#!/bin/bash
#
# Author: Georg Voell - georg.voell@standby.cloud
# Version: @(#)check-sudo 3.2.0 11.09.2024 (c)2024 Standby.cloud
# Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
#
# This script can be used free of charge. Use it as is or customize as needed. It is not guaranteed to be
# error free and you will not be reimbursed for any damage it may cause.
#
#@  Check if sudo is available and user is allowed to invoke it.
#@  If password is needed, ask for it before doing 'sudo' and check if it is valid.
#@  Returns exitcode 0 if user can do sudo - otherwise exitcode will be > 0.
#@
#@Usage: check-sudo [options] [key]
#@  Options:
#@    -h, --help          : Displays helptext.
#@    -v, --version       : Displays the version of the script.
#@    -c, --cloud <string>: Cloud: <string> can be e.g. "ORACLE-OPC" or "ORACLE-OCI".
#
# Exit codes:
#  01: **sudo** was not successful.
#  02: **sudo** not found. Not in PATH or not installed.
#  03: **sudo** does not work in cloud shell.
#  99: User interrupt.
#
# See also:
#  **install-scripts**(1)
#
# Update history:
#
# V 1.0.0 08.01.2017 New version
# V 3.0.0 04.05.2020 Rename script from 'askforsudo' to 'check-sudo'
# V 3.0.1 30.05.2020 If user can do 'sudo' without a password - don't check any further
# V 3.0.2 11.06.2020 Using library
# V 3.1.0 05.06.2023 New copyright
# V 3.2.0 11.09.2024 New minor version
#

# Find executable bash library and source it
lib=`which lib.bash 2>/dev/null | sed 's|^no 'lib.bash' in .*||'`
if [ "$lib" != "" ]; then
	source "$lib"
else
	progdir=`dirname "$0"`
	if [ -r "${progdir}/lib.bash" ]; then
		source "${progdir}/lib.bash"
	else
		echo "Unexpected error: Unable to locate bash library 'lib.bash'."
		exit 1
	fi
fi

# Preset
param=""
cloud=""

# Check parameters: Loop until all parameters are used up
while [ $# -gt 0 ]; do
	pname=${1}
	case "$pname" in
		-c | --cloud)
			shift
			if [ "$1" != "" ]; then
				cloud=`echo "$1" | toupper`
				shift
			else
				errstr="Please specify a cloud_id (e.g. 'ORACLE-OPC' or 'ORACLE-OCI') after parameter '$pname'."
			fi
			;;
		-v | --version)
			shift
			showversion=true
			;;
		-h | --help)
			shift
			showhelp=true
			;;
		*)
			shift
			paramck=`echo "$pname" | grep '^-'` # Keys don't begin with '-'
			if [ "$paramck" != "" ]; then
				errstr="Unknown option '$pname'."
			else
				if [ "$param" = "" ]; then
					param=`echo "$pname" | tolower`
				else
					errstr="Unknown additional parameter: '$pname'."
				fi
			fi
	esac
done

# Display help or error message
DisplayHelp

# Do we have sudo in PATH?
sudo=`filecheck -x sudo`

if [ "$sudo" = "" ]; then
	exitcode=2
else
	if [ "$OCI_CLI_CLOUD_SHELL" = "True" ]; then
		exitcode=3
	else
		# We do not need 'sudo' if we are root and just test sudo if we do not already test it
		if [ "$USER" != "root" ]; then
			# Returns 0 if user can do sudo without entering as password - otherwise 1
			result=`$sudo -n true >/dev/null 2>&1`
			exitcode=$?
			
			if [ $exitcode -gt 0 ]; then
				printf "\n"
				echo "Enter password for user '$USER' (needed by 'sudo')."
				echo "If password is not set yet for this user, press 'control-c' and"
				echo "set password with command 'passwd' and start this script again."
				if [ "$cloud" = "ORACLE-OPC" -a "$OS" = "SunOS" ]; then
					echo "With Solaris you will have to set password for 'opc' and 'root'."
					echo "Default password for Solaris and root is 'solaris_opc'."
				fi
				
				# Check if the current user can do 'sudo'
				$sudo touch $scratchfile

				# Was 'sudo' successful?
				if [ -f "$scratchfile" ]; then
					# Delete the scratchfile - otherwise we can't write to it because it was created by root
					$sudo rm -f $scratchfile
					exitcode=0
				fi
			fi
		fi
	fi
fi

exit $exitcode