#!/bin/ksh -p
#
# ident "@(#)utati.ksh	1.4	08/12/02 SMI"
#
# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#

#
# utati - Automatic Token Importation agent
#
# Usage: utati [-d token] [-a token]
#
# -a token
#
# Pass token to customer site ati script.  If registration information
# is provided use it to register the token locally, then disconnect
# session so that DTU will reconnect and use new local registration
# data.
#
#
# -d token
#
# Pass token to customer site ati script.  If no registration
# information is provided delete local token registration.
#
#
# Exit status:
# 0: success
# 1: usage error
# 2: system error
# 3: customer ATI script indicates token should be refused
# 4: token is already registered
#

usage() {
	print "Usage: $(basename $0) -a|d <itoken>"
}

doLog() {
	logger -i -p user.$1 -t $(basename $0) "$2"
}

# main

PATH=/usr/bin:/bin:/usr/sbin:/sbin

utatilu=/etc/opt/SUNWut/basedir/lib/utatilu
utuser=/etc/opt/SUNWut/basedir/sbin/utuser

aflag=0
dflag=0
luopt=
itoken=
while getopts a:d: opt; do
	case $opt in
		a)	aflag=1
			itoken=$OPTARG
			;;
		d)	dflag=1
			luopt="-w"
			itoken=$OPTARG
			;;
		?)	usage 1>&2
			exit 1;;
	esac
done
shift $((${OPTIND} - 1))
if [ $# != 0 -o $(( ${aflag} + ${dflag} )) -ne 1 ]; then
	usage 1>&2
	exit 1
fi

doLog debug "About to call site ATI script for token '${itoken}'"

# execute customer site ATI script and eval sanitized output
errtmp=/var/run/utati.err.$$
outtmp=/var/run/utati.out.$$
${utatilu} ${luopt} ${itoken} 2>${errtmp} >${outtmp}
status=$?
errout="$(cat ${errtmp})"
rm -f ${errtmp}

if [ $status -ne 0 ]; then
	doLog error "Site ATI script returned non-zero status: ${errout}"
	rm -f ${outtmp}
	exit 2
fi

# Note the following source statement is only safe because utatilu
# used utkeyval to vet input and ensure it is safe to process in this
# manner (only key=value assignments using recognized keys).
. ${outtmp}
rm -f ${outtmp}

if [ -z "${registered}" ]; then
	doLog error "Site ATI script did not return 'registered' key on stdout, no action taken"
	exit 3
fi

if [ ${aflag} -eq 1 ]; then
	doLog debug "Check to add token '${itoken}'"
	if [ "${registered}" -eq 1 ]; then
		typeset -Z5 rnum=$RANDOM
		# Note we need to break up % H % and % M % due to SCCS key expansion
		tokenid="IMPORTED-$(/bin/date +%y%m%d%H""%M""%S)-${rnum}"
		output=$(${utuser} -a "${itoken},,,${name},${otherInfo}" -N "${tokenid}" 2>&1)
		status=$?
		case $status in
			0)
				# all is well
				doLog debug "Site ATI script returned registered=1"
				;;
			221)
				# This case can legitimately
				# occur when policy disallows
				# the type of the itoken but
				# the ATI script says to
				# register it
				doLog debug "Token already registered"
				exit 4
				;;

			*)
				print -u2 -r "$output"
				doLog error "utuser returned fatal error"
				exit 2
				;;
		esac
	else
		doLog debug "Site ATI script returned registered=0"
		exit 3
	fi
fi

if [ ${dflag} -eq 1 ]; then
	doLog debug "Check to delete token '${itoken}', registered=${registered}"
	if [ "${registered}" -eq 0 ]; then
		${utuser} -d "${itoken}" 2>&1 | egrep -v -e 'Deleted one user.|^$' 1>&2
	fi
fi

exit 0
