#!/bin/sh
DAEMONS_TO_HALT="reapsysld lsassd lwiod netlogond eventlogd dcerpcd lwregd lwsmd"

UPGRADEDIR=/var/lib/likewise
PKG_ARCH="x86_64"

if [ -d "${UPGRADEDIR}/db" ]; then
    UPGRADEDIR=${UPGRADEDIR}/db
fi

LOG=/var/log/pbis-open-install.log

# Display to screen and log file with a blank line between entries.
log()
{
    echo $@
    echo
    echo $@ >> $LOG
    echo >> $LOG
}

# Display to screen and log file with no blank line.
_log()
{
    echo $@
    echo $@ >> $LOG
}

# Display to file.
logfile()
{
    echo $@ >> $LOG
    echo >> $LOG
}

# Execute command.
# If successful, note in log file.
# If not successful, note on screen and log file.
run()
{
    tlog=$("$@" 2>&1)
    err=$?
    if [ $err -eq 0 ]; then
        echo "Success: $@" >> $LOG
        echo "$tlog" >> $LOG
        echo >> $LOG
    else
        _log "Error: $@ returned $err"
        _log "$tlog"
        _log
    fi
    return $err
}

# Execute command.
# Log only to file.
run_quiet()
{
    tlog=$("$@" 2>&1)
    err=$?
    if [ $err -eq 0 ]; then
        echo "Success: $@" >> $LOG
    else
        echo "Error: $@ returned $err  (ignoring and continuing)" >> $LOG
    fi
    echo "$tlog" >> $LOG
    echo >> $LOG
    return $err
}

# Execute command.
# If successful, note in log file.
# If not successful, note on screen and log file and then exit.
run_or_fail()
{
    tlog=$("$@" 2>&1)
    err=$?
    if [ $err -eq 0 ]; then
        echo "Success: $@" >> $LOG
        echo "$tlog" >> $LOG
        echo >> $LOG
    else
        _log "Error: $@ returned $err  (aborting this script)"
        _log "$tlog"
        _log
        exit 1
    fi
    return $err
}

import_registry_configurations()
{
    REGSHELL='/opt/pbis/bin/regshell'

    log 'Importing registry...'
    for i in "/opt/pbis/share/config/"*.reg
    do
echo $i
        run_or_fail "$REGSHELL" import "$i"
    done
}

determine_os_version()
{
    PBIS_DISTRO=unknown
    PBIS_DISTRO_VERSION=unknown

    if [ -f '/etc/centos-release' ]; then
        PBIS_DISTRO=centos
        if [ -n "`grep '^CentOS release 7' '/etc/centos-release'`" ]; then
            PBIS_DISTRO_VERSION=7.0
        elif [ -n "`grep '^CentOS Linux release 7' '/etc/centos-release'`" ]; then
            PBIS_DISTRO_VERSION=7.0
        elif [ -n "`grep '^CentOS release 6' '/etc/centos-release'`" ]; then
            PBIS_DISTRO_VERSION=6.0
        elif [ -n "`grep '^CentOS Linux release 6' '/etc/centos-release'`" ]; then
            PBIS_DISTRO_VERSION=6.0
        elif [ -n "`grep '^CentOS release 5' '/etc/centos-release'`" ]; then
            PBIS_DISTRO_VERSION=5.0
        elif [ -n "`grep '^XenServer release 6.6' '/etc/redhat-release'`" ]; then
            PBIS_DISTRO_VERSION=7.0
        elif [ -n "`grep '^XenServer release 7' '/etc/redhat-release'`" ]; then
            PBIS_DISTRO_VERSION=7.0
        fi
    elif [ -f '/etc/fedora-release' ]; then
        PBIS_DISTRO=fedora
        if [ -n "`grep '^Fedora release 21 ' '/etc/fedora-release'`" ]; then
            PBIS_DISTRO_VERSION=21
        elif [ -n "`grep '^Fedora release 20 ' '/etc/fedora-release'`" ]; then
            PBIS_DISTRO_VERSION=20
        elif [ -n "`grep '^Fedora release 19 ' '/etc/fedora-release'`" ]; then
            PBIS_DISTRO_VERSION=19
        elif [ -n "`grep '^Fedora release 18 ' '/etc/fedora-release'`" ]; then
            PBIS_DISTRO_VERSION=18
        elif [ -n "`grep '^Fedora release 17 ' '/etc/fedora-release'`" ]; then
            PBIS_DISTRO_VERSION=17
        elif [ -n "`grep '^Fedora release 16 ' '/etc/fedora-release'`" ]; then
            PBIS_DISTRO_VERSION=16
        elif [ -n "`grep '^Fedora release 15 ' '/etc/fedora-release'`" ]; then
            PBIS_DISTRO_VERSION=15
        elif [ -n "`grep '^Fedora release 14 ' '/etc/fedora-release'`" ]; then
            PBIS_DISTRO_VERSION=14
        elif [ -n "`grep '^Fedora release 13 ' '/etc/fedora-release'`" ]; then
            PBIS_DISTRO_VERSION=13
        fi
    elif [ -f '/etc/redhat-release' ]; then
        if [ -n "`grep '^CentOS release 5' '/etc/redhat-release'`" ]; then
            PBIS_DISTRO=centos
            PBIS_DISTRO_VERSION=5.0
        elif [ -n "`grep '^Red Hat Enterprise Linux Server release 5' '/etc/redhat-release'`" ]; then
            PBIS_DISTRO=rhel
            PBIS_DISTRO_VERSION=5.0
        elif [ -n "`grep '^Red Hat Enterprise Linux Server release 6' '/etc/redhat-release'`" ]; then
            PBIS_DISTRO=rhel
            PBIS_DISTRO_VERSION=6.0
        elif [ -n "`grep '^Red Hat Enterprise Linux Workstation release 6' '/etc/redhat-release'`" ]; then
            PBIS_DISTRO=rhel
            PBIS_DISTRO_VERSION=6.0
        elif [ -n "`grep '^Red Hat Enterprise Linux release 6' '/etc/redhat-release'`" ]; then
            PBIS_DISTRO=rhel
            PBIS_DISTRO_VERSION=6.0
        elif [ -n "`grep '^Red Hat Enterprise Linux release 7' '/etc/redhat-release'`" ]; then
            PBIS_DISTRO=rhel
            PBIS_DISTRO_VERSION=7.0
        elif [ -n "`grep '^Red Hat Enterprise Linux Server release 7' '/etc/redhat-release'`" ]; then
            PBIS_DISTRO=rhel
            PBIS_DISTRO_VERSION=7.0
        elif [ -n "`grep '^Red Hat Enterprise Linux Workstation release 7' '/etc/redhat-release'`" ]; then
            PBIS_DISTRO=rhel
            PBIS_DISTRO_VERSION=7.0
        elif [ -n "`grep '^XenServer release 6.6' '/etc/redhat-release'`" ]; then
            PBIS_DISTRO=rhel
            PBIS_DISTRO_VERSION=7.0
        elif [ -n "`grep '^XenServer release 7' '/etc/redhat-release'`" ]; then
            PBIS_DISTRO=rhel
            PBIS_DISTRO_VERSION=7.0
        fi
    fi
}

setup_selinux_policy_module()
{
    DISTRO=$PBIS_DISTRO
    VERSION=$PBIS_DISTRO_VERSION

    # SELinux was disabled in XenServer, ignore
    return;

    # CentOS uses the same policy as RedHat Enterprise
    if [ "$DISTRO" = "centos" ]; then
        DISTRO="rhel"
    fi

    logfile "DISTRO=$DISTRO VERSION=$PBIS_DISTRO_VERSION"
    if [ ! -x "/usr/sbin/semodule" ]; then
        logfile "/usr/sbin/semodule not present."
        return;
    fi

    if [ ! -d "/etc/selinux/targeted/policy" ]; then
        logfile "/etc/selinux/targeted/policy not present."
        return;
    fi

    if [ "$DISTRO" = "rhel" -a "$VERSION" = "5.0" ]; then
        log 'SELinux Policy Module not required.'
    elif [ -f "/opt/pbis/share/pbis.pp" ]; then
        log 'Setting up SELinux Policy Module using /opt/pbis/share/pbis.pp'
        run_or_fail /usr/sbin/semodule -i "/opt/pbis/share/pbis.pp"
        run_quiet /sbin/fixfiles -R pbis-open restore
    elif [ -f "/opt/pbis/share/$DISTRO/$VERSION/pbis.pp" ]; then
        log 'Setting up SELinux Policy Module'
        run_or_fail /usr/sbin/semodule -i "/opt/pbis/share/$DISTRO/$VERSION/pbis.pp"
        run_quiet /sbin/fixfiles -R pbis-open restore
    else
      log "An appropriate SELinux policy [/opt/pbis/share/$DISTRO/$VERSION/pbis.pp] was not included in this package.
You may provide a policy at /opt/pbis/share/pbis.pp"
      if [ -x "/usr/sbin/selinuxenabled" -a -x "/usr/sbin/getenforce" ]; then
        logfile "/usr/sbin/selinuxenabled and /usr/sbin/getenforce are present"
        if /usr/sbin/selinuxenabled >/dev/null 2>&1; then
            logfile "selinuxenabled indicates SELinux is enabled"
            if /usr/sbin/getenforce 2>&1 | grep -v 'Permissive' >/dev/null 2>&1; then
                if [ -f /etc/selinux/config ]; then
                    log "SELinux found to be present, enabled, and enforcing.
You may either provide a policy at /opt/pbis/share/pbis.pp  --OR--
SELinux must be disabled or set to permissive mode by editing the file
/etc/selinux/config and rebooting.
For instructions on how to edit the file to disable SELinux, see the SELinux man page."
                else
                    log "SELinux found to be present, enabled, and enforcing.
You may either provide a policy at /opt/pbis/share/pbis.pp  --OR--
SELinux must be disabled or set to permissive mode.
Check your system's documentation for details."
                fi
                log 'PowerBroker Identity Services will not install without an appropriate policy for SELinux.'
                exit 1
            else
                logfile "getenforce indicates permissive (which is ok)"
            fi
        else
            logfile "selinuxenabled indicates SELinux is not enabled"
        fi
      fi
    fi
}

determine_upgrade_type()
{
    PRESERVEDVERSIONFILE="${UPGRADEDIR}/VERSION"
    UPGRADING_FROM_6_0=1
    log 'Upgrading from Likewise Identity Services Open 5.4'
}

determine_join_status()
{
    STATUSFILE="${UPGRADEDIR}/status.txt"

    if [ -f "${UPGRADEDIR}/status.txt" ]; then
        run_or_fail cat "$STATUSFILE"

        domain=`cat $STATUSFILE 2>/dev/null | grep '^STATUS_JOINED=' | sed -e 's/STATUS_JOINED=//'`

        if [ -n "$domain" ]; then
            logfile "Found domain $domain in status file."
            result=$domain
        else
            result=""
        fi
    fi

    if [ -z "$result" ]; then
        domain=`/opt/pbis/bin/lsa ad-get-machine account 2>/dev/null | grep '  DNS Domain Name: ' | sed -e 's/  DNS Domain Name: //'`
        if [ -n "$domain" ]; then
            logfile "Found domain $domain using ad-get-machine account"
            result=$domain
        else
            result=""
        fi
    fi
    if [ -z "$result" ]; then
        SQLITE="/usr/bin/sqlite3"
        if [ -x @MK_BINDIR@/sqlite3 ]; then
            SQLITE="@MK_BINDIR@/sqlite3"
        elif [ -x /opt/likewise/bin/sqlite3 ]; then
            SQLITE="/opt/likewise/bin/sqlite3"
        fi
        if [ -n "$SQLITE" ]; then
            domain=`$SQLITE ${UPGRADEDIR}/registry.db .dump | perl -n -MEncode=decode -e "next unless(/DnsDomainName/); /X'([0-9A-F]+)'/; "'$x=decode("UCS2-LE", pack("H*", $1)); if ($x) { print $x, "\n"; exit; }'`
            # using dump instead of sqlite3 ./registry.db 'select quote(Value) from regvalues1 where ValueName = "DnsDomainName";' | perl -ne "s/[X']//g; chomp; "'print pack("H*", $_), "\n";'
            # because the select gets additional fields from the netlogon cache we don't want that corrupt the data (trusted domains, not ours)
            if [ -n "$domain" ]; then
                logfile "Found domain $domain using $SQLITE .dump"
                result=$domain
            else
                result=""
            fi
        fi
    fi


}

import_5_0123_file()
{
    CONVERT='/opt/pbis/libexec/conf2reg'
    REGSHELL='/opt/pbis/bin/regshell'

    COMMAND=$1
    SOURCE=$2
    # DEST is not necessary for some commands.
    DEST=$3

    if [ -f "$SOURCE" ]; then
        run_quiet "$CONVERT" "$COMMAND" "$SOURCE" $DEST
        if [ $? -ne 0 ]; then
            log "There was a problem converting $SOURCE. Please file a bug and attach $SOURCE."
            return 1
        fi

        if [ -n "$DEST" -a -f "$DEST" ]; then
            run_quiet "$REGSHELL" import "$DEST"
            if [ $? -ne 0 ]; then
                log "There was a problem converting $SOURCE. Please file a bug and attach $SOURCE and $DEST."
                return 1
            fi
        fi
    fi
    return 0
}

restore_5_0123_configuration()
{
    if [ -z "$UPGRADING_FROM_5_0123" ]; then
        return 0
    fi

    import_5_0123_file --lsass "${UPGRADEDIR}/lsassd.conf" \
        "${UPGRADEDIR}/lsassd.conf.reg"

    import_5_0123_file --netlogon "${UPGRADEDIR}/netlogon.conf" \
        "${UPGRADEDIR}/netlogon.conf.reg"

    import_5_0123_file --eventlog "${UPGRADEDIR}/eventlogd.conf" \
        "${UPGRADEDIR}/eventlogd.conf.reg"

    import_5_0123_file --pstore-sqlite "${UPGRADEDIR}/pstore.db"
}

restore_6_0_configuration()
{
    if [ -z "$UPGRADING_FROM_6_0" ]; then
        return 0
    fi

    run_or_fail mkdir -p '/var/lib/pbis/db'
    run_or_fail chmod 700 '/var/lib/pbis/db'
    run_or_fail chown 0 '/var/lib/pbis/db'

    if [ -f "${UPGRADEDIR}/registry.db" ]; then
        run_or_fail cp "${UPGRADEDIR}/registry.db" '/var/lib/pbis/db/registry.db'
        run_or_fail chmod 700 '/var/lib/pbis/db/registry.db'
    fi

    if [ -f "${UPGRADEDIR}/sam.db" ]; then
        run_or_fail cp "${UPGRADEDIR}/sam.db" '/var/lib/pbis/db/sam.db'
        run_or_fail chmod 700 '/var/lib/pbis/db/sam.db'
    fi

    if [ -f "${UPGRADEDIR}/lwi_events.db" ]; then
        run_or_fail cp "${UPGRADEDIR}/lwi_events.db" '/var/lib/pbis/db/lwi_events.db'
        run_or_fail chmod 644 '/var/lib/pbis/db/lwi_events.db'
    fi

    if [ -f "${UPGRADEDIR}/lsass-adcache.db" ]; then
        run_or_fail cp "${UPGRADEDIR}/lsass-adcache.db" '/var/lib/pbis/db/lsass-adcache.db'
        run_or_fail chmod 700 '/var/lib/pbis/db/lsass-adcache.db'
    fi

    if [ -f "${UPGRADEDIR}/lsass-adcache.db" ]; then
        determine_join_status
        if [ -n "$result" ]; then
            DOMAIN="$result"
            run_or_fail cp "${UPGRADEDIR}/lsass-adcache.db" "/var/lib/pbis/db/lsass-adcache.filedb.${DOMAIN}"
            run_or_fail cp "${UPGRADEDIR}/lsass-adcache.db" "/var/lib/pbis/db/lsass-adcache.db.${DOMAIN}"
            run_or_fail chmod 700 "/var/lib/pbis/db/lsass-adcache.filedb.${DOMAIN}"
            run_or_fail chmod 700 "/var/lib/pbis/db/lsass-adcache.db.${DOMAIN}"
        else
            run_or_fail cp "${UPGRADEDIR}/lsass-adcache.db" '/var/lib/pbis/db/lsass-adcache.filedb'
            run_or_fail cp "${UPGRADEDIR}/lsass-adcache.db" '/var/lib/pbis/db/lsass-adcache.db'
            run_or_fail chmod 700 '/var/lib/pbis/db/lsass-adcache.filedb'
            run_or_fail chmod 700 '/var/lib/pbis/db/lsass-adcache.db'
        fi
    fi

    #run_quiet rm -r "${UPGRADEDIR}"
}

restore_6_1_configuration()
{
    if [ -z "$UPGRADING_FROM_6_1" ]; then
        return 0
    fi

    run_or_fail mkdir -p '/var/lib/pbis/db'
    run_or_fail chmod 700 '/var/lib/pbis/db'
    run_or_fail chown 0 '/var/lib/pbis/db'

    if [ -f "${UPGRADEDIR}/registry.db" ]; then
        run_or_fail cp "${UPGRADEDIR}/registry.db" '/var/lib/pbis/db/registry.db'
        run_or_fail chmod 700 '/var/lib/pbis/db/registry.db'
    fi

    if [ -f "${UPGRADEDIR}/sam.db" ]; then
        run_or_fail cp "${UPGRADEDIR}/sam.db" '/var/lib/pbis/db/sam.db'
        run_or_fail chmod 700 '/var/lib/pbis/db/sam.db'
    fi

    if [ -f "${UPGRADEDIR}/lwi_events.db" ]; then
        run_or_fail cp "${UPGRADEDIR}/lwi_events.db" '/var/lib/pbis/db/lwi_events.db'
        run_or_fail chmod 644 '/var/lib/pbis/db/lwi_events.db'
    fi

    if [ -f "${UPGRADEDIR}/lsass-adcache.db" ]; then
        run_or_fail cp "${UPGRADEDIR}/lsass-adcache.db" '/var/lib/pbis/db/lsass-adcache.db'
        run_or_fail chmod 700 '/var/lib/pbis/db/lsass-adcache.db'
    fi

    for cache in "${UPGRADEDIR}"/lsass-adcache.filedb.* ; do
        if [ -f "$cache" ]; then
            cachefile=`basename $cache`
            run_or_fail cp "${cache}" "/var/lib/pbis/db/${cachefile}"
            run_or_fail chmod 700 "/var/lib/pbis/db/${cachefile}"
        fi
    done

    run_quiet rm -r "${UPGRADEDIR}"
}

remove_old_init_symlinks()
{
    for daemon in dcerpcd netlogond eventlogd lwiod lsassd gpagentd; do
        rm -f /etc/rc?.d/*"$daemon"
    done
}

relocate_domain_separator()
{
    DomainSeparator=`/opt/pbis/bin/regshell list_values '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory]' | grep DomainSeparator | sed -e 's/ *[^ ]\+[ ]\+[^ ]\+[ ]\+"\([^ ]*\)"$/\1/'`

    if [ -n "${DomainSeparator}" ]; then
        if [ "$DomainSeparator" = "\\\\" ]; then
            DomainSeparator="\\"
        fi

        run_quiet '/opt/pbis/bin/regshell' set_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters]' 'DomainSeparator' "$DomainSeparator"
    fi
}

relocate_space_replacement()
{
    SpaceReplacement=`/opt/pbis/bin/regshell list_values '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory]' | grep SpaceReplacement | sed -e 's/ *[^ ]\+[ ]\+[^ ]\+[ ]\+"\([^ ]*\)"$/\1/'`

    if [ -n "${SpaceReplacement}" ]; then
        run_quiet '/opt/pbis/bin/regshell' set_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters]' 'SpaceReplacement' "$SpaceReplacement"
    fi
}

remove_npfs_dependencies()
{
    run_quiet '/opt/pbis/bin/regshell' set_value '[HKEY_THIS_MACHINE\Services\lwio\Parameters\Drivers]' 'Load' 'rdr'
    run_quiet '/opt/pbis/bin/regshell' set_value '[HKEY_THIS_MACHINE\Services\lsass]' 'Dependencies' 'netlogon lwio lwreg rdr'
}

remove_dcerpc_dependencies()
{
   run_quiet '/opt/pbis/bin/regshell' set_value '[HKEY_THIS_MACHINE\Services\eventlog]' 'Dependencies' ''
   run_quiet '/opt/pbis/bin/regshell' delete_value '[HKEY_THIS_MACHINE\Services\dcerpc]'  'Autostart'
   run_quiet '/opt/pbis/bin/regshell' set_value '[HKEY_THIS_MACHINE\Services\dcerpc]'  'Arguments' ''
}

remove_TrustEnumerationWaitSettingFromADPath()
{
    run_quiet '/opt/pbis/bin/regshell' delete_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory]' 'TrustEnumerationWait'
    run_quiet '/opt/pbis/bin/regshell' delete_value '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory]'  'TrustEnumerationWaitSeconds'
}

fix_60_registry()
{
    REGSHELL='/opt/pbis/bin/regshell'

    if [ -z "$UPGRADING_FROM_6_0" ]; then
        return 0
    fi

    # Migrate pstore entries from default to joined domain
    run '/opt/pbis/libexec/regupgr61.sh' --install

    # Migrate some other entries
    relocate_domain_separator
    relocate_space_replacement

}

cleanup_registry()
{
    for i in "/opt/pbis/share/config/"*.reg
    do
        run_or_fail "${REGSHELL}" cleanup "$i"
    done
}

switch_to_open_provider()
{
    _value='[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory]'
    _path='/opt/pbis/lib/lsa-provider/ad_open.so'

    run_quiet '/opt/pbis/bin/regshell' set_value "$_value" Path "$_path"
}

execute_auxiliary_scripts()
{
    # The system administrator may have configured these during a previous
    # install
    if [ -d "/var/lib/pbis/scripts/install" ]; then
        for file in /var/lib/pbis/scripts/install/*; do
            run_quiet "$file" --install
        done
    fi
}

postinstall()
{
    logfile "Package: PowerBroker Identity Services Open postinstall begins in first boot (`date`)"

    # Make sure we disable the Eventlog autostart
    # XenServer 6.5 and before patch lw5.4 to always use blank SpaceReplacement
    run_quiet '/opt/pbis/bin/config' "SpaceReplacement" "+"

    run_quiet /opt/pbis/bin/config EventlogAutostart false
    logfile "disable pbis evenrtlog service"
    if [ -x /sbin/service ]
    then
        run /sbin/service lwsmd restart
    else
        run '/etc/init.d/lwsmd' restart
    fi


    # Exit if /var/lib/likewise not exists
    if [ ! -d "${UPGRADEDIR}" ]; then
	logfile "no need to upgrade likewise"
        return
    fi

    # Shutdown PBIS at first for postinstall scripts
    run service lwsmd stop

    determine_os_version

    setup_selinux_policy_module

    determine_upgrade_type

    restore_6_0_configuration

    restore_6_1_configuration

    run_or_fail '/opt/pbis/sbin/lwsmd' --start-as-daemon --disable-autostart --loglevel debug

    restore_5_0123_configuration

    import_registry_configurations

    fix_60_registry

    cleanup_registry

    #remove_TrustEnumerationWaitSettingFromADPath

    remove_npfs_dependencies

    remove_dcerpc_dependencies

    switch_to_open_provider

    run_or_fail '/opt/pbis/bin/lwsm' shutdown

    if [ -f "/etc/init.d/lwsmd" ]; then
        run rm -f '/etc/init.d/lwsmd'
    fi

    if [ -f /etc/redhat-release ]; then
	if [ ! -f /usr/bin/systemctl ]; then
            run ln -s '/etc/pbis/redhat/lwsmd' '/etc/init.d/lwsmd'
	fi
    else
        run ln -s '/etc/pbis/suse/lwsmd' '/etc/init.d/lwsmd'
    fi

    remove_old_init_symlinks

    if [ -f /usr/bin/systemctl ]; then
	run cp '/etc/pbis/redhat/lwsmd.service' /usr/lib/systemd/system/
	run /usr/bin/systemctl enable lwsmd.service
    else
        run /sbin/chkconfig --add lwsmd
    fi


    if [ -x /sbin/service ]
    then
        run /sbin/service lwsmd start
    else
        run '/etc/init.d/lwsmd' start
    fi

    determine_join_status
    if [ -n "$result" ]; then
        if [ -x '/opt/pbis/bin/domainjoin-cli' ]; then
            #run '/opt/pbis/bin/domainjoin-cli' configure --enable pam
            run '/opt/pbis/bin/domainjoin-cli' configure --enable nsswitch
        fi
    else
        if [ -x '/opt/pbis/bin/domainjoin-cli' ]; then
            LOAD_ORDER=`/opt/pbis/bin/regshell list_values '[HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers]' |grep 'LoadOrder.*Local'`
            if [ -n "${LOAD_ORDER}" ]; then

                #run '/opt/pbis/bin/domainjoin-cli' configure --enable pam
                run '/opt/pbis/bin/domainjoin-cli' configure --enable nsswitch
            fi
        fi
    fi

    run_quiet mv /var/lib/likewise /var/lib/likewise.old
    #run_quiet rm -rf "${UPGRADEDIR}"

    execute_auxiliary_scripts

    # Flush and verify pbis status
    run /opt/pbis/bin/domainjoin-cli query

    logfile "Package: PowerBroker Identity Services Open postinstall finished"
    exit 0
}

case $1 in
    start)  postinstall ;;
esac


