#!/bin/sh

user=$SUDO_USER
pass=$1

if [ "$user" == "" ]; then
    echo -e "\033[1;31m$0: Invlalid invocation\033[0m"
    exit 1
fi

# Rebuild our sudoers config file
if [ "$pass" == "" ]; then
    echo "$user ALL=(ALL) NOPASSWD: ALL" >/etc/sudoers.d/everybody.sudoers
    # Restore user password to firmware state - no password, locked
    passwd -dl "$user"
    echo -e "\033[0;35mNow '$user' needs no password for sudo\033[0m"
    echo -e "\033[0;33mIf you need to log in via SSH as user,\033[0m"
    echo -e "\033[0;33myou will have to set user password again\033[0m"
    echo -e "\033[0;33mby running 'passwd user' as root\033[0m"
else
    shells=
    for x in `grep -v "^#" /etc/shells | sort | uniq`; do
        [ ! -x "$x" ] && continue
        [ -n "$shells" ] && shells="$shells, "
        shells="$shells$x"
    done
    echo "$user ALL=NOPASSWD: /usr/bin/sudser-worker" >/etc/sudoers.d/everybody.sudoers
    echo "$user ALL=(ALL) PASSWD: $shells" >>/etc/sudoers.d/everybody.sudoers
    passwd -u "$user"
    echo "$user:$pass" | chpasswd
fi

/usr/sbin/update-sudoers
