#!/bin/bash
## BRCM_COPYRIGHT_BEGIN,2020
## ================================================================================
## Copyright © 2020 Broadcom. All rights reserved. The term
## “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.
## ================================================================================
##
## This software and all information contained therein is confidential and
## proprietary and shall not be duplicated, used, disclosed or disseminated in any
## way except as authorized by the applicable license agreement, without the
## express written permission of Broadcom. All authorized reproductions must be
## marked with this language.
##
## EXCEPT AS SET FORTH IN THE APPLICABLE LICENSE AGREEMENT, TO THE EXTENT
## PERMITTED BY APPLICABLE LAW OR AS AGREED BY BROADCOM IN ITS APPLICABLE LICENSE
## AGREEMENT, BROADCOM PROVIDES THIS DOCUMENTATION “AS IS” WITHOUT WARRANTY OF ANY
## KIND, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
## FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT WILL BROADCOM
## BE LIABLE TO THE END USER OR ANY THIRD PARTY FOR ANY LOSS OR DAMAGE, DIRECT OR
## INDIRECT, FROM THE USE OF THIS DOCUMENTATION, INCLUDING WITHOUT LIMITATION,
## LOST PROFITS, LOST INVESTMENT, BUSINESS INTERRUPTION, GOODWILL, OR LOST DATA,
## EVEN IF BROADCOM IS EXPRESSLY ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH
## LOSS OR DAMAGE.
## ================================================================================
## BRCM_COPYRIGHT_END,2020

###################################
###  PRE INSTALL SCRIPT         ###
###################################
testForBwrap()
{
   # If /etc is mounted within a FUSE fuse.ro-files filesystem then
   # we assume are running within a bubblewrap container environment 
   # as an rpm-ostree install on Atomic.
   [ "$FSTYPE" = "" ] && FSTYPE=`mount 2>/dev/null | grep "/etc" | cut -f5 -d" "`
   [ "$FSTYPE" = "fuse.rofiles-fuse" ] && return 0
   return 1
}

error()
{
  printf "ERROR: $*\n" >> /var/tmp/agent_install.msg
  stderr "$*"
  logmsg "$*"
}

stderr()
{
   if testForBwrap; then
      printf "$PKGNAME error: $@\n" 1>&2
   else printf "$@\n" 1>&2; fi
}

logmsg()
{
  if testForBwrap; then
      printf "$PKGNAME log: $@\n" 1>&2
  else
     _tod=`date +"%D %T"`
     printf "$_tod: $@\n" >> $LOGFILE
  fi
}

checkVersionSDCSS()
{
 [ -f /etc/sisips/sis-version.properties ] || return 0
 
 newpkgver=`echo $KMODPKGVERSION | cut -d"." -f -3`
 curragentver=`grep -n "^version" /etc/sisips/sis-version.properties | cut -f2 -d "="`
 curragentverArr=`echo $curragentver |sed 's/\([0-9]*\)\.\([0-9]*\)\.\([0-9]*\)/\1 \2 \3/'`
 curragentverArr=($curragentverArr)
 curragentVerMaj=${curragentverArr[0]};
 curragentVerMin=${curragentverArr[1]};
 curragentVerRel=${curragentverArr[2]};
 
 if [ "$curragentVerMaj" -gt "6" ] || \
    ([ "$curragentVerMaj" -eq "6" ] && [ "$curragentVerMin" -gt "8" ]) || \
    ([ "$curragentVerMaj" -eq "6" ] && [ "$curragentVerMin" -eq "8" ] && [ "$curragentVerRel" -ge  "1" ]); then
  logmsg "KMOD package version: $newpkgver is compatible with installed Agent version: $curragentver, continuing installation"
  echo $KMODPKGVERSION > /var/tmp/sdcss-kmod-preinstall
 else
  error "KMOD package version: $newpkgver is not compatible with Agent version $curragentver, exiting installation"
  return 1
 fi
 return 0
}

isPreventionEnabled()
{
  ( [ -d /etc/sisips ] && [ "`ls -1 /etc/sisips |grep testforprevention`" ] && [ ! -r /etc/sisips/testforprevention ] ) && rc=0 || rc=1
  return $rc;
}

checkPrevEnabled()
{
   if [ ! -d /etc/sisips ]; then
     error "Missing /etc/sisips directory. Aborting Installation."
     return 1
   fi

   # Check for prevention
   if isPreventionEnabled; then
      error "Prevention is enabled. Aborting Installation. Disable Prevention and begin install again."
      return 1
   elif [ -f /etc/symantec/sis/sisips_kernels.txt ] || [ -f /etc/symantec/sis/sisfim_kernels.txt ]; then
      # back up kernels.txt
      for f in /etc/symantec/sis/*kernels.txt; do
         [ -f $f ] && cp -f $f ${f}.prev
      done
   fi
   return 0
}

createSisipsUser()
{
    if testForBwrap; then
        # Create sisips user
        id -g sisips 2>/dev/null || groupadd sisips
        id -u sisips 2>/dev/null || useradd -M -c SDCSS_User -d/$BASEDIR/sdcssagent/IPS -s /bin/sh -g sisips sisips
    fi
}

###################################
###  PRE INSTALL SCRIPT  MAIN   ###
###################################
umask 0027

if [ "$SIS_DEBUG_MODE" = "true" ]; then
   debug_logfile=/var/tmp/sdcss-kmod_pre$$.log
   exec 1<&-       # Close STDOUT file descriptor
   exec 2<&-       # Close STDERR FD
   exec 1<>$debug_logfile # Open STDOUT as $LOG_FILE file for read and write.
   exec 2>&1       # Redirect STDERR to STDOUT
   set -x          # Turn on shell debugging
fi

# Substitutions made at pkg build time
KMODPKGVERSION=10.0.8.2795
BASEDIR=/usr/lib/symantec
PKGNAME=sdcss-kmod

# Pickup response file settings if available.
RESPONSE_FILE=${RESPONSE_FILE:-/var/tmp/sdcss-agent.response}
if [ ! -f $RESPONSE_FILE ]; then
   RESPONSE_FILE=/etc/sisips/sdcss-agent.response
fi
if [ -f $RESPONSE_FILE ]; then
    printf  "\nkmod_preinstall found response file $RESPONSE_FILE\n" 1>&2
   . $RESPONSE_FILE
else
    printf  "\nkmod_preinstall using default response settings\n" 1>&2
fi

SIS_LOGDIR=${SIS_LOGDIR:-%SIS_LOGDIR%}
LOGFILE=$SIS_LOGDIR/agent_install.log
if testForBwrap; then 
    INSTPOSTDIR=${INSTPOSTDIR:-sdcssagent}
    LOGFILE=$BASEDIR/$INSTPOSTDIR/agent_install.log
else
    [ ! -d $SIS_LOGDIR ] && mkdir -p $SIS_LOGDIR
fi

logmsg "#--- Start kmod pre installation <pid=$$> -------"
logmsg "Starting installation of kmod package version: $KMODPKGVERSION"
checkPrevEnabled || exit 1
if [ "$AGENT_TYPE" = "1" ]; then
  checkVersionSDCSS || exit 1
fi

exit 0
