#!/bin/sh
#----------------------------------------------------------------------------
#/var/install/bin/eisfax-edit-db-pw
#
# Creation:     2011-05-15 hb
# Last Update:  $Id$
#
# Copyright (c) 2011-@@YEAR@@ Holger Bruenjes, holgerbruenjes(at)gmx(dot)net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#----------------------------------------------------------------------------

. /var/install/include/eislib
. /var/lib/eisfax/eisfax.info
. /etc/config.d/eisfax
. ${DATABASE_ENV}

#exec 2>/tmp/eisfax-user-pw-trace$$
#set -x


    _db_server=${EISFAX_DATABASE_SERVER}
    _db_host=${EISFAX_DATABASE_HOST}
    _db_name=${EISFAX_DATABASE_NAME}
    _tb_admin=${EISFAX_DATABASE_ADMIN}
    _tb_admin_passwd=${EISFAX_DATABASE_ADMIN_PASSWD}


    _table_user=eisfax_user

    _db_client_host="$(/bin/dnsdomainname)"

    case "${_db_server}" in
    pgsql)
        database_base_dir=/usr/local/pgsql/bin
        database_exec=psql
        _table_admin="${database_base_dir}/${database_exec}
                          -h${_db_host}"

        if [ -s /root/.pgpass ]
        then
            ${CP} -f /root/.pgpass /root/.pgpass-orig
        fi

        ${CAT} >>/root/.pgpass <<EOF
${_db_host}:*:${_db_name}:${_tb_admin}:${_tb_admin_passwd}
EOF

    ${CHMOD} 0600 /root/.pgpass

        ;;
    mysql)
        database_base_dir=/usr/local/mysql/bin
        database_exec=mysql
        _table_admin="${database_base_dir}/${database_exec}
                      -D${_db_name}
                      -h${_db_host}
                      -u${_tb_admin}
                      -p${_tb_admin_passwd}"
        ;;
    esac

# ---------------------------------------------------------------------------
# send db password as mail
# ---------------------------------------------------------------------------
send_db_passwd ()
{
    # the message to send
    {
    echo "From: EisFAX db-server Admin <faxmaster@${_db_client_host}>"
    echo "To: <${_mail_to}@${_db_client_host}>"
    echo "Subject: Fax-Database-Web Message"
    echo "Mime-Version: 1.0"
    echo "X-Mailer: sendmail EisFAX on eisfair"
    echo "Content-Type: text/plain; charset=iso-8859-1"
    echo "Content-Transfer-Encoding: quoted-printable"
    echo
    echo
    echo "Dispatched from EisFAX on Server '${HOSTNAME}'"
    echo "Current Date: ${EISDATE} Time: ${EISTIME}"
    echo
    echo "The new password for the fax database web service"
    echo
    echo "    User    :   ${_db_user} "
    echo
    echo "    Password:   ${password}"
    echo
    echo
    } | ${SENDMAIL} -oi -t

}

# ---------------------------------------------------------------------------
# get user to change passwd
# ---------------------------------------------------------------------------
get_user ()
{
    _query="SELECT name ,
                   fullname ,
                   super_user ,
                   add_date ,
                   last_change_passwd
                FROM ${_table_user} ;"

    case "${_db_server}" in
    mysql)
        # get user from eisfax_user database
        _db_user_exists=$(${_table_admin}   \
                        --skip-column-names \
                        -e "${_query} ;"  |
                        ${SED} 's/\t/|/g' )
        ;;
    pgsql)
        # get user from eisfax_user database
        _db_user_exists=$(echo "${_query}" |
                        ${_table_admin} \
                        -U${_tb_admin} \
                        -d${_db_name} \
                        -t \
                        -A )
        ;;
    esac

    clrhome

    mecho --info "Select user to change password"
    echo
    techo --begin '3 3r 1 10 1 25 1 11 1 17'
    techo --row "" --info No "" --info "User" "" --info "Name" "" --info "Super User" "" --info "Passwd changed"
    echo

    old_ifs=${IFS}
    IFS='|'

    idx=1
    echo "${_db_user_exists}" |
    while read user name super_user add_date last_change_passwd
    do
        techo --row "" "${idx}" "" "${user}" "" "${name}" "" "${super_user}" "" "${last_change_passwd}"

        idx=$(${EXPR_EXEC} ${idx} + 1)
    done
        techo --end

        IFS=${old_ifs}

    echo
    _ask_file=$(${MKTEMP} -t .XXXXXXXXX)
    ${ASK} "Select" "" "1-`echo "${_db_user_exists}" |
            ${WC} -l`" "^$=Return" "0=Exit" >${_ask_file}
    rc=${?}
    _user_to_work=$(${CAT} ${_ask_file})
    ${RM} -f ${_ask_file}

    if [ ${rc} = 255 ]
    then
        exit 127
    fi

    case ${_user_to_work} in
    '') exit 0      ;;
    0)  exit 127    ;;
    *)
        # extract user
        _db_user_to_work="$(echo "${_db_user_exists}" |
            ${AWK} 'FNR == '${_user_to_work}' { print }')"

        old_ifs=${IFS}
        IFS='|'

        set -- ${_db_user_to_work}
        IFS=${old_ifs}

        _db_user="${1}"
        _db_user_fullname="${2}"
        _db_super_user="${3}"

        ;;
    esac
}

# ---------------------------------------------------------------------------
# get password from cmd line
# ---------------------------------------------------------------------------
get_passwd ()
{
    echo
    mecho --info "Now enter the new password:"
    password=""
    password2="x"

    _ask_file=$(${MKTEMP} -t .XXXXXXXXX)
    ${ASK} "Enter new password:" "" "+hidden+" >${_ask_file}
    rc=${?}
    password=$(${CAT} ${_ask_file})
    ${RM} -f ${_ask_file}

    # if ask break, ask returned 255
    if [ ${rc} = 255 ]
    then
        exit 127
    fi
    echo

    # check passwd for little security ;-)
    _pw_test=$(${PW_TEST} ${password})

    if [ "${_pw_test}" != "GOOD" ]
    then
        mecho --warn "${_pw_test}"
        get_passwd
    else
        get_passwd2
    fi
}

get_passwd2 ()
{
    _ask_file=$(${MKTEMP} -t .XXXXXXXXX)
    ${ASK} "Reenter password:" "" "+hidden+" >${_ask_file}
    rc=${?}
    password2=$(${CAT} ${_ask_file})
    ${RM} -f ${_ask_file}

    # if ask break, ask returned 255
    if [ ${rc} = 255 ]
    then
        exit 127
    fi
    echo

    if [ "${password}" != "${password2}" ]
    then
        mecho --warn "Passwords do not match!"
        get_passwd
    fi
}

# ---------------------------------------------------------------------------
# set password and status
# ---------------------------------------------------------------------------
set_passwd ()
{
    clrhome

    mecho --info "Set password"

    echo
    echo
    echo "  Fullname   : "  "${_db_user_fullname}"
    echo
    echo "  Username   : "  "${_db_user}"
    echo
    echo "  Super user : "  "${_db_super_user}"
    echo
    echo

    _ask_file=$(${MKTEMP} -t .XXXXXXXXX)
    ${ASK} "Create password with pwgen?" "yes" >${_ask_file}
    rc=${?}
    _passwd_pwgen=$(${CAT} ${_ask_file})
    ${RM} -f ${_ask_file}

    if [ ${rc} = 255 ]
    then
        exit 127
    fi

    if [ "${_passwd_pwgen}" = "yes" ]
    then
        # create password
        # pwgen --help
        password="$(${PWGEN} -1s 12)"
    else
        # get password from cmdline
        get_passwd
    fi

    # create md5-Hash of the password
    passmd5=$(echo -n "${password}" | ${MD5SUM} | ${CUT} -d ' ' -f1)

    _ask_file=$(${MKTEMP} -t .XXXXXXXXX)
    ${ASK} "Change super user status?" "no" >${_ask_file}
    rc=${?}
    _super_status=$(${CAT} ${_ask_file})
    ${RM} -f ${_ask_file}

    if [ ${rc} = 255 ]
    then
        exit 127
    fi

    if [ "${_super_status}" = "yes" ]
    then
        if [ "${_db_super_user}" = "yes" ]
        then
            _db_super_status='no'
        else
            _db_super_status='yes'
        fi
    else
        _db_super_status="${_db_super_user}"
    fi

    _pw_query="UPDATE ${_table_user}
                  SET pass = '${passmd5}' ,
                      last_change_passwd = '${EISDATE}' ,
                      super_user = '${_db_super_status}'
                  WHERE name = '${_db_user}';"

    case "${_db_server}" in
    mysql)
        # update password
        ${_table_admin}   \
        -e "${_pw_query}"
        ;;
    pgsql)
        # update password
        echo "${_pw_query}" |
        ${_table_admin} \
        -U${_tb_admin} \
        -d${_db_name} >/dev/null
        ;;
    esac

    _ask_file=$(${MKTEMP} -t .XXXXXXXXX)
    ${ASK} "Send e-mail to user '${_db_user}'?" "yes" >${_ask_file}
    rc=${?}
    _send_mail=$(${CAT} ${_ask_file})
    ${RM} -f ${_ask_file}

    if [ ${rc} = 255 ]
    then
        exit 127
    fi

    if [ "${_send_mail}" = "yes" ]
    then
        _mail_to="${_db_user}"
    else
        _mail_to="root"
    fi

    send_db_passwd
}

# ---------------------------------------------------------------------------
# main
# ---------------------------------------------------------------------------

get_user
set_passwd

    if [ "${_db_server}" = "pgsql" ]
    then
        if [ -s /root/.pgpass-orig ]
        then
            ${MV} -f /root/.pgpass-orig /root/.pgpass
            ${CHMOD} 0600 /root/.pgpass
        else
            ${RM} -f /root/.pgpass
        fi
    fi

exit 0
# ---------------------------------------------------------------------------
# end
# ---------------------------------------------------------------------------