#!/bin/sh

set_authorized_keys(){
  # Add authorized_keys for a user.
  # $1 = username
  # $2 = newline-separated string of authorized keys
  _sak_homedir=$(eval echo "~${1}")
  _sak_group=$(getent passwd "$1" | awk -F: '{ print $4}')

  # Create authorized keys file and set permissions.
  install_directory -o "$1" -g "$_sak_group" -m 0700 "${_sak_homedir}/.ssh"
  [ -f "${_sak_homedir}/.ssh/authorized_keys" ] || touch "${_sak_homedir}/.ssh/authorized_keys"
  chown "$1" "${_sak_homedir}/.ssh/authorized_keys"
  chgrp "$_sak_group" "${_sak_homedir}/.ssh/authorized_keys"
  chmod 600 "${_sak_homedir}/.ssh/authorized_keys"

  printf '%s\n' "${2}" > "${_sak_homedir}/.ssh/authorized_keys"
  log "added authorized_keys for ${1}:"$'\n'"$2"
}

set_password(){
  # Set password for a local user.
  # $1 = username
  # $2 = password
  printf '%s\n%s\n' "$2" "$2" | passwd "$1" > /dev/null
}

add_user(){
  # Add a local user if it doesn't exist.
  # options: mostly same as `pw useradd`
  # $1 = username
  _bcalu_homedir_mode=700
  _bcalu_create_homedir=
  _bcalu_homedir=
  _bcalu_comment=
  _bcalu_shell=/sbin/nologin
  _bcalu_pgroup=
  _bcalu_grouplist=
  _bcalu_uid=
  _bcalu_password=

  while getopts c:d:G:g:mM:p:s:u: _bcalu_opt; do
    case $_bcalu_opt in
      c) _bcalu_comment=$OPTARG ;;
      d) _bcalu_homedir=$OPTARG ;;
      G) _bcalu_grouplist=$OPTARG ;;
      g) _bcalu_pgroup=$OPTARG ;;
      M) _bcalu_homedir_mode=$OPTARG ;;
      m) _bcalu_create_homedir=true ;;
      p) _bcalu_password=$OPTARG ;;
      s) _bcalu_shell=$OPTARG ;;
      u) _bcalu_uid=$OPTARG ;;
    esac
  done
  shift $((OPTIND - 1))

  _bcalu_username=$1
  : ${_bcalu_homedir:="/home/${_bcalu_username}"}
  : ${_bcalu_comment:="${_bcalu_username} user"}

  case $BOXCONF_OS in
    freebsd)
      if pw usershow "$_bcalu_username" > /dev/null 2>&1; then
        log "local user ${_bcalu_username} already exists"
        return 0
      fi

      pw useradd \
        -n "$_bcalu_username" \
        -c "$_bcalu_comment" \
        -s "$_bcalu_shell" \
        -M "$_bcalu_homedir_mode" \
        -d "$_bcalu_homedir" \
        ${_bcalu_create_homedir:+-m} \
        ${_bcalu_grouplist:+-G ${_bcalu_grouplist}} \
        ${_bcalu_pgroup:+-g ${_bcalu_pgroup}} \
        ${_bcalu_uid:+-u ${_bcalu_uid}}

        log "added local user ${_bcalu_username}"
      ;;
    *)
      die "add_local_user unimplemented for ${BOXCONF_OS}"
      ;;
  esac

  if [ -n "${_bcalu_password}" ]; then
    set_password "$_bcalu_user" "$_bcalu_password"
  fi
}