#!/usr/bin/bash
#
# Author: Dmitry Razumov <asmeron@ublinux.com>
# Copyright (c) 2021-2025 UBLinux <support@ublinux.com>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
#

ENABLED=yes
[[ ${ENABLED} == yes ]] || exit 0
DEBUGMODE=no

PATH="/usr/lib/ublinux/scripts:/usr/bin:/bin:/sbin:/usr/local/bin:/usr/local/sbin"

ALLOWED_SUDO="ldconfig,ubupdate,ntpdate"

SOURCE=/usr/lib/ublinux/functions; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null  || exit 0
SOURCE=/usr/lib/ublinux/default; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null  || exit 0
debug_mode "$0" "$@"

SOURCE=${SYSCONF}/config; [[ -f ${SOURCE} ]] && . ${SOURCE} 2>/dev/null

    FILE_UBWHEEL="/etc/sudoers.d/ubwheel"
    [[ -w ${FILE_UBWHEEL} ]] && chmod 440 ${FILE_UBWHEEL} || install -Dm0440 -o root -g root /dev/null ${FILE_UBWHEEL}
    [[ $(< ${FILE_UBWHEEL}) =~ (^|$'\n')"%wheel ALL=(ALL) ALL"($'\n'|$) ]] || echo "%wheel ALL=(ALL) ALL" >> ${FILE_UBWHEEL}

    FILE_UBNOPASSWD="/etc/sudoers.d/ubnopasswd"
    [[ -w ${FILE_UBNOPASSWD} ]] && chmod 440 ${FILE_UBNOPASSWD} || install -Dm0440 -o root -g root /dev/null ${FILE_UBNOPASSWD}
    [[ -w ${FILE_UBNOPASSWD} ]] && DATA_UBNOPASSWD=$(< ${FILE_UBNOPASSWD})
    [[ -n ${ALLOWED_SUDO} && -w ${FILE_UBNOPASSWD} ]] && while IFS= read -ru3 SELECT_APP; do
	SELECT_APP=$(which ${SELECT_APP} 2>/dev/null)
	[[ -n ${SELECT_APP} ]] || continue
	[[ ${DATA_UBNOPASSWD} =~ (^|$'\n')"%users ALL=NOPASSWD: ${SELECT_APP}"($'\n'|$) ]] || echo "%users ALL=NOPASSWD: ${SELECT_APP}" >> ${FILE_UBNOPASSWD}
    done 3< <(tr ',;' '\n' <<< ${ALLOWED_SUDO})