#!/bin/bash
set +x

LOG_FILE="/var/log/inspect.log"
G_MML_FILE_PATH="/opt/huawei/snas/script/inspect_mml"
source $G_MML_FILE_PATH/CheckItems
tmp_permission="/tmp/tmpfile$$Permission"
CurInspectNum="286"
CurInspectFun="$(GetInspectType $CurInspectNum)"
RESULTFILE="/tmp/tmpResult${CurInspectFun}"
>${RESULTFILE}

FIFO_OPERATE_ID=762
FIFO_THREAD_NUM_MAX=8

function LOG
{
    time=$(date)
    echo [${time}][$$][$CurInspectFun]$@ >> $LOG_FILE
}

#使用fifo管道, 实现多进程并行
#param1: 文件fd; param2:同时执行的进程个数
function fifo_start
{
    local tmpfifo_id="$1"
    local tmpthread_num_max="$2"
    local tmp_fifofile="/tmp/fifo_file_start_$$.fifo"

    trap "exec ${tmpfifo_id}>&-;exec ${tmpfifo_id}<&-;exit 0" 2

    mkfifo "${tmp_fifofile}"
    eval "exec ${tmpfifo_id}<>${tmp_fifofile}"
    rm -rf "${tmp_fifofile}"

    for ((i=0;i<$tmpthread_num_max;i++))
    do
        eval "echo >&${tmpfifo_id}"
    done
}

#删除文件描述符号
function fifo_finish
{
    local tmpfifo_id="$1"
    eval "exec ${tmpfifo_id}>&-"
    eval "exec ${tmpfifo_id}<&-"
}

#检查权限
function checkPermission()
{
    local tmpfile="$1"
    local msgfile=""
    local msgFileDisplay=""
    local expectUid=""
    local actualUid=""
    local softlinkflag=0
    local Num=0
    local platform=$( arch )
    OLD_IFS=$IFS
    IFS=$'\n'
    context=$(cat ${tmpfile})
    for line in ${context};do
        Num=$((Num+1))
        if [ "$[Num%300]" = "0" ];then
            sleep 3
        fi
        read -u ${FIFO_OPERATE_ID}
        {
            echo "${line}" |grep "^File" >/dev/null
            if [ $? -ne 0 ];then
                LOG "[$LINENO]:err info(${line})"
                echo >& ${FIFO_OPERATE_ID}
                continue
            fi

            #为了和之前的显示风格一致，需要判断一下是否有软连接
            echo "${line}" | awk '{print $1}' | grep '\->' >/dev/null
            if [ $? -eq 0 ];then
                if [ X"${platform}" == X"x86_64" ]; then
                msgfile=$(echo "${line}" | awk '{print $1}'| awk -F '‘|’' '{print $2}')
                msgFileDisplay=$(echo "${line}" | awk '{print $1}' | awk -F'’|‘' '{print $2 $3 $4}')
                else
                    msgfile=$( echo "${line}" | awk -F "->" '{print $1}' | awk -F: '{print $2}' )
                    msgFileDisplay=$(echo "${line}" | awk '{print $1}' | awk -F: '{print $2}' )
                fi
                softlinkflag=1
            else
                if [ X"${platform}" == X"x86_64" ]; then
                msgfile=$(echo "${line}" | awk '{print $1}'| awk -F '‘|’' '{print $2}')
                else
                    msgfile=$( echo "${line}" | awk -F: '{print $2}' | awk '{print $1}' )
                fi
            fi

            if [ -e "${msgfile}" ];then
                expectUid=$(echo "${line}" | awk '{print $2}' | sed '/Access:/s/Access:(\([0-9]\+\)\/.*/\1/')
                actualUid=$(stat "${msgfile}" | grep "Access.*Uid:" | sed '/Access:/s/Access: (\([0-9]\+\)\/.*/\1/')
                if [ "X${expectUid}" == "X" ] || [ "X${actualUid}" == "X" ];then
                    LOG "[$LINENO]: info=[${line}],file=[${msgfile}] ,expectUid=[${expectUid}],actualUid=[${actualUid}]"
                    echo >& ${FIFO_OPERATE_ID}
                    continue
                fi
            else
                LOG "[$LINENO]: info=[${line}],file=[${msgfile}] is not exist in Environment"
                echo >& ${FIFO_OPERATE_ID}
                continue
            fi

            if [ ${softlinkflag} -eq 1 ];then
                msgfile="${msgFileDisplay}"
                softlinkflag=0
            fi

            if [ "${expectUid}" != "${actualUid}" ];then
                echo "filename0:${msgfile}||realmod:${actualUid}||logmod:${expectUid}" >>${RESULTFILE} 2>&1
            else
                echo "filename1:${msgfile}||realmod:${actualUid}||logmod:${expectUid}" >>${RESULTFILE} 2>&1
            fi
            echo >& ${FIFO_OPERATE_ID}
        } &
    done
    IFS=${OLD_IFS}
}

ls /opt/huawei/deploy/script/ |grep -w Record_os_permission.sh >/dev/null
if [ $? -eq 1 ]; then
    echo "S30_get_os_permission.sh not exist,pass." >>${RESULTFILE} 2>&1
    exit 0
fi

ls /opt/ |grep -w permission.log >/dev/null
if [ $? -eq 1 ];then
    sh /opt/huawei/deploy/script/Record_os_permission.sh nocheck_ds
    echo "create permission.log success." >>${RESULTFILE} 2>&1
    exit 0
fi
#对比cluster_service_type
real_cluster_service_type=$(cat /opt/huawei/snas/etc/snas.ini | grep cluster_service_type | awk -F "=" '{print $2}')
log_cluster_service_type=$(cat /opt/permission.log | grep cluster_service_type | awk -F "=" '{print $2}')
if [ $real_cluster_service_type -ne $log_cluster_service_type ];then
    #不相等则刷新日志文件在匹配
    LOG "[$LINENO]:start Refresh file"
    sh /opt/huawei/deploy/script/Record_os_permission.sh nocheck_ds
fi

if [ ! -f "/opt/permission.log" ];then
    LOG "[$LINENO]miss file(/opt/permission.log)."
    exit 1
fi

cat /opt/permission.log | tr -d "\`"|tr -d "'"|tr -d " " | sed '/^File/N;s/\n/ /' >${tmp_permission}

if [ ! -s "${tmp_permission}" ];then
    sleep 1
    cat /opt/permission.log | tr -d "\`"|tr -d "'"|tr -d " " | sed '/^File/N;s/\n/ /' >${tmp_permission}
    if [ ! -s "${tmp_permission}" ];then
        LOG "[$LINENO]Get infomation failed."
        [ -f "${tmp_permission}" ] && rm "${tmp_permission}"
        exit 1
    fi
fi

fifo_start "${FIFO_OPERATE_ID}" "${FIFO_THREAD_NUM_MAX}"
#对比permission.log中记录的目录或者文件的权限是否与环境上的匹配
LOG "[$LINENO]:start check file permission"
checkPermission "${tmp_permission}"
wait
LOG "[$LINENO]:end check file permission"
fifo_finish

#检查log目录下是否有软连接snassh
context=$(find /var/log/ -name snassh)
if [ "X${context}" != "X" ];then
    for line in $context;do
        echo "snassh:$line" >>${RESULTFILE} 2>&1
    done
fi

[ -f "${tmp_permission}" ] && rm "${tmp_permission}"
exit 0
