#!/bin/bash
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-02-13; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-ExternalRef: GIT https://cendev.eu/marc.weidner/CISS.2025.debian.installer.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; <cendev@coresecret.eu>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.2025.hardened.installer framework.
# SPDX-PackageName: CISS.2025.hardened.installer
# SPDX-Security-Contact: security@coresecret.eu

###########################################################################################
# 3.8.3. Functions - installation - setup accounts                                        #
###########################################################################################

###########################################################################################
# Updating user accounts
# Globals:
#   MODULE_ERR
#   MODULE_TXT
#   TARGET
#   accounts_root_login
#   accounts_root_password_crypted
#   accounts_root_ssh_pub_key
#   accounts_user_login
#   accounts_user_name
#   accounts_user_password_crypted
#   accounts_user_ssh_pub_key
# Arguments:
#   None
###########################################################################################
3_8_3_functions_installation_setup_accounts() {
  declare -g -x MODULE_ERR="3_8_3_functions_installation_setup_accounts"
  declare -g -x MODULE_TXT="Setup user account"
  do_show_header "${MODULE_TXT}"

  if [[ ${accounts_root_login,,} == "true" ]]; then

    do_in_target "${TARGET}" /bin/bash -c "echo 'root:${accounts_root_password_crypted}' | chpasswd -e"
    do_log "info" "false" "Account 'root' password inserted."

    if [[ ! -d ${TARGET}/root/.ssh ]]; then

      mkdir "${TARGET}"/root/.ssh
      chown root:root "${TARGET}"/root/.ssh
      chmod 0700 "${TARGET}"/root/.ssh

    else

      chown root:root "${TARGET}"/root/.ssh
      chmod 0700 "${TARGET}"/root/.ssh

    fi

    if [[ ! -f ${TARGET}/root/.ssh/authorized_keys ]]; then

      touch "${TARGET}"/root/.ssh/authorized_keys
      chown root:root "${TARGET}"/root/.ssh/authorized_keys
      chmod 0600 "${TARGET}"/root/.ssh/authorized_keys
      printf "%s\n" "$accounts_root_ssh_pub_key" >> "${TARGET}"/root/.ssh/authorized_keys
      do_log "info" "false" "Account 'root' SSH public key '/root/.ssh/authorized_keys' inserted."

    else

      chown root:root "${TARGET}"/root/.ssh/authorized_keys
      chmod 0600 "${TARGET}"/root/.ssh/authorized_keys
      printf "%s\n" "$accounts_root_ssh_pub_key" >> "${TARGET}"/root/.ssh/authorized_keys
      do_log "info" "false" "Account 'root' SSH public key '/root/.ssh/authorized_keys' inserted."

    fi


  elif [[ ${accounts_root_login,,} == "false" ]]; then

    do_log "info" "false" "Skipped creation of 'root' password."

  else

    do_log "error" "true" "Invalid value for 'accounts_root_login': '${accounts_root_login}'. Expected value: 'true' or 'false'."

  fi

  if [[ ${accounts_user_login,,} == "true" ]]; then

    echo "${accounts_user_name}:${accounts_user_password_crypted}" | chpasswd -e
    do_log "info" "false" "Account '${accounts_user_name}' password inserted."

    if [[ ! -d ${TARGET}/home/${accounts_user_name}/.ssh ]]; then

      mkdir "${TARGET}"/home/"${accounts_user_name}"/.ssh
      chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh
      chmod 0700 "${TARGET}"/home/"${accounts_user_name}"/.ssh

    else

      chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh
      chmod 0700 "${TARGET}"/home/"${accounts_user_name}"/.ssh

    fi

    if [[ ! -f ${TARGET}/home/${accounts_user_name}/.ssh/authorized_keys ]]; then

      touch "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
      chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
      chmod 0600 "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
      printf "%s\n" "$accounts_user_ssh_pub_key" >> "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
      do_log "info" "false" "Account '${accounts_user_name}' SSH public key '${TARGET}/home/${accounts_user_name}/.ssh/authorized_keys' inserted."

    else

      chown "${accounts_user_name}":"${accounts_user_name}" "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
      chmod 0600 "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
      printf "%s\n" "$accounts_user_ssh_pub_key" >> "${TARGET}"/home/"${accounts_user_name}"/.ssh/authorized_keys
      do_log "info" "false" "Account '${accounts_user_name}' SSH public key '${TARGET}/home/${accounts_user_name}/.ssh/authorized_keys' inserted."

    fi

  elif [[ ${accounts_user_login,,} == "false" ]]; then

    do_log "info" "false" "Skipped creation of account '${accounts_user_name}'."

  else

    do_log "error" "true" "Invalid value for 'accounts_user_login': '${accounts_user_login}'. Expected 'true' or 'false'."

  fi

  do_show_footer "${MODULE_TXT}"
}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh: