=${file%/*}
	/usr/bin/ln -s $dir/k$name $file
	retval=$?
	if [ $retval != "0" ]
	then
		echo  "ERROR! could not create symbolic link for $file".
		echo  Error! Product InternetSvcSec cannot be enabled.
		echo  Suspending enabling process.
		remove_files $ROOT_DIR
		func_val=$FAILURE
		return
	fi
done


echo Modifying definition of file set InternetSrvcs.INETSVCS-RUN
swmodify -xfiles="$ROOT_DIR/usr/bin/rcp $ROOT_DIR/usr/bin/remsh $ROOT_DIR/usr/bin/rlogin $ROOT_DIR/usr/bin/ftp $ROOT_DIR/usr/bin/telnet $ROOT_DIR/usr/lbin/telnetd $ROOT_DIR/usr/lbin/remshd $ROOT_DIR/usr/lbin/rlogind $ROOT_DIR/usr/lbin/ftpd" InternetSrvcs.INETSVCS-RUN
if [ $? = "1" ]
then
	echo "WARNING! unable to modify definition of file set
	echo  InternetSrvcs.INETSVCS-RUN".
fi

for file in  \
	$ROOT_DIR/usr/bin/remsh \
	$ROOT_DIR/usr/bin/rcp \
	$ROOT_DIR/usr/bin/rlogin \
	$ROOT_DIR/usr/bin/ftp \
	$ROOT_DIR/usr/bin/telnet\
	$ROOT_DIR/usr/lbin/remshd \
	$ROOT_DIR/usr/lbin/rlogind \
	$ROOT_DIR/usr/lbin/telnetd \
	$ROOT_DIR/usr/lbin/ftpd
do
		echo "NOTE:    A secure version of $file"
		echo "         has been placed on the system."
done


########
# move (not remove) the regular InternetSrvcs (INET) manpages 
# from /usr/share/man/man* and
# remove the InternetSrvcs cat manpages from /usr/share/man/cat*;
# rename the secure InternetSrvcsSec (ISEC) manpages (except for sis.5)
#
	enable_man $ROOT_DIR/usr/share/man INET-ENG-A-MAN $ROOT_DIR
	if [ -d $ROOT_DIR/usr/share/man/ja_JP.SJIS ]
	then
		enable_man $ROOT_DIR/usr/share/man/ja_JP.SJIS INET-JPN-S-MAN $ROOT_DIR
	fi

	if [ -d $ROOT_DIR/usr/share/man/ja_JP.eucJP ]
	then
		enable_man $ROOT_DIR/usr/share/man/ja_JP.eucJP INET-JPN-E-MAN $ROOT_DIR
	fi

func_val=$exitval
}

disable_product ()
{
exitval=0				# Anticipate success
SUCCESS=0                       # SD expected return codes
WARNING=2
FAILURE=1

UTILS="/usr/lbin/sw/control_utils"
if [[ ! -f $UTILS ]]
then
       echo "ERROR:   Cannot find $UTILS"
       exit 1
fi
. $UTILS
ROOT_DIR=$1

PATH=$PATH:/usr/bin;export PATH

sretval=0


for file in \
	$ROOT_DIR/usr/bin/remsh \
	$ROOT_DIR/usr/bin/rcp \
	$ROOT_DIR/usr/bin/rlogin \
	$ROOT_DIR/usr/bin/telnet \
	$ROOT_DIR/usr/bin/ftp	
do

	if [ -f $file.noauth ]
	then
		rm -f $file
		mv $file.noauth  $file
		retval=$?
		if [ $retval != "0" ]
		then
			echo  Error! could not move $file.noauth  to $file.
			echo  Error! Product InternetSvcSec cannot be disabled.
			echo  Suspending disabling process.
			sretval=1
		fi
		name=${file##*/}
		dir=${file%/*}
		if [ $name = "ftp" -o  $name = "telnet" ]
		then 
			
			chmog 555 bin bin $file
		else
			chmog 4555 root bin $file
		fi
	else 
		echo WARNING! $file.noauth did not exist.
		echo Product InternetSvcSec was not properly enabled.
		echo Suspending disabling process.
		func_val=$FAILURE
		return
	fi
done

for file in \
	$ROOT_DIR/usr/lbin/remshd \
	$ROOT_DIR/usr/lbin/rlogind  \
	$ROOT_DIR/usr/lbin/ftpd \
	$ROOT_DIR/usr/lbin/telnetd
do
	if [ -f $file.noauth ]
	then
		rm -f $file
		mv $file.noauth  $file
		retval=$?
		if [ $retval != "0" ]
		then
			echo  "Error! could not move $file.noauth  to $file."
			echo  Error! Product InternetSvcSec cannot be disabled.
			echo  Suspending disabling process.
			sretval=1
		fi
		chmog 544 bin bin $file
	else 
		echo WARNING! $file.noauth did not exist.
		echo Product InternetSvcSec was not properly enabled.
		echo Suspending disabling process.
	fi
done



if [ $sretval != "0" ]
then 
	exitval=$sretval
else
	echo Modifying definition of file set InternetSrvcs.INETSVCS-RUN
	swmodify -xfiles="$ROOT_DIR/usr/bin/rcp $ROOT_DIR/usr/bin/remsh $ROOT_DIR/usr/bin/rlogin $ROOT_DIR/usr/bin/ftp $ROOT_DIR/usr/bin/telnet $ROOT_DIR/usr/lbin/telnetd $ROOT_DIR/usr/lbin/remshd $ROOT_DIR/usr/lbin/rlogind $ROOT_DIR/usr/lbin/ftpd" InternetSrvcs.INETSVCS-RUN
if [ $? = "1" ]
then
	echo "WARNING! unable to modify definition of file set
	echo  InternetSrvcs.INETSVCS-RUN".
fi

fi

########
# rename the secure manpages back to their "k" versions
# except for sis.5
# and restore the original networking manpages
# remove the cat manpages
########

	disable_man $ROOT_DIR/usr/share/man INET-ENG-A-MAN $ROOT_DIR
	if [ -d $ROOT_DIR/usr/share/man/ja_JP.SJIS ]
	then
		disable_man $ROOT_DIR/usr/share/man/ja_JP.SJIS INET-JPN-S-MAN  $ROOT_DIR
	fi

	if [ -d $ROOT_DIR/usr/share/man/ja_JP.eucJP ]
	then
		disable_man $ROOT_DIR/usr/share/man/ja_JP.eucJP INET-JPN-E-MAN $ROOT_DIR
	fi

	func_val=$exitval
}
client_present=0
/usr/bin/dcnodes -q
retval=$?
case $retval in
0)				#Standalone
	;;
1)				#Server

	echo Updating diskless server.
	arch=`uname -m`
	
	name=${arch##*/}
	case $name in
	8??)
		client_present=1
		client_dir=/export/shared_roots/OS_700
		if [ ! -d /export/shared_roots/OS_700/usr/bin ]
		then
			echo Enter the the shared_root of client. 
			read client_dir
			if [ ! -d $client_dir/usr/bin ]
			then
				echo "Invalid directory $client_dir"
				exit
			fi
		fi
		;;
	*)
		echo $arch
		;;
	esac

	;;

2)				#client
	echo Error! This script is not be executed on a diskless client.
	exit 1
	;;
*)
	;;
esac

case $1 in

enable)
	echo Enabling product InternetSvcSec.
	enable_product  
	if [ $func_val != "0" ]
	then
		exit $func_val
	fi
	if [ $client_present = "1" ]
	then
		echo Enabling the services in the client shared root directory.
		enable_product $client_dir
		if [ $func_val != "0" ]
	then
			exit $func_val
		fi
	fi

	;;
disable)
	echo Disabling product InternetSvcSec.
	disable_product 
	if [ $client_present = "1" ]
	then
		echo Disabling the services in the client shared root directory.
		disable_product $client_dir
	
	fi
	;;
*)
	echo usage: inetsvcs_sec enable/disable.
	;;
esac
