#!/bin/sh
#
#	 Copyright (c) 2016-2020 Brocade Communications Systems, Inc.
#	 All rights reserved.
#
#	 File name:   countsession
#	 Module name: fabos/src/security/countsession.sh
#
#	 This script counts number of user sessions to determine 
#	 if we have reached max sessions
#

#
# Get the number of session the current user is logged in
#

max_telnet_sessions=4
max_maintenance_sessions=2
max_total_sessions=32

#
# Get the number of session by remote user with given role
#
get_remote_count()
{
	rlogin=0
	uid=`/usr/bin/id -u`
	login_list=`/bin/ps -u $uid | /bin/grep "rbash" | /bin/awk {'print $1'}` 2>/dev/null
	for l in `echo $login_list`
	do
		env=`/bin/cat /proc/$l/environ  2>/dev/null | /bin/grep 'AUTH_TYPE=1'` 2>/dev/null
		if [[ ! -z $env ]]; then
			rlogin=`expr $rlogin + 1`
		fi	
	done
	echo $rlogin
}

get_user_session_count()
{
	USER=$1
	count=0
	userlength=`expr length $USER`
	#Here console port login is also included from no_sessions
	if [ $userlength -gt 32 ]; then
		username=`echo $USER | /usr/bin/cut -c 1-32`
	else
		username=$USER
	fi
	user_list=`/usr/bin/who -u | grep $username | /usr/bin/cut -d ' ' -f1` 2>/dev/null
	for u in `echo $user_list`
	do
		if [ $u = $username ]; then
			count=`expr $count + 1`
		fi
	done
	if [ "$username" == "admin" ] || [ "$username" == "user" ]; then
		rlogin=`get_remote_count $username`
		if [ $rlogin  -le $count ]; then
			count=`expr $count - $rlogin`
		fi
	fi
	echo $count

}

#Here accounts logged in using switch authentication type are considered

# validate input parameters
case $# in
    0) echo "No username provided" >&2 ; exit 255;;
    1) echo "Not enough parameters provided" >&2 ; exit 255;;
    2) echo "Not enough parameters provided" >&2 ; exit 255;;
    3) user=$1; auth_type=$2; rolename=$3;;
    *) echo "Too many parameters provided" >&2 ; exit 255;;
esac

# local
if [ "$auth_type" == "0" ]; then
	no_sessions=`get_user_session_count $user`
	if [ "$user" = "maintenance" -a $no_sessions -ge $max_maintenance_sessions ]; then
		/bin/echo "Max remote sessions for login:$user is $max_maintenance_sessions"
		exit 1 2>/dev/null
	fi
	if [ $no_sessions -ge $max_telnet_sessions ]; then
		/bin/echo "Max remote sessions for login:$user is $max_telnet_sessions"
		exit 1 2>/dev/null
	fi
# remote
else
	if [ "$rolename" = "maintenance" ]; then
		#Here console port login is also included from no_sessions
		no_sessions=`/usr/bin/who -u | grep "$rolename" | /usr/bin/wc -l` 2>/dev/null
		if [ "$no_sessions" -ge $max_maintenance_sessions ]; then
			/bin/echo "Max remote sessions for login:$user is $max_maintenance_sessions"
			exit 1 2>/dev/null
		fi
	fi
fi	

total_sessions=`/usr/bin/who | /usr/bin/wc -l` 2>/dev/null
if [ $total_sessions -ge $max_total_sessions ]; then
	/bin/echo "Max remote sessions for all accounts is $max_total_sessions"
   exit 1 2>/dev/null
fi

exit 0 2>/dev/null
