#!/usr/bin/perl -w
# This module sets policykit permssions
# Copyright (C) 2008, 2009, 2013 SUSE Linux Products GmbH, Nuernberg, Germany.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
#
# Author: Ludwig Nussel  <lnussel@suse.de> 2008
#

use strict;
use File::Path;

my $file = '/etc/polkit-1/rules.d/90-default-privs.rules';

my $do_set;
# privilege => value
my %to_set;

if($#ARGV != -1 && $ARGV[0] eq '--help' ) {
	print "USAGE: $0 [-set] <files...>\n";
	exit 0;
}

if($#ARGV != -1 && $ARGV[0] eq '-set') {
	$do_set = 1;
	shift @ARGV;
}

if($#ARGV == -1) {
	print STDERR "specify files\n";
	exit 1;
}

# make sure files create with proper permissions
umask 0022;

while(<>) {
	chomp;
	next unless $_;
	next if(/^#/);
	my ($privilege, $perms) = split(/\s+/);
	if($perms !~ /:/) {
		$perms = $perms.':'.$perms.':'.$perms;
	}
	# convert PolicyKit syntax
	my @p = map { s/^(auth_(?:admin|self)_keep).+$/$1/; s/_one_shot//; $_ } split(/:/, $perms);
	for (@p) {
		unless (/^(?:auth_(?:admin|self)(?:_keep)?|yes|no)$/) {
			warn "invalid value $_ in line $.\n";
			next;
		}
	}
	$to_set{$privilege} = [ @p ];
}


my $rules = '';
foreach my $privilege (sort keys %to_set) {
	my $perms = $to_set{$privilege};
	my @p = @$perms;
	$rules .= sprintf("\t\t'%s':\n\t\t\t[ '%s', '%s', '%s' ],\n", $privilege, $p[0], $p[1], $p[2]);
}

exit(0) unless $do_set;

open(F, '>', $file.'.new') or die "can't open $file.new: $!\n";
while(<DATA>) {
	if (/INSERT_RULES_HERE/) {
		$_ = $rules;
	}
	print F;
}
close F;

rename($file.'.new', $file) or die "can't rename $file.new: $!\n";

__END__
/*******************************************\
*              DO NOT EDIT                  *
* This file was automatically generated.    *
* To add custom rules edit                  *
*    /etc/polkit-default-privs.local        *
* instead.                                  *
* Also see 'man set_polkit_default_privs'   *
\*******************************************/

polkit.addRule(function(action, subject) {
	// set to true for debugging
	var debug = false;
        rules = { 
                "INSERT_RULES_HERE" : [ "auth_admin", "auth_admin", "auth_admin" ],
        };
        var i = 0;
        if (subject.local) {
                if (subject.active) {
                        i = 2;
                } else {
                        i = 1;
                }
        }
	if (debug)
		polkit.log("subject=" + subject);

        if (rules[action.id]) {
		if (debug)
			polkit.log(action.id + " => " + rules[action.id][i]);
                return rules[action.id][i];
        } else {
		if (debug)
			polkit.log(action.id + " => no override found");
	}
});

// vim: syntax=javascript
