#!/bin/sh
set +x

if [ $# -ne 2 ]; then
  echo "Usage: `basename $0` USER true/false"
  exit 1
fi

USER=$1
PASSWD=$2 # whether we have passwd on or off

if [ "$PASSWD" = "true" ]; then
	PASSWD_REV="false"
else
	PASSWD_REV="true"
fi

# Ask for password on suspend/resume if user wants password for normal login
sudo -u "$USER" gconftool-2 -t bool -s /apps/gnome-screensaver/lock_enabled "$PASSWD"

if [ -f /etc/gdm/gdm-cdd.conf ]; then
	GDMCONF=/etc/gdm/gdm-cdd.conf
else
	GDMCONF=/etc/gdm/gdm.conf-custom
fi

if [ -f "$GDMCONF" ]; then
	# Configure GDM autologin
	
	# We do some goofiness here to support the key already being set or not in
	# gdm.conf-custom.  So we modify the sed line as appropriate
	AUTO_LOGIN_ENABLE="^AutomaticLoginEnable=.*\$"
	if grep "$AUTO_LOGIN_ENABLE" "$GDMCONF"; then
	  AUTO_LOGIN_ENABLE="$AUTO_LOGIN_ENABLE/"
	else
	  AUTO_LOGIN_ENABLE="\[daemon\]/[daemon]\n"
	fi
	
	AUTO_LOGIN="^AutomaticLogin=.*\$"
	if grep "$AUTO_LOGIN" "$GDMCONF"; then
	  AUTO_LOGIN="$AUTO_LOGIN/"
	else
	  AUTO_LOGIN="\[daemon\]/[daemon]\n"
	fi
	
	TIMED_LOGIN_ENABLE="^TimedLoginEnable=.*\$"
	if grep "$TIMED_LOGIN_ENABLE" "$GDMCONF"; then
	  TIMED_LOGIN_ENABLE="$TIMED_LOGIN_ENABLE/"
	else
	  TIMED_LOGIN_ENABLE="\[daemon\]/[daemon]\n"
	fi
	
	TIMED_LOGIN="^TimedLogin=.*\$"
	if grep "$TIMED_LOGIN" "$GDMCONF"; then
	  TIMED_LOGIN="$TIMED_LOGIN/"
	else
	  TIMED_LOGIN="\[daemon\]/[daemon]\n"
	fi
	
	TIMED_LOGIN_DELAY="^TimedLoginDelay=.*\$"
	if grep "$TIMED_LOGIN_DELAY" "$GDMCONF"; then
	  TIMED_LOGIN_DELAY="$TIMED_LOGIN_DELAY/"
	else
	  TIMED_LOGIN_DELAY="\[daemon\]/[daemon]\n"
	fi
	
	sed -i \
		-e "s/${AUTO_LOGIN_ENABLE}AutomaticLoginEnable=$PASSWD_REV/" \
		-e "s/${AUTO_LOGIN}AutomaticLogin=$USER/" \
		-e "s/${TIMED_LOGIN_ENABLE}TimedLoginEnable=$PASSWD_REV/" \
		-e "s/${TIMED_LOGIN}TimedLogin=$USER/" \
		-e "s/${TIMED_LOGIN_DELAY}TimedLoginDelay=10/" \
		"$GDMCONF"
fi

if [ -f /etc/kde3/kdm/kdmrc ]; then
	# Configure KDM autologin
	sed -i -r \
		-e "s/^#?AutoLoginEnable=.*\$/AutoLoginEnable=$PASSWD_REV/" \
		-e "s/^#?AutoLoginUser=.*\$/AutoLoginUser=$USER/" \
		-e "s/^#?AutoReLogin=.*\$/AutoReLogin=$PASSWD_REV/" \
		/etc/kde3/kdm/kdmrc
fi

# Now turn on/off policykit
KIT_HEAD='<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->

<!DOCTYPE pkconfig PUBLIC "-//freedesktop//DTD PolicyKit Configuration 1.0//EN"
"http://hal.freedesktop.org/releases/PolicyKit/1.0/config.dtd">

<!-- See the manual page PolicyKit.conf(5) for file format -->

<config version="0.1">
    <match user="root">
        <return result="yes"/>
    </match>'
if [ "$PASSWD" = "true" ]; then
  KIT_MID=""
else
  KIT_MID="<match user=\"$USER\"><return result=\"yes\"/></match>"
fi
KIT_TAIL='<define_admin_auth group="admin"/>
</config>'
KIT_CONF="$KIT_HEAD $KIT_MID $KIT_TAIL"
echo $KIT_CONF > /etc/PolicyKit/PolicyKit.conf

# Now turn on/off sudo
if [ "$PASSWD" = "true" ]; then
  sed -i \
		-e "s/^%admin .*\$/%admin ALL=(ALL) ALL/" \
		/etc/sudoers
else
  sed -i \
		-e "s/^%admin .*\$/%admin ALL=NOPASSWD: ALL/" \
		/etc/sudoers
fi

