#!/usr/bin/python3
#
# This script helps the user quickly enable standard linux tools such as SSH and IPTables
# It also provides a way for the user to add a custom startup script
#
# Author: Dan Bracey -- 6/10/08
# Revision History:
# 6/17/08 -- 1.000 -- debracey -- Initial Creation

import os
import sys

bindir = os.path.abspath(os.path.dirname(os.path.realpath(sys.argv[0])))
libdir = os.path.join(bindir, "..", "python_lib")

sys.path.append(libdir)

import Internet2Lib       # Library functions
import Internet2Consts    # For constants
import sys                # For stdin
import os                 # For standard OS commands
import readline           # Improve the usability of input. Let you use those fancy "arrow" keys
from grp import getgrnam
from optparse import OptionParser

# Must be root
if not Internet2Lib.isRoot():
    print(Internet2Consts.YELLOW + "You must run this script as root. Please rerun this script with root permissions." + Internet2Consts.NORMAL)
    sys.exit(1)

parser = OptionParser()
parser.add_option("-a", "--auto", action="store_true", dest="auto", default=False)

(options, args) = parser.parse_args()

htpasswd = "/etc/perfsonar/toolkit/psadmin.htpasswd"
htpasswd_exists = os.path.isfile(htpasswd)

if options.auto:
    if htpasswd_exists:
        if os.path.getsize(htpasswd) > 0:
            sys.exit(0)
    else:
        # Check if there are already members of the group
        try:
            psadmin_grp = getgrnam("psadmin")
        except:
            sys.exit(0)

        non_root_user = False
        for user in psadmin_grp[3]:
            if user != "root":
                non_root_user = True

        if non_root_user:
            sys.exit(0)

    print(Internet2Consts.YELLOW + "There isn't a perfSONAR Website Administrator defined." + Internet2Consts.NORMAL)

ans = input("Enter the user whose account you'd like to add. Just hit enter to exit: ").strip()
if not ans:
    sys.exit(1)

user = ans

if htpasswd_exists:
    cmd = "htpasswd " + htpasswd + " " + user
    retVal = os.system(cmd)
    if (retVal != 0):
        print(Internet2Consts.YELLOW + "Error: couldn't add user " + user + Internet2Consts.NORMAL)
    sys.exit(retVal)

ans = input("Should this user be able to login via SSH? [no] ").strip().upper()
if not ans:
    ans = "NO"

can_login = False
if ans[0] == "Y":
    can_login = True

if (can_login):
    cmd = "/usr/sbin/adduser -m -G psadmin"
else:
    cmd = "/usr/sbin/adduser -M --shell /bin/false -G psadmin"

cmd += " " + user

retVal = os.system(cmd)
if (retVal != 0):
    print(Internet2Consts.YELLOW + "Error: couldn't add user " + user + Internet2Consts.NORMAL)
    sys.exit(1)

done = False
while not done:
    print("Please specify a password for the " + Internet2Consts.MAGENTA + user + Internet2Consts.NORMAL + " account.")
    retVal = os.system("/usr/bin/passwd " + user)
   
    if int(retVal) != 0:
        print(Internet2Consts.YELLOW + "Couldn't set the password to what you specified. Please try again." + Internet2Consts.NORMAL)
    else:
        done = True

try:
    psadmin_grp = getgrnam("psadmin")
except:
    sys.exit(0)

root_user = False
for user in psadmin_grp[3]:
    if user == "root":
        root_user = True

if root_user:
    print(Internet2Consts.MAGENTA + "The root user can login to the perfSONAR Web Interface. This is insecure." + Internet2Consts.NORMAL)
    ans = input("Remove the root user's ability to login to the web interface? [yes] ").strip().upper()
    if not ans:
        ans = "YES"

    remove_login = False
    if ans[0] == "Y":
        remove_login = True

    if remove_login:
        cmd = "/usr/bin/gpasswd -d root psadmin"

        retVal = os.system(cmd)
        if (retVal != 0):
            print(Internet2Consts.YELLOW + "Error: couldn't add user " + user + Internet2Consts.NORMAL)

print(Internet2Consts.NORMAL + "You may now use the " + user + " account to login to the perfSONAR Web Interface on this host." + Internet2Consts.NORMAL)

sys.exit(0)
### END MAIN
