#!/bin/sh
#
# Copyright 2002 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident	"@(#)adminserver	1.6 - 02/02/20"
# set -x


#########################################
# security_check_all
#
# check that security packages are
# the correct ones
#
# need nss(x) 332 + patch 11404[5|6]-02
# need tls(x) 412 + patch 11404[5|6]-02
#
##########################################
security_check_all () {

    security_check_all_ret=0;
    min_patch=0

	# minimum version when no patch
	tls_min="3.3.4"
	nspr_min="4.1.4"

    if [ `uname -r` = "5.8" ]; then

        if  [ `uname -p` = "sparc" ]; then
            min_patch=114045-02
            tls="3.3.2"
            nspr="4.1.2"
        else
            min_patch=114046-02
            tls="3.3.3"
            nspr="4.1.3"
        fi
	elif [ `uname -r` = "5.9" ]; then	
			if  [ `uname -p` = "sparc" ]; then
			 	min_patch=114049-02
				tls="3.3.2"
				nspr="4.1.2"
			else
			 	min_patch=114050-02
				tls="3.3.3"
				nspr="4.1.3"
			fi
    else # S10
        tls="3.3.4"
        nspr="4.1.4"
    fi
 
    security_check SUNWtls $tls $min_patch $tls_min
    if [ $? -ne 0 ]; then
        security_check_all_ret=1
    fi

    security_check SUNWpr $nspr $min_patch $nspr_min
    if [ $? -ne 0 ]; then
        security_check_all_ret=1
    fi

	if [ -n "`isainfo -v|grep 64-bit`" ]
	then
		pkginfo -r "SUNWdsvx" >/dev/null 2>&1
		if [ $? -eq 0 ]; then
			security_check SUNWtlsx $tls $min_patch $tls_min
			if [ $? -ne 0 ]; then
				security_check_all_ret=1
			fi
			security_check SUNWprx $nspr $min_patch $nspr_min
			if [ $? -ne 0 ]; then
				security_check_all_ret=1
			fi
		fi
	fi
    return $security_check_all_ret
}

security_check () {

    pkg=$1
    min_version=$2
    min_patch=$3
    version_nopatch=$4
    security_check_ret=0

    if [ $min_patch -ne 0 ]; then
		security_check_patch $pkg $min_version $min_patch
		if [ $? -eq 1 ]; then
			security_check_version $pkg $version_nopatch
			if [ $? -eq 1 ]; then
				echo "ERROR: Need package $pkg $min_version with minimum patch $min_patch OR $pkg with minimum version $version_nopatch"
				security_check_ret=1
			fi
		fi
    else #S10
		security_check_version $pkg $min_version $min_patch
		if [ $? -eq 1 ]; then
			echo "ERROR: Need package $pkg with minimum revision $min_version"
			security_check_ret=1
		fi
    fi

    return $security_check_ret;
}     

security_check_version ()
{
	pkg=$1
	version=$2

	current_version=`pkginfo -x $pkg | tail -1 | awk '{ print $2 }' | cut -f1 -d','`
	if [ "x$current_version" = x ]; then
		return 1
	fi
	major_current_version=`echo $current_version | cut -f1 -d"."`
	major_version=`echo "$version" | cut -f1 -d"."`

	minor_current_version=`echo "$current_version" | cut -f2 -d"."`
	minor_version=`echo "$version" | cut -f2 -d"."`

	micro_current_version=`echo "$current_version" | cut -f3 -d"."`
	micro_version=`echo "$version" | cut -f3 -d"."`

	if [ "x$major_current_version" = x -o "x$major_current_version" = x ]; then
		return 1
	else
		if [ "$major_current_version" -lt "$major_version" ]; then
			return 1
		fi
	fi

	if [ "x$minor_current_version" = x -o "x$minor_current_version" = x ]; then
		return 1
	else
		if [ "$minor_current_version" -lt "$minor_version" ]; then
			return 1
		fi
	fi

	if [ "x$micro_current_version" = x -a "x$micro_current_version" = x ]; then
		return 0
	elif [ "x$micro_current_version" = x -a "x$micro_current_version" != x ]; then
		return 1
	elif [ "x$micro_current_version" != x -a "x$micro_current_version" = x ]; then
		return 0
	elif [ "x$micro_current_version" != x -a "x$micro_current_version" != x ]; then
		if [ "$micro_current_version" -lt "$micro_version" ]; then
			return 1
		fi
	fi

	return 0
}

security_check_patch ()
{
    pkg=$1
    version=$2
    min_patch=$3
    security_check_ret=0

	pkginfo -x $pkg | tail -1 | awk '{ print $2 }' | cut -f1 -d','|grep -w $version >/dev/null
	if [ $? -ne 0 ]; then
		return 1
	fi

	current_patch=`showrev -p|grep $pkg|awk '{ print $2; }'`
	if [ "x$current_patch" != x ]; then
			for i in `echo $current_patch`
			do
				security_check_ret=`echo "$i $min_patch" | awk '{ if ( $1 >= $2 ) print 0 ; else print 1;}'`
				if [ $security_check_ret -eq 0 ]; then
					break
				fi
			done
			if [ $security_check_ret -eq 1 ]; then
					return 1
			fi
	else
		return 1
	fi
	return 0
}

#########################################
# getPkgBase
#
##########################################

getPkgBase () {
    pkginfo -r $1 2> /dev/null
}


#########################################
# getMultiplePkgInfo
#
##########################################

getMultiplePkgInfo () {
    pkginfo "$1.*"
}


#########################################
# getPkgRev
#
##########################################

getPkgRev () {
    pkginfo -x $1
}


#########################################
# getPkgList
#
# NSPR (SUNWpr)
# NSS  (SUNWtls)
# ICU  (SUNWicu)
# LDAP (SUNWldk)
# SASL (SUNWsasl)
# JSS  (SUNWjss)
#
##########################################

getPkgList () {
    PKGS="
	SUNWpr 
	SUNWtls
	SUNWicu
	SUNWldk
	SUNWsasl
	SUNWjss
	SUNWasvr
    "
}


#########################################
# getAdmServPkgList
#
#
##########################################
getAdmServPkgList () {
    PKGS="
	SUNWasvc 
	SUNWasvcp
	SUNWasvu
    "
}

##########################################
# set_env_vars
#
##########################################
set_env_vars () {

    pkg_get_basedir SUNWasvc
    USR_ADM_PUBLIC=$BASEDIR/usr/sbin
    USR_ADM=$BASEDIR/usr/sadm/mps/admin/v5.2
    ETC_ADM=$BASEDIR/etc/mps/admin/v5.2
    SERVER_ROOT_CONF=$ETC_ADM/shared/config/serverroot.conf
    SERVER_ROOT=$BASEDIR/var/mps/serverroot
    if [ -f $SERVER_ROOT_CONF ]; then
       SERVER_ROOT=`cat $SERVER_ROOT_CONF`
    fi

}

##########################################
# exec_startconsole
#
# input: "$@" of the adminserver
# return: 0 - success
#         None zero - Fail
#########################################
exec_startconsole () {

	while getopts ":l:" LOPT
	do
        	[ "$LOPT" = "l" ] && break
	done
	if [ "$LOPT" != "l" ] && [ ! -z "$LANG" ]; then
		LOPT=`echo $LANG | awk '
			/^zh$/ || /^zh\..*/ || /^zh_CN.*/ { print "-l zh"}
			/^ja.*/ {print "-l ja"}'`
	else
        	LOPT=
	fi

	$SERVER_ROOT/startconsole "$@" $LOPT
	return $?
}

#########################################
# pkg_print_instances
#
# $1 pkg name
#
##########################################
pkg_print_instances () {
    pkg=$1
    instances=`getMultiplePkgInfo "${pkg}" | awk '{ print $2; }'`
    for n in $instances; do
    revision=`getPkgRev $n | tail -1 | awk '{ print $2 }'`
    basedir=`getPkgBase $n`
    echo "$n\n\t$revision\t$basedir"
    done
}

#########################################
# pkg_check
#
# check that required packages are
# correctly installed :
#
##########################################

pkg_check () {

    rc=0

    getPkgList

    basedirs=""

    missing=""
    for pkg in ${PKGS}; do
	num=`getPkgBase "${pkg}" | sort | uniq | wc -l`
	if [ $num -eq 0 ]; then
	    missing="$missing$pkg "
	    continue
	fi
    done

    # check for missing required packages
    if [ -n "$missing" ]; then
	echo "ERROR: The following packages are not installed:"
	echo $missing
	echo
	rc=1
    fi

	if [ $rc -eq 0 ]; then
		full_list="${PKGS}"
		for pkg in ${full_list}; do
			pkg_check_uniq ${pkg}
			if [ $? -ne 0 ]; then
				rc=1
			fi
		done
	fi

    return $rc
}

#########################################
# pkg_check_uniq
##########################################
pkg_check_uniq () {
    pkg=$1
    rc=0
    num=`getMultiplePkgInfo "${pkg}" | wc -l`
    if [ $num -ne 1 ]; then
        echo "WARNING: Package ${pkg} has multiple instances:"
        pkg_print_instances ${pkg}
        echo "WARNING: only ${pkg} is used by Console 5.2"
        rc=1
    fi
    return $rc
}


#########################################
# as_pkg_check
#
# check that required packages are
# correctly installed
#
##########################################
as_pkg_check () {
    rc=0

    getAdmServPkgList
    
    basedirs=""

    missing=""
    for pkg in ${PKGS}; do
	num=`getMultiplePkgInfo "${pkg}" | sort | uniq | wc -l`
	if [ $num -eq 0 ]; then
	    missing="$missing$pkg "
	    continue
	fi
	instances=`getMultiplePkgInfo "${pkg}" | awk '{ print $2; }'`
	for n in $instances; do
	    basedir=`getPkgBase $n`
	    if [ -z "$basedirs" ]; then
		basedirs=$basedir
	    else
		basedirs="$basedirs\n$basedir"
	    fi
	done
    done

    # check for missing required packages
    if [ -n "$missing" ]; then
	echo "ERROR: The following packages are not installed:"
	echo $missing
	echo
	rc=1
    fi
 
    # check for unique basedir
    num=`echo $basedirs | sort | uniq | wc -l`
    if [ $num -ne 1 ]; then
	echo "ERROR: The installed packages do not have a unique basedir."
	echo
	rc=1
    fi

    full_list="${PKGS}"
    for pkg in ${full_list}; do
        pkg_check_uniq ${pkg}
        if [ $? -ne 0 ]; then
            rc=1
        fi
    done

    return $rc
}

#########################################
# pkg_get_basedir
#
# set BASEDIR variable 
##########################################
pkg_get_basedir () {
    pkg=$1
    num=`getMultiplePkgInfo "${pkg}" | sort | uniq | wc -l`
    if [ $num -eq 0 ]; then
	echo "ERROR: Package ${pkg} is not installed"
	return 1
    fi
    BASEDIR=`getPkgBase "${pkg}" | head -1`
	return 0
}


#########################################
# is_configured 
#
# return non-zero if configuration has been done
#
##########################################
is_configured () {

    if [ -f $SERVER_ROOT/admin-serv/config/adm.conf ]; then
	return 1
    fi
    return 0
}


#########################################
# exit_if_not_configured 
#
# exit if the configuration has not been done
#
##########################################
exit_if_not_configured () {

    is_configured
    if [ $? -eq 0 ]; then
	echo "You must configure Administration Server first."
	echo "Run ${USR_ADM_PUBLIC}/mpsadmserver configure."
	exit 1
    fi

}


#########################################
# main 
##########################################

# Check other packages

pkg_check
if [ $? -ne 0 ]; then
    exit 1
fi

security_check_all
if [ $? -ne 0 ]; then
    exit 1
fi
# Admin server part

as_pkg_check
if [ $? -ne 0 ]; then
    exit 1
fi

set_env_vars

exit_if_not_configured
exec_startconsole "$@"
