#!/bin/sh
###########################################################################
#
# Copyright (c) 2021-2025 Diality Inc. - All Rights Reserved.
#
# THIS CODE MAY NOT BE COPIED OR REPRODUCED IN ANY FORM, IN PART OR IN
# WHOLE, WITHOUT THE EXPLICIT PERMISSION OF THE COPYRIGHT OWNER.
#
# @file    rootsshaccess.sh
#
# @author  (last)      Nico Ramirez
# @date    (last)      4-Nov-2025
# @author  (original)  Nico Ramirez
# @date    (original)  4-Nov-2025
#
############################################################################


# Description
#    Sets SSH Access and Root Login and return current configuration
# Parameters
#   Configuration for SSH Access and Root Login
# Retruns
#   Set configuration

# sources
. ./_errors_
. ./_functions_

# variables
SSHD_CONFIG="/etc/default/dropbear"
SSH_SERVICE="system-dropbear.slice"

PARAM_COUNT=1

_enable=1
_disable=0

# functions
function sshd_set() {
    if [[ $_enable == $1 ]]; then
        sudo systemctl start $SSH_SERVICE
    else
        # stop the ssh service
        sudo systemctl stop $SSH_SERVICE
    fi
    check_result "$?" "$ERR_CMDFAIL_SSH_SERVICE"
}

function sshd_get() {
    if sudo systemctl is-active --quiet "$SSH_SERVICE"; then
      echo $_enable
    else
      echo $_disable
    fi
    check_result "$?" "$ERR_CMDFAIL_SSH_STATUS"
}

function root_set() {
    if [[ $_enable == $1 ]]; then
        # Remove -w from DROPBEAR_EXTRA_ARGS if present
        sudo sed -i 's/-w//g' $SSHD_CONFIG
        check_result "$?" "$ERR_CMDFAIL_ROOT_LOGIN_ENABLED"
    else
          # Add -w if not already present
        if ! grep -q '\-w' $SSHD_CONFIG; then
            # Append to DROPBEAR_EXTRA_ARGS
            sudo sed -i '/^DROPBEAR_EXTRA_ARGS=/ s/"$/ -w"/' $SSHD_CONFIG
        fi
        check_result "$?" "$ERR_CMDFAIL_ROOT_LOGIN_DISABLED"
    fi
}

function root_get() {
    # Dropbear disables root login if the -w flag is present in DROPBEAR_EXTRA_ARGS.
    if grep -q '\-w' $SSHD_CONFIG; then
        echo $_disable
    else
        echo $_enable
    fi
    check_result "$?" "$ERR_CMDFAIL_ROOT_LOGIN_STATUS"
}

function handleCommand() {
    local state=$1
                            # sshd and root
    local sshd_disable=0    #   0       0
    local sshd_enable=1     #   1       0
    local root_enable=2     #   1       1

    case $1 in
        $sshd_disable)
            sshd_set  $_disable
            root_set  $_disable
        ;;
        $sshd_enable)
            sshd_set  $_enable
            root_set  $_disable
        ;;
        $root_enable)
            sshd_set  $_enable
            root_set  $_enable
        ;;
    esac
}

function toCheckState() {
    local sshd=$(sshd_get)
    local root=$(root_get)

    case $sshd in
        $_disable)
            echo 0
        ;;
        $_enable)
         echo $(( $sshd + $root ))
        ;;
    esac
}

# checks
check_param_count "$#" "$PARAM_COUNT"

# main 
case "$#" in
    0)
        echo $(toCheckState)
    ;;
    1)
        handleCommand $1
        echo $(toCheckState)
    ;;
esac

# exit gracefully
echo ""
exit 0