#!/bin/bash

# Usage: bioctl status|enable|disable

CONFIG_DIR=/etc/biometric-auth
CONFIG_FILE=$CONFIG_DIR/ukui-biometric.conf

function test_privilege()
{
	if [ `whoami` != 'root' ]; then
		echo $(gettext "Permission denied, please run by root")
		exit 1;
	fi
}


if [ ! -d $CONFIG_DIR ]; then
	mkdir -p $CONFIG_DIR
fi

if [ ! -f $CONFIG_FILE ]; then
	touch $CONFIG_FILE
fi

contain_key=`grep -c "^EnableAuth=" $CONFIG_FILE`
contain_key_app=`grep -c "^EnableAuthApp=" $CONFIG_FILE`
greeter=1
screensaver=$[1<<1]
polkit=$[1<<2]
sudo=$[1<<3]
su=$[1<<4]
login=$[1<<5]

if [ "$1" = "enable" ]; then
	test_privilege
	# 生物识别管理工具在打开生物识别开关的时候会调用这个脚本，
	# 如果之前手动改过pam的配置文件，在执行这个脚本的时候会有交互
	# 性提示，但前端程序上看不到，导致生物识别管理工具阻塞，不过
	# 由于在安装pam_biomtric这个包时已经执行了这个命令，且会通过
	# /etc/biometric-auth 配置文件来判断生物识别状态，所以也不需要
	#执行 pam-auth-update 了。

	#pam-auth-update --package pam-biometric
	if [[ $# > 1 ]] && [[ $2 = "greeter" ]]; then
		if [ "$contain_key_app" = "1" ]; then
			cur_status_app=`sed '/^EnableAuthApp=/!d;s/.*=//' $CONFIG_FILE`
			cur_status_app=$[ $cur_status_app | $greeter ]
			sed -i "s/^EnableAuthApp=[a-zA-Z0-9]*/EnableAuthApp=$cur_status_app/g" $CONFIG_FILE
		else
			echo "EnableAuthApp=63" >> $CONFIG_FILE
		fi
	elif [[ $# > 1 ]] && [[ $2 = "screensaver" ]]; then
		if [ "$contain_key_app" = "1" ]; then
                        cur_status_app=`sed '/^EnableAuthApp=/!d;s/.*=//' $CONFIG_FILE`
                        cur_status_app=$[ $cur_status_app | $screensaver ]
                        sed -i "s/^EnableAuthApp=[a-zA-Z0-9]*/EnableAuthApp=$cur_status_app/g" $CONFIG_FILE
                else
                        echo "EnableAuthApp=63" >> $CONFIG_FILE
                fi
	elif [[ $# > 1 ]] && [[ $2 = "sudo" ]]; then
                if [ "$contain_key_app" = "1" ]; then
                        cur_status_app=`sed '/^EnableAuthApp=/!d;s/.*=//' $CONFIG_FILE`
                        cur_status_app=$[ $cur_status_app | $sudo ]
                        sed -i "s/^EnableAuthApp=[a-zA-Z0-9]*/EnableAuthApp=$cur_status_app/g" $CONFIG_FILE
                else
                        echo "EnableAuthApp=63" >> $CONFIG_FILE
                fi
	elif [[ $# > 1 ]] && [[ $2 = "polkit" ]]; then
                if [ "$contain_key_app" = "1" ]; then
                        cur_status_app=`sed '/^EnableAuthApp=/!d;s/.*=//' $CONFIG_FILE`
                        cur_status_app=$[ $cur_status_app | $polkit ]
                        sed -i "s/^EnableAuthApp=[a-zA-Z0-9]*/EnableAuthApp=$cur_status_app/g" $CONFIG_FILE
                else
                        echo "EnableAuthApp=63" >> $CONFIG_FILE
                fi
	elif [[ $# > 1 ]] && [[ $2 = "su" ]]; then
                if [ "$contain_key_app" = "1" ]; then
                        cur_status_app=`sed '/^EnableAuthApp=/!d;s/.*=//' $CONFIG_FILE`
                        cur_status_app=$[ $cur_status_app | $su ]
                        sed -i "s/^EnableAuthApp=[a-zA-Z0-9]*/EnableAuthApp=$cur_status_app/g" $CONFIG_FILE
                else
                        echo "EnableAuthApp=63" >> $CONFIG_FILE
                fi
	elif [[ $# > 1 ]] && [[ $2 = "login" ]]; then
                if [ "$contain_key_app" = "1" ]; then
                        cur_status_app=`sed '/^EnableAuthApp=/!d;s/.*=//' $CONFIG_FILE`
                        cur_status_app=$[ $cur_status_app | $login ]
                        sed -i "s/^EnableAuthApp=[a-zA-Z0-9]*/EnableAuthApp=$cur_status_app/g" $CONFIG_FILE
                else
                        echo "EnableAuthApp=63" >> $CONFIG_FILE
                fi
	elif [ "$contain_key" = "1" ]; then
		sed -i 's/^EnableAuth=[a-zA-Z0-9]*/EnableAuth=true/g' $CONFIG_FILE
	else
		echo "EnableAuth=true" >> $CONFIG_FILE
	fi
elif [ "$1" = "disable" ]; then
	test_privilege
	if   [[ $# > 1 ]] && [[ $2 = "greeter" ]]; then
		if [ "$contain_key_app" = "1" ]; then
			cur_status_app=`sed '/^EnableAuthApp=/!d;s/.*=//' $CONFIG_FILE`
			cur_status_app=$[ $cur_status_app & $[~$greeter] ]
			sed -i "s/^EnableAuthApp=[a-zA-Z0-9]*/EnableAuthApp=$cur_status_app/g" $CONFIG_FILE
		else
			echo "EnableAuthApp=0" >> $CONFIG_FILE
		fi
	elif   [[ $# > 1 ]] && [[ $2 = "screensaver" ]]; then
                if [ "$contain_key_app" = "1" ]; then
                        cur_status_app=`sed '/^EnableAuthApp=/!d;s/.*=//' $CONFIG_FILE`
                        cur_status_app=$[ $cur_status_app & $[ ~$screensaver ]]
                        sed -i "s/^EnableAuthApp=[a-zA-Z0-9]*/EnableAuthApp=$cur_status_app/g" $CONFIG_FILE
                else
                        echo "EnableAuthApp=0" >> $CONFIG_FILE
                fi
	elif   [[ $# > 1 ]] && [[ $2 = "sudo" ]]; then
                if [ "$contain_key_app" = "1" ]; then
                        cur_status_app=`sed '/^EnableAuthApp=/!d;s/.*=//' $CONFIG_FILE`
                        cur_status_app=$[ $cur_status_app & $[ ~$sudo ] ]
                        sed -i "s/^EnableAuthApp=[a-zA-Z0-9]*/EnableAuthApp=$cur_status_app/g" $CONFIG_FILE
                else
                        echo "EnableAuthApp=0" >> $CONFIG_FILE
                fi
	elif   [[ $# > 1 ]] && [[ $2 = "polkit" ]]; then
                if [ "$contain_key_app" = "1" ]; then
                        cur_status_app=`sed '/^EnableAuthApp=/!d;s/.*=//' $CONFIG_FILE`
                        cur_status_app=$[ $cur_status_app & $[~$polkit] ]
                        sed -i "s/^EnableAuthApp=[a-zA-Z0-9]*/EnableAuthApp=$cur_status_app/g" $CONFIG_FILE
                else
                        echo "EnableAuthApp=0" >> $CONFIG_FILE
                fi
	elif   [[ $# > 1 ]] && [[ $2 = "su" ]]; then
                if [ "$contain_key_app" = "1" ]; then
                        cur_status_app=`sed '/^EnableAuthApp=/!d;s/.*=//' $CONFIG_FILE`
                        cur_status_app=$[ $cur_status_app & $[~$su] ]
                        sed -i "s/^EnableAuthApp=[a-zA-Z0-9]*/EnableAuthApp=$cur_status_app/g" $CONFIG_FILE
                else
                        echo "EnableAuthApp=0" >> $CONFIG_FILE
                fi
	elif   [[ $# > 1 ]] && [[ $2 = "login" ]]; then
                if [ "$contain_key_app" = "1" ]; then
                        cur_status_app=`sed '/^EnableAuthApp=/!d;s/.*=//' $CONFIG_FILE`
                        cur_status_app=$[ $cur_status_app & $[~$login] ]
                        sed -i "s/^EnableAuthApp=[a-zA-Z0-9]*/EnableAuthApp=$cur_status_app/g" $CONFIG_FILE
                else
                        echo "EnableAuthApp=0" >> $CONFIG_FILE
                fi
	elif [ "$contain_key" = "1" ]; then
		sed -i 's/^EnableAuth=[a-zA-Z0-9]*/EnableAuth=false/g' $CONFIG_FILE
	else
		echo "EnableAuth=false" >> $CONFIG_FILE
	fi
elif [ "$1" = "status" ]; then
	cur_status=`sed '/^EnableAuth=/!d;s/.*=//' $CONFIG_FILE`
	cur_status_app=`sed '/^EnableAuthApp=/!d;s/.*=//' $CONFIG_FILE`

	if [[ $# > 1 ]] && [[ $2 = "greeter" ]];then
		if [ $[ $[cur_status_app] & $[greeter] ] = $greeter ]; then
			echo "enable"
		else
			echo "disable"
		fi
	elif [[ $# > 1 ]] && [[ $2 = "screensaver" ]];then
		if [ $[$cur_status_app & $screensaver] = $screensaver ]; then
                        echo "enable"
                else
                        echo "disable"
                fi
	elif [[ $# > 1 ]] && [[ $2 = "sudo" ]];then
                if [ $[$cur_status_app & $sudo] = $sudo ]; then
                        echo "enable"
                else
                        echo "disable"
                fi
	elif [[ $# > 1 ]] && [[ $2 = "polkit" ]];then
                if [ $[$cur_status_app & $polkit] = $polkit ]; then
                        echo "enable"
                else
                        echo "disable"
                fi
	elif [[ $# > 1 ]] && [[ $2 = "su" ]];then
                if [ $[$cur_status_app & $su] = $su ]; then
                        echo "enable"
                else
                        echo "disable"
                fi
	elif [[ $# > 1 ]] && [[ $2 = "login" ]];then
                if [ $[$cur_status_app & $login] = $login ]; then
                        echo "enable"
                else
                        echo "disable"
                fi
	elif [ "$cur_status" = "true" ]; then
		echo "enable"
	else
        	echo "disable"
	fi
else
	echo "Usage: bioctl status|enable|disable"
fi

exit 0
