#!/bin/bash

prefix=@prefix@
exec_prefix=@exec_prefix@
sysconfdir=@sysconfdir@
bindir=@bindir@
sbindir=@sbindir@

# remove init of daemons that we start/stop
for init in ntp ssh snmpd openhpid vyatta-keepalived ipvsadm dnsmasq ddclient; do
  update-rc.d -f ${init} remove >/dev/null
done

# remove extra call to clock setup only need one. this speeds up boot 
# Mystery: why does Debian do it twice?
if [ -L /etc/rcS.d/S08hwclockfirst.sh -a -L /etc/rcS.d/S11hwclock.sh ]; then
    rm /etc/rcS.d/S11hwclock.sh
fi

case `grep '^RULES_FILE=' /lib/udev/write_net_rules` in
*z25_persistent-net.rules* )
	vyatta_net_rules=z24_vyatta-net.rules;;
*70-persistent-net.rules* )
	vyatta_net_rules=69-vyatta-net.rules;;
* )
	vyatta_net_rules=21-vyatta-net.rules;;
esac

ln -sf ../vyatta-net.rules /etc/udev/rules.d/$vyatta_net_rules

if [ "$sysconfdir" != "/etc" ]; then
    touch /etc/sudoers
    cp -p /etc/sudoers /etc/sudoers.bak

    # for "admin" level
    sed -i 's/^# %sudo ALL=NOPASSWD: ALL/%sudo ALL=NOPASSWD: ALL/' /etc/sudoers
    if ! grep -q '^%sudo ALL=NOPASSWD: ALL' /etc/sudoers; then
	echo -e "\n%sudo ALL=NOPASSWD: ALL" >> /etc/sudoers
    fi

    # cleanup any old entries from previous versions
    sed -i /etc/sudoers \
	-e '/### BEGIN VYATTA/,/### END VYATTA/d' \
	-e '/Cmnd_Alias IPTABLE/,/PPPOE_CMDS/d' \
	-e '/sudo-users/d' \
	-e '/env_keep+=VYATTA/d' || true

    # Add Vyatta entries
    cat <<"EOF" >>/etc/sudoers
### BEGIN VYATTA 
Defaults syslog_goodpri=info
Defaults env_keep+=VYATTA_*

Cmnd_Alias IPTABLES = /sbin/iptables --list -n,\
		      /sbin/iptables -L -vn,\
                      /sbin/iptables -L * -vn,\
		      /sbin/iptables -t * -L *, \
                      /sbin/iptables -Z *,\
		      /sbin/iptables -Z -t nat, \
                      /sbin/iptables -t * -Z *
Cmnd_Alias IP6TABLES = /sbin/ip6tables -t * -Z *, \
                       /sbin/ip6tables -t * -L *
Cmnd_Alias CONNTRACK = /usr/sbin/conntrack -L *, \
                       /usr/sbin/conntrack -G *, \
		       /usr/sbin/conntrack -E *
Cmnd_Alias IPFLUSH = /sbin/ip route flush cache, \
		     /sbin/ip route flush cache *,\
		     /sbin/ip neigh flush to *, \
		     /sbin/ip neigh flush dev *, \
                     /sbin/ip -f inet6 route flush cache, \
		     /sbin/ip -f inet6 route flush cache *,\
		     /sbin/ip -f inet6 neigh flush to *, \
		     /sbin/ip -f inet6 neigh flush dev * 
Cmnd_Alias ETHTOOL = /usr/sbin/ethtool -p *, \
                     /usr/sbin/ethtool -S *, \
                     /usr/sbin/ethtool -a *, \
                     /usr/sbin/ethtool -c *, \
                     /usr/sbin/ethtool -i *
Cmnd_Alias DISK    = /usr/bin/lsof, /sbin/fdisk -l *, /sbin/sfdisk -d *
Cmnd_Alias DATE    = /bin/date, /usr/sbin/ntpdate
Cmnd_Alias PPPOE_CMDS = /sbin/pppd, /sbin/poff, /usr/sbin/pppstats
Cmnd_Alias PCAPTURE = /usr/bin/tshark, /usr/bin/tcpdump
%operator ALL=NOPASSWD: DATE, IPTABLES, ETHTOOL, IPFLUSH, \
			PPPOE_CMDS, PCAPTURE, /usr/sbin/wanpipemon, \
                        DISK, CONNTRACK, IP6TABLES
EOF
    cat <<EOF >>/etc/sudoers
%users ALL=NOPASSWD: ${bindir}/sudo-users/
### END VYATTA
EOF

    # set up blacklists
    for f in blacklist.DSA-1024 blacklist.RSA-2048; do
        if [ -r "/etc/ssh/$f" ]; then
            l=$(head -1 $sysconfdir/$f)
            if ! grep -q "$l" /etc/ssh/$f; then
                tmp=$(mktemp /tmp/bl.XXXXXXXXXX)
                cat /etc/ssh/$f $sysconfdir/$f | sort >$tmp
                mv $tmp /etc/ssh/$f
            fi
        else
            cp $sysconfdir/$f /etc/ssh/$f
        fi
    done
fi

# update crontab for logrotate
grep -v logrotate /etc/crontab>/etc/crontab.$$
echo "*/10 *	* * *	root	/usr/sbin/logrotate /etc/logrotate.conf" >> /etc/crontab.$$
rm /etc/crontab
mv /etc/crontab.$$ /etc/crontab
crontab /etc/crontab

# create needed directories
mkdir -p /var/log/user

touch /etc/environment

if [ ! -f /etc/bash_completion ]; then
  echo "source /etc/bash_completion.d/10vyatta-op" > /etc/bash_completion
  echo "source /etc/bash_completion.d/20vyatta-cfg" >> /etc/bash_completion
fi

sed -i 's/^set /builtin set /' /etc/bash_completion

/usr/sbin/dpkg-reconfigure -f noninteractive openssh-server
rm -f /etc/ssh/*.broken
update-rc.d -f ssh remove >/dev/null

# Fix up PAM configuration for login so that invalid users are prompted
# for password
sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login

[ grep "blacklist.*snd-pcsp" >&/dev/null ] || echo "blacklist snd-pcsp" >>/etc/modprobe.d/blacklist

#
# Ask mdadm to call our own event handling daemon
#
if [ -e /etc/default/mdadm ]; then
    sed -i 's+^DAEMON_OPTIONS=.*$+DAEMON_OPTIONS="--syslog --program /opt/vyatta/sbin/vyatta-raid-event"+' /etc/default/mdadm
fi

# --following is added to resolve issues related to bug 3567 on upgrade from hollywood to islavista--
# back-up existing /etc/syslog.conf file in hollywood which might be broken
# and replace it with the default syslog.conf in islavista. when system restarts 
# after upgrade, whatever is configured in CLI will be written to syslog.conf
# 

cp -p /etc/syslog.conf /etc/syslog.conf.bak
cp -f /opt/vyatta/etc/syslog.conf /etc/syslog.conf

# remove unnecessary ddclient script in /etc/ppp/ip-up.d/
# this logs unnecessary messages trying to start ddclient
rm -f /etc/ppp/ip-up.d/ddclient

# Local Variables:
# mode: shell-script
# sh-indentation: 4
# End: