#!/bin/bash
#
# Set the root password and others
# Source functions library
. /etc/init.d/functions
. /usr/libexec/ovirt-functions

trap '__st=$?; stop_log; exit $__st' 0
trap 'exit $?' 1 2 13 15

warn() { printf '%s\n' "$*" >&2; }

if ! is_local_storage_configured; then
    warn "Local storage must be configured prior to setting the administrator password."
    exit 99
fi

# Usage: set_sasl_password USER
# Prompt(twice) for a password for the specified USER.
# If they match, set that user's system password,
# and add USER to the SASL list for libvirt.
function set_sasl_password {
    user=$1

    printf "\nNode SASL User ($user):\n"
    saslpasswd2 -a libvirt "$user"
    return 0
}

# Prompts the user for a single username, password combo
function prompt_sasl_user {
    while true; do
        printf "\nPlease enter a new username (hit return to skip) "
        read -e
        test -z "$REPLY" && return 1
        set_sasl_password "$REPLY"
    done
}

set_password () {
    local user=${1-root}

    # prompt user
    # Set the password for the root user first

    cat <<EOP | python
import sys
import getpass
import ovirtnode.password as p
import ovirtnode.ovirtfunctions as f

err = lambda m: sys.stderr.write("ERROR: " + str(m) + "\n")

username = "$user"
min_pw_length = 1

print("\n\n Password Configuration\n\n")
print("System Administrator (%s):\n" % username)
print("Changing password for user '%s'." % username)
pw = getpass.getpass("New password: ")
pwc = getpass.getpass("Reytpe new Password: ")

success = False
r, msg = f.password_check(pw, pwc, min_pw_length)

if r == 1:
    err(msg.strip() or ("Password is not long enough. It needs to be at " + \
                        "least %d character(s) long." % min_pw_length))
else:
    success = p.set_password(pw, username)

if success:
    print("Password updated successfully.")
else:
    err("Password update failed.")
EOP
}

toggle_ssh_access ()
{
    local permit=$1

    augtool <<EOF
set /files/etc/ssh/sshd_config/PasswordAuthentication ${permit}
EOF
    ovirt_store_config /etc/ssh/sshd_config
    service sshd reload
}

toggle_ssh () {
    printf "\nSSH password authentication\n\n"

    if ask_yes_or_no "Enable SSH password authentication ([Y]es/[N]o)?"; then
        toggle_ssh_access yes
    else
        toggle_ssh_access no
    fi
}

PASSWORD="Set root password"
ADMIN_PASSWORD="Set admin user password"
SSH="Toggle SSH password authentication"
QUIT="Quit and Return To Menu"

if [[ "$1" == "AUTO" ]]; then
    if [ -n "${OVIRT_SSH_PWAUTH}" ]; then
	toggle_ssh_access $OVIRT_SSH_PWAUTH
    fi
else
    while true; do
	state="disabled"
	/usr/bin/augtool get /files/etc/ssh/sshd_config/PasswordAuthentication|grep -q yes$
	if [ $? == 0 ]; then
            state="enabled"
	fi
	printf "\nSSH password authentication is currently ${state}.\n\n"

	PS3="Please select an option: "
	select option in "$PASSWORD" "$ADMIN_PASSWORD" "$SSH" "$QUIT"
	do
            case $option in
		$PASSWORD) set_password; break;;
		$ADMIN_PASSWORD) set_password admin; break;;
		$SSH) toggle_ssh; break;;
		$QUIT) sync; exit;;
            esac
	done

	printf "\n"
    done
fi
