#!/bin/ksh
#  ALTRAN_PROLOG_BEGIN_TAG                                                    
#  This is an automatically generated prolog.                                  
#                                                                              
#  Copyright (C) Altran ACT S.A.S. 2019,2020,2021.  All rights reserved.  
#                                                                              
#  ALTRAN_PROLOG_END_TAG                                                      
#                                                                              
# IBM_PROLOG_BEGIN_TAG 
# This is an automatically generated prolog. 
#  
# 61haes_r714 src/43haes/usr/sbin/cluster/cspoc/utilities/cl_federatedsec_source.sh 1.3 
#  
# Licensed Materials - Property of IBM 
#  
# COPYRIGHT International Business Machines Corp. 2010,2011 
# All Rights Reserved 
#  
# US Government Users Restricted Rights - Use, duplication or 
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. 
#  
# IBM_PROLOG_END_TAG 
# @(#)  7d4c34b 43haes/usr/sbin/cluster/cspoc/utilities/cl_federatedsec_source.sh, 726, 2147A_aha726, Feb 05 2021 09:50 PM

FSECPROGNAME=${0##*/}
if [[ -n $FSECDEBUG ]]
then
    typeset PS4="${FSECPROGNAME}:\${FSECFUNCNAME}():[\$LINENO]: "
    set -x
fi
[[ $FSECDEBUG == 2 ]] && { export VERBOSE_LOGGING=high; export _DEBUG=9; }
[[ $FSECDEBUG == 3 ]] && { export LDAP_DEBUG=65535; /usr/bin/ldtrc on >/dev/null 2>&1; }
[[ $FSECDEBUG == 4 ]] && {
							export VERBOSE_LOGGING=high
							export _DEBUG=9
							export LDAP_DEBUG=65535
							/usr/bin/ldtrc on >/dev/null 2>&1
						 }	

# Init function
function fsec_init
{
    typeset FSECFUNCNAME="fsec_init"
    [[ -n $FSECDEBUG ]] && set -x
	
	SAVE_LC_ALL=$LC_ALL
	export LC_ALL=C

	export PATH="$(/usr/es/sbin/cluster/utilities/cl_get_path all)"
	#initialization for ldap setup to work
	export CLUSTER_OVERRIDE=yes 
	HA_BASE_PATH=/usr/es/sbin/cluster
	sleep 1
	FSEC_LOG_DIR=/var/hacmp/log/fsec/$(date +%Y.%m.%d.%Hh%Mm%Ss-FailedConf)

	#checking cluster is configured prior to configure federated security
	cltopinfo -c > /dev/null || {  dspmsg -s 129 cspoc.cat 78 "Cluster not configured, exiting...\n"; exit 1; }

	# Proper permission is required to run Federated security utilities
	if [[ $(whoami) != "root" ]] && ! ckauth PowerHASM.admin
	then
	  dspmsg -s 4 cspoc.cat 52 "%s: All C-SPOC commands require the user to either be root, or have PowerHASM.admin authorization\n" "Federated Security"
	  exit 2
	fi

	[[ -z "$LOGIN" ]] && user_name=$(id -nu 2>/dev/null) || user_name="$LOGIN"	
	whereis expect >/dev/null || {  dspmsg -s 129 cspoc.cat 153 "expect.base not installed in this machine.\n"; exit 1; }
	run_on_allnode "mkdir -p $FSEC_LOG_DIR" || ret_fail "Cannot create log directory." $?
	if [[ $user_name != root ]]
	then
		chown $user_name $FSEC_LOG_DIR || ret_fail "Failed to change owner of log directory." $?
	fi
}
function fsec_ldap_init
{
    typeset FSECFUNCNAME="fsec_ldap_init"
    [[ -n $FSECDEBUG ]] && set -x
	
	ulimit unlimited
	ulimit -d unlimited; ulimit -s unlimited; ulimit -m unlimited; ulimit -n unlimited; ulimit -f unlimited
	export LDR_CNTRL=MAXDATA=0x4000000 #temprory workaround for DB29.7 with LDAP6.2 and later in case of less memory
	#setting java path
	if ls /usr|grep -w "java5" > /dev/null
	then
			JAVA_DIR=java5
	else
			JAVA_DIR=`ls /usr|grep java|tail -1|sed 's/_64//g'`
			[[ -z $JAVA_DIR ]] && ret_fail "JAVA not found" 1
	fi
	export JAVA_HOME="/usr/${JAVA_DIR}"
}
#common function to return a fail condition
function ret_fail
{
    typeset FSECFUNCNAME="ret_fail"
    [[ -n $FSECDEBUG ]] && set -x
	
	err_msg=$1
	ret_val=$2

	if [[ $ret_val -gt 0 ]]
	then
		 dspmsg -s 129 cspoc.cat 79 "ERROR: %s\n" "$err_msg"
		 dspmsg -s 129 cspoc.cat 80 "Failed with return code %s, terminating...\n" "$ret_val"
		exit 1
	fi
	 dspmsg -s 129 cspoc.cat 84 "WARNING: %s\n" "$err_msg"
}
#function to run a command on all nodes of the cluster
function run_on_allnode
{
    typeset FSECFUNCNAME="run_on_allnode"
    [[ -n $FSECDEBUG ]] && set -x
	
	cmd_to_run="$1"
	NODES=`cllsnode -c|sed '1d'|awk -F: '{print $1}'` 
	[[ -z $NODES ]] && ret_fail "Nodes not found" 1 
	for X in $NODES
	do
			cl_rsh -n $X "$cmd_to_run"
			[[ $? -ne 0 ]] && return 1
	done
	return 0
}
#common function to force a requirement to verify and sync after cluster change
function fsec_vsync
{
    typeset FSECFUNCNAME="fsec_vsync"
    [[ -n $FSECDEBUG ]] && set -x
	
	MSGTOPR=$1
    #Cluster configuration changed, force a requirement for synchronization
	Class="HACMPcluster:"
	handle="handle=0"
	printf "%s\n%s\n" $Class $handle | odmchange -o HACMPcluster 
	#Warn the user that the configuration must be synchronized
	if [[ $? -eq 0 ]]
	then
		 dspmsg -s 129 cspoc.cat 81 "The PowerHA SystemMirror configuration has been changed - %s has been done.  The configuration must be synchronized to make this change effective across the cluster. Run verification and Synchronization.\n" "$MSGTOPR"
	else
		return 1
	fi
	return 0
}
#function to check verify and sync had been already run by user before continuing to next configuration change
function odm_check
{
    typeset FSECFUNCNAME="odm_check"
    [[ -n $FSECDEBUG ]] && set -x
	
	tmp_odm_file=${FSEC_LOG_DIR}/odm_check.$$
	NODES=`${HA_BASE_PATH}/utilities/cllsnode -c|sed '1d'|awk -F: '{print $1}'` 
	[[ -z $NODES ]] && ret_fail "Nodes not found" 1
	clgodmget -n `echo $NODES|awk '{ print $1 }'` HACMPLDAP > $tmp_odm_file
	for X in $NODES
	do
		clgodmget -n $X HACMPLDAP > ${tmp_odm_file}1
		diff ${tmp_odm_file} ${tmp_odm_file}1 >/dev/null 2>&1 || {
			 dspmsg -s 129 cspoc.cat 82 "Verify and Synchronization did not run by user after last configuration change. Please run it and then try.\n"
			rm -rf ${tmp_odm_file} ${tmp_odm_file}1
			exit 1
			}
	done
	rm -rf ${tmp_odm_file} ${tmp_odm_file}1
}