#!/bin/bash
#
# This script is a trouble shooting tool for Group policy.
# Include the following functions
# 1: policy process dump
# 2: policy rsop dump
# 3: policy default value set
# 4: policy value query
#

HDX_LOG=/var/log/xdl/hdx.log
VDA_LOG=/var/log/xdl/vda.log
POLICY_DEFAULT_PATH='HKLM\\Software\\Citrix\\GroupPolicy\\Defaults'
ROOT_UID=0
BIN_PATH=/opt/Citrix/VDA/bin
VAR_PATH=/var/xdl

function usage()
{
   $BIN_PATH/getstr  SHELL_POLICY_USAGE $0
}

function getLogFile()
{
	if [ ! -f $HDX_LOG ]; then
		$BIN_PATH/getstr SHELL_POLICY_NO_HDX_LOG
	fi
		$BIN_PATH/getstr SHELL_POLICY_NO_VDA_LOG

	if [ ! -f $VDA_LOG ]; then
		$BIN_PATH/getstr SHELL_POLICY_NO_VDA_LOG
	fi  

	if [ ! -f $HDX_LOG ] && [ ! -f $VDA_LOG ]; then
		$BIN_PATH/getstr SHELL_POLICY_NO_HDX_LOG
		$BIN_PATH/getstr SHELL_POLICY_NO_VDA_LOG
		exit 1
	fi

	cat  $HDX_LOG $VDA_LOG > /tmp/output.log
}
#if parameter number is 0, then call the usage function

if [ $# = 0 ]; then
	usage
	exit 1
fi
																																																																							
case "$1" in
 -D)
  # Dump policy process
  if [ "$2" = -u ]; then
	getLogFile
	grep -E 'POLICY SERVICE|HDX POLICY' /tmp/output.log > /tmp/policy.log
  elif [ "$2" = -m ]; then
	getLogFile
	grep -E 'POLICY SERVICE|VDA POLICY' /tmp/output.log > /tmp/policy.log
  elif [ ! -n "$2" ]; then
	getLogFile
	grep -E 'POLICY SERVICE|HDX POLICY|VDA POLICY' /tmp/output.log > /tmp/policy.log  
  else  $BIN_PATH/getstr SHELL_POLICY_INVALID_SEQ
	 $BIN_PATH/getstr SHELL_POLICY_TYPE_HELP $0
	 exit 1

  fi
  sort -k1,2 /tmp/policy.log
  rm  -f /tmp/output.log  /tmp/policy.log
  ;; 
 -R)
  # Dump rsop of the policy evaluation result.
  #Cause the ctxreg binary need the root privileges, add the restriction here
  if [ "$UID" != "$ROOT_UID" ]; then
	$BIN_PATH/getstr SHELL_POLICY_MUST_ROOT
	exit 1
  fi

  if [ "$2" = -u ]; then
	$BIN_PATH/ctxreg  dump | grep 'User\\'> /tmp/rsop
	if [ -n "$3" ]; then
		$BIN_PATH/ctxqsession  > /tmp/rsop1
		#if there is '\' in the userName, replace it with '\\'
		#Cause awk will delete one backslash when pass the variable
		name=$(echo $3 |sed 's/\\/\\\\/g')
		awk -v var="$name" '$2==var {print $1}' /tmp/rsop1 > /tmp/rsop2
		if [ ! -s /tmp/rsop2 ]; then
			$BIN_PATH/getstr SHELL_POLICY_NO_POLICY_IN_USE $3
			exit 1;
		fi
		sessionID=$(awk -F ":" '{print $2}' /tmp/rsop2)
		cat /tmp/rsop | grep "$sessionID\\\\"  > /tmp/rsop3
		cp /tmp/rsop3 /tmp/rsop
		rm -f /tmp/rsop1 /tmp/rsop2 /tmp/rsop3
	fi
  elif [ "$2" = -m ]; then
	$BIN_PATH/ctxreg  dump | grep  'Policies\\Citrix\\' | grep -v '\\Policies\\Citrix\\.*\\' > /tmp/rsop
  elif [ ! -n "$2" ]; then  
	$BIN_PATH/ctxreg dump | grep 'Policies\\Citrix\\' | grep -v 'Evidence' > /tmp/rsop
  else $BIN_PATH/getstr SHELL_POLICY_INVALID_SEQ 
	  $BIN_PATH/getstr SHELL_POLICY_TYPE_HELP $0
	  exit 1
  fi
  sed -i 's/\"//g' /tmp/rsop
  awk 'BEGIN{printf "%-70s\t%-10s\t%-40s\t%-30s\n","|KEY PATH","|type","|value","|data"}$4 == "-t" {printf "%-70s\t%-10s\t%-40s\t%-30s\n",$3,$5,$7,$9}' /tmp/rsop
  rm -f /tmp/rsop

 ;;
 -S)
  #Set policy default value, need to input keyName and data of the policy"
  if [ "$UID" != "$ROOT_UID" ]; then
	$BIN_PATH/getstr SHELL_POLICY_MUST_ROOT 
	exit 1
  fi

  if [ "$2" = -v ] && [ -n "$3" ] && [ "$4" = -t ] && [ -n "$5" ] && [ "$6" = -d ] && [ -n "$7" ]; then
	awk -v var="$3" '$1==var {print $1}' $VAR_PATH/policyList > /tmp/set
	if [  -s /tmp/set ]; then
		$BIN_PATH/ctxreg create -k "$POLICY_DEFAULT_PATH" -v $3 -t $5 -d $7 "--force"
      else
		  $BIN_PATH/getstr SHELL_POLICY_NOT_SUPPORTED
		  exit 1;
      rm -f /tmp/set
	  fi
  else  $BIN_PATH/getstr SHELL_POLICY_INVALID_SEQ
	  $BIN_PATH/getstr SHELL_POLICY_TYPE_HELP $0
	  exit 1
  fi
 ;;
 -Q)
 #Dump the policy values both in rsop path and default policy path
 #Cause the ctxreg binary need the root privileges, add the restriction here
 if [ "$UID" != "$ROOT_UID" ]; then
	$BIN_PATH/getstr SHELL_POLICY_MUST_ROOT 
	exit 1
 fi
 if [ "$2" = -v ] && [ -n "$3" ]; then
	
	awk -v var="$3" '$1==var {print $1}' $VAR_PATH/policyList > /tmp/query1
	if [  -s /tmp/query1 ]; then
	$BIN_PATH/ctxreg dump |grep "$3" >> /tmp/query
		 sed -i 's/\"//g' /tmp/query
		 awk 'BEGIN{printf "%-60s\t%-10s\t%-40s\t%-20s\n","|KEY PATH","|type","|value","|data"}{printf "%-60s\t%-10s\t%-40s\t%-20s\n",$3,$5,$7,$9}' /tmp/query
		 rm -f /tmp/query
	else
		$BIN_PATH/getstr SHELL_POLICY_NOT_SUPPORTED
		exit 1;

	rm -f /tmp/query1
	fi
 else  $BIN_PATH/getstr SHELL_POLICY_INVALID_SEQ	
	$BIN_PATH/getstr SHELL_POLICY_TYPE_HELP $0
	exit 1
 fi
 ;;
 -h|--help)
 usage
;;
*)
 $BIN_PATH/getstr SHELL_POLICY_INVALID_SEQ
$BIN_PATH/getstr SHELL_POLICY_TYPE_HELP $0
;;
esac



