#!/usr/bin/bash
#
# sudo2uls
#
# sudo2uls erfragt Veranlassung, wenn noch nicht angegeben
# und wechsel per sudo zum neuen User. Ab dann werden all
# Bildschirmausgaben aufgezeichnet und an ULS versendet.
#####################################################################
#
if [[ ${PATH#*/usr/local/bin} = $PATH ]]; then
  export PATH=$PATH:/usr/local/bin
fi
#
if [[ -f /etc/uls/uls.conf ]]; then
  . /etc/uls/uls.conf
fi
if [[ -z "$ULSHOSTNAME" ]]; then
  ULSHOSTNAME=`hostname`
fi
#
unset CF CMD ORIGUSER XAUTHORITY WORKLOG WLDEF
#
while getopts d:x:v:c:o:wW:? op; do
  case "$op" in
    d) DISPLAY="$OPTARG"
       export DISPLAY;;
    v) SUDO2ULS_CAUSE="$OPTARG";;
    o) ORIGUSER="$OPTARG";;
    c) CF='-c'
       CMD="$OPTARG";;
    x) XAUTHDIPLAYNAME="`echo $OPTARG | cut -d ' ' -f 1`"
       xauth add $OPTARG;;
    w) WORKLOG=1;;
    W) WLDEF="$OPTARG"
       WORKLOG=1;;
    *) echo "usage: `basename $0` [-o <OrigUser>] [-v <Veranlassung>] [-d <display>] [-c <cmd>] [-w |-W <worklog>] [-x <xauthdisplay>]"
       exit 0;;
  esac
done
shift $(( $OPTIND - 1))
#
if ! tty -s && [[ -z "$SUDO2ULS_CAUSE" || -z "$CMD" ]]; then
  echo "No Terminal connected!"
  exit 1
fi
#
ret=0
stoptouls()
{
  DE="`date '+%Y-%m-%d %H:%M:%S%:z'`"
  #
  send_test_value -S -s adm Security Dialog Start-Stop $ULSDT "Stop $DE" '{T}'
  #
  if [[ -n "$XAUTHDIPLAYNAME" ]]; then
    echo xauth remove $XAUTHDIPLAYNAME
    xauth remove $XAUTHDIPLAYNAME
  fi
  #
  if [[ -n "$WORKLOG" ]]; then
    WLTMP=/tmp/ulsworklog.$$.txt
    if [[ -n "$WLDEF" ]]; then
      echo "$WLDEF" >$WLTMP
    else
      >$WLTMP
    fi
    if ${EDITOR:-vi} $WLTMP; then
      [[ -s $WLTMP ]] && send_test_value -S -s adm Security Dialog Worklog $ULSDT "$(<$WLTMP)" '_'
    fi
    rm $WLTMP
  fi
  exit $ret
}
#
if [[ -z "$SUDO_USER" ]]; then
  SUDO_USER=$USER
fi
typeset -r SUDO_USER
typeset -r SUDO_TO_USER=$USER
#
RE='^[[:blank:]]*$'
while [[ "`echo $SUDO2ULS_CAUSE`" =~ $RE ]]; do
  echo -n "Veranlassung: "
  read SUDO2ULS_CAUSE
done
#
if [[ $LANG == *8 || $LC_CTYPE == *8 ]]; then
  if LANG=de_DE LC_CTYPE=de_DE grep -q '[]' <<<"$SUDO2ULS_CAUSE"; then
    SUDO2ULS_CAUSE="$(iconv -f iso8859-1 -t utf-8 <<<"$SUDO2ULS_CAUSE")"
  fi
else
  if LANG=de_DE.UTF-8 LC_CTYPE=de_DE.UTF-8 grep -q '[äöüÄÖÜß]' <<<"$SUDO2ULS_CAUSE"; then
    SUDO2ULS_CAUSE="$(iconv -f utf-8 -t iso8859-15 <<<"$SUDO2ULS_CAUSE")"
  fi
fi 2>/dev/null
#
trap 'stoptouls' 1 2 3 6 9 14 15
#
typeset -r SUDO2ULS_CAUSE
export SUDO2ULS_CAUSE
#
typeset -r ULSDT="`date '+%Y-%m-%d %H:%M:%S%:z'`"
#
send_test_value -S -s adm Security Dialog Start-Stop $ULSDT "Start $ULSDT" '{T}'
if [[ -n "$ORIGUSER" ]]; then
  send_test_value -S -s adm Security Dialog "OrigUser" $ULSDT "$ORIGUSER" " "
fi
send_test_line -S -s adm Security Dialog $ULSDT "User:$SUDO_USER: " "To:$SUDO_TO_USER: "
send_test_value -S -s adm Security Dialog "Veranlassung" $ULSDT "$SUDO2ULS_CAUSE" " "
if egrep -q 'UTT[ -]*I?D? *[0-9][0-9]* ' <<<"$SUDO2ULS_CAUSE"; then
  UTTID=`echo "$SUDO2ULS_CAUSE" | sed -n 's/.*UTT[ -]*I*D* *\([0-9]*\).*/\1/p'`
  if [[ -n "$UTTID" ]]; then
    send_test_value -s adm Security Dialog 'uttid' $ULSDT "$UTTID" '[UTTID]'
  fi
fi
#
cd
if [[ -z "$CMD" ]]; then
  SH=`/usr/bin/getent passwd | /usr/bin/awk -F ':' '$1 == "'$SUDO_TO_USER'"{print $7}'`
  if "$SH" </dev/null; then
    export SSH_TTY=`tty`
    CMD="$SH -l"
  fi
else
  send_test_value -S -s adm Security Dialog "CMD" $ULSDT "$CMD" " "
fi
#
script2uls $CF "$SUDO_USER" "$ULSHOSTNAME" Security Dialog Dialog "$ULSDT" "$CMD"
ret=$?
#
stoptouls
