#! /bin/sh


#------------------------------------------------------------------------
# Prompt for response, store result in Answer

Answer=""

AskQuestion() {
    Test=$1
    DefaultAns=$2
    echo -n "${1}"
    Answer="$DefaultAns"
    read Answer
}

#------------------------------------------------------------------------
# add a service line in the (usually) /etc/services or /etc/inetd.conf file
# Here there are three cases, not found         => add service line,
#                             found & different => ask user to check
#                             found & same      => do nothing
#                             

replaceLineInFile() {
    FileName=$1
    newLine=$2
    oldLine=$3

    if [ -z "$oldLine" ] 
      then
        echo "$newLine" >> $FileName

    elif [ "$oldLine" != "$newLine"  ]
      then
        echo ""
        echo "--- Warning ----------------------------------------------"
        echo ""
        echo "    In file $FileName found line: "
        echo "    $oldLine"
        echo "    Which differs from the expected line:"
        echo "    $newLine"
        echo ""

#        AskQuestion "Press return to update file or ^C to abort install"

        cat $FileName | grep -v "$oldLine" > ${FileName}.tmp
        mv ${FileName}.tmp $FileName
        echo "$newLine" >> $FileName
        echo "Updated."

    fi
}

#------------------------------------------------------------------------
# remove line from config file if it exists in it.

removeLineFromFile() {
    FileName=$1
    oldLine=$2

    if [ -f $FileName ]
      then
        if [ ! -z "$oldLine" ] 
	  then
            cat $FileName | grep -v "$oldLine" > ${FileName}.tmp
	    mv ${FileName}.tmp $FileName
    	    echo "Updated."
	fi
    fi
}



#------------------------------------------------------------------------
#  changeInitPassword


changeInitPassword() {

    NewPasswd=$1

    InitFile=/etc/rc.d/init.d/firebird
    if [ -f $InitFile ] 
      then
        ed $InitFile <<EOF
/ISC_PASSWORD/s/ISC_PASSWORD:=.*\}/ISC_PASSWORD:=$NewPasswd\}/g
w
q
EOF
    chmod u=rwx,g=rx,o= $InitFile

    fi
}

#------------------------------------------------------------------------
#  Unable to generate the password for the rpm, so put out a message
#  instead


keepOrigDBAPassword() {

    NewPasswd='masterkey'
    echo "Firebird initial install password " > $DBAPasswordFile
    echo "for user SYSDBA is : $NewPasswd" >> $DBAPasswordFile

    echo "for install on `hostname` at time `date`" >> $DBAPasswordFile
    echo "You should change this password at the earliest oportunity" >> $DBAPasswordFile
    echo ""

    echo "(For superserver you will also want to check the password in the" >> $DBAPasswordFile
    echo "daemon init routine in the file /etc/rc.d/init.d/firebird)" >> $DBAPasswordFile
    echo "" >> $DBAPasswordFile
    echo "Your should password can be changed to a more suitable one using the" >> $DBAPasswordFile
    echo "/usr/local/firebird/bin/gsec program as show below:" >> $DBAPasswordFile
    echo "" >> $DBAPasswordFile
    echo ">cd /usr/local/firebird" >> $DBAPasswordFile
    echo ">bin/gsec -user sysdba -password <password>" >> $DBAPasswordFile
    echo "GSEC>modify sysdba -pw <newpassword>" >> $DBAPasswordFile
    echo "GSEC>quit" >> $DBAPasswordFile

    chmod u=r,go= $DBAPasswordFile

}

#------------------------------------------------------------------------
#  Generate new sysdba password

generateNewDBAPassword() {

    # openssl generates random data.
    if [ -f /usr/bin/openssl ]
      then
        NewPasswd=`openssl rand -base64 10 | cut -c1-8`
    fi

    # mkpasswd is a bit of a hassle, but check to see if it's there
    if [ -z "$NewPasswd" ]
      then
        if [ -f /usr/bin/mkpasswd ]
          then
            NewPasswd=`/usr/bin/mkpasswd -l 8`
        fi
    fi

    if [ -z "$NewPasswd" ]
      then
        keepOrigDBAPassword
        return
    fi
    
    NewPasswd=`echo $NewPasswd | awk '{ for(i=1; i<=8; i++) {x = substr($1, i, 1); if (x == "/") x = "_"; printf "%c", x }; print ""}'`

    echo "Firebird generated password " > $DBAPasswordFile
    echo "for user SYSDBA is : $NewPasswd" >> $DBAPasswordFile
    echo "generated on `hostname` at time `date`" >> $DBAPasswordFile
    echo "(For superserver you will also want to check the password in the" >> $DBAPasswordFile
    echo "daemon init routine in the file /etc/rc.d/init.d/firebird)" >> $DBAPasswordFile
    echo "" >> $DBAPasswordFile
    echo "Your password can be changed to a more suitable one using the" >> $DBAPasswordFile
    echo "@prefix@/bin/changeDBAPassword.sh script" >> $DBAPasswordFile
    echo "" >> $DBAPasswordFile
    chmod u=r,go= $DBAPasswordFile

    echo ""
    echo Running gsec to modify SYSDBA password
    $IBBin/gsec -user sysdba -password masterkey <<EOF
modify sysdba -pw $NewPasswd
EOF
    echo ""
    echo Running ed to modify /etc/init.d/firebird

    changeInitPassword "$NewPasswd"
}



#------------------------------------------------------------------------
#  Change sysdba password - this routine is interactive and is only 
#  used in the install shell script not the rpm one.


askUserForNewDBAPassword() {

    NewPasswd=""

    echo "" 
    while [ -z "$NewPasswd" ]
      do
          AskQuestion "Please enter new password for SYSDBA user: "
          NewPasswd=$Answer
          if [ ! -z "$NewPasswd" ]
            then
             $IBBin/gsec -user sysdba -password masterkey <<EOF
modify sysdba -pw $NewPasswd
EOF
              echo ""

              changeInitPassword "$NewPasswd"

          fi
          
      done
}


#------------------------------------------------------------------------
#  Change sysdba password - this routine is interactive and is only 
#  used in the install shell script not the rpm one.

#  On some systems the mkpasswd program doesn't appear and on others
#  there is another mkpasswd which does a different operation.  So if
#  the specific one isn't available then keep the original password.


changeDBAPassword() {

    if [ -z "$InteractiveInstall" ]
      then
        generateNewDBAPassword
      else
        askUserForNewDBAPassword
    fi
}

#------------------------------------------------------------------------
#  For security reasons most files in firebird installation are
#  root-owned and world-readable(executable) only (including firebird).

#  For some files RunUser (firebird) must have write access - 
#  lock and log are such.


MakeFileFirebirdWritable() {
    FileName=$1
    chown $RunUser.$RunUser $FileName
    chmod 0644 $FileName
}


#------------------------------------------------------------------------
#  Add new user and group


addFirebirdUser() {

    testStr=`grep firebird /etc/group`

    if [ -z "$testStr" ]
      then
        groupadd -g 84 -o -r firebird
    fi

    testStr=`grep firebird /etc/passwd`
    if [ -z "$testStr" ]
      then
        useradd -o -r -M -d $IBRootDir -s /bin/false \
            -c "Firebird Database Administrator" -g firebird -u 84 firebird 

        # >/dev/null 2>&1 
    fi
}


#= Main Post ===============================================================

    # Make sure the links are in place 
    if [ ! -L /usr/local/firebird -a ! -d /usr/local/firebird ] 
      then 
    # Main link and... 
        ln -s $RPM_INSTALL_PREFIX/interbase /usr/local/firebird 
    fi 


    IBRootDir=/usr/local/firebird
    export IBRootDir
    IBBin=$IBRootDir/bin
    export IBBin
#    RunUser=root
    RunUser=firebird
    export RunUser
    DBAPasswordFile=$IBRootDir/SYSDBA.password
    export DBAPasswordFile


    # Update /etc/services
    FileName=/etc/services
    newLine="gds_db          3050/tcp  # InterBase Database Remote Protocol"
    oldLine=`grep "^gds_db" $FileName`

    replaceLineInFile "$FileName" "$newLine" "$oldLine"




    # remove any gds_db line in the /etc/inetd.conf
    FileName=/etc/inetd.conf
    if [ -f $FileName ]
      then
        oldLine=`grep "^gds_db" $FileName`

	removeLineFromFile "$FileName" "$oldLine"
    fi


    # Get inetd to reread new init files.

    if [ -f /var/run/inetd.pid ]
      then
        kill -HUP `cat /var/run/inetd.pid`
    fi


    # Update ownership of files
    if [ $RunUser = firebird ]
      then
        # Prepare firebird user
	addFirebirdUser
    fi

    # For security reasons initially force all root:root non-writable
    chown -R root.root $IBRootDir
    chmod -R uga-w $IBRootDir

    # Prepare bin
    cd $IBBin

    # Create the fbmgr shell script.
    cat > fbmgr <<EOF
#!/bin/sh
INTERBASE=$IBRootDir
export INTERBASE
exec \$INTERBASE/bin/fbmgr.bin \$@
EOF

    # Everyone may execute clients
    chmod 0555 *

    # Shell scripts changing security attributes are for root only
    chmod 0500 *.sh
    
    # These two should only be executed by firebird user.
    #fbservices=fbguard fbserver
    #chown $RunUser.$RunUser $fbservices
    #chmod 0544 $fbservices


    # Lock files

    cd $IBRootDir

    for i in isc_init1 isc_lock1 isc_event1 isc_guard1
      do
        FileName=$i.`hostname`
        touch $FileName
	MakeFileFirebirdWritable $FileName
      done

    touch firebird.log
    MakeFileFirebirdWritable firebird.log
    
    # Security database
    # Nobody besides firebird permitted to even read this file
    chown $RunUser.$RunUser security.fdb
    chmod 0600 security.fdb

    # make examples writable by firebird
    for i in examples/*.fdb
      do
	MakeFileFirebirdWritable $i
      done


    # prepair to chkconfig ...
    chmod ug+rx,o= /etc/rc.d/init.d/firebird

    # This will start it at runlevel defined within the firebird file itself.
    /sbin/chkconfig --add firebird

    # start the db server so we can change the password
    (cd /etc/rc.d/init.d; ./firebird start; sleep 1)

    # Change sysdba password
    changeDBAPassword