#! /usr/bin/perl
# Copyright (c) 2019-2020, AT&T Intellectual Property. All rights reserved.
#
# Copyright (c) 2015 by Brocade Communications Systems, Inc.
# All rights reserved.
#
# SPDX-License-Identifier: GPL-2.0-only

use strict;
use lib "/opt/vyatta/share/perl5/";
use XorpConfigParser;
use Getopt::Long;
use File::Copy qw(move);
use File::Temp qw(tempfile);

my ( $admin, $epasswd, $level );
my $cfgfile = "/config/config.boot";

GetOptions(
    "admin=s"   => \$admin,
    "epasswd=s" => \$epasswd,
    "default=s" => \$level
);

my $xcp   = new XorpConfigParser();
$xcp->parse($cfgfile);

if ( "$level" ne "default" ) {
    my $system = $xcp->get_node( ['system'] );
    if ( !defined $system ) {
        my $sys = $xcp->create_node( ['system'] );
        die "Cannot recreate system section in $cfgfile" unless $sys;
    }
    my $systemLogin = $xcp->get_node( [ 'system', 'login' ] );
    if ( !defined $systemLogin ) {
        my $login = $xcp->create_node( [ 'system', 'login' ] );
        die "Cannot recreate login section in $cfgfile" unless $login;
    }
    my $users = $xcp->get_node( [ 'system', 'login', "user $admin" ] );
    if ( !defined($users) ) {
        my $sysUsers =
          $xcp->create_node( [ 'system', 'login', "user $admin" ] );
        die "Cannot recreate user login section in $cfgfile" unless $sysUsers;
        $xcp->create_node(
            [
                'system',      'login',
                "user $admin", 'authentication',
                "encrypted-password $epasswd"
            ]
        );
        $xcp->create_node(
            [ 'system', 'login', "user $admin", "level $level" ] );
    }
}
else {
    my $systemUser =
      $xcp->get_node( [ 'system', 'login', "user $admin", 'authentication' ] );
    die "$cfgfile does not contain system user settings" unless $systemUser;

    my $children = $systemUser->{'children'};
    foreach my $child (@$children) {
        if ( $child->{'name'} =~ /^encrypted-password (.+?)$/ ) {
            $child->{'name'} = "encrypted-password $epasswd";
        }
    }
}

my $TMPL = "/tmp/vyatta_passwd_recovery.XXXXXXXX";
my ( $tmp, $tmpname ) = tempfile( $TMPL, UNLINK => 1 )
  or die "Can't create temp file: $!";
select $tmp;
$xcp->output(0);
select STDOUT;
close $tmp;

move( $tmpname, $cfgfile )
  or die "Move $tmpname to $cfgfile failed: $!";
exit 0;
