#!/bin/bash
set +x
###
#功    能：系统用户密码即将过期巡检项
#输入参数：无
#标准输出：打印信息显示
#          user:user password info
#          Result:${res} 0:通过； 1：不通过  4：建议优化
###

LOG_FILE="/var/log/inspect.log"

G_INSPECT_MMLPATH="/opt/huawei/snas/script/inspect_mml"
source $G_INSPECT_MMLPATH/CheckItems
CurInspectNum="276"
CurInspectFun="$(GetInspectType $CurInspectNum)"
RESULTFILE="/tmp/tmpResult${CurInspectFun}"
>${RESULTFILE}
LOG_FILE="/var/log/inspect.log"

function LOG
{
   time=$(date)
   echo [${time}][$$][$CurInspectFun]$@ >> $LOG_FILE
}

#node_service_type 1 DFS 2 S3 3 Swift
#Result取值：0(通过),1(不通过),4(建议优化)
user_list=""
######################################################################
#   FUNCTION   : init_user_list
#   DESCRIPTION: 初始化账户列表
#   INPUT      : 无
#   OUTPUT     : 无
######################################################################
function init_user_list()
{
    user_list=("root" "snasuser" "omuser" "omsftp")
    LOG "[$LINENO]user_list:${user_list}"
}
######################################################################
#   FUNCTION   : judge_expiring_account
#   DESCRIPTION: 系统用户密码即将过期判断
#   INPUT      : 无
#   OUTPUT     : 无
######################################################################
function getTimeZoneDiffSeconds()
{
    timeSeconds=$1
    curTimeZone="$(date +%z)"
    curTimeZoneSign="${curTimeZone:0:1}"
    curTimeZoneHour="${curTimeZone:1:2}"
    curTimeZoneMin="${curTimeZone:3:2}"
    diffSeconds=$(echo "${curTimeZoneHour} * 3600 + ${curTimeZoneMin} * 60" | bc)
    if [ "X${curTimeZoneSign}" == "X+" ]; then
        timeSeconds=$(($timeSeconds - $diffSeconds))
    else
        timeSeconds=$(($timeSeconds + $diffSeconds))
    fi
    echo "${timeSeconds}"
}

function judge_expiring_account()
{
    local isPass=0
    local lasttime=0
    local pswd_expires_date=0
    local now_date=0
    local day_before_overdue=0

    for ((i=0; i<${#user_list[@]}; i++))
    do
        chage_info=`chage -l ${user_list[$i]}`
        password_expires=`echo "$chage_info" | grep -i "^Password Expires" | awk -F':' '{print $2}' | sed 's/^[ \t]*//g' | sed 's/[ \t]*$//g'`
        if [ "X${password_expires}" == "Xnever" -o "X${password_expires}" == "XNever" ];then
            LOG "[$LINENO]account ${user_list[$i]}'s password never expire"
            continue
        fi

        warning=`echo "$chage_info" | grep -i "Warning" | awk -F':' '{print $2}' | sed 's/^[ \t]*//g' | sed 's/[ \t]*$//g'`
       #即将过期天数设置为至少7天
        if [ $warning -lt 7 ];then
            warning="7"
        fi
        #转换为秒数
        let warning*=86400
        pswd_expires_date=$(date -d "${password_expires}" +%s)
        if [ $? -ne 0 ]; then
            LOG "[$FUNCNAME] Fail! Time para is ${password_expires}"
            pswd_expires_date=$(date -u -d "${password_expires}" +%s)
            pswd_expires_date=$(getTimeZoneDiffSeconds ${pswd_expires_date})
        fi
        now_date=$(date -d now +%s)
        lasttime=$(echo "${pswd_expires_date}-${now_date}" |bc -l)

        if [ $lasttime -lt 0 ];then
            if [ "${user_list[$i]}" == "obsbilling" ];then
                isPass=$(check_pass $isPass 4)
            else
                isPass=$(check_pass $isPass 1)
            fi
            echo "[ERR]INFO:${user_list[$i]} Password Expire Date ${password_expires}" >> ${RESULTFILE} 2>&1
            LOG "[$LINENO]${user_list[$i]}:Password Expire Date ${password_expires}"
        elif [ $lasttime -lt $warning ];then
            isPass=$(check_pass $isPass 4)
            day_before_overdue=$(awk -v a=$pswd_expires_date -v b=$now_date 'BEGIN{printf("%d",(a-b)/86400)}')
            echo "[ERR]INFO:${user_list[$i]} Password Expire Date ${password_expires},Days before overdue ${day_before_overdue}." >> ${RESULTFILE} 2>&1
            LOG "[$LINENO]${user_list[$i]}:Password Expire Date ${password_expires},Days before overdue ${day_before_overdue}."
        fi
    done

    return $isPass
}
function main()
{
    local iRet=0
    #初始化账户列表
    init_user_list
    #系统用户密码即将过期判断
    judge_expiring_account
    iRet=$?
    if [ 0 -eq ${iRet} ] ;then
        echo "INFO:pass" >> ${RESULTFILE} 2>&1
    fi
    echo "${CurInspectFun}_Pass ${iRet}" >>${RESULTFILE} 2>&1
    LOG "[$LINENO]result=${iRet};"
}

main

