#! /bin/csh -f
#
# (c) Copyright 1993-1997 Check Point Software Technologies Ltd.
# All rights reserved.
# 
# This is proprietary information of Check Point Software Technologies
# Ltd., which is provided for informational purposes only and for use
# solely in conjunction with the authorized use of Check Point Software
# Technologies Ltd. products.  The viewing and use of this information is
# subject, to the extent appropriate, to the terms and conditions of the
# license agreement that authorizes the use of the relevant product.
#
# $Header: /fw/cvs/fw-1/fwutil/fwinst.new/fwinstallpatch.csh,v 1.1.2.17 1999/09/16 12:59:35 rimon Exp $
#

#
# The Definition of the Files that are Included in the Patch.
#

set patch_kernel		= true
set patch_fw			= true
set patch_objects		= true
set fg_incompatible		= true
set binary_files		= (fwui fwconfig router_load fwinfo fwc)
set configuration_files	= (fwopsec.conf omi.conf slapd.conf logviewer.C)
set inspect_files		= (base.def code.def control.map formats.def fwui_head.def setup.C table.def traps.def snmp.def)
set snmp_lib_files		= (mib.txt mib4.txt wellfleet.mib chkpnt.mib acl.conf context.conf party.conf view.conf)

#
# If Requested, Give the List of Files in the Patch
#

if ($#argv == 0) then
	set list = 0
else if (($#argv == 1) && (X$1 == X-list)) then
	set list = 1
else 
	echo "Usage: $0 [-list]"
	exit 1
endif

if ($list) then
	echo "List of Files in this patch:"
	echo "-------------------------------"
	echo "Binaries:"
	if (X$patch_kernel == "Xtrue") echo "	Kernel Module"
	if (X$patch_fw == "Xtrue") echo "	fw"
	foreach file ($binary_files)
		echo "	$file"
	end
	echo ""
	echo "Configuration Files:"
	foreach file ($configuration_files)
		echo "	$file"
	end
	echo ""
	echo "Library Files:"
	foreach file ($inspect_files)
		echo "	$file"
	end
        foreach file ($snmp_lib_files)
                echo "  snmp/$file"
        end
	exit 0
endif

#
# Identify the Platform
#

alias get 'set \!^ = $<'

if (-f /kernel/genunix || -f /kernel/unix) then
	set solaris2 = 1
	set hpux = 0
	set sunos4 = 0
	set freebsd = 0
	set aix = 0
	set fwmod = fwmod.5.x.o
	set modfile = modules/$fwmod
	set fwmod = $modfile
	set path = (/usr/bin /usr/ucb /usr/sbin)
	alias df /usr/ucb/df
else if (-f /hp-ux) then
	set solaris2 = 0
	set hpux = 9
	set sunos4 = 0
	set freebsd = 0
	set aix = 0
	set fwmod = fwmod.hpux9.o
	set modfile = modules/$fwmod
	set fwmod = $modfile
	set module = /hp-ux
	set path = (/bin /usr/bin /etc)
	if (`uname -m | sed -e 's/^.*\///' -e 's/\(.\).*/\1/'` == 7) then
		set hpux700 = 1
		set hpux800 = 0
	else
		set hpux700 = 0
		set hpux800 = 1
	endif
	alias hostid 'echo "obase=16 ; `uname -i`" | bc -l'
	alias df bdf
else if (-f /stand/vmunix) then
	set solaris2 = 0
	set hpux = 10
	set sunos4 = 0
	set freebsd = 0
	set aix = 0
	set fwmod = fwmod.hpux10.o
	set modfile = modules/$fwmod
	set module = /stand/vmunix
	set fwmod = $modfile
	set path = (/bin /usr/bin /usr/sbin /etc)
	if (`uname -m | sed -e 's/^.*\///' -e 's/\(.\).*/\1/'` == 7) then
		set hpux700 = 1
		set hpux800 = 0
	else
		set hpux700 = 0
		set hpux800 = 1
	endif
	alias hostid 'echo "obase=16 ; `uname -i`" | bc -l'
	alias df bdf
else if (-f /vmunix) then
	set solaris2 = 0
	set hpux = 0
	set sunos4 = 1
	set freebsd = 0
	set aix = 0
	set fwmod = fwmod.4.1.x.o
	set modfile = modules/$fwmod
	set fwmod = $modfile
	set path = (/usr/bin /usr/ucb /bin /usr/etc)
else if (-f /kernel) then
	set solaris2 = 0
	set hpux = 0
	set sunos4 = 0
	set aix = 0
	set freebsd = 1
	set fwmod = fwmod.o
	set modfile = modules/$fwmod
	set fwmod = $modfile
	set path = (/usr/bin /usr/ucb /bin /usr/etc)
else if (-f /usr/lib/drivers/netinet) then
	set solaris2 = 0
	set hpux = 0
	set sunos4 = 0
	set aix = 1
	set freebsd = 0
	set oslev = `oslevel`
	set id=`whoami`
	if ("X$id" != "Xroot") then
		echo "You are not a super-user. Super-user Permissions are required for correct"
		echo "Installation/Configuration."
		exit 1
	endif		
	if ($oslev != 4.1.4.0 && $oslev != 4.1.5.0 && $oslev != 4.2.0.0 && $oslev != 4.2.1.0) then
		echo `oslevel`: This operating system is not supported
		exit 1
	endif
	set fwmod = fwmod.4.x.o
	set modfile = modules/$fwmod
	set fwmod = $modfile
	set path = (/usr/bin /usr/sbin /bin /usr/etc)
else
	echo Cannot recognize your system.
	exit 1
endif

if ($solaris2 != 0) then
	echo "Solaris 2.x detected" 
else if ($sunos4 != 0) then
	echo "SunOS 4 detected" 
else if ($hpux != 0) then
	echo "HP/UX $hpux detected" 
else if ($freebsd != 0) then
	echo "FreeBSD detected"
else if ($aix != 0) then
	echo "AIX detected"
endif
echo ""

#
# Get FWDIR
#

if (! $?FWDIR) goto read_fwdir 
if (-d $FWDIR && -x $FWDIR/bin/fw) goto good_fwdir

read_fwdir:
setenv FWDIR /etc/fw
echo -n "Enter the value of FWDIR [/etc/fw] ? "
get dans
if (X$dans == X) set dans=/etc/fw
setenv FWDIR $dans
if (-d $FWDIR && -x $FWDIR/bin/fw) goto good_fwdir
echo Incorrect value for FWDIR
goto read_fwdir

good_fwdir:
set path = ($FWDIR/bin /bin /usr/bin /etc /usr/etc /sbin /usr/sbin)

set floodgate = 0
source ${FWDIR}/scripts/readprod

if ((X$fg_incompatible == "Xtrue") && (X$floodgate == X1)) then
	echo FloodGate-1 was detected. This patch is for FireWall-1
	echo only and cannot be applied on FloodGate-1 installations.
	goto abort
endif

#
# Install the Patch
#

#
# Stop FireWall-1
#

echo ""
echo "In order to install the patch, FireWall-1 must be stopped."
echo ""

readfwstop:
echo -n "Do you want to stop FireWall-1 (y/n) [y] ? "
get dans
if (X$dans == X) set dans=y
if (X$dans == Xy) goto fwstop
if (X$dans == Xn) goto abort
goto readfwstop

fwstop:
echo ""
echo Performing fwstop...
$FWDIR/bin/fwstop
echo ""

#
# Install the Patched Kernel
#

if (X$patch_kernel == "Xtrue") then
	if (-f "$FWDIR/$modfile") then
		echo "Replacing the Kernel Module"
	
		if ($solaris2 != 0) then
			cp "$FWDIR/$modfile" "$FWDIR/${modfile}-unpatched"
			cp $fwmod "$FWDIR/$modfile" 
			if (X$fw1_firewall == X1) then
				rem_drv fw
				add_drv fw
			endif
			echo "Done."
		endif
	
		if ($sunos4 != 0) then
			cp "$FWDIR/$modfile" "$FWDIR/${modfile}-unpatched"
			cp $fwmod "$FWDIR/$modfile" 
			echo "Done."
		endif
	
		if ($aix != 0) then
			cp "$FWDIR/$modfile" "$FWDIR/${modfile}-unpatched"
			cp $fwmod "$FWDIR/$modfile" 
			echo "Done."
		endif
	
		if ($hpux != 0) then
			if (X$fw1_firewall == X1) then
				echo Please answer these questions :
				echo
				cp "$FWDIR/$modfile" "$FWDIR/${modfile}-unpatched"
				cp $fwmod "$FWDIR/$modfile"
				set product=FireWall-1
				if (X`/bin/ls -nd $FWDIR/conf | /bin/cut -c6` == Xw) then
					set grp=`/bin/ls -nd $FWDIR/conf | /bin/cut -c27-37`
				else
					set grp=""
				endif
				source $FWDIR/bin/hpux.kernel.inst
				set hpkernelpatched
			endif
			echo "Done."
		endif
	else
		echo "Module not found, the patch will not upgrade the module"
	endif
endif

#
# Install the Patched fw Executable
#

if (X$patch_fw == "Xtrue") then
	echo ""
	echo Replacing \"fw\"
	cp "$FWDIR/bin/fw" "$FWDIR/bin/fw-unpatched"
	cp bin/fw "$FWDIR/bin"
endif

#
# Change owner and group of the directories for AIX only
#
if ($aix != 0) then
	echo ""
	echo    "Do you wish to change the owner and group of the"
	echo  	"directories /usr /usr/lpp /usr/lpp/FireWall-1" 
	echo -n "to be owner 'root' and group 'system'? [y]"

	get chng
	if ((X$chng == X) || (X$chng == Xy)) then
		chown 0 /usr
		chown 0 /usr/lpp
		chown -R 0 /usr/lpp/FireWall-1

		chgrp 0 /usr
		chgrp 0 /usr/lpp
		chgrp -R 0 /usr/lpp/FireWall-1
	endif
endif

#
# Install Other Patched Binaries
#

foreach optfile ($binary_files)
	if (-f bin/$optfile) then
		if (-f $FWDIR/bin/$optfile:t) then
			cp "$FWDIR/bin/$optfile:t" "$FWDIR/bin/${optfile:t}-unpatched"
		endif
		cp bin/$optfile "$FWDIR/bin/$optfile:t"
	endif
end
echo "Done."

#
# Install the Patched Configuration Files
#

echo ""
echo Replacing conf files 
foreach conffile ($configuration_files)
	if (-f $FWDIR/conf/$conffile:t) cp "$FWDIR/conf/$conffile:t" "$FWDIR/conf/${conffile:t}-unpatched"
	cp conf/$conffile "$FWDIR/conf/$conffile:t"
end

#
# Install the Patched Library Files
#

echo ""
echo Replacing library files
foreach deffile ($inspect_files)
	if (-f $FWDIR/lib/$deffile:t) cp "$FWDIR/lib/$deffile:t" "$FWDIR/lib/${deffile:t}-unpatched"
	cp lib/$deffile "$FWDIR/lib/$deffile:t"
end
foreach deffile ($snmp_lib_files)
        if (-f $FWDIR/lib/snmp/$deffile:t) cp "$FWDIR/lib/snmp/$deffile:t" "$FWDIR/lib/${deffile:t}-unpatched"
        cp lib/snmp/$deffile "$FWDIR/lib/snmp/$deffile:t"
end
#
# Patch snmp.C
#
if (-f $FWDIR/conf/snmp.C) then
	cp "$FWDIR/conf/snmp.C" "$FWDIR/conf/snmp.C-unpatched"
	sed "s/1919/2620/" $FWDIR/conf/snmp.C > $FWDIR/tmp/ed.out
	cp $FWDIR/tmp/ed.out $FWDIR/conf/snmp.C
endif

echo ""

#
# Generate a default filter + new license
#

if (X$fw1_firewall == X1) then
	if (-f /etc/fw.boot/default.bin) rm /etc/fw.boot/default.bin
	if (-f $FWDIR/state/default.bin) then
		echo regenerating the default filter...
		$FWDIR/bin/fw defaultgen
		cp $FWDIR/state/default.bin /etc/fw.boot/default.bin 
	endif
	if ((X$patch_kernel == "Xtrue") && ($solaris2 == 1 || $sunos4 == 1)) then
		echo Performing fw putlic -K...
		$FWDIR/bin/fw putlic -K >& /dev/null
		echo "Done."
	endif
endif

#
# Merge objects.C
#

if ((X$patch_objects == "Xtrue") && (-f "$FWDIR/conf/objects.C")) then
	$FWDIR/bin/fw checkobj
	echo ""
	echo -n "Do you wish to add new services to your objects.C file? [y]"
	get serv
	if (X$serv == X) goto merge
	if (X$serv == Xy) goto merge
	if (X$serv == Xn) goto no_merge

	merge:
	echo "merging your objects.C file"
	$FWDIR/bin/fw confmerge -f $FWDIR/conf/objects.patched $FWDIR/conf/objects.C ./conf/objects.patched
	cp $FWDIR/conf/objects.C $FWDIR/conf/objects.unpatched
	mv $FWDIR/conf/objects.patched $FWDIR/conf/objects.C

	no_merge:
endif

#
# Give an HP-UX Kernel Patch Message
#

if ($?hpkernelpatched) then
	echo ""
	echo "**************************************************************************"
	if ($hpux == 10) then
		echo "* To start FW-1, copy /stand/build/vmunix_fw to /stand/vmunix and reboot *"
		echo "* Please note that on first reboot, FW-1 will report it has failed,      *"
		echo "* since there is no Security Policy defined. This is OK.                 *"
	else
		echo "* To start FW-1, copy $hpkernelfile to /hp-ux and reboot.                *"
	endif
	echo "**************************************************************************"
		goto ok
	else
		goto readfwstart
endif

#
# Restart FireWall-1
#

readfwstart:
echo ""
echo -n "Do you want to restart FireWall-1 (y/n) [y] ? "
get dans
if (X$dans == X) set dans=y
if (X$dans == Xy) goto fwstart
if (X$dans == Xn) goto cont_wo_fwstart
goto readfwstart

fwstart:
echo Performing fwstart...
$FWDIR/bin/fwstart
echo ""

cont_wo_fwstart:
ok:
exit 0

abort:
echo "patch installation aborted"
exit 1
