#!/bin/bash

# This is a hotfix for SSS-1258 (weak Message Auth. code Algorithm)

MOTD=/etc/motd
SW_VERSION=$(grep -o [0-9]\\.[0-9]\\.[0-9] ${MOTD})
HOTPATCH_CONFIG=/etc/hotpatch.conf
SYSTEM_MODEL_PATH=/srv/www2/app/Model/System.php
status_update_file=/srv/www/xml-status/update_status.xml

target_files=(
        '/etc/ssh/sshd_config.all'
	'/etc/ssh/sshd_config.expert'
	'/etc/ssh/sshd_config.key'
	'/etc/ssh/sshd_config.passwd'
)

cat >${status_update_file} <<EOF
<EventLog>
<LogEvent seq="1" log="sequence" ts="2010-06-11:24:43:34" seqName="Patching..." status="In Progress" timeout="300">
<heading step="#" stepName="Package" d1="Old Version" d2="New Version" d3="Action" status="Status"/>
<sequence step="1" stepName="SSH" d1="-" d2="-" d3="-" status="Patching"/>
</LogEvent>
</EventLog>
EOF

for i in ${target_files[@]}; do
	if [ ! -f "${i}" ]; then
		continue
	fi

	if grep 'Macs' "${i}"; then
		continue
	fi

	echo 'Macs hmac-sha1,umac-64@openssh.com,hmac-sha2-256,hmac-sha2-512' >>"${i}"
done

rc-service sshd restart

sed -i 's/status="In Progress"/status="Completed"/g' ${status_update_file}
echo "${SW_VERSION} Weak SSH Macs Patch" >>${HOTPATCH_CONFIG}

# Change system.php to target hotpatch.conf files in /etc/, so that it is not preserved by filelist.txt
sed -i "s/const HOTPATCH_CONFIG = '\/home\/spectracom\/config\/hotpatch.conf';/const HOTPATCH_CONFIG = '\/etc\/hotpatch.conf';/" ${SYSTEM_MODEL_PATH}

exit 2  # SWUE_NOREBOOT