package xCAT_plugin::frusetter;
use Data::Dumper;

sub handled_commands {
    return {
          rewritemyfru => 'frusetter',
    }
}

sub ok_with_node {
   my $node = shift;
   #Here we connect to the node on a privileged port (in the clear) and ask the
   #node if it just asked us for credential.  It's convoluted, but it is 
   #a convenient way to see if root on the ip has approved requests for
   #credential retrieval.  Given the nature of the situation, it is only ok
   #to assent to such requests before users can log in.  During postscripts
   #stage in stateful nodes and during the rc scripts of stateless boot
   my $select = new IO::Select;
   #sleep 0.5; # gawk script race condition might exist, try to lose just in case
   my $sock = new IO::Socket::INET(PeerAddr=>$node,
                                     Proto => "tcp",
                                     PeerPort => shift);
   my $rsp;
   unless ($sock) {return 0};
   $select->add($sock);
   print $sock "CREDOKBYYOU?\n";
   unless ($select->can_read(5)) { #wait for data for up to five seconds
      return 0;
   }
   my $response = <$sock>;
   chomp($response);
   if ($response eq "CREDOKBYME") {
      return 1;
   }
   return 0;
}
sub process_request {
    my $request = shift;
    my $callback = shift;
    my $doreq = shift;
    my $node = $request->{_xcat_clienthost}->[0];
    unless (ok_with_node($node,300)) {
        $callback->({error=>["Unable to prove root on your IP approves of this request"],errorcode=>[1]});
        return;
    }
    $doreq->({command=>['rfrurewrite'],
              noderange=>[$node],
             });   
    return;
}

1;