#!/bin/dash

### configuration
APPTITLE="Secure Spot"
OLD_SPOT_HOME=/root/spot
NEW_SPOT_HOME=/home/spot
ROOT_MODE=700
SPOT_MODE=2750

### helpers
#$1-errno $2 text
die() {
	if [ $DISPLAY ]; then
		Xdialog --title "$APPTITLE" --infobox "$2" 0 0 10000
	else
		dialog --title "$APPTITLE" --infobox "$2" 0 0
	fi
	exit $1
}

#$1-text
yesno() {
	if [ $DISPLAY ]; then
		Xdialog --title "$APPTITLE" --yesno "$1" 0 0
	else
		dialog --title "$APPTITLE" --yesno "$1" 0 0
	fi
}

#$1-text
info() {
	if [ $DISPLAY ]; then
		Xdialog --title "$APPTITLE" --infobox "$1" 0 0 1000000 &
		XPID=$!
	else
		dialog --title "$APPTITLE" --infobox "$1" 0 0
	fi
}

stop_info() {
	[ $XPID ] && kill $XPID
	XPID=
}


### main

# 1. Figure out the environment
PASSWD_SPOT_HOME=$(awk -F: '$1=="spot" {print $6}' /etc/passwd)
OLD_SPOT_IS_SYMLINK=$([ -L $OLD_SPOT_HOME ] && echo yes)
OLD_SPOT_SYMLINK_TARGET=$([ -L $OLD_SPOT_HOME ] && readlink -f $OLD_SPOT_HOME)
NEW_SPOT_IS_SYMLINK=$([ -L $NEW_SPOT_HOME ] && echo yes)
NEW_SPOT_EXIST=$([ -d $NEW_SPOT_HOME ] && echo yes)
AUTOCHOWND_RUNNING=$(service autochownd status | grep -q running && echo yes)

<< "TEST"
TEST
# 2. Check if it is secured
if [ $OLD_SPOT_IS_SYMLINK ] && 
   [ "$OLD_SPOT_SYMLINK_TARGET" = "$NEW_SPOT_HOME" ] &&
   [ $NEW_SPOT_EXIST ] && ! [ $NEW_SPOT_IS_SYMLINK ] &&
   [ "$PASSWD_SPOT_HOME" = "$NEW_SPOT_HOME" ];
then
	die 0 "Spot is already secured. You may delete this script safely."
fi

# 3. Sanity check: If spot's home is pointing anywhere other than OLD_SPOT_HOME, bail out
case $PASSWD_SPOT_HOME in
	$OLD_SPOT_HOME|$NEW_SPOT_HOME) break ;; # continue
	*) die 3 "Spot's home is already altered. I will not make further changes." ;;
esac

# 3.a make sure that $OLD_SPOT_HOME is **NOT** a mountpoint
if mountpoint $OLD_SPOT_HOME; then
	die 3 "$OLD_SPOT_HOME is a mountpoint. I don't know how to deal with that."
fi

# 4. check if spot's passwd home already moved but but /root/spot still exist
if [ $PASSWD_SPOT_HOME = $NEW_SPOT_HOME ] &&
   ! [ $OLD_SPOT_IS_SYMLINK ];
then
	if ! yesno "\
Your spot's home is already located in $NEW_SPOT_HOME, but you still have
old data in $OLD_SPOT_HOME. This may happen if you upgrade from previous
Fatdog versions while keeping to use existing savefile/savedir.

This script can help you to move these old data from $OLD_SPOT_HOME to $NEW_SPOT_HOME.

WARNING: Existing data in $NEW_SPOT_HOME will be deleted.

Continue?
"; 
	then
		die 4 "Cancelled. Nothing is changed."
	fi
fi

# 5. Sanity check: OLD_SPOT_HOME cannot be symlink
if [ $OLD_SPOT_IS_SYMLINK ]; then
	die 5 "$OLD_SPOT_HOME is already a symlink. I will not make further changes."
fi

# 6. Sanity check: NEW_SPOT_HOME cannot be symlink
if [ $NEW_SPOT_IS_SYMLINK ]; then
	die 6 "$NEW_SPOT_HOME is a symlink. I will not make further changes."
fi

# 7. All good, ask for confirmation
if yesno "\
You can get better security by moving spot's home from $OLD_SPOT_HOME
to $NEW_SPOT_HOME and close access to /root to any other users.

Once this is done, nobody other than root can access $OLD_SPOT_HOME;
and for network-related programs you must use $NEW_SPOT_HOME as 
transfer area; meaning any file that will be uploaded or downloaded
by them will have to reside in $NEW_SPOT_HOME.

A symlink will be created in $OLD_SPOT_HOME that points to $NEW_SPOT_HOME,
and you can use shorcut Win+G to open $NEW_SPOT_HOME any time.
(If you have already configured Sven in the past, you may need to
add a new hotkey yourself to launch script called open-spot-home).

WARNING: Existing data in $NEW_SPOT_HOME will deleted.

Continue?"; 
then
	info "Working ... please wait ..."
	[ $AUTOCHOWND_RUNNING ] && service autochownd stop
	
	usermod -d $NEW_SPOT_HOME spot
	
	rm -rf $NEW_SPOT_HOME
	mv $OLD_SPOT_HOME $NEW_SPOT_HOME
	ln -s $NEW_SPOT_HOME $OLD_SPOT_HOME
		
	chown spot:spot $NEW_SPOT_HOME
	chmod $SPOT_MODE $NEW_SPOT_HOME
	chmod $ROOT_MODE /root

	[ $AUTOCHOWND_RUNNING ] && service autochownd start
	stop_info
	die 0 "Moving completed. Your system has improved security now."
else
	die 7 "Cancelled. Nothing is changed."
fi

