#!/bin/sh
# vim:set sw=4 ts=4:
#
# $Id: make_SuSEfirewall,v 1.4 2005/04/11 14:14:39 fabian Exp $
#
#############################################################################
#
# ALICE
# Automatic Linux Installation and Configuration Environment
#
# Copyright (c) 2000-2002 SuSE Linux Solutions AG, Eschborn, Germany
#               2002-2004 SuSE Linux AG, Eschborn, Germany
#               2005           SUSE GmbH, Nuernberg, Germany
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#
#############################################################################
#
# Author: Fabian Herschel
#
#############################################################################
#
# make_SuSEfirewall
# configures parameters for Marcs Heuses SuSE firewall
# TODO: Check for SLES8 and above
#       Check, if we need this program any longer or if we should
#       Change the way of configuring the firewall (make_config_files)
#       or other ALICE tags.
# 
# Sections: SuSEfirewall
# Tags:     SuSE_FW_VARIABLES, <all tags mentioned in SuSE_FW_VARIABLES>
#
usage()
{
   echo "$_self -h | --help | -?"
   echo "$_self -fqhn fqhn"
}

test -n "$alice_dir" || alice_dir="/usr/lib/alice2/"
standard_SuSEfirewall_cfg=/etc/rc.config.d/firewall.rc.config
export alice_dir

. $alice_dir/lib/alicerc

WELCOME
#
############################################################################
#
while [ $# -gt 0 ]
do
   case $1 in
      -h | --help | -? ) usage
                         exit 1
                         ;;
      -fqhn ) fhqn=$2; shift
              ;;
   esac
   shift
done
#
############################################################################
#
GET_CONFIGURATION --require SuSEfirewall $CFG_DEBUG
#
# The set of all needed Variables is stored in the variable SuSE_FW_VARIABLES.
#
# Check required values
# if a variable requires a definition by an other variable there is a
# tag defined (in templates) which informs this script about the requirement
# If i.e. FW_ROUTE requires FW_DEV_INT or FW_ROUTE than a tag
# <FW_ROUTE_REQUIRES>FW_DEV_INT or FW_ROUTE</FW_ROUTE_REQUIRES>
#
# THERE ARE NO BRACKETS ALLOWED AND NO PRIORITY BETWEEN AND and OR
#
# abc or def         -> normal "or"
# abc and def        -> normal "and"
# abc or def and ghi -> ( abc or def ) and ghi
# abc and def or ghi -> ( abc and def ) or ghi
#
req_failures=0
for var in $SuSE_FW_VARIABLES
do
##     printf "Trace: Check requirements of $var... "
     eval Require=\$${var}_REQUIRES
     eval Value=\$$var
     if [ -n "$Require" -a -n "$Value" -a "$Value" != "no" ]
     then
##echo "($Require):($Value)"
        # the variable has requiremwnts and is set itself
        # so we have to check the requirements (other variables
        # should also be set)
        # 0 means true, 1 means false, all other means undefined
        for req in $Require
        do
             conj="";
             result="-1";  # set to undefined
##printf "+";
             case $req in
                 or ) conj="or";;
                 and ) conj="and";;
                 * )  eval value=\$$req;     # check if the *value* of the variable given in the
                      test -n "$value"       # require string is not null
                      interm_result=$?;  
                      case $conj in
                          or ) if [ $result -eq 0 -o $interm_result -eq 0 ]
                               then
                                  $result=0
                               else 
                                  $result=1
                               fi
                               ;;
                          and) if [ $result -eq 0 -a $interm_result -eq 0 ]
                               then
                                  $result=0
                               else
                                  $result=1
                               fi
                               ;;
                            *) if [ $result -eq -1 ] # ok, its the first time so no conjunction is needed
                               then
                                  result=$interm_result
                               else
                                  WARNING SYNTAX $var_REQIRES
                               fi
                               ;;
                      esac
                      conj="";
                      ;;
             esac                   
        done
     else
        result=0;
     fi
     if [ $result -ne 0 ]
     then
         WARNING FW_REQ_VAR $var $Require
##         echo "NOT OK!! <----------------------"
         let req_failures=req_failures+1
     fi
done
#
if [ $req_failures -gt 0 ]
then
     WARNING FW_REQ $req_failures
fi
#
# after all checks done, lets implement these alues to the configuration
# file
#
#set -x
cp $standard_SuSEfirewall_cfg $standard_SuSEfirewall_cfg.alice
for var in $SuSE_FW_VARIABLES
do
##     printf "Trace: Configure $var... \n"
     eval Value=\$$var
     cat $standard_SuSEfirewall_cfg.alice | awk -F= ' 
        $1 == varname { found=1;
                        printf "%s=\"%s\"\n", varname, value }
        $1 != varname { print $0 }
        END           { if (found != 1 ) {
                            printf "%s=\"%s\"\n", varname, value 
                        }
                      }' varname=$var value="$Value" >$standard_SuSEfirewall_cfg.alice.new
     
     mv $standard_SuSEfirewall_cfg.alice.new $standard_SuSEfirewall_cfg.alice
done
#
# now backup the original file and store the configuration file on the
# original place
#
CHANGED $standard_SuSEfirewall_cfg || {
    BACKUP --error $standard_SuSEfirewall_cfg
    mv ${standard_SuSEfirewall_cfg}.alice ${standard_SuSEfirewall_cfg}
}
#
# set up the config value of START_FW in /etc/rc.config
#
RC_CONFIG_SET START_FW yes

############################################################################
# Thats all
GOOD_BYE 
