#
#   Copyright (C) 2022, 2023 SUSE LLC
#
#   This program is free software; you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation; either version 2 of the License, or
#   (at your option) any later version.
#
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program; if not, write to the Free Software
#   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
#   Written by Olaf Kirch <okir@suse.com>


##################################################################
# Obtain the recovery password; either from the user or
# from one of the environment variables set by fde.sh
##################################################################
function fde_request_recovery_password {

    declare -g __fde_cached_recovery_password
    declare -g result_password

    # If the caller specified the --password option, use that as the
    # recovery password
    if [ -n "$opt_password" ]; then
	result_password="$opt_password"
	return 0
    fi

    # Ask for the recovery password just once
    if [ -n "$__fde_cached_recovery_password" ]; then
	result_password="$__fde_cached_recovery_password"
	return 0
    fi

    request_password "Please enter LUKS recovery password"
    if [ -z "$result_password" ]; then
	return 1
    fi

    __fde_cached_recovery_password="$result_password"
    return 0
}

##################################################################
# Obtain the recovery password and copy it to a file
##################################################################
function fde_request_recovery_passfile {

    outfile=$1

    if [ -n "$opt_passfile" -a -f "$opt_passfile" ]; then
	cp "$opt_passfile" "$outfile"
    else
	if ! fde_request_recovery_password; then
	    return 1
	fi
	echo -n "${result_password}" > "$outfile"
    fi
}

function fde_set_variable {

    sysconfig_set_variable /etc/sysconfig/fde-tools "$@"
}

##################################################################
# Helper functions for temp file/dir creation
##################################################################
function fde_make_tempdir {

    declare -g FDE_TEMP_DIR

    if [ -z "$FDE_TEMP_DIR" ]; then
	FDE_TEMP_DIR=$(mktemp -d -p /dev/shm fde.XXXXXX)
    fi
}

function fde_clean_tempdir {

    declare -g FDE_TEMP_DIR

    if [ -n "$FDE_TEMP_DIR" ]; then
	rm -rf $FDE_TEMP_DIR
	unset FDE_TEMP_DIR
    fi
}

function fde_make_tempfile {

    test -n "$FDE_TEMP_DIR" || return 1
    echo "$FDE_TEMP_DIR/$1"
}

# Create the tempdir the first time this script gets sourced.
# So whoever sources this file needs to call fde_clean_tempdir at exit.
# Sorry :-)
if [ -z "$FDE_TEMP_DIR" ]; then
    fde_make_tempdir
fi

##################################################################
# Print a tracing message to stderr
##################################################################
function fde_trace {

    echo "$*" >&2
}

##################################################################
# Change a shell variable in files like /etc/sysconfig/* and
# /etc/default/grub
##################################################################
function sysconfig_set_variable {

    cfg_file="$1"
    var_name="$2"
    value="$3"

    if ! grep -qs "^[# ]*${var_name}=" $cfg_file; then
	echo "${var_name}=\"${value}\"" >> $cfg_file
    else
	sed -i "s|^[# ]*${var_name}=.*|${var_name}=\"$value\"|" $cfg_file
    fi

    # Also make the variable visible to subsequent commands
    declare -g $var_name="$value"
}

##################################################################
# Create a random password; 16 hex digits, spaced in groups of 4
##################################################################
function fde_random_password {

    dd if=/dev/urandom bs=1 count=16 status=none | sha1sum | cut -c 1-16 |
		sed 's:\(....\)\(....\)\(....\)\(....\):\1-\2-\3-\4:'
}
