#!/bin/sh
###########################################################################
#
# Copyright (c) 2021-2025 Diality Inc. - All Rights Reserved.
#
# THIS CODE MAY NOT BE COPIED OR REPRODUCED IN ANY FORM, IN PART OR IN
# WHOLE, WITHOUT THE EXPLICIT PERMISSION OF THE COPYRIGHT OWNER.
#
# @file    rootsshaccess.sh
#
# @author  (last)      Nico Ramirez
# @date    (last)      4-Nov-2025
# @author  (original)  Nico Ramirez
# @date    (original)  4-Nov-2025
#
############################################################################

SSHD_CONFIG="/etc/default/dropbear"
SSH_SERVICE="system-dropbear.slice"

ERR_EXECUTION=201

_enable=1
_disable=0

#TODO   Move to globals.sh
function check_num() {
  if [[ $1 != 0 ]]; then
    # echo "execution failed $1"
    exit $ERR_EXECUTION
  fi
}

function sshd_set() {
    if [[ $_enable == $1 ]]; then
        sudo systemctl start $SSH_SERVICE
        check_num $? ", started"
    else
        # stop the ssh service
        sudo systemctl stop $SSH_SERVICE
        check_num $? ", stopped"
    fi
}

function sshd_get() {
    if sudo systemctl is-active --quiet "$SSH_SERVICE"; then
      echo $_enable
    else
      echo $_disable
    fi
}

function root_set() {
    if [[ $_enable == $1 ]]; then
        # Remove -w from DROPBEAR_EXTRA_ARGS if present
        sudo sed -i 's/-w//g' $SSHD_CONFIG
        check_num $? " enabled"
    else
          # Add -w if not already present
        if ! grep -q '\-w' $SSHD_CONFIG; then
            # Append to DROPBEAR_EXTRA_ARGS
            sudo sed -i '/^DROPBEAR_EXTRA_ARGS=/ s/"$/ -w"/' $SSHD_CONFIG
        fi
        check_num $? " disabled"
    fi
}

function root_get() {
    # Dropbear disables root login if the -w flag is present in DROPBEAR_EXTRA_ARGS.
    if grep -q '\-w' $SSHD_CONFIG; then
        echo $_disable
    else
        echo $_enable
    fi
}

function handleCommand() {
    local state=$1
                            # sshd and root
    local sshd_disable=0    #   0       0
    local sshd_enable=1     #   1       0
    local root_enable=2     #   1       1

    case $1 in
        $sshd_disable)
            sshd_set  $_disable
            root_set  $_disable
        ;;
        $sshd_enable)
            sshd_set  $_enable
            root_set  $_disable
        ;;
        $root_enable)
            sshd_set  $_enable
            root_set  $_enable
        ;;
    esac
}

function toCheckState() {
    local sshd=$(sshd_get)
    local root=$(root_get)

    case $sshd in
        $_disable)
            echo 0
        ;;
        $_enable)
         echo $(( $sshd + $root ))
        ;;
    esac
}

case "$#" in
    0)
        echo $(toCheckState)
    ;;
    1)
        handleCommand $1
        echo $(toCheckState)
    ;;
esac

echo ""
exit 0