#! /bin/sh
#
# Copyright (c) 1993, 2001 by Sun Microsystems, Inc.
# All rights reserved.
#
# @(#)bsmunconv.sh 1.13 01/02/14 SMI
#
PROG=bsmunconv
STARTUP=/etc/security/audit_startup
TEXTDOMAIN="SUNW_OST_OSCMD"
export TEXTDOMAIN

#	/*
#	 * TRANSLATION_NOTE:
#	 * If you make changes to messages of bsmunconv command,
#	 * don't forget to make corresponding changes in bsmunconv.po file.
#	 */

permission()
{
cd /usr/lib
WHO=`id | cut -f1 -d" "`
if [ ! "$WHO" = "uid=0(root)" ]
then
	form=`gettext "%s: ERROR: you must be super-user to run this script."`
	printf "${form}\n" $PROG
	exit 1
fi

set -- `/usr/bin/who -r`
RUNLEVEL="$3"
if [ "$RUNLEVEL" -ne "1" ]
then
	form=`gettext "%s: ERROR: this script should be run at run level 1."`
	printf "${form}\n" $PROG
	form=`gettext "Are you sure you want to continue? [y/n]"`
	echo "$form \c"
	read RESP
	case $RESP in
		`gettext "n"`*|`gettext "N"`* ) exit 1 ;;
	esac
fi

RESP="x"
while [ "$RESP" != `gettext "y"` -a "$RESP" != `gettext "n"` ]
do
gettext "This script is used to disable the Basic Security Module (BSM).\n"
form=`gettext "Shall we continue the reversion to a non-BSM system now? [y/n]"`
echo "$form \c"
read RESP
done

if [ "$RESP" = `gettext "n"` ]
then
	form=`gettext "%s: INFO: aborted, due to user request."`
	printf "${form}\n" $PROG
	exit 2
fi
}

bsmunconvert()
{
# Move the startup script aside

form=`gettext "%s: INFO: moving aside %s/etc/security/audit_startup."`
printf "${form}\n" $PROG $ROOT
if [ -f ${ROOT}/etc/security/audit_startup ]
then
    mv ${ROOT}/etc/security/audit_startup ${ROOT}/etc/security/audit_startup.sav
fi

# restore volume manager init file moved aside by bsmconv to prevent
# running volume manager when bsm is enabled

if [ ! -f ${ROOT}/etc/rc2.d/S92volmgt ]
then
    form=`gettext "%s: INFO: restore %s/etc/rc2.d/S92volmgt."`
    printf "${form}\n" $PROG $ROOT
    if [ -r ${ROOT}/etc/security/spool/S92volmgt ]
    then
	mv ${ROOT}/etc/security/spool/S92volmgt ${ROOT}/etc/rc2.d/S92volmgt
    else
	form=`gettext "%s: INFO: unable to restore file %s/etc/rc2.d/S92volmgt."`
	printf "${form}\n" $PROG $ROOT
    fi
fi

# Turn off auditing in the loadable module

if [ -f ${ROOT}/etc/system ]
then
	form=`gettext "%s: INFO: removing c2audit:audit_load from %s/etc/system."`
	printf "${form}\n" $PROG $ROOT
	grep -v "c2audit:audit_load" ${ROOT}/etc/system > /tmp/etc1.system.$$
	grep -v "abort_enable" /tmp/etc1.system.$$ > /tmp/etc.system.$$
	rm /tmp/etc1.system.$$
	mv /tmp/etc.system.$$ ${ROOT}/etc/system
else
	form=`gettext "%s: ERROR: can't find %s/etc/system."`
	printf "${form}\n" $PROG $ROOT
	form=`gettext "%s: ERROR: audit module may not be disabled."`
	printf "${form}\n" $PROG
fi

# Even though cron should not be running at run-level 1, it may have
# been started by hand.

form=`gettext "%s: INFO: stopping the cron daemon."`
printf "${form}\n" $PROG
/etc/init.d/cron stop
rm -f /var/spool/cron/atjobs/*.au
rm -f /var/spool/cron/crontabs/*.au

}

# main

permission

if [ $# -eq 0 ]
then
	ROOT=
	bsmunconvert
	echo
	gettext "The Basic Security Module has been disabled.\n"
	gettext "Reboot this system now to come up without BSM.\n"
else
	for ROOT in $@
	do
		bsmunconvert $ROOT
	done
	echo
	gettext "The Basic Security Module has been disabled.\n"
	gettext "Reboot each system that was disabled to come up without BSM.\n"
fi

exit 0

