#! /bin/csh -f
#
# (c) Copyright 1993-1997 Check Point Software Technologies Ltd.
# All rights reserved.
# 
# This is proprietary information of Check Point Software Technologies
# Ltd., which is provided for informational purposes only and for use
# solely in conjunction with the authorized use of Check Point Software
# Technologies Ltd. products.  The viewing and use of this information is
# subject, to the extent appropriate, to the terms and conditions of the
# license agreement that authorizes the use of the relevant product.
#
# $Header: fwinstallpatch.csh,v 1.0 1997/11/25 20:00 ariel dann Exp $
#

# identify arch

alias get 'set \!^ = $<'

if ( -f /kernel/genunix || -f /kernel/unix ) then
	set solaris2 = 1
	set hpux = 0
	set sunos4 = 0
	set freebsd = 0
	set aix = 0
	set fwmod = fwmod.5.x.o
        set modfile = modules/$fwmod
	set path = ( /usr/bin /usr/ucb /usr/sbin )
	alias df /usr/ucb/df
else if (-f /hp-ux) then
	set solaris2 = 0
	set hpux = 9
	set sunos4 = 0
	set freebsd = 0
	set aix = 0
	set fwmod = fwmod.hpux9.o
        set modfile = modules/$fwmod
        set module = /hp-ux
	set path = (/bin /usr/bin /etc)
	if (`uname -m | sed -e 's/^.*\///' -e 's/\(.\).*/\1/'` == 7) then
		set hpux700 = 1
		set hpux800 = 0
	else
		set hpux700 = 0
		set hpux800 = 1
	endif
	alias hostid 'echo "obase=16 ; `uname -i`" | bc -l'
	alias df bdf
else if (-f /stand/vmunix) then
	set solaris2 = 0
	set hpux = 10
	set sunos4 = 0
	set freebsd = 0
	set aix = 0
	set fwmod = fwmod.hpux10.o
        set modfile = modules/$fwmod
        set module = /stand/vmunix
	set path = (/bin /usr/bin /usr/sbin /etc)
	if (`uname -m | sed -e 's/^.*\///' -e 's/\(.\).*/\1/'` == 7) then
		set hpux700 = 1
		set hpux800 = 0
	else
		set hpux700 = 0
		set hpux800 = 1
	endif
	alias hostid 'echo "obase=16 ; `uname -i`" | bc -l'
	alias df bdf
else if (-f /vmunix) then
	set solaris2 = 0
	set hpux = 0
	set sunos4 = 1
	set freebsd = 0
	set aix = 0
        set fwmod = fwmod.4.1.x.o
	set modfile = modules/$fwmod
	set path = ( /usr/bin /usr/ucb /bin /usr/etc )
else if (-f /kernel) then
	set solaris2 = 0
	set hpux = 0
	set sunos4 = 0
	set aix = 0
	set freebsd = 1
        set fwmod = fwmod.o
	set modfile = modules/$fwmod
	set path = ( /usr/bin /usr/ucb /bin /usr/etc )
else if (-f /usr/lib/drivers/netinet) then
	set solaris2 = 0
	set hpux = 0
	set sunos4 = 0
	set aix = 1
	set freebsd = 0
	set oslev = `oslevel`
	set id=`whoami`
	if ( "X$id" != "Xroot" ) then
		echo "You are not a super-user. Super-user Permissions are required for correct"
		echo "Installation/Configuration."
		exit 1
	endif		
	if ( $oslev != 4.1.4.0 && $oslev != 4.1.5.0 && $oslev != 4.2.0.0 && $oslev != 4.2.1.0 ) then
		echo `oslevel`: This operating system is not supported
		exit 1
	endif
        set fwmod = fwmod.4.x.o
	set modfile = modules/$fwmod
	set path = ( /usr/bin /usr/sbin /bin /usr/etc )
else
	echo Cannot recognize your system.
	exit 1
endif

if ( $solaris2 != 0 ) then
  echo "Solaris 2.x detected" 
else if ( $sunos4 != 0 ) then
  echo "SunOS 4 detected" 
else if ( $hpux != 0 ) then
  echo "HP/UX $hpux detected" 
else if ( $freebsd != 0 ) then
  echo "FreeBSD detected"
else if ( $aix != 0 ) then
  echo "AIX detected"
endif
echo ""

if ( ! $?FWDIR ) goto read_fwdir 
if ( -d $FWDIR && -x $FWDIR/bin/fw ) goto good_fwdir
read_fwdir:
setenv FWDIR /etc/fw
echo -n "Enter the value of FWDIR [/etc/fw] ? "
get dans
if (X$dans == X) set dans=/etc/fw
setenv FWDIR $dans
if ( -d $FWDIR && -x $FWDIR/bin/fw ) goto good_fwdir
echo Incorrect value for FWDIR
goto read_fwdir

good_fwdir:
set path = ( $FWDIR/bin /bin /usr/bin /etc /usr/etc /sbin /usr/sbin )

source ${FWDIR}/scripts/readprod

# install. of the patch

echo ""
echo "In order to install the patch, FireWall-1 must be stopped."
echo ""
readfwstop:
echo -n "Do you want to stop FireWall-1 (y/n) [y] ? "
get dans
if (X$dans == X) set dans=y
if (X$dans == Xy) goto fwstop
if (X$dans == Xn) goto abort
goto readfwstop

fwstop:
echo ""
echo Performing fwstop...
$FWDIR/bin/fwstop

echo ""

if ( -f "$FWDIR/$modfile" ) then
  echo Replacing the Kernel Module

  if ( $solaris2 != 0 ) then
    cp "$FWDIR/$modfile" "$FWDIR/${modfile}-unpatched"
    cp ./$fwmod "$FWDIR/$modfile" 
    if ( X$fw1_firewall == X1 ) then
      rem_drv fw
      add_drv fw
    endif
    echo "Done."
  endif

  if ( $sunos4 != 0) then
    cp "$FWDIR/$modfile" "$FWDIR/${modfile}-unpatched"
    cp ./$fwmod "$FWDIR/$modfile" 
    echo "Done."
  endif

  if ( $aix != 0 ) then
    cp "$FWDIR/$modfile" "$FWDIR/${modfile}-unpatched"
    cp ./$fwmod "$FWDIR/$modfile" 
    echo "Done."
  endif

  if ( $hpux != 0 ) then
    if ( X$fw1_firewall == X1 ) then
      echo Please answer these questions :
      echo
      cp "$FWDIR/$modfile" "$FWDIR/${modfile}-unpatched"
      cp ./$fwmod "$FWDIR/$modfile"
      set product=FireWall-1
      if ( X`/bin/ls -nd $FWDIR/conf | /bin/cut -c6` == Xw ) then
        set grp=`/bin/ls -nd $FWDIR/conf | /bin/cut -c27-37`
      else
        set grp=""
      endif
      source $FWDIR/bin/hpux.kernel.inst
      set hpkernelpatched
    endif
    echo "Done."
  endif
else
  echo "Module not found, the patch will not upgrade the module"
endif

echo ""
echo Replacing \"fw\"
cp "$FWDIR/bin/fw" "$FWDIR/bin/fw-unpatched"
cp fw "$FWDIR/bin"
foreach optfile (fwui router_load)
if ( -f $optfile ) then
if ( -f $FWDIR/bin/$optfile ) cp "$FWDIR/bin/$optfile" "$FWDIR/bin/${optfile}-unpatched"
cp $optfile "$FWDIR/bin"
endif
end
echo "Done."

echo ""
echo Replacing INSPECT
foreach deffile (base.def code.def formats.def)
  if ( -f $FWDIR/lib/$deffile ) cp "$FWDIR/lib/$deffile" "$FWDIR/lib/${deffile}-unpatched"
  cp $deffile "$FWDIR/lib"
end
cp "$FWDIR/lib/table.def" "$FWDIR/lib/table.def-unpatched"
readfwsync:
echo -n "Do you want to enable FW-1 synchronization (y/n) [n] ? "
get dans
if (X$dans == X) set dans=n
if (X$dans != Xy && X$dans != Xn) goto readfwsync

if (X$dans == Xy) sed -e 's/\(#define sync\)/\/\/\1/' table.def > "$FWDIR/lib/table.def"
if (X$dans == Xn) cp table.def "$FWDIR/lib"
echo "Done."

echo ""
if ( X$fw1_firewall == X1 ) then
  if ( -f /etc/fw.boot/default.bin ) rm /etc/fw.boot/default.bin
#&& -f $FWDIR/conf/defaultfilter.pf ) then
  if ( -f $FWDIR/state/default.bin ) then
    echo regenerating the default filter...
    $FWDIR/bin/fw defaultgen
    cp $FWDIR/state/default.bin /etc/fw.boot/default.bin 
  endif
  if ( $solaris2 == 1 || $sunos4 == 1 ) then
    echo Performing fw putlic -K...
    $FWDIR/bin/fw putlic -K >& /dev/null
    echo "Done."
  endif
endif

if ( $?hpkernelpatched ) then
  echo ""
  echo "**************************************************************************"
  if ($hpux == 10) then
    echo "* To start FW-1, copy /stand/build/vmunix_fw to /stand/vmunix and reboot *"
    echo "* Please note that on first reboot, FW-1 will report it has failed,      *"
    echo "* since there is no Security Policy defined. This is OK.                 *"
  else
    echo "* To start FW-1, copy $hpkernelfile to /hp-ux and reboot.                *"
  endif
  echo "**************************************************************************"
  goto ok
else
  goto readfwstart
endif

readfwstart:
echo ""
echo -n "Do you want to restart FireWall-1 (y/n) [y] ? "
get dans
if (X$dans == X) set dans=y
if (X$dans == Xy) goto fwstart
if (X$dans == Xn) goto cont_wo_fwstart
goto readfwstart

fwstart:
echo Performing fwstart...
$FWDIR/bin/fwstart
echo ""

cont_wo_fwstart:

ok:
exit 0

abort:
echo "patch installation aborted"
exit 1
