#!/bin/ksh93 # IBM_PROLOG_BEGIN_TAG # This is an automatically generated prolog. # # 61haes_r720 src/43haes/lib/ksh93/hacmp/KLIB_HACMP_get_user_attributes.sh 1.9 # # Licensed Materials - Property of IBM # # COPYRIGHT International Business Machines Corp. 2011,2015 # All Rights Reserved # # US Government Users Restricted Rights - Use, duplication or # disclosure restricted by GSA ADP Schedule Contract with IBM Corp. # # IBM_PROLOG_END_TAG # @(#)44 1.9 src/43haes/lib/ksh93/hacmp/KLIB_HACMP_get_user_attributes.sh, hacmp.assist, 61haes_r720, 1525A_hacmp720 6/1/15 15:30:23 #============================================================================ # # Name: KLIB_HACMP_get_group_attributes # # Description: This is the main, FPATH function that is invoked by clmgr # to collect AIX user information. The lsuser utility is # invoked to extract the necessary data. # # Inputs: See the "devDoc()" function at the bottom of this file. # # Outputs: The properties hash is populated. The only other outputs are # any error messages that might be needed. # # Returns: Zero if no errors are detected. Otherwise, an appropriate # non-zero value is returned. Refer to the "RETURN" section # of the "devDoc()" function at the bottom of this file for # the standard return code values/meanings for clmgr. # #============================================================================ function KLIB_HACMP_get_user_attributes { trap 'on_exit_get_user' EXIT LINENO=2 . $HALIBROOT/log_entry "$0()" "$CL" : version=1.9, src/43haes/lib/ksh93/hacmp/KLIB_HACMP_get_user_attributes.sh, hacmp.assist, 61haes_r720, 1525A_hacmp720 : INPUTS: $* typeset users=${1//\"/} # Get the "properties" associative array reference, and initialize it if [[ -z $2 ]] || [[ -n $CLMGR_LOGGING && $2 == "|" ]]; then users= typeset -n properties=$1 else typeset -n properties=$2 fi [[ $CLMGR_LOGGING == 'med' ]] && set +x # Only trace param values #=================================== : Declare and initialize variables #=================================== for k in ${!properties[*]}; do unset properties[$k]; done typeset USERS= user= typeset -i INDEX=0 rc=$RC_SUCCESS typeset key= typeset -i matches=0 typeset -u attr= uc_key= typeset -A queries typeset -i i=0 #=================================================== : Check for any specified attribute=value pairs. : If any are found, use those to query the output. #=================================================== while (( $# > 0 )); do value="$1" if [[ $value == *=* ]]; then attr=${value%%=*} # "attr" makes this uppercase queries[$attr]="${value#*=}" if [[ $attr == "REGISTRY" ]]; then typeset -u registryUC=${queries[$attr]} case $registryUC in LD*) queries[$attr]="LDAP" ;; LO*) queries[$attr]="files" ;; F*) queries[$attr]="files" ;; *) dspmsg -s $CLMGR_SET $CLMGR_MSGS 110 '\nERROR: invalid value specified for "%1$s": "%2$s".\n' REGISTRY "${queries[$attr]}" 1>&2 dspmsg -s $CLMGR_SET $CLMGR_MSGS 3 'Valid values: %1$s\n\n' "files, LDAP" 1>&2 rc=$RC_INCORRECT_INPUT ;; esac fi fi shift done #======================================= : Make sure we have something to query #======================================= if [[ -n $users ]]; then [[ $users != *,* ]] && unset INDEX for user in ${users//,/ }; do CL=$LINENO KLIB_HACMP_is_known_user "$user" 2>/dev/null if (( $? != RC_SUCCESS )); then dspmsg -s $CLMGR_SET $CLMGR_MSGS 102 "\nERROR: \"%1\$s\" does not appear to exist!\n\n" "$user" 1>&2 dspmsg -s $CLMGR_SET $CLMGR_MSGS 162 "Available Users:\n\n" 1>&2 typeset available CL=$LINENO KLIB_HACMP_list_users available for (( i=0; i<${#available[*]}; i++ )); do if [[ ${available[$i]} != *([[:space:]]) ]]; then print -u2 "\t${available[$i]}" fi done print -u2 "" rc=$RC_NOT_FOUND else USERS="$USERS $user" fi done elif (( CLMGR_VERBOSE || ${#queries[*]} > 0 )); then typeset available CL=$LINENO KLIB_HACMP_list_users available for (( i=0; i<${#available[*]}; i++ )); do name=${available[$i]} name=${name##+([[:space:]])} name=${name%%+([[:space:]])} name=${name/ \(/@\(} USERS="$USERS $name" done else dspmsg -s $CLMGR_SET $CLMGR_MSGS 100 "\nERROR: a name/label must be provided.\n\n" 1>&2 rc=$RC_MISSING_INPUT fi (( $rc != RC_SUCCESS )) && unset USERS #====================================================================== : If there are multiple users, often the result of a verbose listing, : then dump all user data to a temporary file, for faster access. In : testing, this dropped the execution time of "clmgr -v query user" : from 74 seconds to 17 seconds. #====================================================================== if [[ $USERS == *+([[:space:]])* ]]; then print "$0()[$LINENO]($SECONDS): lsuser ALL | grep registry=files > $TMPDIR/clmgr.KHgua.files.$$" >>$CLMGR_TMPLOG lsuser ALL | grep registry=files > $TMPDIR/clmgr.KHgua.files.$$ print "$0()[$LINENO]($SECONDS): lsuser (files) RC: $?" >>$CLMGR_TMPLOG print "$0()[$LINENO]($SECONDS): lsuser ALL | grep registry=LDAP > $TMPDIR/clmgr.KHgua.ldap.$$" >>$CLMGR_TMPLOG lsuser ALL | grep registry=LDAP > $TMPDIR/clmgr.KHgua.ldap.$$ 2>>$CLMGR_TMPLOG print "$0()[$LINENO]($SECONDS): lsuser (LDAP) RC: $?" >>$CLMGR_TMPLOG fi #================================================================ : Populate the return hash with the retrieved attributes/values #================================================================ for user in $USERS; do typeset -i TYPE_SPECIFIED=0 typeset -u TYPE= TYPES= if [[ $user == *@* ]]; then TYPES=${user##*@} TYPES=${TYPES#\(} TYPES=${TYPES%\)} [[ -n $TYPES ]] && TYPE_SPECIFIED=1 || TYPES="FILES LDAP" user=${user%%@*} else #============================================================== : Since no user type was specified, check all supported types #============================================================== TYPES="FILES LDAP" fi typeset OUTPUT= FOUND= for TYPE in $TYPES; do OUTPUT= if [[ $TYPE == "LDAP" ]]; then if [[ -f $TMPDIR/clmgr.KHgua.ldap.$$ ]]; then print "$0()[$LINENO]($SECONDS): grep \"^$user \" $TMPDIR/clmgr.KHgua.ldap.$$" >>$CLMGR_TMPLOG OUTPUT=$(grep "^$user " $TMPDIR/clmgr.KHgua.ldap.$$) print "$0()[$LINENO]($SECONDS): grep RC: $cmd_rc" >>$CLMGR_TMPLOG if [[ -n $OUTPUT ]]; then cmd_rc=$RC_SUCCESS FOUND=$TYPE else continue fi fi elif [[ $TYPE == "FILES" ]]; then if [[ -f $TMPDIR/clmgr.KHgua.files.$$ ]]; then print "$0()[$LINENO]($SECONDS): grep \"^$user \" $TMPDIR/clmgr.KHgua.files.$$" >>$CLMGR_TMPLOG OUTPUT=$(grep "^$user " $TMPDIR/clmgr.KHgua.files.$$) print "$0()[$LINENO]($SECONDS): grep RC: $cmd_rc" >>$CLMGR_TMPLOG if [[ -n $OUTPUT ]]; then cmd_rc=$RC_SUCCESS FOUND=$TYPE else continue fi fi fi #=============================================== : If the no data was found for this user, then : program execution will not reach this point. #=============================================== properties[NAME$INDEX]=$user for PAIR in $OUTPUT; do [[ $PAIR != *=* ]] && continue case ${PAIR%%=*} in account_locked) properties[LOCKED$INDEX]=${PAIR##*=} ;; admgroups) properties[ADMIN_GROUPS$INDEX]=${PAIR##*=} ;; admin) properties[ADMINISTRATIVE$INDEX]=${PAIR##*=} ;; auth1) properties[PRIMARY_AUTH$INDEX]=${PAIR##*=} ;; auth2) properties[SECONDARY_AUTH$INDEX]=${PAIR##*=} ;; dictionlist) properties[PASSWORD_FILTERS$INDEX]=${PAIR##*=} ;; efs_adminks_access) properties[ADMIN_KEYSTORE_ACCESS$INDEX]=${PAIR##*=} ;; efs_allowksmodechangebyuser) properties[ALLOW_MODE_CHANGE$INDEX]=${PAIR##*=} ;; efs_file_algo) properties[FILE_ENCRYPTION$INDEX]=${PAIR##*=} ;; efs_initialks_mode) properties[KEYSTORE_MODE$INDEX]=${PAIR##*=} ;; efs_keystore_access) properties[KEYSTORE_ACCESS$INDEX]=${PAIR##*=} ;; efs_keystore_algo) properties[KEYSTORE_ENCRYPTION$INDEX]=${PAIR##*=} ;; expires) properties[EXPIRATION$INDEX]=${PAIR##*=} ;; groups) properties[GROUPS$INDEX]=${PAIR##*=} ;; home) properties[HOME$INDEX]=${PAIR##*=} ;; histsize) properties[MIN_PASSWORDS$INDEX]=${PAIR##*=} ;; histexpire) properties[REUSE_TIME$INDEX]=${PAIR##*=} ;; id) properties[ID$INDEX]=${PAIR##*=} ;; login) properties[LOGIN$INDEX]=${PAIR##*=} ;; loginretries) properties[MAX_FAILED_LOGINS$INDEX]=${PAIR##*=} ;; logintimes) properties[SCHEDULE$INDEX]=${PAIR##*=} ;; maxage) properties[MAX_PASSWORD_AGE$INDEX]=${PAIR##*=} ;; maxexpired) properties[LOCKOUT_DELAY$INDEX]=${PAIR##*=} ;; maxrepeats) properties[MAX_PASSWORD_REPEATED_CHARS$INDEX]=${PAIR##*=} ;; minage) properties[MIN_PASSWORD_AGE$INDEX]=${PAIR##*=} ;; minalpha) properties[MIN_PASSWORD_ALPHAS$INDEX]=${PAIR##*=} ;; mindiff ) properties[MIN_PASSWORD_DIFFERENT$INDEX]=${PAIR##*=} ;; minlen) properties[MIN_PASSWORD_LENGTH$INDEX]=${PAIR##*=} ;; minother) properties[MIN_PASSWORD_OTHERS$INDEX]=${PAIR##*=} ;; pgrp) properties[PRIMARY$INDEX]=${PAIR##*=} ;; projects) properties[PROJECTS$INDEX]=${PAIR##*=} ;; pwdchecks) properties[PASSWORD_VALIDATION_METHODS$INDEX]=${PAIR##*=} ;; pwdwarntime) properties[DAYS_TO_WARN$INDEX]=${PAIR##*=} ;; registry) properties[REGISTRY$INDEX]=${PAIR##*=} ;; rlogin) properties[REMOTE_LOGIN$INDEX]=${PAIR##*=} ;; roles) properties[ROLES$INDEX]=${PAIR##*=} ;; shell) properties[SHELL$INDEX]=${PAIR##*=} ;; su) properties[SWITCH_USER$INDEX]=${PAIR##*=} ;; sugroups) properties[SU_GROUPS$INDEX]=${PAIR##*=} ;; SYSTEM) properties[AUTHENTICATION$INDEX]=${PAIR##*=} ;; tpath) properties[TRUSTED_PATH$INDEX]=${PAIR##*=} ;; ttys) properties[ALLOWED_TTYS$INDEX]=${PAIR##*=} ;; gecos) typeset infostr=${OUTPUT##*gecos=} infostr=${infostr%%=*} properties[INFO$INDEX]=${infostr% *} ;; umask) typeset UMASK=${PAIR##*=} case ${#UMASK} in 1) UMASK="000$UMASK" ;; 2) UMASK="00$UMASK" ;; 3) UMASK="0$UMASK" ;; esac properties[UMASK$INDEX]=$UMASK ;; esac done #============================================================== : Even if there is no value for a given attribute, we want to : display a placeholder for it, so the customer always sees a : consistent, complete set of attributes. #============================================================== for key in ${_COLON_ATTR_ORDER[user]}; do if [[ -z ${properties[$key$INDEX]} ]]; then properties[$key$INDEX]="" fi done (( INDEX++ )) [[ $INDEX == *0 ]] && (( INDEX++ )) done # End of the "TYPES" loop if [[ -z $FOUND ]]; then dspmsg -s $CLMGR_SET $CLMGR_MSGS 474 '\nERROR: the specified user, "%1$s", could not be found.\n\n' "$user" 1>&2 rc=$RC_NOT_FOUND fi done # End of the "USERS" loop #========================================================== : If any searches/filters were specified, handle them now #========================================================== if (( $rc == RC_SUCCESS && ${#queries[*]} > 0 )); then CL=$LINENO search_properties queries properties rc=$? fi (( $rc == RC_SUCCESS )) && CL=$LINENO prune_indexes properties log_return_msg "$rc" "$0()" "$LINENO" return $? } # End of "KLIB_HACMP_get_user_attributes()" function on_exit_get_user { rm -f $TMPDIR/clmgr.KHgua.files.$$ rm -f $TMPDIR/clmgr.KHgua.ldap.$$ } #============================================================================ # # Name: devDoc # # Description: This is a never-to-be-called, wrapper function that all the # clmgr FPATH functions implement in order to hide embedded # syntax from trace logging. This information is implemented # in POD format, and can be viewed in a number of ways using # POD tools. Some viewing suggestions for this function's POD- # formatted information are: # # perldoc # pod2text -c # pod2text -c --code # pod2html # # However, the more important use for this information is that # it is parsed by clmgr to display the syntax for this file's # operation. The information in the "SYNOPSIS" section is used # for this purpose. This feature was originally implemented # using the man page information. However, in a code review it # was pointed out that this approach had to be changed because # customers do not have to install the man pages! Therefore, a # built-in dependency on man page information would break the # automatic help feature of clmgr. So the SYNPOSIS section must # be used instead. # # IMPORTANT: As a result of this, it is imperative that the # information in this SYNOPSIS be kept in sync # with the man page information, which is owned # by the IDD team. # # Inputs: None. # # Outputs: None. # # Returns: n/a (not intended to be invoked) # #============================================================================ function devDoc { : <<'=cut' >/dev/null 2>&1 =head1 NAME KLIB_HACMP_get_user_attributes =head1 VERSION Version Number: 1.9 Last Extracted: 6/16/15 17:51:10 Last Changed: 6/1/15 15:30:23 Path, Component, Release(, Level): src/43haes/lib/ksh93/hacmp/KLIB_HACMP_get_user_attributes.sh, hacmp.assist, 61haes_r720, 1525A_hacmp720 =head1 SYNOPSIS clmgr query user [,,...] clmgr -v query user NOTE: the alias for "user" is "ur". =head1 DESCRIPTION Retrieves the information for one or more users. =head1 ARGUMENTS 1. users [REQUIRED] [string] The label of one or more users (comma or space separated) that are to be queried. 2. properties [REQUIRED] [hash ref] An associative array within which data about the queried objects can be returned to the caller. =head1 RETURN 0: no errors were detected; the operation appears to have been successful 1: a general error has occurred 2: a specified resource does not exist, or could not be found 3: some required input was missing 4: some detected input was incorrect in some way 5: a required dependency does not exist 6: a specified search failed to match any data =head1 COPYRIGHT COPYRIGHT International Business Machines Corp. 2011,2015 All Rights Reserved =cut } # End of "devDoc()" #============================================================================== # The following, comment block attempts to enforce coding standards when this # file is edited via emacs or vim. This block _must_ appear at the very end # of the file, or the editor will not find it, and it will be ignored. #============================================================================== # Local Variables: # indent-tabs-mode: nil # tab-width: 4 # End: #============================================================================== # vim: tabstop=4 shiftwidth=4 expandtab #==============================================================================