#!/usr/bin/env python
# Copyright (c) 2005-2006 Arastra, Inc.  All rights reserved.
# Arastra, Inc. Confidential and Proprietary.

# Restricted/Standalone CLI

# Set the 'NOPDB' environment variable before importing Tac to prevent us from
# ever dropping into PDB (see tacc/Tac/Excepthook.py), as doing so could permit a
# security violation.
import os

os.environ[ 'NOPDB' ] = '1'
import BasicCli
import BasicCliSession
import Cli
import CliArgParser
import EntityManager
import ExecCli

# Most command options don't apply
options = CliArgParser.parseArgs( privilege=True,
                                  command=False,
                                  configFile=False,
                                  disableGuards=False,
                                  echo=False,
                                  echoTimestamp=False,
                                  pdb=False,
                                  profile=False,
                                  standalone=False,
                                  standaloneGuards=False,
                                  startupConfig=False,
                                  sysdbsockname=False )

cli = None
try:
   entityManager = EntityManager.Local( options.sysname )

   def cliInitialized( cliInstance ):
      global cli
      cli = cliInstance

   Cli.initCli( entityManager,
                callback=cliInitialized,
                block=True,
                plugins=options.plugins,
                noPlugins=options.no_plugins,
                standalone=True )
   assert cli
   
   if 'AAA_AUTHN_ID' in os.environ:
      aaaAuthnId = int( os.environ.get( 'AAA_AUTHN_ID' ) )
   else:
      aaaAuthnId = None
   aaaUser = BasicCliSession.AaaUser( os.environ.get( 'AAA_AUTHN_USER' ),
                                      aaaAuthnId,
                                      os.getuid(), os.getgid() )
   session = BasicCliSession.Session( BasicCli.UnprivMode,
                                      entityManager,
                                      privLevel=options.privilege,
                                      disableAutoMore=options.disable_automore,
                                      disableAaa=options.disable_aaa,
                                      disableGuards=False,
                                      standalone=True,
                                      interactive=True,
                                      cli=cli,
                                      aaaUser=aaaUser )
   # setup Aaa
   aaaConfig = entityManager.root().entity[ 'cli/input/aaa' ]
   aaaConfig.aaaProvider = 'Aaa'
   # set up default prompt to make it more clear that we are in a standalone shell
   session.cliConfig.prompt = "Standalone%R%v%P"

   print """
Note: Standalone CLI does not share data with other agents, but it can
run certain commands such as 'bash' to troubleshoot the system within 
authentication and authorization constraints.
"""
   returnCode = ExecCli.execCli( entityManager=entityManager, session=session )
except KeyboardInterrupt:
   returnCode = 130

os._exit( returnCode ) # pylint: disable-msg=W0212
