#!/usr/bin/env bash
# vi:syntax=sh

set -eo pipefail

progname=$(basename "$0")

sub_help(){
    echo "Usage: $progname <subcommand> [options]\n"
    echo "Subcommands:"
    echo "    init   <username>|any"
    echo "    disable"
    echo ""
    echo "For help with each subcommand run:"
    echo "$progname <subcommand> -h|--help"
    echo ""
}

subcommand=$1
KCARE_PROFILE='/etc/profile.d/kernelcare.sh'
KCARE_SUDOERS='/etc/sudoers.d/kernelcare'


function clean_env_file(){
    [ -f "$1" ] && sed -i '/kpatch_package/d' "$1" || :
}

function patch_env_file(){
    clean_env_file "$1"
    echo "$2${KCARE_PACKAGE_ENV}" >> "$1"
}

sub_disable(){
  rm -f ${KCARE_PROFILE}
  rm -f ${KCARE_SUDOERS}

  sed -i '/^SCANNER_USER=/d' /etc/sysconfig/kcare/kcare.conf

  clean_env_file /etc/sysconfig/qualys-cloud-agent
  clean_env_file /etc/default/qualys-cloud-agent
}

sub_init(){

    KCARE_SCANNER_USER=$1
    KCARE_PACKAGE_ENV='LD_PRELOAD=/usr/libexec/kcare/kpatch_package.so'

    if [ "$KCARE_SCANNER_USER" == 'any' ] && ! id "$KCARE_SCANNER_USER" >/dev/null 2>&1; then
        echo Setuping scanner for all users
        KCARE_SCANNER_USER='*'
    elif id "${KCARE_SCANNER_USER}" >/dev/null 2>&1; then
        echo Setuping scanner for "${KCARE_SCANNER_USER}"
    else
        echo "User $KCARE_SCANNER_USER does not exist"
        exit 2
    fi

    sed -i '/^SCANNER_USER=/d' /etc/sysconfig/kcare/kcare.conf
    echo "SCANNER_USER=$KCARE_SCANNER_USER" >> /etc/sysconfig/kcare/kcare.conf
    echo "${KCARE_PACKAGE_ENV}" > /usr/libexec/kcare/env

    # Patch environment of the agent
    patch_env_file "/etc/sysconfig/qualys-cloud-agent" 'export '
    patch_env_file "/etc/default/qualys-cloud-agent" ''

    # Setup scanner interface for one user defined in $KCARE_SCANNER_USER
    cat > ${KCARE_PROFILE} << PROFILECONTENT
CURRENT_USER=\$(logname)
if [[ "\${CURRENT_USER}" == ${KCARE_SCANNER_USER} ]]; then
    export ${KCARE_PACKAGE_ENV}
fi
PROFILECONTENT

    # Patch environment for sudoers
    echo "Defaults:$KCARE_SCANNER_USER env_file=/usr/libexec/kcare/env" > /tmp/kernelcare.sudoers
    visudo -cf /tmp/kernelcare.sudoers > /dev/null && cp /tmp/kernelcare.sudoers ${KCARE_SUDOERS} && chmod 0440 ${KCARE_SUDOERS}
}

case $subcommand in
    "" | "-h" | "--help")
        sub_help
        ;;
    *)
        shift
        sub_${subcommand} $@
        if [ $? = 127 ]; then
            echo "Error: '$subcommand' is not a known subcommand." >&2
            echo "       Run '$progname --help' for a list of known subcommands." >&2
            exit 1
        fi
        ;;
esac

echo "Done."
