#!/bin/ksh -p
#
# ident "@(#)utatilu.ksh	1.3	08/11/04 SMI"
#
# Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#

#
# utatilu - interface to customer ATI scripts
#
# Usage: utatilu [-w] <itoken>
#
# Pass <itoken> to the customer site ATI script, along with other
# environmental information as specified by the ATI Customer API.  If
# the -w option is specified, only insert_token will be provided to
# the API.
#
# The output of this script is the same as the output of the ATI
# Customer API, and the output will be vetted for safe evaluation
# directly in a shell environment.
#
# In order for the customer site ATI script to be executed, the
# following must be true:
# /etc/opt/SUNWut/site/bin has owner root
# /etc/opt/SUNWut/site/bin is not writeable by group or other
# Script is installed at /etc/opt/SUNWut/site/bin/ati
# /etc/opt/SUNWut/site/bin/ati has owner root
# /etc/opt/SUNWut/site/bin/ati is not writeable by group or other
#
#
# ATI Customer API (relative to customer ATI script)
# ==============================================
#
# Input (stdin)
#
# These keys exactly mirror the input for AMGH, for maximal
# reusability of scripts in the ATI and AMGH contexts, and to reduce
# learning curve. See the ut_amgh_script_interface man page for more
# details:
#
#    * insert_token
#      the token id inserted
#
# If -w is not specified, the following keys/values will also be supplied to the API
#
#    * terminal_cid
#      the canonical terminal id
#
#
# Output (stdout)
#
# These keys are analogs to the values which can be provided to utuser
# -a (i.e. the SRSS utility used for token registration). See the
# utuser man page for more details.
#
#    * name
#      This required key's value will go into the name field
#    * otherInfo
#      This optional key's value will go into the other-info field of the token
#
# In addition, the following key must be returned:
#
#    * registered
#      If this value is non-zero, the token should be considered
#      registered, otherwise all other return keys will be ignored
#
# If either the registered or name keys are not returned, or the
# registered value is 0, all other output will be ignored and the
# token will not be registered.  Unless the registered value is 0, a
# warning will be logged.
#
# Error handling (stderr)
#
# If exit status is non-zero, any output written to stderr represents
# an error string
#

# getKeyValueFromFile filename key
getKeyValueFromFile() {
	if [ -r "$1" ]; then
		sed -n "s/^${2}=//p" $1
	else
		doLog error "'$1' not readable"
		exit 2
	fi
}

doLog() {
	logger -i -p user.$1 -t $(basename $0) "$2"
}

usage() {
	doLog error "Usage: $(basename $0) [-w] <itoken>"
}

# make sure that neither the site script nor /etc/opt/SUNWut/site/bin
# are writable by other than root.
goodPerms() {
	DIR=$(dirname $1)
	[ -n "$(find $1 -user root \! -perm -g+w \! -perm -o+w )" ] && \
		[ -n "$(find $DIR -user root \! -perm -g+w \! -perm -o+w )" ]
}

# main

PATH=/usr/bin:/bin:/usr/sbin:/sbin

CUST_ATI_SCRIPT=/etc/opt/SUNWut/site/bin/ati

STATUS=0

CONFDIR=/var/opt/SUNWut

if [ ! -f "${CUST_ATI_SCRIPT}" ]; then
	doLog debug "${CUST_ATI_SCRIPT} not installed"
	# Not an error, leave STATUS=0
elif ! goodPerms ${CUST_ATI_SCRIPT}; then
	doLog error "${CUST_ATI_SCRIPT} or directory has invalid perms"
	STATUS=2
else
	UTKEYVET=/etc/opt/SUNWut/basedir/lib/utkeyvet

	set -A OUTPUTKEYS name otherInfo registered

	wflag=
	while getopts w opt; do
		case $opt in
			w)	wflag=1;;
			?)	usage
				exit 1;;
		esac
	done
	shift $(($OPTIND - 1))

	INSERT_TOKEN="$1"
	if [ $# -ne 1 -o -z "$INSERT_TOKEN" ]; then
		usage
		exit 1
	fi

	if [ -z "$wflag" ]; then
		DISPFILE=${CONFDIR}/itokens/${INSERT_TOKEN}
		DISPLAYNUM=$(sed -n "s/^DISPLAY="//p $DISPFILE)
		DISPINFO=${CONFDIR}/dispinfo/${DISPLAYNUM}

		TERMINAL_CID=$(getKeyValueFromFile $DISPINFO TERMINAL_ID)
	else
		TERMINAL_CID=""
	fi


	OUTPUT=$(${CUST_ATI_SCRIPT} <<-EOF 
insert_token=${INSERT_TOKEN}
terminal_cid=${TERMINAL_CID}
	EOF
		)

	STATUS=$?

	if [ "$STATUS" -ne 0 ]; then
		doLog warning "Customer ATI script returned bad status $STATUS"
	else
		doLog debug "Customer ATI script for token '$INSERT_TOKEN' returned '
$OUTPUT
'"
		VETOUTPUT=$(print -r "$OUTPUT" | ${UTKEYVET} ${OUTPUTKEYS[@]})
		doLog debug "After vetting, output for token '$INSERT_TOKEN' is '
$VETOUTPUT
'"
		print -r "$VETOUTPUT"
	fi
fi
exit $STATUS
