#!/bin/sh -e

##########################################################################
#   Script description:
#       Manage users
#
#   History:
#   Date        Name        Modification
#   2019-06-04  J Bacon     Begin
##########################################################################

usage()
{
    printf "Usage: $0\n"
    exit 1
}


##########################################################################
#   Function description:
#       Pause until user presses return
##########################################################################

pause()
{
    local junk
    
    printf "Press return to continue..."
    read junk
}


##########################################################################
#   Function description:
#       Warn user about UID/GID changes
#       
#   History:
#   Date        Name        Modification
#   2021-01-26  J Bacon     Begin
##########################################################################

uid_warning()
{
	cat << EOM

Note: Changing a UID or primary GID requires changing ownership on every
file owned by the old UID or GID.  This can only be accomplished by
searching the entire directory tree starting at /, which could take a very
long time on systems with many files.

The user must not be logged in at any time during this process.

The system must not be shut down or rebooted during this process.

Are you sure you want to proceed with this now?

EOM
    printf "Proceed? y/[n] "
    read proceed
}


##########################################################################
#   Main
##########################################################################

if [ $# != 0 ]; then
    usage
fi

while true
do
    clear
    auto-admin-banner
    cat << EOM
    
1.. Add user
2.. Add user to another group
3.. Remove user from group
4.. Change user's primary UID
5.. Change user's primary group
6.. Change group's GID
7.. Lock user account
8.. Unlock user account
Q.. Quit

EOM

    printf "Selection? "
    read resp
    case $resp in
    1)
	auto-adduser
	;;
    
    2)
	printf "Username? "
	read username
	if [ ! -z $username ]; then
	    printf "Current group membership for $username:\n"
	    if groups $username; then
		printf "Supplementary group to add? "
		read groupname
		if [ ! -z $groupname ]; then
		    if auto-add-to-group $username $groupname; then
			printf "Changes will take effect in the next login session.\n"
		    fi
		fi
	    fi
	fi
	;;
    
    3)
	printf "Username? "
	read username
	if [ ! -z $username ]; then
	    printf "Current group membership for $username:\n"
	    if groups $username; then
		printf "Supplementary group to add? "
		read groupname
		if [ ! -z $groupname ]; then
		    if auto-remove-from-group $username $groupname; then
			printf "Changes will take effect in the next login session.\n"
		    fi
		fi
	    fi
	fi
	;;
    
    4)
	uid_warning
	if [ 0$proceed = 0y ]; then
	    printf "Username? "
	    read username
	    if [ ! -z $username ]; then
		printf "New UID? "
		read new_uid
		if [ ! -z $new_uid ]; then
		    auto-change-uid $username $new_uid / || true
		fi
	    fi
	fi
	;;

    5)
	uid_warning
	if [ 0$proceed = 0y ]; then
	    printf "Username? "
	    read username
	    if [ ! -z $username ]; then
		printf "New GID or group name? "
		read new_gid
		if [ ! -z $new_gid ]; then
		    auto-change-primary-group $username $new_gid / || true
		fi
	    fi
	fi
	;;
    
    6)
	uid_warning
	if [ 0$proceed = 0y ]; then
	    printf "Group name? "
	    read groupname
	    if [ ! -z $groupname ]; then
		printf "New GID? "
		read new_gid
		if [ ! -z $new_gid ]; then
		    auto-change-group-gid $groupname $new_gid / || true
		fi
	    fi
	fi
	;;
    
    7)
	users=$(awk -F : '$0 !~ "^#" { print $1 }' /etc/passwd | tr '\n' ' ')
	printf "Current users:\n\n$users\n\n"
	printf "Username? "
	read user_name
	if [ 0"$user_name" != 0 ]; then
	    auto-lock-user $user_name
	fi
	;;
    
    8)
	users=$(awk -F : '$0 !~ "^#" { print $1 }' /etc/passwd | tr '\n' ' ')
	printf "Current users:\n\n$users\n\n"
	printf "Username? "
	read user_name
	if [ 0"$user_name" != 0 ]; then
	    auto-unlock-user $user_name
	fi
	;;
    
    Q|q)
	exit 0
	;;
    *)
	printf "Invalid option: $resp.\n"
    esac
    pause
done
