#!/usr/bin/perl
# IBM_PROLOG_BEGIN_TAG 
# This is an automatically generated prolog. 
#  
#  
#  
# Licensed Materials - Property of IBM 
#  
# (C) COPYRIGHT International Business Machines Corp. 2004,2019 
# All Rights Reserved 
#  
# US Government Users Restricted Rights - Use, duplication or 
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. 
#  
# IBM_PROLOG_END_TAG 
# sccsid = "@(#)66   1.12   src/rsct/rm/LPRM/cli/bin/mklpcmd.perl, LPRM, rsct_rady, rady2035a 11/12/15 16:38:30"

# Creates an RMC Least Privilege Command 

use strict;
use locale;
BEGIN
  {
	# this enables us to redirect where it looks for other RSCT files during development
	$::rsctroot = $ENV{'RSCT_ROOT'} || '/opt/rsct';
	$::rsctpm = "$::rsctroot/pm";
	$::rsctmsgmaps = "$::rsctroot/msgmaps";
  }

use lib $::rsctpm;
use Getopt::Std;
use CT_cli_utils qw(printIMsg printEMsg);
use LPRM_cli_utils qw(process_api_error process_exit_code);
use LPRM_cli_include qw($DELIMITERI $DELIMITERO);
use Socket;

$main::PROGNAME = 'mklpcmd';
$main::MSGCAT = 'lprmcli.cat';
$main::LSMSG = '/opt/rsct/bin/ctdspmsg';

# For the usage, see lprmcli.msg
sub usage { printIMsg('IMsgMklpcmdUsageNew1');  exit (scalar(@_) ? $_[0] : 1); }

# Parse the cmd line args and check them
#if (! getopts('ln:hvV') ) { &usage; }
if (! getopts('c:ln:R:s:A:hTV') ) { &usage(3); }
#if (scalar(@ARGV) < 2 || $::opt_h) { &usage; }
if ($::opt_h) { &usage(0); }
if (scalar(@ARGV) < 2) { &usage(4); }
if ( (scalar(@ARGV)%2) !=0 ) { &usage(4); }
#if ($::opt_V) { $::opt_v = 1; }

my $opt_nodes;
my $name = shift @ARGV;
if ($name eq "") 
   {
    # bad name
    printEMsg('EMsgMklpcmdNameMissing');
    exit(5) ;
   }
my $cmd = join(' ', shift @ARGV);
if (!defined($::opt_l)) { $::opt_l = 0; }

if (defined($::opt_c))
   {
        $::opt_c = "${DELIMITERI}ControlFlags${DELIMITERI}$::opt_c";
   }

if (defined($::opt_n))
  {
	#todo: support symbolic names for values 2 and 3
	if ($ENV{CT_MANAGEMENT_SCOPE}!=2 && $ENV{CT_MANAGEMENT_SCOPE}!=3) { $ENV{CT_MANAGEMENT_SCOPE}=4; }
	$opt_nodes=$::opt_n;
	$::opt_n = "${DELIMITERI}NodeNameList${DELIMITERI}{'$::opt_n'}";
  }
else { $ENV{CT_MANAGEMENT_SCOPE}=1; }

if (defined($::opt_R))
   {
        $::opt_R = "${DELIMITERI}RunCmdName${DELIMITERI}$::opt_R";
   }
if (defined($::opt_s))
   {
        $::opt_s = "${DELIMITERI}FilterScript${DELIMITERI}$::opt_s";
   }
if (defined($::opt_A))
   {
        $::opt_A = "${DELIMITERI}FilterArg${DELIMITERI}'$::opt_A'";
   }

# Deal with quotes in the cmd
# if the value already has quotes around it, do not quote it
if (!( $cmd =~ /^(".*"|'.*')$/ ))
  {
	# if the value has imbedded double quotes, use single quotes
	if ($cmd =~ /\"/) { $cmd = qq('$cmd'); } # use the other quotes
	else 		# use double quotes
	  {
		$cmd =~ s/\"/\\\"/sg;     # escape embedded double quotes
		$cmd = qq("$cmd");
	  }
  }

if ($::opt_T) {print STDERR "$main::PROGNAME: calling mkrsrc-api to create a LP resource\n ";}

my $cmd = qq(/usr/bin/mkrsrc-api -I $DELIMITERI -D $DELIMITERO IBM.LPCommands${DELIMITERI}Name${DELIMITERI}${name}${DELIMITERI}CommandPath${DELIMITERI}${cmd}${DELIMITERI}Lock${DELIMITERI}$::opt_l$::opt_n$::opt_R$::opt_s$::opt_A$::opt_c 2>&1);
#if ($::opt_v) { $main::PROGNAME = 'lslpcmd'; printIMsg('IMsgRmcCmd', $cmd); $main::PROGNAME = 'mklpcmd'; }
if ($::opt_V) { $main::PROGNAME = 'lslpcmd'; printIMsg('IMsgRmcCmd', $cmd); $main::PROGNAME = 'mklpcmd'; }

my @output = `$cmd`;
#my $rc = $? >> 8;
my $rc = $?;
$rc = process_exit_code($rc);
if ($rc)
  {
        if ($::opt_T) {print STDERR "$main::PROGNAME: mkrsrc-api returned $rc\n ";}
	#if (!$::opt_v) { $output[0] =~ s/.*::.*::.*::.*::.*:://; }
	#if (!$::opt_V) { $output[0] =~ s/.*::.*::.*::.*::.*:://; }
	#print @output;
        process_api_error($DELIMITERO,$rc,@output);
	exit $rc;
  }
if ($#ARGV >= 0)
   {
    my $i = 0;
    my $idpermpair ="";
    while($i <= $#ARGV)
       {
        #print "Argument $i is $ARGV[$i].\n";
        my $id = $ARGV[$i];
        #print "Argument $i+1 is $ARGV[$i+1].\n";
        my $perm = $ARGV[$i+1];
        $idpermpair= $idpermpair."${id}${DELIMITERI}$perm"."${DELIMITERI}";
        $i = $i+2;
       }
    #print "idpermstring is $idpermpair.\n";
    my $selectstr = "Name='$name'";
    # 1122846
    if (defined($opt_nodes))
     {
        my @nodes = split(/[, ]+/,$opt_nodes);
        if (length($selectstr)) { $selectstr .= ' && '; }
        $selectstr .= q/NodeNameList IN ('/ . join("','",@nodes) . q/')/;
     }

    if (length($selectstr)) { $selectstr = qq("$selectstr"); }

    if ($::opt_T) {print STDERR "$main::PROGNAME: calling chrsrcacl-api to modify the ACLs of the LP resource\n ";}
    my $cmd = qq(/usr/bin/chrsrcacl-api -I $DELIMITERI -D $DELIMITERO -s IBM.LPCommands${DELIMITERI}${selectstr}${DELIMITERI}$idpermpair 2>&1);
    if ($::opt_V) { $main::PROGNAME = 'lslpcmd'; printIMsg('IMsgRmcCmd', $cmd); $main::PROGNAME = 'mklpcmd'; }

    my @output = `$cmd`;
    #my $rc = $? >> 8;
    my $rc = $?;
    $rc = process_exit_code($rc);
    if ($rc)
       {
        if ($::opt_T) {print STDERR "$main::PROGNAME: chrsrcacl-api returned $rc\n ";}
        #if (!$::opt_V) { $output[0] =~ s/.*::.*::.*::.*::.*:://; }
        #print @output;
        process_api_error($DELIMITERO,$rc,@output);
        exit $rc;
       }
    }

exit $rc;