#!/bin/bash
# Copyright Atomicorp, 2015
# License: Commercial. Unauthorized redistribution prohibited.
# Basic install key routine

VERSION="1.0-S"

export LANG=C

echo 
echo "Atomicorp Enterprise Key installer: v$VERSION"
echo 

ROOT_UID="0"

#Check if run as root
if [ "$UID" -ne "$ROOT_UID" ] ; then
        echo "You must be root to run this program. Do not run this progam via sudo."
        exit 1
fi


# Prereq
if /usr/bin/lsattr /etc/sudoers | grep -q "\-i"; then
	echo 
	echo "Error: /etc/sudoers is immutable. Installer cannot continue."
	echo
	exit 1
	
fi

# Do a root login check, if it works we'll add this to root
# If not, we create the atomic account, and use that

echo -n "Checking for login type: "

if  ! grep -q "^PermitRootLogin no" /etc/ssh/sshd_config ; then
	# root allowed
	USER=root
else 
	USER=atomic
fi

if egrep -q "^(DenyUsers|DenyGroups).*root" /etc/ssh/sshd_config ; then
	USER=atomic
fi

if egrep -q "^AllowUsers" /etc/ssh/sshd_config ; then
	USER=atomic
	echo "AllowUsers atomic@70.184.242.83 atomic@71.166.159.247" >> /etc/ssh/sshd_config
	service sshd reload > /dev/null 2>&1
fi

if  [ "$USER" == "root" ]; then
  echo "root allowed"
  HOME=/root
else
  echo "root denied"
  echo -n "Checking atomic user: "
  HOME=/home/atomic

  # check for user, add if it doesnt exist
  if  ! egrep -q ^atomic: /etc/passwd ; then
    	echo "not found, creating"
	if grep atomic /etc/group; then
    		/usr/sbin/useradd -c "Atomicorp Support" atomic -g atomic >/dev/null 2>&1
	else
    		/usr/sbin/useradd -c "Atomicorp Support" atomic >/dev/null 2>&1
	fi
	/usr/bin/passwd -uf atomic
  else
    echo "found"
  fi

  # check for group, add it if it doesnt exist
  if ! egrep -q ^atomic: /etc/group ; then
    echo "atomic group not found, creating"
    /usr/sbin/groupadd atomic > /dev/null 2>&1
  else
    echo "atomic group found"
  fi

  if  grep -q ^AllowUsers /etc/ssh/sshd_config  ; then
    echo "AllowUsers configuration detected."
    echo "AllowUsers atomic ">> /etc/ssh/sshd_config
    /etc/init.d/sshd restart
  fi
  
  

  # check to see if user is in wheel group
  echo -n "Checking for atomic in wheel group: "
  if ! grep -q ^wheel.*atomic /etc/group ; then
    echo "not found, adding"
    /usr/sbin/usermod -G wheel`groups atomic | awk -F: '{print $2}' |sed 's/ /,/g'` atomic  >/dev/null 2>&1
  else
    echo "found"
  fi
  
  # update sudo to allow nopasswd for wheel group users
  rpm --quiet -q sudo  || yum -y install sudo
  rpm --quiet -q vim-enhanced || yum -y install vim-enhanced
  echo -n "Checking sudo configuration: "
  if ! grep -q ^%wheel.*NOPASSWD.*ALL /etc/sudoers ; then
    echo "wheel not allowed, adding"
    echo "%wheel        ALL=(ALL)       NOPASSWD: ALL" >> /etc/sudoers

	if [ $? -ne 0 ]; then
		echo
		echo "Error: Wheel group could not be added to /etc/sudoers"
		echo "   You will need to resolve this and run the key installer again"
		echo
	
		exit 1
	fi
  else
    echo "wheel found"
  fi
fi


# rough check here, ran into a system with bad perms
echo -n "Verifying permissions on $HOME: "
chown $USER.$USER $HOME
echo "done"

# cd to home
cd $HOME

# check for .ssh dir
echo -n "Checking for $HOME/.ssh dir: "
if [ ! -d .ssh ]; then
  echo "not found, creating"
  mkdir -p .ssh
else
  echo "found"
fi

cd .ssh

echo -n "Downloading https://www.atomicorp.com/authorized_key: "
wget -q -O - https://www.atomicorp.com/authorized_keys >> authorized_keys
cat authorized_keys >> authorized_keys2

cd ..

chmod -R 700 .ssh
chown -R $USER.$USER $HOME/.ssh
setenforce 0



echo
echo "And finally, please send your systems IP address, and SSH port to the"
echo "Atomicorp support team.  We will need that information to log in."
echo