#!/bin/ksh

###############################################
# Sourcing macros
###############################################
DIRNAME=/usr/bin/dirname
. `$DIRNAME $0`/../lib/psmacros

###############################################
# Defines
###############################################

BELL_CHAR='\a'

STATE_FILE="$PS_CONFIG_DIR/PSConfig.properties"
LOG_FILE="$IDSAME_VAR_DIR/debug/isconfig.log"


###############################################
# Get configuration from file
###############################################
GrabConfig() {
  local FILE=$1
  local KEY=$2
  local SEPARATOR=$3

  ANSWER=`$GREP "^$KEY$SEPARATOR" $FILE | $UNIQ | $SED -e "s/$KEY$SEPARATOR//"` 
}

###############################################
# Main
###############################################

if [ `$ID | $NAWK '{print $1}'` != "uid=0(root)" ]; then
  $ECHO "You must be root user. $BELL_CHAR"
  exit 1
fi

if [ ! -f $STATE_FILE ]; then
  $ECHO "Error: $STATE_FILE does not exist. $BELL_CHAR"
  exit 1
fi

GrabConfig $STATE_FILE "IDSAME_BASEDIR" "="
if [ "$ANSWER" != "" ]; then
  IDSAME_BASEDIR=$ANSWER
else
  $ECHO "Error: Cannot determine IDSAME_BASEDIR. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "BASEDIR" "="
if [ "$ANSWER" != "" ]; then
  PS_BASEDIR=$ANSWER
else
  $ECHO "Error: Cannot determine BASEDIR. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DS_HOST" "="
if [ "$ANSWER" != "" ]; then
  DS_HOST=$ANSWER
else
  $ECHO "Error: Cannot determine DS_HOST. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DS_PORT" "="
if [ "$ANSWER" != "" ]; then
  DS_PORT=$ANSWER
else
  $ECHO "Error: Cannot determine DS_PORT. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DS_DIRMGR_DN" "="
if [ "$ANSWER" != "" ]; then
  DS_DIRMGR_DN=$ANSWER
else
  $ECHO "Error: Cannot determine DS_DIRMGR_DN. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DEPLOY_URI" "="
if [ "$ANSWER" != "" ]; then
  DEPLOY_URI=$ANSWER
else
  $ECHO "Error: Cannot determine DEPLOY_URI. $BELL_CHAR"
  exit 1
fi
# Identity server user naming attribute.
IS_CONFIG_FILE="$IDSAME_CONFIG_DIR/config/AMConfig.properties"
GrabConfig $IS_CONFIG_FILE "com.sun.identity.authentication.super.user" "="
if [ "$ANSWER" != "" ]; then
USER_NAMING_ATTR=`$ECHO $ANSWER | $CUT -f1 -d =`
else
$ECHO "Error: Cannot determine IDSAME_USER_NAMING. $BELL_CHAR"
exit 1
fi


AMADMIN="$IDSAME_BASEDIR/$IDSAME_PRODUCT_DIR/bin/amadmin"

FILE="$IDSAME_CONFIG_DIR/config/AMConfig.properties"
ADMIN_DN=`$GREP "^com.sun.identity.authentication.super.user=" $FILE | $SED -e "s/com.sun.identity.authentication.super.user=//"`
ROOT_DN=`$GREP "^com.iplanet.am.rootsuffix=" $FILE | $SED -e "s/com.iplanet.am.rootsuffix=//"`
ORG_DN=`$GREP "^com.iplanet.am.defaultOrg=" $FILE | $SED -e "s/com.iplanet.am.defaultOrg=//"`
if [ "$ORG_DN" != "$ROOT_DN" ]; then
  ORG_DN="$ORG_DN,$ROOT_DN"
fi

OUTFILE="/tmp/out.tmp"
INFILE="/tmp/query.xml"
$CAT > $INFILE << EOF
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests PUBLIC "-//iPlanet//iDSAME 5.0 Admin CLI DTD//EN" "file:$IDSAME_BASEDIR/$IDSAME_PRODUCT_DIR/dtd/amAdmin.dtd">
<Requests>
  <OrganizationRequests DN="$ORG_DN">
    <GetServiceTemplate serviceName="iPlanetAMAuthService" schemaType="Organization"/>
  </OrganizationRequests>
</Requests>
EOF
$AMADMIN --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" --verbose --continue --data $INFILE > $OUTFILE 2>&1
$RM -f $INFILE $OUTFILE

PEOPLE_DN="ou=People,$ORG_DN"
AUTHLESSANONYMOUS_DN="$USER_NAMING_ATTR=authlessanonymous,$PEOPLE_DN"

FILE="/tmp/scrubds.xml"
$ECHO "Unassigning Deny Write Access Role for the User authlessanonymous"
$CAT > $FILE << EOF
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests PUBLIC 
  "-//iPlanet//iDSAME 5.0 Admin CLI DTD//EN" 
  "file:$IDSAME_BASEDIR/$IDSAME_PRODUCT_DIR/dtd/amAdmin.dtd"
>
<Requests>
  <RoleRequests DN="cn=Deny Write Access,$ORG_DN">
    <RemoveUsers>
      <DN>$AUTHLESSANONYMOUS_DN</DN>
    </RemoveUsers>
  </RoleRequests>

<!-- Deleting $AUTHLESS_DN user... -->
<PeopleContainerRequests DN="$PEOPLE_DN">
    <DeleteUsers>
      <DN>$AUTHLESSANONYMOUS_DN</DN>
    </DeleteUsers>
  </PeopleContainerRequests>
</Requests>
EOF
$AMADMIN --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" --verbose --continue --data $FILE >> ${LOG_FILE}

$RM -f $FILE

exit 0
