#!/usr/bin/sh
#----------------------------------------------------------------------------
# /var/install/bin/proftpd-list-users - list ProFTPd users
#
# Creation:     2012-10-07 hbfl
# Last Update:  $Id$
#
# Copyright (c) 2012-2015 Holger Bruenjes, holgerbruenjes(at)gmx(dot)net
# Copyright (c) 2016-2022 Ansgar Puester, ansgar.puester(at)freenet(dot)de
# Copyright (c) 2024-@@YEAR@@ Holger Bruenjes, holgerbruenjes(at)gmx(dot)net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#----------------------------------------------------------------------------

# include eislib
. /var/install/include/eislib

#debug_list_user=true

if ${debug_list_user:-false}
then
    exec 2>/tmp/$(basename ${0})-trace$$.log
    set -x
    ask_debug=true
    export ask_debug
fi

# ---------------------------------------------------------------------------
# check if console minium 80x24
# ---------------------------------------------------------------------------
check_screensize

case ${?} in
    0)
        : # nothing to do
        ;;
    *)
        exit 1
        ;;
esac

gotoyx() { echo -e "\033[$1;$2H\c"; }

config_file='/etc/config.d/proftpd'
. ${config_file}

# ---------------------------------------------------------------------------
# check if password is valid
# input : $1 - user name
# return:  0 - valid password
#          1 - invalid password
# ---------------------------------------------------------------------------
is_valid_pw()
{
    user="${1}"
    ret=1

    if [ -n "${1}" ]
    then
        pword=$(getent ${shadow_file} ${user} | cut -d: -f2)

        [ "${pword}" != "*" ] && ! echo "${pword}" | grep -q "^!"
        if [ ${?} -eq 0 ]
        then
            ret=0
        fi
        # empty password is NOT valid
        [ -z "${pword}" ] && ret=1
    fi

    return $ret
}

# ---------------------------------------------------------------------------
# print header line
# ---------------------------------------------------------------------------
print_header_line()
{
    techo --row "" --info User --info Uid --info Group --info Gid --info Valid-PW --info FTP --info Name
}
# ---------------------------------------------------------------------------
# main
# ---------------------------------------------------------------------------

# use getent
shadow_file="shadow"
# use file
ftpusers_file="/etc/ftpusers"
shells_file="/etc/shells"
tmpfile_group=/tmp/proftpd_group.$$
tmpfile_passwd=/tmp/proftpd_passwd.$$

getent group > $tmpfile_group
# read group information
_ifs="${IFS}"
while read line
do
    IFS=':'
    set -- ${line}
    eval group_${3}=${1}
    IFS="${_ifs}"
done < ${tmpfile_group}
rm -f $tmpfile_group

# print header
clrhome
mecho --info "List ProFTPD users"
mecho
techo --begin '2 15 7 10 7 10 5 24'

print_header_line

row=0
header_row=0

getent passwd > $tmpfile_passwd
# read user information
_ifs="$IFS"
while read line
do
    IFS=':'
    set -- ${line}
    user="${1}"
    uid="${3}"
    gid="${4}"
    eval group='$group_'$gid
    name="${5}"
    shell="${7}"
    IFS="${_ifs}"

    if is_valid_pw "${user}"
    then
        # valid password
        password='yes'
        passwordcolor="--std"
    else
        # invalid password
        password='no'
        passwordcolor="--warn"
    fi

    ftpusers=$(grep "^${user}$" ${ftpusers_file})

    # check if root (uid=0) can do FTP
    if [ "${PROFTPD_ALLOW_ROOT_ACCESS}" = 'no' ]
    then
        forbidden_uid=0
    else
        forbidden_uid=''
    fi

    # check if only anonymous is allowed
    if [ "${PROFTPD_ENABLE_ANONYMOUS_USERS}" = 'yes' ]
    then
        only_anonymous='TRUE'
    else
        only_anonymous='FALSE'
    fi

    if [ "${PROFTPD_REQUIRE_VALID_SHELL}" = 'yes' ]
    then
       # check if shell is in /etc/shells
       shells=$(grep "^${shell}$" ${shells_file})
    else
       shells='always valid'
    fi

    # ftp is not allowd if
    #    only_anonymous = 'TRUE'
    # or ftpusers       != ""
    # or uid            = forbidden_uid
    # or password       = password lock string (*) or (!) or ()
    # or shell          not in /etc/shells
    if [ "${only_anonymous}" = 'TRUE' \
        -o -n "${ftpusers}" \
        -o ${uid} = "${forbidden_uid}" \
        -o "${password}" = 'no' \
        -o -z "${shells}" ]
    then
        ftpusr='no'
    else
        ftpusr='yes'
    fi

    # output data
    techo --row "" ${user} ${uid} ${group} ${gid} ${passwordcolor} ${password} ${ftpusr} "${name}"

    row=$((${row} + 1))
    header_row=$((${header_row} + 1))

    refresh_screensize

    if [ ${_EISLIB_SCREENSIZE_Y} -lt $((${header_row} + 6)) ]
    then
        print_header_line
        header_row=0
    fi

done < ${tmpfile_passwd}
rm -f $tmpfile_passwd

    refresh_screensize
    echo
    echo
    echo
    echo
    techo --end
    gotoyx $((${_EISLIB_SCREENSIZE_Y} - 3)) 1
    echo
    # set info line to screen is $row  + 6 -gt $LINES
    if [ ${_EISLIB_SCREENSIZE_Y} -lt $((${row} + 6)) ]
    then
        mecho --info "Use SHIFT + PAGE-UP to scroll up"
    fi

echo
anykey
# ---------------------------------------------------------------------------
# end
# ---------------------------------------------------------------------------