:
#	@(#) mkunretire 23.5 92/01/16 
#
#	Copyright (C) 1990-1992 The Santa Cruz Operation, Inc.
#	and SecureWare, Inc.	All Rights Reserved.
#	The information in this file is provided for the exclusive use of
#	the licensees of The Santa Cruz Operation, Inc.  Such users have the
#	right to use, modify, and incorporate this code into other products
#	for purposes authorized by the license agreement provided they include
#	this notice and the associated copyright notice with any such product.
#	The information in this file is provided "AS IS" without warranty.
#
# unretire	--  Unretires accounts from the system
#
# Usage: unretire [-t usertype] [ userlist ]
#
# where usertype is one of sso admin pseudo or operator.  If the account
# being unretired is not an owned account then the user type is always 
# changed from 'retired' to individual regardless of the specified usertype.
# If the account being unretired is owned and the user type has not
# been specied then the type is set pseudo
#
# If however the usertype is 'retired' then the user type is always set
# to retired and the encrypted password string (if any) is set to a star '*'.
#
# userlist is a list of space separated account names to be removed.
# If userlist is not supplied then standard in is read.
#
chtype() { 
	if /bin/who | /bin/grep "$1" >/dev/null 
	then 
		/bin/echo "$1 is logged in"
	else 
		prpw="/tcb/files/auth/`expr $1 : '\(.\)'`/$1"
		/tcb/bin/ale "$prpw" chtype "$type" "$1"
		if [ -f /etc/shadow ]
		then
			file="/etc/shadow"
		else
			file="/etc/passwd"
		fi
		if [ "$type" = "retired" ]
		then
			str="*RETIRED*"
		else
			str="*UNRETIRED*"
		fi
		/tcb/bin/ale "$file" chpasswd "$file" "$1" "$str"
	fi
}

trap '/bin/echo "$0: Stopped"; exit 1;' 1 2 3 15 

# must be only one optional command line argument of user type
type="pseudo"
while getopts t: flag
do
	if [ "$flag" = "?" ] 
	then
		/bin/echo "Usage: $0 [-t usertype ] userlist"
		exit 1
	fi

	case "$OPTARG" in
		"sso"|"pseudo"|"operator"|"admin"|"retired") type="$OPTARG";;
		*) /bin/echo "$0: usertype must be one of sso pseudo operator admin or retired"; exit 1;;
	esac
done
shift `expr $OPTIND - 1`

# test if system is in "relaxed" mode w.r.t security
[ -f /etc/auth/system/default ] || \
	{ /bin/echo "$0: /etc/auth/system/default not readable" ; exit 1; }

/bin/grep REUSEUID=YES /etc/default/login 2>&1 > /dev/null || \
	{ /bin/echo "$0: The system is in a secure mode -
	users may not be unretired in this mode."
	exit 1; }

# check ale is executable
[ -x /tcb/bin/ale ] || { /bin/echo "$0:/tcb/bin/ale is not executable"
			 cleanup; }

# if there any command line args then use them as account names else read stdin
if [ "$#" != "0" ] 
then 
	while [ -n "$1" ] 
	do 
		chtype "$1"; shift
	done
else 
	while read user 
	do 
		[ -n "$user" ] && chtype "$user" 
	done
fi

exit 0
