#!/bin/bash
#
# Script checking the right permissions for software installations:
# Ordinary files must at least have permissions 664 and directories 755.
#
# Copyright (c) 2010-2019 Christoph Niethammer <niethammer@hlrs.de>
#
#
# TODO: Check replacing most of the logick by 
#          chmod -R g=u,o=g-w -v *
#       Figure out how to do
#       * a dry run
#       * give statistics at the end
#

declare -r APP_NAME="${0##*/}"
declare -r  VERSION="0.8"
declare SEARCH_DIRS=
declare     VERBOSE=0
declare PRINT_FILES=0
declare  PRINT_DIRS=0
declare  FIX_PERMISSIONS=0
declare -i NUM_FIEX_DIR_PERMISSIONS=0
declare -i NUM_FIEX_FILE_PERMISSIONS=0
declare -r FILE_PERMS=664
declare -r  DIR_PERMS=775


function print_usage {

binary=`basename $0`
cat <<EOF
${APP_NAME}: (${VERSION})

Copyright (C) 2010-2011 Christoph Niethammer <niethammer@hlrs.de>

Usage: $APP_NAME DIR

  -h, --help       Print this usage
  -v, --verbose    Be more verbose (print list of found directories and files)
  --fixit          Fix permissions if possible (only working in verbose mode)

Checks permissions in the given directories. Permissions for files must be
at least set to 664 and for directories must be exactly 775.

EOF
}

function die {
	echo $1
	exit 1
}

function file_add_perm() {
	local perm=$1
	shift
	local filename="$@"
	local oldperm=$(stat -c '%a' "${filename[@]}")
	local newperm="$(( ${oldperm:0:1} | ${perm:0:1} ))$(( ${oldperm:1:1} | ${perm:1:1} ))$(( ${oldperm:2:1} | ${perm:2:1} ))"
	chmod $newperm "${filename[@]}"
}

if [ $# -lt 1 ]; then
	print_usage
    exit 0
fi

for arg in $@; do
	case $arg in
	    --fixit)
			FIX_PERMISSIONS=1
			;;
        --help|-h)
            print_usage
            exit 0
            ;;
	    --verbose|-v)
            VERBOSE=1
		    PRINT_FILES=1
		    PRINT_DIRS=1
            ;;
		--no-print-files)
			PRINT_FILES=0
			;;
		--no-print-dirs)
			PRINT_DIRS=0
			;;
        *)
	        if [[ ! -d $arg ]]; then
		        echo "# Skipped	$arg"
		    continue
	        fi
	        SEARCH_DIRS+="${IFS}${arg}"
	        #echo "# Added	$arg"
            ;;
    esac
done

declare -a WRONG_DIRS
declare -a WRONG_FILES
echo "# Searching for directories which do not match '$DIR_PERMS' ..."
while IFS= read -r -d '' n; do
        WRONG_DIRS+=( $n )
done < <(find $SEARCH_DIRS -type d ! -perm $DIR_PERMS -print0)

echo "# Searching for files which do not match at least '$FILE_PERMS' ..."
while IFS= read -r -d '' n; do
        WRONG_FILES+=( "$n" )
done < <(find $SEARCH_DIRS -type f ! -perm -$FILE_PERMS -print0)
for (( i=1; i <= ${#WRONG_FILES[@]}; i++ ))
do
    echo ${WRONG_FILES[$i]}
done

if [[ $PRINT_DIRS -eq 1 ]]; then
echo "# ** directories with wrong permissions:"
for dir in "${WRONG_DIRS[@]}"; do
	if [[ $FIX_PERMISSIONS -eq 1 ]]; then
		echo -en "$dir\t\t"$(stat -c '%a' "$dir")
		if chmod $DIR_PERMS "$dir" ; then
			NUM_FIXED_DIR_PERMISSIONS=$(($NUM_DIRD_FILE_PERMISSIONS + 1))
			echo " ... (fixed)"
		else
			echo " ... (not fixed)"
		fi
	else
		echo -e "$dir\t\t$(stat -c '%a' \"$dir\")"
	fi
done
fi

if [[ $PRINT_FILES -eq 1 ]]; then
echo "# ** files with wrong permissions:"
for file in "${WRONG_FILES[@]}"; do
	if [[ $FIX_PERMISSIONS -eq 1 ]]; then
		echo -en "$file\t\t"$(stat -c '%a' "$file")
		if file_add_perm $FILE_PERMS "$file" ; then
			NUM_FIXED_FILE_PERMISSIONS=$(($NUM_FIXED_FILE_PERMISSIONS + 1))
			echo " ... (fixed)"
		else
			echo " ... (not fixed)"
		fi
	else
		echo -e "$file\t\t$(stat -c '%a' \"$file\")"
	fi
done
fi

echo "#"
echo "# ------------------------------"
echo "# Summary:"
echo "#   directories with wrong permissions:  ${#WRONG_DIRS[@]}${NUM_FIXED_DIR_PERMISSIONS:+ (fixed $NUM_FIXED_DIR_PERMISSIONS)}"
echo "#   files with wrong permissions:        ${#WRONG_FILES[@]}${NUM_FIXED_FILE_PERMISSIONS:+ (fixed $NUM_FIXED_FILE_PERMISSIONS)}"
echo "# ------------------------------"
echo "#"

# clean up temporary files
#rm $WRONG_DIR_FILE
#rm $WRONG_FILES_FILE