#
# @(#)77	1.3  src/examples/acl_mgr/acl_mgr_setup.dcecp, examples.src, os2dce21.dss, 960602a.1  3/17/96  15:47:35
#
# COMPONENT_NAME:  examples.src
#
# FILE NAME: acl_mgr_setup.dcecp
#
# FUNCTIONS: Setup dcecp script for the acl_mgr application.
#
# USAGE: dcecp acl_mgr_setup.dcecp <cdsentry> -p <cell_admin passwd>
#
# ORIGINS: 27/72
#
# (C) COPYRIGHT International Business Machines Corp. 1995
#  All Rights Reserved
#  Licensed Materials - Property of IBM
#
#  US Government Users Restricted Rights - Use, duplication or
#  disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
#
# @OSF_COPYRIGHT@
# COPYRIGHT NOTICE
# Copyright (c) 1990, 1991, 1992, 1993, 1994 Open Software Foundation, Inc.
# ALL RIGHTS RESERVED (DCE).  See the file named COPYRIGHT.DCE in the
# src directory for the full copyright text.
#
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

proc run_cmd {cmd} {

   set sts  [catch {uplevel $cmd} answer]

   if {$sts == 0} {
       return 0
   } else {
	puts "$answer"
	return 1
   }
}

# Check argument count and print the usage if necessary.

   if { $argc < 3 } {
      error "Usage: dcecp acl_mgr_setup.dcecp <cdsentry> -p <cell_admin passwd>"
   }

# Parse command line args: put cdsentry in entry, password in pwd

   scan $argv "%s -p %s" entry pwd

# Steps:
#	- Login as cell_admin
#	- Add group acl_servers
#	- Add server principal acl_server
#	- Add client principal acl_client
#	- Create server principal account
#	- Create client principal account
#	- Create server keyfile
#	- Create CDS namespace

   puts "Logging in..."
   run_cmd {login cell_admin -password $pwd}

   puts "Creating group."
   puts "group create {acl_servers} "
   run_cmd {group create {acl_servers}}

   puts "Creating principals."
   puts "principal create {acl_server acl_client} "
   run_cmd {principal create {acl_server acl_client}}

   puts "Add principals to group."
   puts "group add acl_servers -member acl_server"
   run_cmd  {group add acl_servers -member acl_server}
   puts "group add none -member acl_client"
   run_cmd  {group add none -member acl_client}

   puts "Add principals to organization."
   puts "organization add none -member acl_server"
   run_cmd {organization add none -member acl_server}
   puts "organization add none -member acl_client"
   run_cmd {organization add none -member acl_client}

   puts "Creating accounts."
   puts "account create acl_server -group acl_servers -organization none -password abcde -mypwd $pwd"
   run_cmd {account create acl_server -group acl_servers -organization none -password abcde -mypwd $pwd}
   puts "account create acl_client -group none -organization none -password jklmn -mypwd $pwd"
   run_cmd {account create acl_client -group none -organization none -password jklmn -mypwd $pwd}

   puts "Adding CDS entries."
   puts "directory create $entry"
   run_cmd {directory create $entry}
   puts "rpcentry create $entry/acl_server_entry"
   run_cmd {rpcentry create $entry/acl_server_entry}
   puts "acl modify $entry/acl_server_entry  -entry -add user:acl_server:rwdtc"
   run_cmd {acl modify $entry/acl_server_entry	-entry -add user:acl_server:rwdtc}

   puts "Logging out."
   run_cmd {logout}

# Need to be "self" to dce for keytab operations.
# Create the keytab file using dcecp if the cell's protection level is
# DES encryption or CDMF. If not, comment-out the following keytab create line:
# run_cmd {keytab create aclmgr -storage {/tmp/aclkeyfile}  -data{acl_server plain
# 1 abcde}}. Use rgy_edit to add the keytab entry: ktadd -p acl_server -pw
# abcde -f /tmp/aclkeyfile.

   puts "Creating keytab."
   puts "keytab create aclmgr -storage {/tmp/aclkeyfile}  -data {acl_server plain  1 abcde}"
   run_cmd {keytab create aclmgr -storage {/tmp/aclkeyfile} -data {acl_server plain 1 abcde}}

