#!/bin/bash
if [ `whoami` != "root" ];then
  echo "Please use root run the program"
  exit
fi

OPTIONS=$1
USERNAME=$2
PASSWORD=$3
PASSWORD_FILE='/etc/grub.d/00_header'
ISROBOOT="false"


check_boot(){
  if  mount  | grep "/boot " | grep ro >> /dev/null ;then
    ISROBOOT="true"
  fi

  if [ "x$ISROBOOT" == "xtrue" ];then
    mount -o remount,rw /boot
  fi
  sed -i "/grub-password end/iisRoBoot=$ISROBOOT" $PASSWORD_FILE
}

password_pbkdf(){
  password_disable
  if [[ $USERNAME ]] && [[ $PASSWORD ]];then
    result=`echo -e "$PASSWORD\n$PASSWORD\n" | grub-mkpasswd-pbkdf2`
    sed -i "/grub-password begin/aset superusers=$USERNAME" $PASSWORD_FILE
    sed -i "/set superusers/apassword_pbkdf2 $USERNAME grub.pbkdf2${result#*grub.pbkdf2}" $PASSWORD_FILE
    sed -i "/password_pbkdf2/aexport superusers" $PASSWORD_FILE
  else
    echo "Please enter <username> <password>"
  fi
}

password_disable(){
  sed -i '/superusers/d' $PASSWORD_FILE
  sed -i '/password_pbkdf2/d' $PASSWORD_FILE
  sed -i '/isRoBoot/d' $PASSWORD_FILE
  check_boot
}

if [[ $OPTIONS == "-d" ]];then
  password_disable
elif [[ $OPTIONS == "-u" ]];then
  password_pbkdf
else
  echo "Usage: grub-password [options] <username> <password> for password protection"
  echo "       grub-password [options] for delete password protection"
  echo "Options:"
  echo "   -u     enter user and password for security"
  echo "   -d     delete password info"
  exit
fi




