#!/usr/bin/python
#
# This script helps the user quickly enable standard linux tools such as SSH and IPTables
# It also provides a way for the user to add a custom startup script
#
# Author: Dan Bracey -- 6/10/08
# Revision History:
# 6/17/08 -- 1.000 -- debracey -- Initial Creation

import os
import sys

bindir = os.path.abspath(os.path.dirname(os.path.realpath(sys.argv[0])))
libdir = os.path.join(bindir, "..", "python_lib")

sys.path.append(libdir)

import Internet2Lib       # Library functions
import Internet2Consts    # For constants
import sys                # For stdin
import os                 # For standard OS commands
import readline           # Improve the usability of raw_input. Let you use those fancy "arrow" keys
from grp import getgrnam
from optparse import OptionParser

# Must be root
if not Internet2Lib.isRoot():
    print Internet2Consts.YELLOW + "You must run this script as root. Please rerun this script with root permissions." + Internet2Consts.NORMAL
    sys.exit(1)

parser = OptionParser()
parser.add_option("-a", "--auto", action="store_true", dest="auto", default=False)

(options, args) = parser.parse_args()

if options.auto:
    # Check if there are already members of the group
    try:
        psadmin_grp = getgrnam("psadmin")
    except:
        sys.exit(0)

    non_root_user = False
    for user in psadmin_grp[3]:
        if user != "root":
            non_root_user = True

    if non_root_user:
        sys.exit(0)

    print Internet2Consts.YELLOW + "There isn't a perfSONAR Website Administrator defined." + Internet2Consts.NORMAL

ans = raw_input("Enter the user whose account you'd like to add. Just hit enter to exit: ").strip()
if not ans:
    sys.exit(1)

user = ans

ans = raw_input("Should this user be able to login via SSH? [no] ").strip().upper()
if not ans:
    ans = "NO"

can_login = False
if ans[0] == "Y":
    can_login = True

if (can_login):
    cmd = "/usr/sbin/adduser -m -G psadmin"
else:
    cmd = "/usr/sbin/adduser -M --shell /bin/false -G psadmin"

cmd += " " + user

retVal = os.system(cmd)
if (retVal != 0):
    print Internet2Consts.YELLOW + "Error: couldn't add user " + user + Internet2Consts.NORMAL
    sys.exit(1)

done = False
while not done:
    print "Please specify a password for the " + Internet2Consts.MAGENTA + user + Internet2Consts.NORMAL + " account."
    retVal = os.system("/usr/bin/passwd " + user)
   
    if int(retVal) != 0:
        print Internet2Consts.YELLOW + "Couldn't set the password to what you specified. Please try again." + Internet2Consts.NORMAL
    else:
        done = True

try:
    psadmin_grp = getgrnam("psadmin")
except:
    sys.exit(0)

root_user = False
for user in psadmin_grp[3]:
    if user == "root":
        root_user = True

if root_user:
    print Internet2Consts.MAGENTA + "The root user can login to the perfSONAR Web Interface. This is insecure." + Internet2Consts.NORMAL
    ans = raw_input("Remove the root user's ability to login to the web interface? [yes] ").strip().upper()
    if not ans:
        ans = "YES"

    remove_login = False
    if ans[0] == "Y":
        remove_login = True

    if remove_login:
        cmd = "/usr/bin/gpasswd -d root psadmin"

        retVal = os.system(cmd)
        if (retVal != 0):
            print Internet2Consts.YELLOW + "Error: couldn't add user " + user + Internet2Consts.NORMAL

print Internet2Consts.NORMAL + "You may now use the " + user + " account to login to the perfSONAR Web Interface on this host." + Internet2Consts.NORMAL

sys.exit(0)
### END MAIN
