#!/usr/bin/perl

# A post-installation script
# to finalize a LON-CAPA
# installation.

# set /etc/hosts.deny to be ALL: ALL
open OUT, ">/etc/hosts.deny";
print OUT "ALL: ALL\n";
close OUT;

# get wget and install
system('lynx -source http://install.lon-capa.org/3.1/SupplementalRPMS/wget-1.5.3-6.i386.rpm > wget-1.5.3-6.i386.rpm');
system('rpm','-Uvh','--force','wget-1.5.3-6.i386.rpm');

# download SupplementalRPMS and install
system('wget','-r','http://install.lon-capa.org/3.1/SupplementalRPMS');
system('rpm','-Uvh','--force','install.lon-capa.org/3.1/SupplementalRPMS');

# download remove_extra.sh and run
system('wget','http://install.lon-capa.org/3.1/scripts/remove_extra.sh');
system('sh','./remove_extra.sh');

# download FinalRPMS and install
system('wget','-r','http://install.lon-capa.org/3.1/FinalRPMS');
system('rpm','-Uvh','--force','install.lon-capa.org/3.1/FinalRPMS');

# allow entry of new access.conf parameters
my @perlsetvars=("lonHostID","lonRole","lonAdmEMail","lonDefDomain","lonLoadLim","lonExpire");
my %psvinfo=(
	     "lonHostID" => <<END
LON Host ID is an internal ID within the LON-CAPA
network used to specify the uniqueness of a particular
LON-CAPA server.  Current examples include "msul1", "msua3",
"103l1", "fsul1", and "107a1".
END
,	     "lonRole" => <<END
LON Role specifies the role this machine plays within
the LON-CAPA network.  There are two valid values for
this:
 * library
 * access
END
,	     "lonAdmEMail" => <<END
LON System Administrator E-Mail specifies the e-mail
address of an institutional member responsible for
direct upkeep of this server.
END
,	     "lonDefDomain" => <<END
LON Domain is a unique internal identifier within the LON-CAPA network
specific to the home institution.  Current examples include
"msu", "fsu", "103", and "107".
END
,	     "lonLoadLim" => <<END
LON Load Limit specifies a threshold of activity within The Learning
Online Network that this machine should provide.  We strongly recommend
a value of 2.00.  Depending on processor architecture (dual processor),
this value may be increased, but there is no readily available measure
in this regard.
END
,	     "lonExpire" => <<END
LON Expiration Time indicates, in seconds, how long distributed resources
should be held in the server's cache when not being accessed by students,
instructors, or any other class of user.  We recommend a value of 86400.
END
	     );
my $template=`/bin/cat /etc/httpd/conf/access.conf`;
my $okay=0;
while ($okay==0) {
    foreach my $psv (@perlsetvars) {
        print "\n";
        print $psvinfo{$psv};
        print "\nEnter in value for $psv: "; my $input=<>; chop $input;
        my $pval=$input;
        $template=~s/(\nPerlSetVar\s+$psv\s+)\S+/$1$pval/;
        $pvar{$psv}=$pval;
    }
    print "\n\nThese are the current values:\n";
    foreach my $psv (@perlsetvars) {
        print "$psv\t\t$pvar{$psv}\n";
    }
    print "Are these correct? (y/n)";
    my $input=<>;
    if ($input=~/^y/i) {
        $okay=1;
    }
}
open OUT,">/etc/httpd/conf/access.conf";
print OUT $template;
close OUT;

$template=`/bin/cat /etc/smb.conf`;
foreach my $psv (@perlsetvars) {
    $template=~s/\{\{\{\{\[(.*?)\]\}\}\}\}/$pvar{$1}/ge;
}
open OUT,">/etc/smb.conf";
print OUT $template;
close OUT;

# unshadow passwords
# change this line in /etc/pam.d/login
# password   required     /lib/security/pam_pwdb.so nullok use_authtok md5 shadow
$template=`/bin/cat /etc/pam.d/login`;
$template=~s|password   required     /lib/security/pam_pwdb\.so nullok use_authtok md5 shadow|password   required     /lib/security/pam_pwdb.so nullok use_authtok|;
open OUT, ">/etc/pam.d/login";
print OUT $template;
close OUT;
# change this line in /etc/pam.d/passwd
# password   required     /lib/security/pam_pwdb.so use_authtok nullok md5 shadow 
$template=`/bin/cat /etc/pam.d/passwd`;
$template=~s|password   required     /lib/security/pam_pwdb\.so nullok use_authtok md5 shadow|password   required     /lib/security/pam_pwdb.so nullok use_authtok|;
open OUT, ">/etc/pam.d/passwd";
print OUT $template;
close OUT;
`/usr/sbin/pwunconv`;
`/usr/sbin/grpunconv`;
# set new passwords
print "Now we need to have passwords entered in order to unshadow this machine.\n";
system('stty -echo');
$okay=0;
my $input1;
my $input2;
while ($okay==0) {
    print "Enter in password for root: ";
    $input1=<>; chop $input1;
    print "\nEnter in password again for root: ";
    $input2=<>; chop $input2;
    if ($input1 ne $input2) {
        print "\nPasswords do not match, try again.\n";
    }
    else {
        $okay=1;
    }
}
open OUT, "|/usr/sbin/chpasswd";
print OUT "root:$input1\n";
close OUT;

$okay=0;
while ($okay==0) {
    print "\nEnter in password for www: ";
    $input1=<>; chop $input1;
    print "\nEnter in password again for www: ";
    $input2=<>; chop $input2;
    if ($input1 ne $input2) {
        print "\nPasswords do not match, try again.\n";
    }
    else {
        $okay=1;
    }
}
open OUT, "|/usr/sbin/chpasswd";
print OUT "www:$input1\n";
close OUT;
system('stty echo');

# create mime.types link
`ln -s /etc/mime.types /etc/httpd/conf/mime.types`;

# restart network and inet services
system('/etc/rc.d/init.d/network','reload');
system('/etc/rc.d/init.d/inet','restart');
# restart httpd
system('/etc/rc.d/init.d/httpd','restart');

# fix the setup of init.d processes
# nfs
# bash$ diff nfs nfs~
# 6c6
# < # chkconfig: 345 60 20
# ---
# > # chkconfig: - 60 20
# then chkconfig
$template=`/bin/cat /etc/rc.d/init.d/nfs`;
$template=~s/\# chkconfig: - 60 20/\# chkconfig: 345 60 20/;
open OUT,">/etc/rc.d/init.d/nfs";
print OUT $template;
close OUT;
$template=`/bin/cat /etc/rc.d/init.d/xntpd`;
$template=~s/\# chkconfig: - 55 10/\# chkconfig: 345 55 10/;
open OUT,">/etc/rc.d/init.d/xntpd";
print OUT $template;
close OUT;

# ntp
# chkconfig 345
# then chkconfig

# make atalk specific modifications
# /etc/atalk/config
open OUT, ">/etc/atalk/config";
print OUT <<END;
# Appletalk configuration
# Change this to increase the maximum number of clients that can connect:
AFPD_MAX_CLIENTS=5
# Change this to set the machine's atalk name:
# ATALK_NAME=`echo \${HOSTNAME}|cut -d. -f1`
ATALK_NAME=`grep '^PerlSetVar.*lonHostID' /etc/httpd/conf/access.conf | perl -e '\$_=<>; split(/\s+/); print "LONCAPA_\$_[2]";
'`
# Set which daemons to run:
PAPD_RUN=no
AFPD_RUN=yes
# Control whether the daemons are started in the background
ATALK_BGROUND=no
END
close OUT;
# /etc/conf.modules should have this line
#      alias net-pf-5 appletalk
# depmod -a
$template=`/bin/cat /etc/conf.modules`;
$template.="alias net-pf-5 appletalk\n";
open OUT, ">/etc/conf.modules";
print OUT $template;
close OUT;
system('depmod -a');

# restart nfs, smb, xntpd and atalk services
system('/etc/rc.d/init.d/smb','restart');
system('/etc/rc.d/init.d/atalk','restart');
system('/etc/rc.d/init.d portmap','stop');
system('/etc/rc.d/init.d nfs','stop');
system('/etc/rc.d/init.d portmap','start');
system('/etc/rc.d/init.d nfs','start');
system('/etc/rc.d/init.d/smb','restart');
system('/etc/rc.d/init.d/inet','restart');
system('/etc/rc.d/init.d/xntpd','restart');

# restart loncontrol
print "Please be patient while loncontrol services are restarted (approximately 10 minutes).\n";
system('/etc/rc.d/init.d/loncontrol','restart');

# warn about /etc/hosts.allow
print <<END;
Final note:  Currently your machine is set-up
to disable many different kinds of network
connectivity.  To enable network connectivity
different than that needed for LON-CAPA, you
must make appropriate adjustment to the
/etc/hosts.allow file.
END