#!/bin/bash

PATH=/usr/local/bin:/usr/local/sbin:/opt/local/bin:/usr/bin:/usr/sbin:/bin:/sbin
_NOW=`date +%y%m%d-%H%M`

# Remove dangerous stuff from the string.
sanitize_string () {
  echo "$1" | sed 's/[\\\/\^\?\>\`\#\"\{\(\$\@\&\|\*]//g; s/\(['"'"'\]\)//g'
}

check_generate () {
  rm -f $_L_SYS
  if [ -e "$_L_SYS" ] ; then
    _ESC_APASS=`cat $_L_SYS`
  else
    echo "INFO: Expected file $_L_SYS does not exist"
    if [ "$_STRONG_PASSWORDS" = "YES" ] ; then
      echo "INFO: We will generate new random secure strong password"
      _ESC_APASS=$(randpass 32 esc)
      _ESC_APASS=`echo -n $_ESC_APASS | tr -d "\n"`
      _ENC_APASS=$(python -c "import urllib; print urllib.quote('''$_ESC_APASS''')")
      echo "$_ESC_APASS" > $_L_SYS
    else
       echo "INFO: We will generate new random password using pwgen tool"
      _ESC_APASS=`pwgen -v -s -1`
      _ESC_APASS=`echo -n $_ESC_APASS | tr -d "\n"`
      _ESC_APASS=`sanitize_string "$_ESC_APASS"`
      _ENC_APASS="$_ESC_APASS"
      echo "$_ESC_APASS" > $_L_SYS
      chmod 0600 $_L_SYS
    fi
  fi
  _LEN_APASS=$(echo ${#_ESC_APASS})
  if [ -z "$_ESC_APASS" ] || [ $_LEN_APASS -lt 19 ] ; then
     echo "WARN: The random password=$_ESC_APASS does not look good"
     echo "INFO: We will generate new random password using pwgen tool"
    _ESC_APASS=`pwgen -v -s -1`
    _ESC_APASS=`echo -n $_ESC_APASS | tr -d "\n"`
    _ESC_APASS=`sanitize_string "$_ESC_APASS"`
    _ENC_APASS="$_ESC_APASS"
    echo "$_ESC_APASS" > $_L_SYS
    chmod 0600 $_L_SYS
  fi
}

do_syncpass () {
  if [ ! -z "$uname" ] ; then
    if [ "$uname" = "aegir" ] && [ -e "/var/aegir/backups" ] ; then
      _L_SYS="/var/aegir/backups/system/.aegir_root.pass.txt"
      cp /var/aegir/.drush/server_localhost.alias.drushrc.php /var/backups/server_localhost.alias.drushrc.php.$uname-bak-$_NOW &> /dev/null
      cp /var/aegir/.drush/server_master.alias.drushrc.php /var/backups/server_master.alias.drushrc.php.$uname-bak-$_NOW &> /dev/null
      check_generate
      chown $uname:$uname $_L_SYS &> /dev/null
      if [ ! -z "$_ESC_APASS" ] && [ ! -z "$_ENC_APASS" ] ; then
        mysqladmin flush-hosts &> /dev/null
        su -s /bin/bash - $uname -c "drush @hostmaster sqlq \"UPDATE hosting_db_server SET db_passwd='$_ESC_APASS' WHERE db_user='aegir_root'\" &> /dev/null"
        mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('$_ESC_APASS') WHERE User='$uname';" &> /dev/null
        sed -i "s/mysql:\/\/aegir_root:.*/mysql:\/\/aegir_root:$_ENC_APASS@localhost',/g" /var/aegir/.drush/server_localhost.alias.drushrc.php &> /dev/null
        sed -i "s/mysql:\/\/aegir_root:.*/mysql:\/\/aegir_root:$_ENC_APASS@localhost',/g" /var/aegir/.drush/server_master.alias.drushrc.php &> /dev/null
        mysqladmin flush-privileges &> /dev/null
      else
        echo "ERROR: Auto-generated password for $uname system user did not work as expected, please try again."
        exit 1
      fi
      echo "INFO: Fixed Aegir Master Instance system user=aegir_root"
      echo "INFO: New system password=$_ESC_APASS encoded=$_ENC_APASS"
      echo "BYE!"
    else
      if [ -e "/data/disk/$uname" ] ; then
        _L_SYS="/data/disk/$uname/.$uname.pass.txt"
        cp /data/disk/$uname/.drush/server_localhost.alias.drushrc.php /var/backups/server_localhost.alias.drushrc.php.$uname-bak-$_NOW &> /dev/null
        cp /data/disk/$uname/.drush/server_master.alias.drushrc.php /var/backups/server_master.alias.drushrc.php.$uname-bak-$_NOW &> /dev/null
        check_generate
        chown $uname:users $_L_SYS &> /dev/null
        if [ ! -z "$_ESC_APASS" ] && [ ! -z "$_ENC_APASS" ] ; then
          mysqladmin flush-hosts &> /dev/null
          su -s /bin/bash - $uname -c "drush @hostmaster sqlq \"UPDATE hosting_db_server SET db_passwd='$_ESC_APASS' WHERE db_user='$uname'\" &> /dev/null"
          mysql -u root -e "UPDATE mysql.user SET Password=PASSWORD('$_ESC_APASS') WHERE User='$uname';" &> /dev/null
          sed -i "s/mysql:\/\/$uname:.*/mysql:\/\/$uname:$_ENC_APASS@localhost',/g" /data/disk/$uname/.drush/server_localhost.alias.drushrc.php &> /dev/null
          sed -i "s/mysql:\/\/$uname:.*/mysql:\/\/$uname:$_ENC_APASS@localhost',/g" /data/disk/$uname/.drush/server_master.alias.drushrc.php &> /dev/null
          mysqladmin flush-privileges &> /dev/null
        else
          echo "ERROR: Auto-generated password for $uname system user did not work as expected, please try again."
          exit 1
        fi
        echo "INFO: Fixed Aegir Satellite Instance system user=$uname"
        echo "INFO: New system password=$_ESC_APASS encoded=$_ENC_APASS"
        echo "BYE!"
      else
        echo "ERROR: You must specify the existing Aegir instance username to fix"
        exit 1
      fi
    fi
    exit 0
  else
    echo "ERROR: You must specify the existing Aegir instance username to fix"
    exit 1
  fi
}

check_root ()
{
  if [ `whoami` = "root" ] ; then
    chmod a+w /dev/null
    if [ ! -e "/dev/fd" ] ; then
      if [ -e "/proc/self/fd" ] ; then
        rm -rf /dev/fd
        ln -s /proc/self/fd /dev/fd
      fi
    fi
    sed -i "s/.*173.231.133.190.*//g" /etc/hosts
    sed -i "s/^127.0.0.1.*/127.0.0.1 localhost/g" /etc/hosts
    sed -i "/^$/d" /etc/hosts
  else
    echo "ERROR: This script should be ran as a root user - please `sudo -i` first"
    exit 1
  fi
}

check_root
if [ -e "/root/.barracuda.cnf" ] ; then
  source /root/.barracuda.cnf
fi

case "$1" in
  fix) uname="$2"
       do_syncpass
  ;;
  *)   echo "Usage: syncpass fix {aegir|o1}"
       exit 1
  ;;
esac

