#!/bin/sh
#
#pragma ident "@(#)screeninfo.sh	1.8 00/11/27 Sun Microsystems, Inc."
#
#
# Get SunScreen 3.1 screen information -- run as root on the screen
#


POLICY_NAME=""
USAGE="$0 [ -u | policyname ]"
BASE_DIR=/opt/SUNWicg/SunScreen
BIN_DIR=$BASE_DIR/bin
ETC_DIR=/etc/opt/SUNWicg/SunScreen

PATH=$BASE_DIR/support:$BIN_DIR:/usr/sbin:/usr/bin:$PATH

check_root(){
    /usr/bin/id | grep "root" >/dev/null
    if [ "$?" != "0" ]
    then 
	echo "Must be root to run $0."
	exit 1
    fi
}

underline(){
        echo
        echo $1 | /usr/bin/awk '{for( num=$1 ; num > 0 ; num--)printf("=")}'
        echo "\n\n"
}
 
header(){
        echo "\n\n**********************************************************\c"
	string=`echo $1 $2 $3 $4 $5 $6`
        echo "\n\n$string\c"
        length=`echo $string | /usr/bin/wc -c`
        underline $length
}

messages(){
        MONTH=`date +%b`
        DAY=`date +%e`
        /usr/bin/awk '{if(month==$1 && day==$2)print $0}' month="$MONTH" day="$DAY" </var/adm/messages

}

getosrelease () {
    uname -r | nawk -F'.' '{print $2}'
}

getinterfacemods(){
    for interface in `ifconfig -a | grep flags | grep -v lo0 |  \
	nawk -F':' '{print $1}' | uniq` ; do
	header "Modules pushed on $interface"
	ifconfig $interface modlist
    done
}

ndd_info(){
    for variable in `ndd /dev/$1 \? | nawk '{if(NR>1)print $1}' \
	| awk -F\( '{ print $1 }'`
	do case $variable in

	    # don't do these - unreadable data - get with netstat
	    tcp_status) ;;
	    ip_status)  ;;
	    ip_ill_status)  ;;
	    ip_ipif_status) ;;
	    tcp_bind_hash) ;;
	    tcp_listen_hash) ;;
	    tcp_conn_hash) ;;
	    tcp_queue_hash) ;;
	    tcp_acceptor_hash) ;;
	    tcp_extra_priv_ports_add) ;;
	    tcp_extra_priv_ports_del) ;;
	    ip_ire_status) ;;
	    ipv4_ire_status) ;;
	    ipv6_ire_status) ;;
	    ip_srcid_status) ;;
	    ip_ipc_status) ;;
	    ip_ndp_cache_report) ;;
	    ip_respond_to_address_mask_broadcast) ;;
	    ip_respond_to_timestamp_broadcast) ;;
	    ip_forward_directed_broadcasts) ;;
	    ip_respond_to_address_mask_broadcast) ;;
	    ip_respond_to_timestamp_broadcast) ;;
	    ip_forward_directed_broadcasts) ;;
	
	    *)echo "$variable = `ndd /dev/$1 $variable `"
	    ;;
	esac
    done
}


check_ha(){
    HA_FILE=$ETC_DIR/.active/Screen
    header "Checking for HA information"
    if [ -f $HA_FILE ]
    then 
	ha_type=`cat $HA_FILE | grep HA`
	cmg_type=`cat  $HA_FILE | grep MASTER`
        if [ "$ha_type" = "" ]
	then 
	    echo "This system is not part of an HA cluster."
            ha_subtype="notha"
            if [ "$cmg_type" != "" ]
            then 
		echo "This system is a CMG secondary"
		
		# Here is the logic - we need to know if the
                # system has a local policy or a policy pushed
                # from another screen. If its a HA secondary
                # or a CMG secondary then it won't have a local
                # policy. The script only needs to know if it
                # needs to check for a local policy, so we
                # set ha_subtype to "secondary" in both cases.

                ha_subtype="secondary"
	    fi
        else 
	    echo "This system is part of an HA cluster."
	    ha_subtype=`echo $ha_type | awk '{print $2}'`
	    echo "System `uname -n` is a $ha_type"
        fi
    else
        echo "This system does not have $HA_FILE"
        ha_subtype="notha"
    fi
}

get_policy(){
        for object in \
"ssadm edit \"${POLICY_NAME}\" -c \"list Rule\"" \
"ssadm edit \"${POLICY_NAME}\" -c \"list Screen\"" \
"ssadm edit \"${POLICY_NAME}\" -c \"list Interface\"" \
"ssadm edit \"${POLICY_NAME}\" -c \"list AccessLocal\"" \
"ssadm edit \"${POLICY_NAME}\" -c \"list AccessRemote\"" \
"ssadm edit \"${POLICY_NAME}\" -c \"list Certificate\"" \
"ssadm edit \"${POLICY_NAME}\" -c \"list Nat\"" \
"ssadm edit \"${POLICY_NAME}\" -c \"list Address\"" \
"ssadm edit \"${POLICY_NAME}\" -c \"list Service\"" \
"ssadm edit \"${POLICY_NAME}\" -c \"list Time\"" \
"ssadm edit \"${POLICY_NAME}\" -c \"list VPNNode\"" \

do
  header $object
  eval $object
done
}

# Check that this is being run by root
check_root

# Check to see if user gave config name to check, else default to active
if [ $# -ne 0 ] 
then
  if [ $1 = "-u" ]
  then
    echo $USAGE
    exit 0
  fi
  
  if [ $# -eq 1 ]
  then
    POLICY_NAME=$1
  else
    echo $USAGE
    exit 1
  fi
else
  POLICY_NAME=`ssadm active -Z | /usr/bin/awk '{print $3}' | /usr/bin/nawk -F\" '{print $1}'`
fi

DATE=`date +%y%m%d\%H\%M`

# Start off with the title and date and who this Screen is

for object in \
"echo @(#)screeninfo.sh	1.13 00/11/14" \
"date" \
"/usr/bin/hostname" \
"/sbin/uname -a" \
"ssadm sys_info" \
"ssadm active"

do
  header $object
  $object 
done

# RFE 4373976 - Find out if this is 32 or 64 bit mode (Solaris 7 plus only)
 
if [ `getosrelease` -lt 7 ]
then 
    echo
else 
    header "isainfo -vb"
    isainfo -vb
fi

# Check to see if this is HA

check_ha


# Show the config names and the rules for each

header "ssadm policy -l"
ssadm policy -l

for configs in `ssadm policy -l `
do 
  header "ssadm edit \"${configs}\" -c \"list Rule\""
  eval ssadm edit \"${configs}\" -c \"list Rule\"
done

# Get policy information - if this is a HA secondary
# then the policy information won't exist - we need to get
# the active policy

if [ "$ha_subtype" = "secondary" ]
    then
	header "Getting currently activated policy - $POLICY_NAME"
        ssadm active -x
    else 
	get_policy
fi

for object in \
"ssadm ha status 2>&1" \
"skiplocal -l" \
"skipca -l" \
"skipdb -l" \
"skipdb -l -v" \
"ssadm traffic_stats" \
"skipstat -hkm" \
"ssadm lib/statetables" \
"disks" \
"eeprom" \
"findcore" \
"/sbin/ifconfig -a" \
"/usr/bin/netstat -pn" \
"last" \
"packages" \
"procs" \
"config" \
"stats" \
"streams" \
"versions" \
"/usr/bin/netstat -ian" \
"/usr/bin/netstat -rn" \
"/usr/bin/netstat -s" \
"ssadm logstats" \
"ndd_info ip" \
"messages" \
"ndd_info tcp"

do
  header $object
  eval $object 
done

# RFE 4373976 - get interface module information ( Solaris 8 plus only )
  
if [ `getosrelease` -lt 8 ]
then
    echo
else 
    getinterfacemods
fi

# show the prtdiag stuff

if [ -f "/usr/platform/`/usr/bin/uname -m`/sbin/prtdiag" ] ; then
  header "/usr/platform/`/usr/bin/uname -m`/sbin/prtdiag"
  /usr/platform/`/usr/bin/uname -m`/sbin/prtdiag
else
    header "no prtdiag file"
fi

# Getting skipd.log and older version
skiplogs=`ls /var/log/skipd.log* 2> /dev/null`
if [ -n "$skiplogs" ] ; then
    for x in $skiplogs
    do
        header $x
        cat $x
    done
else
    header "No skipd.log ($skiplogs)"
    echo "ls /var/log/"
    echo "------------"
    ls /var/log/*
fi


# get hardware stuff last as it can truncate the log, also
# it's the least useful. Pipe output to "fmt" to wrap very long lines

for object in "/usr/sbin/prtconf -p | /usr/bin/fmt" \
    "/usr/sbin/prtconf -pv | /usr/bin/fmt" \
    "/usr/sbin/prtconf -Pv | /usr/bin/fmt" 
do
  header $object
  eval $object
done

header "End Of Screeninfo"


echo
