# IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
package xCAT_plugin::bmcconfig;
use Data::Dumper;
use xCAT::Table;
use xCAT::MsgUtils;
use xCAT::Utils;
use xCAT::PasswordUtils;
use xCAT::IMMUtils;
use xCAT::TableUtils;
use IO::Select;
use Socket;

sub handled_commands {
    return {
          getbmcconfig => 'bmcconfig',
	  remoteimmsetup => 'bmcconfig',
        };
}

sub genpassword {
  my $length = shift;
  my $password='';
  my $characters= 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890';
  srand; #have to reseed, rand is not rand otherwise
  while (length($password) < $length) {
    $password .= substr($characters,int(rand 63),1);
  }
  return $password;
}

sub net_parms {
  my $ip = shift;
  if (inet_aton($ip)) {
     $ip = inet_ntoa(inet_aton($ip));
  } else {
     xCAT::MsgUtils->message("S","Unable to resolve $ip");
     return undef;
  }
  my $nettab = xCAT::Table->new('networks');
  unless ($nettab) { return undef };
  my @nets = $nettab->getAllAttribs('net','mask','gateway');
  foreach (@nets) {
    my $net = $_->{'net'};
    my $mask =$_->{'mask'};
    my $gw = $_->{'gateway'};
    $ip =~ /([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/;
    my $ipnum = ($1<<24)+($2<<16)+($3<<8)+$4;
    $mask =~ /([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/;
    my $masknum = ($1<<24)+($2<<16)+($3<<8)+$4;
    $net =~ /([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/ or next; #next if ipv6, TODO: IPv6 support
    my $netnum = ($1<<24)+($2<<16)+($3<<8)+$4;
    if ($gw eq '<xcatmaster>') {
	$gw=xCAT::NetworkUtils->my_ip_facing($ip);
    }
    if (($ipnum & $masknum)==$netnum) {
      return ($ip,$mask,$gw);
    } 
  }
  xCAT::MsgUtils->message("S","xCAT BMC configuration error, no appropriate network for $ip found in networks, unable to determine netmask");
}

  
sub ok_with_node {
   my $node = shift;
   #Here we connect to the node on a privileged port (in the clear) and ask the
   #node if it just asked us for credential.  It's convoluted, but it is 
   #a convenient way to see if root on the ip has approved requests for
   #credential retrieval.  Given the nature of the situation, it is only ok
   #to assent to such requests before users can log in.  During postscripts
   #stage in stateful nodes and during the rc scripts of stateless boot
   my $select = new IO::Select;
   #sleep 0.5; # gawk script race condition might exist, try to lose just in case
   my $sock = new IO::Socket::INET(PeerAddr=>$node,
                                     Proto => "tcp",
                                     PeerPort => shift);
   my $rsp;
   unless ($sock) {return 0};
   $select->add($sock);
   print $sock "CREDOKBYYOU?\n";
   unless ($select->can_read(5)) { #wait for data for up to five seconds
      return 0;
   }
   my $response = <$sock>;
   chomp($response);
   if ($response eq "CREDOKBYME") {
      return 1;
   }
   return 0;
}

sub process_request  {
  my $request = shift;
  my $callback = shift;
  my $node = $request->{'_xcat_clienthost'}->[0];
  unless (ok_with_node($node,300)) {
     $callback->({error=>["Unable to prove root on your IP approves of this request"],errorcode=>[1]});
     return;
  }
  #my $sitetable = xCAT::Table->new('site');
  my $ipmitable = xCAT::Table->new('ipmi');
  my $tmphash;
  my $username;
  my $gennedpassword=0;
  my $bmc;
  my $password;
  $tmphash=$ipmitable->getNodesAttribs([$node],['bmc','username','bmcport','password','taggedvlan']);
  my $authmap = xCAT::PasswordUtils::getIPMIAuth(noderange=>[$node],ipmihash=>$tmphash);
  if ($::XCATSITEVALS{genpasswords} eq "1" or $::XCATSITEVALS{genpasswords}  =~ /y(es)?/i) {
    $password = genpassword(10)."1cA!";
    $gennedpassword=1;
  } else {
    $password = $authmap->{$node}->{password};
  }
  my $bmcport;
  if (defined $tmphash->{$node}->[0]->{bmcport}) {
      $bmcport = $tmphash->{$node}->[0]->{bmcport};
  }
  if ($tmphash->{$node}->[0]->{bmc} ) {
    $bmc=$tmphash->{$node}->[0]->{bmc};
  }
  $username = $authmap->{$node}->{username};
  my $cliusername;
  if ($authmap->{$node}->{cliusername}) {
	$cliusername = $authmap->{$node}->{cliusername};
  } else {
	$cliusername = $username;
  }
  my $clipassword;
  if ($authmap->{$node}->{clipassword}) {
	$clipassword = $authmap->{$node}->{clipassword};
  } else {
	$clipassword = $password;
  }
  unless (defined $bmc) {
     xCAT::MsgUtils->message('S',"Unable to identify bmc for $node, refusing to give config data");
     $callback->({error=>["Invalid table configuration for bmcconfig"],errorcode=>[1]});
     return 1;
  }
  foreach my $sbmc (split /,/,$bmc) {
	  (my $ip,my $mask,my $gw) = net_parms($sbmc);
	  unless ($ip and $mask and $username and $password) {
	     xCAT::MsgUtils->message('S',"Unable to determine IP, netmask, username, and/or pasword for $sbmc, ensure that host resolution is working.  Best guess parameters would have been: IP: '$ip', netmask: '$mask', username: '$username', password: '$password'",  );
	     $callback->({error=>["Invalid table configuration for bmcconfig"],errorcode=>[1]});
	     return 1;
	  }
	  if ($request->{command}->[0] eq 'remoteimmsetup') {
	     xCAT::IMMUtils::setupIMM($node,cliusername=>$cliusername,clipassword=>$clipassword,username=>$username,password=>$password,callback=>$callback);
             return;
	  }
	  my $response={bmcip=>$ip,netmask=>$mask,gateway=>$gw,username=>$username,password=>$password};
	  if (defined $bmcport) {
	      $response->{bmcport}=$bmcport;
	  }
	  if (defined $tmphash->{$node}->[0]->{taggedvlan}) {
	      $response->{taggedvlan}=$tmphash->{$node}->[0]->{taggedvlan};
	  }
  	$callback->($response);
  }
  if ($gennedpassword) { # save generated password
    $ipmitable->setNodeAttribs($node,{password=>$password});
  }

  return 1;
}



1;