#! /bin/sh
# postinst for sash
#
# rewritten to use new "sashconfig"

. /usr/share/debconf/confmodule

# Lifted code from passwd.config:
# Set a password, via chpasswd.
# Use perl rather than echo, to avoid the password
# showing in the process table. (However, this is normally
# only called when first booting the system, when root has no
# password at all, so that should be an unnecessary precaution).
#
# Pass in two arguments: the user and the password.
setpassword () {
        SETPASSWD_PW="$2"
        export SETPASSWD_PW

        # This is very annoying. chpasswd cannot handle generating md5
        # passwords as it is not PAM-aware. Thus, I have to work around
        # that by crypting the password myself if md5 is used.
        db_get passwd/md5 || true
        if [ "$RET" = true ]; then
                USE_MD5=1
        else
                USE_MD5=''
        fi
        export USE_MD5
        perl -e '
                sub CreateCryptSalt {
                        my $md5 = shift;

                        my @valid = split(//, "./0123456789abcdefghijklmnopqrstu
vwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ");
                        my ($in, $out);

                        my $cryptsaltlen = ($md5 ? 8 : 2);

                        open (F, "</dev/urandom") || die "No /dev/urandom found!
";
                        foreach (1..$cryptsaltlen) {
                                read(F, $in, 1);
                                $out .= $valid[ord($in) % ($#valid + 1)];
                        }
                        close F;
                        return ($md5 ? "\$1\$$out\$" : $out);
                }
        
                open(P,"| chpasswd -e");
                print P shift().":".
                        crypt($ENV{SETPASSWD_PW}, CreateCryptSalt($ENV{USE_MD5})
).
                        "\n";
                close P;
        ' "$1"
        SETPASSWD_PW=''
        USE_MD5=''
}

# end of lifted code

clone_root_as_sashroot(){
	if (
		# /etc/shadow might not exist
		if [ -e $1 ]; then
			lockfile-create $1
			if grep -q ^sashroot: $1; then
				: sashroot already exists in $1
			else
				echo cloning root account entry to create sashroot account in $1
				umask 077
				perl -pe '
					if (/^root:/ && !$found_root) {
						$found_root++;
						print;
						s/^/sash/;
					}
					END{
						die "no root account entry\n"
							unless $found_root;
					}
				' $1 >$1-sashroot.tmp
				chown --reference=$1 $1-sashroot.tmp
				chmod --reference=$1 $1-sashroot.tmp
				mv $1-sashroot.tmp $1
			fi
			lockfile-remove $1
		fi
	) ; then
		echo Cloned sashroot from root in $1
	else 
		# we died, attempt to clean up
		lockfile-remove $1
		exit 1
	fi
}

set -e
PATH=$PATH:/usr/sbin

if [ -f /etc/shadow ]; then
	chown root:shadow /etc/shadow
	chmod 640 /etc/shadow
fi

if [ "$(getent passwd | grep ^sashroot:)" = "" ]; then
    db_get sash/create_sashroot || true
    if [ "$RET" = "true" ]; then
        db_get sash/clone_root_passwd || true
        if [ "$RET" = "true" ]; then
            # ok, just make a copy of the root user
            clone_root_as_sashroot /etc/passwd
            clone_root_as_sashroot /etc/shadow
        else 
            # Create user and set password, using lifted code from
            # passwd.config
            useradd -c 'emergency root shell' -d /root -g root \
                -s /bin/sash -u 0 -o sashroot
            db_get sash/sashroot_passwd || true
            PWD="$RET"
            setpassword sashroot "$PWD"
            # Clear the password
            db_set sash/sashroot_passwd ""
        fi
        chsh -s /bin/sash sashroot
    else
        db_get sash/change_root_shell || true
        if [ "$RET" = "true" ]; then
            chsh -s /bin/sash root
        fi
    fi
fi

if [ "$1" = "configure" -a "$2" = "" ]; then
    # initial install
    /usr/sbin/add-shell /bin/sash
fi

# Make sure we get rid of any stuff in /usr/doc
if [ -L "/usr/doc/sash" ]; then
    rm -f "/usr/doc/sash"
fi


#DEBHELPER#
