#!/bin/ksh

###############################################
# Sourcing macros
###############################################
DIRNAME=/usr/bin/dirname
. `$DIRNAME $0`/../lib/psmacros

####################################################################################
# Defines
####################################################################################

BELL_CHAR='\a'

PS_STATE_FILE="$PS_CONFIG_DIR/PSConfig.properties"
SRA_STATE_FILE="$PS_CONFIG_DIR/SRAConfig.properties"

####################################################################################
# Get configuration from file
####################################################################################

GrabConfig() {

  GRABCONFIG_FILE=$1
  GRABCONFIG_KEY=$2
  GRABCONFIG_SEPARATOR=$3

  ANSWER=`$GREP "^$GRABCONFIG_KEY$GRABCONFIG_SEPARATOR" $GRABCONFIG_FILE | $UNIQ | $SED -e "s/$GRABCONFIG_KEY$GRABCONFIG_SEPARATOR//"`

}

####################################################################################
# Assign gateway access, netlet and netfile services to all users of default org
####################################################################################

AssignService() {

  USERDN_RESULTS="$PS_BASEDIR/$PS_PRODUCT_DIR/export/sra-userDNResults.txt"
  ASSIGN_SERVICE_LDIF="$PS_BASEDIR/$PS_PRODUCT_DIR/export/sra-assignService.ldif"

  if [ "$ONLY_FOR_ADMIN" = "y" ]; then
    $CAT >> $ASSIGN_SERVICE_LDIF << EOF
dn: $ADMIN_DN
changetype:modify
add: objectclass
objectclass:sunPortalGatewayAccessService

EOF
    $LDAPMODIFY -c -h $DS_HOST -p $DS_PORT -D "$DS_DIRMGR_DN" -w "${DS_DIRMGR_PASSWORD}" -f $ASSIGN_SERVICE_LDIF
    $RM $ASSIGN_SERVICE_LDIF
    return
  fi

  $LDAPSEARCH -h $DS_HOST -p $DS_PORT -b "$PEOPLE_DN" -D "$DS_DIRMGR_DN" -w "${DS_DIRMGR_PASSWORD}" "objectclass=iplanet-am-managed-person" -s "one" "dn" > $USERDN_RESULTS 2>&1

  FILE_LENGTH=`$WC -l $USERDN_RESULTS | $CUT -c1-8`
  FILE_LENGTH=`$EXPR $FILE_LENGTH + 0`

  COUNT=0
  RECORD_COUNT=0

  while [ $COUNT -le $FILE_LENGTH ]; do
    CUR_LINE=`$HEAD -$COUNT $USERDN_RESULTS | $TAIL -1`
    if [ "$CUR_LINE" != "" ] && [ "$CUR_LINE" != "version: 1" ]; then
      $CAT >> $ASSIGN_SERVICE_LDIF << EOF
$CUR_LINE
changetype:modify
add: objectclass
objectclass:sunPortalGatewayAccessService
objectclass:sunPortalNetFileService
objectclass:sunPortalNetletService

EOF
      RECORD_COUNT=`$EXPR $RECORD_COUNT + 1`
    fi
    COUNT=`$EXPR $COUNT + 1`
    if [ $RECORD_COUNT -eq 500 ]; then
      $LDAPMODIFY -c -h $DS_HOST -p $DS_PORT -D "$DS_DIRMGR_DN" -w "${DS_DIRMGR_PASSWORD}" -f $ASSIGN_SERVICE_LDIF
      $RM $ASSIGN_SERVICE_LDIF
      RECORD_COUNT=0
    fi
  done

  if [ $RECORD_COUNT -ne 0 ]; then
    $LDAPMODIFY -c -h $DS_HOST -p $DS_PORT -D "$DS_DIRMGR_DN" -w "${DS_DIRMGR_PASSWORD}" -f $ASSIGN_SERVICE_LDIF
    $RM $ASSIGN_SERVICE_LDIF
  fi

  $RM $USERDN_RESULTS

}

####################################################################################
# Make sure that the user is root.
####################################################################################

CheckUser() {

    if [ `$ID | $AWK '{print $1}'` != "uid=0(root)" ]; then
      $ECHO "You must be root user. $BELL_CHAR"
      exit 1
    fi

}

####################################################################################
# Make sure required state files are present.
####################################################################################

CheckStateFiles() {

    if [ ! -f $PS_STATE_FILE ]; then
      $ECHO "Error: $PS_STATE_FILE does not exist. $BELL_CHAR"
      exit 1
    fi
    
    if [ ! -f $SRA_STATE_FILE ]; then
      $ECHO "Error: $SRA_STATE_FILE does not exist. $BELL_CHAR"
      exit 1
    fi

}

####################################################################################
# Initialize all global variables.
####################################################################################

Initialize() {

    # Identity server base directory.
    GrabConfig $PS_STATE_FILE "IDSAME_BASEDIR" "="
    if [ "$ANSWER" != "" ]; then
      IDSAME_BASEDIR=$ANSWER
    else
      $ECHO "Error: Cannot determine IDSAME_BASEDIR. $BELL_CHAR"
      exit 1
    fi
    
    # Portal server base directory.
    GrabConfig $PS_STATE_FILE "BASEDIR" "="
    if [ "$ANSWER" != "" ]; then
      PS_BASEDIR=$ANSWER
    else
      $ECHO "Error: Cannot determine BASEDIR. $BELL_CHAR"
      exit 1
    fi
    
    # Directory server host.
    GrabConfig $PS_STATE_FILE "DS_HOST" "="
    if [ "$ANSWER" != "" ]; then
      DS_HOST=$ANSWER
    else
      $ECHO "Error: Cannot determine DS_HOST. $BELL_CHAR"
      exit 1
    fi
    
    # Directory server port.
    GrabConfig $PS_STATE_FILE "DS_PORT" "="
    if [ "$ANSWER" != "" ]; then
      DS_PORT=$ANSWER
    else
      $ECHO "Error: Cannot determine DS_PORT. $BELL_CHAR"
      exit 1
    fi
    
    # Directory manager dn.
    GrabConfig $PS_STATE_FILE "DS_DIRMGR_DN" "="
    if [ "$ANSWER" != "" ]; then
      DS_DIRMGR_DN=$ANSWER
    else
      $ECHO "Error: Cannot determine DS_DIRMGR_DN. $BELL_CHAR"
      exit 1
    fi
    
    # Assign SRA services to all users.
    GrabConfig $SRA_STATE_FILE "ASSIGN_SERVICE" "="
    if [ "$ANSWER" != "" ]; then
      ASSIGN_SERVICE=$ANSWER
    else
      $ECHO "Error: Cannot determine ASSIGN_SERVICE. $BELL_CHAR"
      exit 1
    fi

    # Others.
    LDAPMODIFY="$IDSAME_BASEDIR/$IDSAME_PRODUCT_DIR/bin/ldapmodify"
    LDAPSEARCH="$IDSAME_BASEDIR/$IDSAME_PRODUCT_DIR/bin/ldapsearch"
    DPADMIN="$PS_BASEDIR/$PS_PRODUCT_DIR/bin/dpadmin"
    
    FILE="$IDSAME_CONFIG_DIR/config/AMConfig.properties"
    ADMIN_DN=`$GREP "^com.sun.identity.authentication.super.user=" $FILE | $SED -e "s/com.sun.identity.authentication.super.user=//"`
    ROOT_DN=`$GREP "^com.iplanet.am.rootsuffix=" $FILE | $SED -e "s/com.iplanet.am.rootsuffix=//"`
    ORG_DN=`$GREP "^com.iplanet.am.defaultOrg=" $FILE | $SED -e "s/com.iplanet.am.defaultOrg=//"`
    if [ "$ORG_DN" != "$ROOT_DN" ]; then
      ORG_DN="$ORG_DN,$ROOT_DN"
    fi
    PEOPLE_DN="ou=People,$ORG_DN"

}

####################################################################################
# Set the required paths correctly.
####################################################################################

SetPaths() {

    IDSAME_PATH="$IDSAME_BASEDIR/$IDSAME_PRODUCT_DIR/ldaplib/ldapsdk:$IDSAME_BASEDIR/$IDSAME_PRODUCT_DIR/lib:$JSS_NSS_NSPR_LIB_DIR"
    if [ -z "${LD_LIBRARY_PATH}" ]; then
      LD_LIBRARY_PATH=$IDSAME_PATH
    else
      LD_LIBRARY_PATH="$IDSAME_PATH:${LD_LIBRARY_PATH}"
    fi
    export LD_LIBRARY_PATH
    
}

####################################################################################
# Add all rewriter rulesets
####################################################################################

AddRewriterRuleSets() {

    FILE="$PS_BASEDIR/$PS_PRODUCT_DIR/export/rewriter_rule/DefaultGatewayRuleSet.xml"
    $ECHO "Loading $FILE."
    $PS_BASEDIR/$PS_PRODUCT_DIR/bin/rwadmin store --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" $FILE
    
    FILE="$PS_BASEDIR/$PS_PRODUCT_DIR/export/rewriter_rule/OWASP3RuleSet.xml"
    $ECHO "Loading $FILE."
    $PS_BASEDIR/$PS_PRODUCT_DIR/bin/rwadmin store --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" $FILE
    
    FILE="$PS_BASEDIR/$PS_PRODUCT_DIR/export/rewriter_rule/WMLRuleSet.xml"
    $ECHO "Loading $FILE."
    $PS_BASEDIR/$PS_PRODUCT_DIR/bin/rwadmin store --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" $FILE
    
    FILE="$PS_BASEDIR/$PS_PRODUCT_DIR/export/rewriter_rule/iNotesRuleSet.xml"
    $ECHO "Loading $FILE."
    $PS_BASEDIR/$PS_PRODUCT_DIR/bin/rwadmin store --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" $FILE
    
    FILE="$PS_BASEDIR/$PS_PRODUCT_DIR/export/rewriter_rule/iPlanetMailExpressRuleSet.xml"
    $ECHO "Loading $FILE."
    $PS_BASEDIR/$PS_PRODUCT_DIR/bin/rwadmin store --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" $FILE

    FILE="$PS_BASEDIR/$PS_PRODUCT_DIR/export/rewriter_rule/OWA2003RuleSet.xml"
    $ECHO "Loading $FILE."
    $PS_BASEDIR/$PS_PRODUCT_DIR/bin/rwadmin store --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" $FILE

    FILE="$PS_BASEDIR/$PS_PRODUCT_DIR/export/rewriter_rule/SAPPortalRuleSet.xml"
    $ECHO "Loading $FILE."
    $PS_BASEDIR/$PS_PRODUCT_DIR/bin/rwadmin store --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" $FILE

}

####################################################################################
# Assigns all SRA services.
####################################################################################

AssignSRAServices() {

    if [ "$ASSIGN_SERVICE" = "y" ]; then
      $ECHO "Assigning SRA services to all users of $ORG_DN."
      ONLY_FOR_ADMIN="n"
      AssignService
    else
      $ECHO "Assigning srapGatewayAccessService to only amadmin."
      ONLY_FOR_ADMIN="y"
      AssignService
    fi
    
}

####################################################################################
# Unassign SRA services for amService-srapGateway user
####################################################################################

UnAssignSRAServicesToLogUser() {

    UNASSIGN_SRASERVICES="$PS_BASEDIR/$PS_PRODUCT_DIR/export/UnAssignSRAServices.xml"
    $CAT >> $UNASSIGN_SRASERVICES << EOF
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests SYSTEM "file:$IDSAME_BASEDIR/$IDSAME_PRODUCT_DIR/dtd/amAdmin.dtd">
  
<Requests>
  <UserRequests DN="uid=amService-srapGateway,$PEOPLE_DN">
    <UnregisterServices>
      <Service_Name>srapNetletService</Service_Name>
      <Service_Name>srapNetFileService</Service_Name>
      <Service_Name>srapGatewayAccessService</Service_Name>
    </UnregisterServices>
 </UserRequests>
</Requests>
   
EOF
    $CAT $UNASSIGN_SRASERVICES
    AMADMIN=$IDSAME_BASEDIR/$IDSAME_PRODUCT_DIR/bin/amadmin
    $AMADMIN --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" --verbose --continue --data $UNASSIGN_SRASERVICES
    $RM -f $UNASSIGN_SRASERVICES

}

####################################################################################
# Main
####################################################################################

# Make sure that the user is root.
CheckUser

# Make sure that the required state files are present.
CheckStateFiles

# Initialize all global variables.
Initialize

# Set paths.
SetPaths

# Add rewriter rulesets.
AddRewriterRuleSets

# Assign SRA services.
AssignSRAServices

# Unassign SRA services for amService-srapGateway user
#UnAssignSRAServicesToLogUser

exit 0
