#!/bin/bash
#
# This is an sdm plugin for: burnpwd
#
# The plugin is called three times: for Phase 0, Phase 1, and post-install.
#

function loadparams() {
    source $SDMPT/etc/sdm/sdm-readparams
}

function getpassword() {
    local pwd
    while [ true ]
    do
	echo -n "Password for $pwuser: " && read -s pwd
	echo ""
	[ "$pwd" != "" ] && break
    done
    printf -v userpwd "%s" "$pwd"
}

function logpassword() {
    local puser="$1" pwd="$2"
    if [ "$log" != "" ]
    then
	[ -f $log ] || printf "%-19s %-16s %-16s %s\n" "Date" "Hostname" "User" "Password" > $log
	printf "%-19s %-16s %-16s %s\n" "$(date +'%Y-%m-%d %H:%M:%S')" "$hostname" "$puser" "$pwd" >> $log
	logtoboth "> Plugin $pfx: Log password for user '$puser' to host file '$log'"
    fi
}

function savepassword() {
    local puser="$1" pwd="$2" 
    echo $pwd > $SDMPT$burnpwd
    logpassword "$puser" "$pwd"
}

# $1 is the phase: "0", "1", or "post-install"
# $2 is the argument list: arg1=val1|arg2=val2|arg3=val3| ...
#
# Main code for the Plugin
#
phase=$1
pfx="$(basename $0)"     #For messages
args="$2"
vldargs="|method|log|user|length|"
dlength=20
loadparams

if [ "$phase" == "0" ]
then
    logtoboth "* Plugin $pfx: Start Phase 0"
    plugin_getargs $pfx "$args" "$vldargs"
    [ "$method" == "" ] && method="prompt"
    [ "$user" != "" ] && pwuser=$user || pwuser=$myuser
    burnpwd="/etc/sdm/local-assets/$pwuser-burnpwd"
    if [ "$length" != "" ]
    then
	if ! [[ "$length" =~ ^[0-9]+$ ]]
	then
	   logtoboth "% Plugin $pfx: Length value '$length' is not numeric; Using $dlength"
	   length=$dlength
	fi
    else
	length=$dlength
    fi
    plugin_printkeys
    errors=0
    if [ "$pwuser" == "" ]
    then
	logtoboth "% Plugin $pfx: No username provided and no user found in customized IMG"
	errors=$((errors+1))
    # ** This is Phase 0 so can't use getent
    elif ! grep -q ^$pwuser: $SDMPT/etc/passwd
    then
	logtoboth "% Plugin $pfx: Username '$pwuser' not found in customized IMG"
	savepassword "$pwuser" "sdmNOUSER"
	errors=$((errors+1))
    fi
    if [ $errors -eq 0 ]
    then
	case "$method"
	in
	    prompt) getpassword   # into userpwd
		    savepassword "$pwuser" "$userpwd"
		    ;;
	    random) userpwd=$(date +%s | sha256sum | base64 | head -c $length ; echo)
		    # Another method: < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-$length};echo
 		    savepassword "$pwuser" "$userpwd"
		    [ "$log" == "" ] && logtoboth "%!Plugin $pfx: No log specified to remember random password; Hope you have ESP!"
		    ;;
	    *)      logtoboth "% Plugin $pfx: Unrecognized password method '$method' ignored"
		    ;;
	esac
    fi
    logtoboth "* Plugin $pfx: Complete Phase 0"

elif [ "$phase" == "1" ]
then
    #
    # Phase 1 (in nspawn)
    #
    logtoboth "* Plugin $pfx: Start Phase 1"
    plugin_getargs $pfx "$args" "$vldargs"
    [ "$method" == "" ] && method="prompt"
    [ "$user" != "" ] && pwuser=$user || pwuser=$myuser
    burnpwd="/etc/sdm/local-assets/$pwuser-burnpwd"
    if [ -f $burnpwd ]
    then
	read userpwd < $burnpwd
	if [ "$userpwd" != "sdmNOUSER" ]
	then
	    [ $showpwd -eq 1 ] && logtoboth "> Plugin $pfx: Set password '$userpwd' for user '$pwuser'" || logtoboth "> Plugin $pfx: Set password for user '$pwuser'"
	    chpasswd <<EOF
$pwuser:$userpwd
EOF
	fi
	rm -f $burnpwd
    else
	[ "$pwuser" != "" ] && logtoboth "? Plugin $pfx: Cannot find file '$burnpwd; was there an error in Plugin burn-passwords Phase 0?"
    fi
    logtoboth "* Plugin $pfx: Complete Phase 1"
else
    #
    # Plugin Post-install edits
    #
    logtoboth "* Plugin $pfx: Start Phase post-install"
    plugin_getargs $pfx "$args" "$vldargs"
    logtoboth "* Plugin $pfx: Complete Phase post-install"
fi
