#!/bin/sh

# $Id: support_nbac.sh,v 1.1.2.2 2004/01/06 15:06:21 $
#***************************************************************************
# $VRTScprght: Copyright 1993 - 2004 VERITAS Software Corporation, All Rights Reserved $
#***************************************************************************


# NBAC Information for the support script.
#
#	support_nbac [-i|-h]
#
# Usually this is called by the /usr/openv/netbackup/goodies/support/support
# script.  However, it can also be called "standalone".
#
# -i		- If interactive.  If necessary, prompt the user to log in as
#		  a NetBackup security administrator.
# -h		- Print usage statement.

USAGE="Usage: $0 [-i]"

if [ "$1" = '-i' ] ; then
	interactive=1
elif [ "$1" = '-h' ] ; then
	echo "$USAGE"
	exit 0
elif [ "$1" != '' ] ; then
	echo "$USAGE" >&2
	exit 20 # EC_invalid_argument
else
	interactive=0
fi

# Common files
bpconf='/usr/openv/netbackup/bp.conf'

# Common commands
bpclntcmd='/usr/openv/netbackup/bin/bpclntcmd'
bpnbat='/usr/openv/netbackup/bin/bpnbat'
if [ \( ! -x "$bpclntcmd" \) -o \( ! -x "$bpnbat" \) -o \
     \( ! -r "$bpconf" \) ] ; then
	echo "Client binaries not installed." >&2
	exit 131 # EC_invalid_client
fi

# Get my host name.
my_hostname=`"$bpclntcmd" -gethostname | tr 'A-Z' 'a-z'`
if [ "$my_hostname" = '' ] ; then
	echo "Cannot get my local host name." >&2
	exit 48 # EC_hostname_not_found
fi

echo ""
echo "Check authentication with the master server and local host:"
echo ""
if "$bpclntcmd" -check_vxss ; then
	echo ""
	echo "Authentication OK with the master server and local host."
	echo ""
fi

bpauthorize='/usr/openv/netbackup/bin/admincmd/bpauthorize'
bperror='/usr/openv/netbackup/bin/admincmd/bperror'
bpnbaz='/usr/openv/netbackup/bin/admincmd/bpnbaz'
if [ \( ! -x "$bpauthorize" \) -o \( ! -x "$bperror" \) -o \
     \( ! -x "$bpnbaz" \) ] ; then
	echo "Server binaries not installed." >&2
	exit 37 # EC_invalid_server
fi

# Get interesting bp.conf values
use_vxss=`tr -d ' \011' < "$bpconf" | tr '[a-z]' '[A-Z]' | \
	grep '^USE_VXSS=' | tail -1 | sed 's/^USE_VXSS=//'`
if [ \( "$use_vxss" != 'REQUIRED' \) -a \
     \( "$use_vxss" != 'AUTOMATIC' \) ] ; then
	use_vxss=PROHIBITED
fi
master_server=`tr -d ' \011' < "$bpconf" | tr '[A-Z]' '[a-z]' | \
	sed 's/^server=//' | head -1`

echo ""
echo "Check authorization with the master server:"
echo ""
if "$bpauthorize" -test_admin > /dev/null ; then
	echo ""
	echo "NetBackup Administrator for the master server."
	echo ""
fi

if [ "$master_server" != "$my_hostname" ] ; then
	echo ""
	echo "Check authorization with the local host $my_hostname:"
	echo ""
	if "$bpauthorize" -M "$my_hostname" -test_admin > /dev/null ; then
		echo ""
		echo "NetBackup Administrator for the local host $my_hostname."
		echo ""
	fi
fi

azloc='/etc/vx/vss/VRTSaz.loc'
if [ ! -r "$azloc" ] ; then
	echo "VxSS Authorization Libraries are not installed."
	exit 0 # Not necessarily an error
fi
idir=`grep '^ProductInstallDir=' "$azloc" | head -1 | \
	sed 's/^ProductInstallDir=//'`
if [ "$idir" = '' ] ; then
	echo "VxSS Authorization Libraries are not installed."
	exit 0 # Not necessarily an error
fi
if [ ! -d "$idir" ] ; then
	echo "VxSS Authorization Libraries are not installed."
	exit 0 # Not necessarily an error
fi

# Make sure we have a temporary directory
if [ \( "$TMPDIR" = '' \) -o \( ! -d "$TMPDIR" \) ] ; then
	TMPDIR=/tmp
fi
temp_cred_path="$TMPDIR"/support_nbac.$$.1.txt
temp_out_path="$TMPDIR"/support_nbac.$$.2.txt

get_main_objects () {
	rm -f "$temp_cred_path"
	"$bpnbaz" -ListMainObjects 2> /dev/null > "$temp_out_path"
	nbazstat="$?"
	if [ "$nbazstat" -eq 0 ] ; then
		return 0
	fi
	rm -f "$temp_out_path"
	if [ "$use_vxss" = 'PROHIBITED' ] ; then
		echo "NetBackup Access Control is not configured."
		return 0 # Not necessarily an error
	fi
	"$bpclntcmd" -check_vxss
	echo ""
	echo "You may need to issue the command \"bpnbat -login\""
	echo "and log in as a NetBackup Security Administrator."
	echo ""
	if [ "$interactive" != 1 ] ; then
		return "$nbazstat"
	fi
	if tty > /dev/null 2>&1 ; then
		: # we really are "interactive"
	else
		return "$nbazstat"
	fi
	while true ; do
		rm -f "$temp_cred_path"
		echo "Would you like to try to log in now? (yes/no)"
		read answer
		case "$answer" in
		y*|Y*)	"$bpnbat" -login -cf "$temp_cred_path" > /dev/tty 2>&1
			nbatstat="$?"
			if [ "$nbatstat" -eq 0 ] ; then
				VXSS_CREDENTIAL_PATH="$temp_cred_path"
				export VXSS_CREDENTIAL_PATH
				"$bpnbaz" -ListMainObjects \
					2> /dev/null > "$temp_out_path"
				nbazstat="$?"
				if [ "$nbazstat" -eq 0 ] ; then
					return 0
				fi
				rm -f "$temp_out_path"
				"$bpclntcmd" -check_vxss
				echo ""
		echo "You may need to issue the \"bpnbat -login\" command"
		echo "and log in as a NetBackup Security Administrator."
				echo ""
			else
				echo "Authentication error $nbatstat" >&2
			fi
			;;
		*)	return "$nbazstat"
			;;
		esac
	done
}

get_main_objects
nbazstat="$?"
if [ ! -r "$temp_out_path" ] ; then
	rm -f "$temp_cred_path"
	if [ "$nbazstat" -ne 0 ] ; then
		echo "Authorization error $nbazstat" >&2
		exit 118 # EC_vxss_authorization_failed
	fi
	exit 0
fi
if [ "$nbazstat" -eq 0 ] ; then
	if [ -r "$temp_cred_path" ] ; then
		VXSS_CREDENTIAL_PATH="$temp_cred_path"
		export VXSS_CREDENTIAL_PATH
	fi
	echo ""
	echo "NetBackup Authorization main objects:"
	echo ""
	cat "$temp_out_path" | grep -v 'Operation completed successfully.'
	echo ""
	"$bpnbaz" -ListGroups | while read group ; do
		if [ "$group" = 'Operation completed successfully.' ]
		then
			break
		fi
		echo ""
		echo "Users for NetBackup Authorization group $group:"
		echo ""
		"$bpnbaz" -ListGroupMembers "$group" | \
			grep -v 'Operation completed successfully.' | \
			sed 's/^/  /'
	done
else
	echo "Authorization error $nbazstat" >&2
	nbazstat=118 # EC_vxss_authorization_failed
fi
rm -f "$temp_out_path"
rm -f "$temp_cred_path"
exit "$nbazstat"
