#!/bin/bash
# Filename:      grml-lock
# Purpose:       lock console
# Authors:       grml-team (grml.org), (c) Michael Prokop <mika@grml.org>
# Bug-Reports:   see http://grml.org/bugs/
# License:       This file is licensed under the GPL v2.
################################################################################

PN="$(basename $0)"

[ -n "$USER" ] || USER=grml

if [ "$1" = "-h" ] || [ "$1" = "--help" ] ; then
  echo "${PN}: wrapper script to lock desktop

This script is a wrapper to lock your desktop session
through the physlock application.

Usage: just execute $PN without any further options."
  exit 0
fi

if [ -r /etc/grml/script-functions ] ; then
   . /etc/grml/script-functions
   check4progs physlock sudo chpasswd dialog || { echo "Sorry, necessary tools missing - can not continue. Exiting.">&2 ; exit 1 ; }
fi

PWD_TEXT1="Set password (hidden typing):"
PWD_TEXT2="Retype new password:"

# by default use console frontend
DIALOG='dialog'
PWD_CMD="dialog --stdout --title $PN --passwordbox"

# only if using X and gdialog + zenity are available use graphical frontend
if [ -n "$DISPLAY" ] && [ -x "$(which gdialog)" ] && [ -x "$(which zenity)" ] ; then
  DIALOG='gdialog'
  PWD_CMD="zenity --title $PN --entry --hide-text"
fi

if ! [ -r /etc/grml_version ] ; then
  $DIALOG --title "$PN" --msgbox "Warning: this system does not look like a Grml (based) system
and therefore might not work as intended." 7 70
fi

lock_desktop() {
  # be backwards compatible, see https://github.com/grml/grml/issues/87
  if physlock --help 2>&1 | grep -q -- '-u user' ; then
    sudo physlock -u "$USER"
  else
    sudo physlock
  fi
}

is_passwd_set() {
  if sudo grep -q "$USER:\*:" /etc/shadow ; then
    return 1
  else
    return 0
  fi
}

set_passwd() {
  if [ "$DIALOG" = "gdialog" ] ; then
    PASSWD1="$($PWD_CMD --text="$PWD_TEXT1")"
    PASSWD2="$($PWD_CMD --text="$PWD_TEXT2")"
  else
    PASSWD1="$($PWD_CMD "$PWD_TEXT1" 0 0)"
    PASSWD2="$($PWD_CMD "$PWD_TEXT2" 0 0)"
  fi

  if [ -z "$PASSWD1" ] ; then
    $DIALOG --title "$PN" --msgbox "Error retrieving password. Exiting." 0 0
    exit 1
  fi
  if [ "$PASSWD1" = "$PASSWD2" ] ; then
    echo "$USER:$PASSWD2" | sudo chpasswd
  else
    $DIALOG --title "$PN" --msgbox "Error: passwords do not match. Exiting." 0 0
    exit 1
  fi
}

askpwd() {
  if [ "$DIALOG" = "gdialog" ] ; then
    zenity --title="$PN" --question --cancel-label='Exit' --ok-label='Set password' --text="User $USER has no password set yet. Without a password you will not be able to log in again. Set password for user $USER?"
    RC=$?
  else
    $DIALOG --title "$PN" --no-label Exit --yes-label Continue --yesno "User $USER has no password set yet. Without a password you will not be able to log in again. Set password for user $USER?" 0 0
    RC=$?
  fi

  if [ "$RC" = "0" ] ; then
    set_passwd
  else
    exit 1
  fi
}

if ! isgrmlcd ; then
  lock_desktop
else
  is_passwd_set || askpwd
  [ "$?" = "0" ] && lock_desktop || exit 1
fi

## END OF FILE #################################################################
