#!/bin/sh

# 
#  Universal NFS Server 2.2beta1.1 configuration file
#  June 16, 1995
#  Copyright (C) 1995 Alexander O. Yuriev   <alex@bach.cis.temple.edu>  
#                                CIS Laboratories, TEMPLE UNIVERSITY.
#  GNU General Public License 2 or above terms apply.
#
#  Modified by Olaf Kirch.
#
function read_yesno {
	ans=""
	echo >&2
	while test -z $ans; do
		echo -n "$1 [y/n] " >&2
		read ans
		case $ans in
		y*|Y*)	ans=Y;;
		n*|N*)	ans=N;;
		*)	echo "You must answer y or n" >&2
			ans="";;
		esac
	done
	echo $ans
}

function read_ugid {
	ans=""
	while test -z $ans; do
		echo -n "$2 [default $3 $4] " >&2
		read ans
		if [ -z "$ans" ]; then
			ans=$3
		elif expr "$ans" : "^[0-9]*$" >/dev/null; then
			break;
		else
			ans=`id $1 $ans 2>/dev/null`
		fi
	done
	echo $ans
}

cat << EOF

***********************************************************
*     Universal NFS Server 2.2beta2 Autoconfiguration     *
***********************************************************

   This package is BETA software. Until the final 2.2
   is released, please make sure you are using the latest
   version that you can get from
     
         ftp://linux.nrao.edu/pub/people/okir/nfsd/
	 ftp://ftp.mathematik.th-darmstadt.de/pub/linux/okir

   Please also make sure you replace any older versions
   of unfsd you are running.  Versions of the Universal
   NFS Server prior to 2.2 had some security holes.

   Caveat: although the Universal NFS Server 2.0 was
   originally written to support a set of different
   platfroms, including AIX, SunOS and others, versions
   above 2.0 were developed on Linux only. Thus, there
   may be some portability problems on other OSes.

EOF
# -------------- blurb excerpt removed -----------------
#  This version is based on Olaf's version 2.2beta1
#  with automatic exports access control and hooks for
#  the experimental FoxbatSARS by Alex Yuriev.


echo -n "Please press return to continue"
read

cat << EOF

***************************************************************
* Universal NFS Server 2.2beta1.1 Site Specific Configuration *
***************************************************************

    Please answer the following questions to make the system
    specific changes in configuration of the UNFS Server.

EOF

cat << EOF
+---------------------+
| ugidd configuration |
+---------------------+

This release of unfsd supports dynamic mapping of uids and gids between
hosts with different uid spaces. However, you should not use this feature
unless you absolutely must, because it can pose a security risk: When run
unprotected, the ugidd mapping daemon can be abused to obtain a complete
list of all login names on your NFS client machine. As a counter-measure,
ugidd can be protected with the hosts_access control mechanism used by
Wietse Venema's tcp_wrapper package. Note that this does not offer a
hundred percent protection, though, as it can still be spoofed by hosts
on the same network as your client machine.

EOF

USE_UGIDD=`read_yesno "Are you going to use ugidd? (not recommended)"`
if [ "$USE_UGIDD" = "Y" ]; then
  echo " What can I say, its your system. I will use ugidd to map uid/gids."

  USE_HSTACS=`read_yesno "Do you want to protect ugidd with HOST ACCESS?"`
  if [ "$USE_HSTACS" = "N" ]; then
    echo " You like danger, I won't use wrappers to control access to ugidd."
  else
    echo " Okay, at least I will use wrappers to control access to ugidd."
  fi
else
  echo " Good, I never liked ugidd."
fi

if [ "$USE_HSTACS" = "Y" ]; then
	LIBDIR=
	echo
	echo "Looking for libwrap.a... "
	for libdir in /usr/lib /usr/local/lib; do
		if [ -f $libdir/libwrap.a ]; then
			echo " Okay, libwrap is in $libdir"
			LIBDIR=$libdir;
			break;
		fi
	done
	if [ -z "$LIBDIR" ]; then
		cat << EOF

To protect ugidd with host_access, you must have libwrap.a installed
somewhere.  This library is part of the tcp_wrappers package. If you
don't have it, please obtain the source from 

	ftp:/win.tue.nl:/pub/security/tcp_wrapper_7.2.tar.gz

and compile it.

EOF
		haveit=`read_yesno "Do you have libwrap.a installed?"`
		if [ "$haveit" != "Y" ]; then
			echo " Too bad. Aborting configuration."
			exit 1;
		fi

		while [ -z "$LIBDIR" ]; do
			echo -n "Which directory is it installed in? "
			read libdir
			if [ -f $LIBDIR/libwrap.a ]; then
				LIBDIR=$libdir
			else
				echo " Can't find $libdir/libwrap.a"
			fi
		done
	fi
	HSTACS_LIBDIR=$LIBDIR
fi

cat << EOF

+------------------------------+
| Access control configuration |
+------------------------------+

Unfsd makes sure the exports file is always owned by the same user, and
is not writable by anyone but that user. I will now ask you for the uid
and gid of that user. You may enter them either as numbers or as user/group
names.

EOF

EXPSOWNUID=`read_ugid --user "Which uid should own /etc/exports?" 0 "(root)"`
EXPSOWNGID=`read_ugid --group "Which gid should own /etc/exports?" 0 "(root)"`

echo
echo
echo
echo "Creating custom configuration ..."
echo "The following is your system specific configuration: "
echo
echo -n " *** User/Group ID Map Daemon is" 
test $USE_UGIDD = "N" && echo -n " not"
echo -n " used"
if [ "$USE_UGIDD" = "Y" ] ; then
  test $USE_HSTACS = "Y" && echo -n " but" || echo -n " but NOT"
  echo " protected with host access control"
else
  echo
fi
echo " *** Exports Control files should be owned by UID=$EXPSOWNUID GID=$EXPSOWNGID"
echo
echo "Updating site.h..."

(
echo "/* Site-specific configuration options generated by BUILD. Please"
echo " * do not edit."
echo " */"
echo
echo "/* If REAL_UGIDD is defined, the real rpc.ugidd is created */"
echo "/* otherwise, a dummy program is created */"
if [ "$USE_UGIDD" = "Y" ]; then
  echo "#define REAL_UGIDD"
else
  echo "#undef REAL_UGIDD"
fi
echo
echo "/* if HOSTS_ACCESS is defined, ugidd uses host access control */"
echo "/* provided by libwrap.a from tcp_wrappers */"

if [  "$USE_HSTACS" = "Y" ]; then
  echo "#define HOSTS_ACCESS"
else
  echo "/* #undef HOSTS_ACCESS */"
fi  
echo 
echo "/* Define correct ownership of export control file */"
echo "#define EXPORTSOWNERUID  ((uid_t) $EXPSOWNUID)"
echo "#define EXPORTSOWNERGID  ((gid_t) $EXPSOWNGID)"
echo
) > site.h 

echo "Updating site.mk ..."
(
echo "#"
echo "# Site-specific make options generated by BUILD. Please do not edit."
echo "#"
echo
echo "# ugidd support"
if [ $USE_UGIDD = "Y" ]; then
  echo "UGIDD_PROG=\${rpcprefix}ugidd"
  echo "UGIDD_MAN=ugidd.8"
else
  echo "UGIDD_PROG="
  echo "UGIDD_MAN="
fi
echo "# Location of tcp_wrapper library"
if [  "$USE_HSTACS" = "Y" ]; then
  echo "UGIDD_LIBDIR=-L$HSTACS_LIBDIR"
else
  echo "UGIDD_LIB="
fi
) > site.mk

cat << EOF

I'm now running GNU configure to determine some system-specific things.
This make take a while.

EOF
echo -n "Please press return to continue "; read foo

sh configure
if [ $? -ne 0 ]; then
  echo
  echo
  echo " *** Warning: GNU configure exited with error code $?"
  echo " *** Aborting installation. Please check the output of"
  echo " *** configure."
  echo
  exit 2
fi

cat << "EOF"

Uphh... Done. Now you can run `make install' to build and install the
binaries and manpages.

EOF
exit 0
