#!/bin/bash

## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

## Not actually used. But useful as a test.
# shellcheck source=../libexec/helper-scripts/use_leaprun.sh
source /usr/libexec/helper-scripts/use_leaprun.sh

# shellcheck source=../libexec/helper-scripts/use_sudo.sh
source /usr/libexec/helper-scripts/use_sudo.sh

# shellcheck source=../libexec/helper-scripts/use_pkexec.sh
source /usr/libexec/helper-scripts/use_pkexec.sh

check_privilege_escalation_tools() {
   ## leaprun is mandatory for systemcheck.
   ## systemcheck has been fully ported to systemcheck.
   ## privleap is a dependency of systemcheck.
   ## Therefore test leaprun in any case.
   check_privilege_escalation_tool_do privleapd --check-config
   check_privilege_escalation_tool_do leaprun check-privleap
   check_privilege_escalation_tool_do leaprun check-privleap-environment-variables
   check_privilege_escalation_tool_do leaprun check-sudo

   if [ "$use_sudo" = "yes" ]; then
      check_privilege_escalation_tool_do sudo --non-interactive -- /usr/bin/test -x /usr/bin/test
   fi

   if [ "$use_pkexec" = "yes" ]; then
      ## sudo systemctl restart polkit.service
      ## /usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1
      check_privilege_escalation_tool_do pkexec /usr/libexec/systemcheck/pkexec-test
   fi
}

check_privilege_escalation_tool_do() {
   local privilege_escalation_tool_first_argument privilege_escalation_tool_command exit_code privilege_escalation_tool_output

   privilege_escalation_tool_first_argument="$1"
   if [ ! "$privilege_escalation_tool_first_argument" = "sudo" ]; then
      privilege_escalation_tool_first_argument="$1 $2"
   fi
   privilege_escalation_tool_command="$@"

   exit_code=0
   privilege_escalation_tool_output="$($privilege_escalation_tool_command 2>&1)" || { exit_code="$?" ; true; };

   if [ "$exit_code" = "0" ] ; then
      privilege_escalation_tool_ok=true
   else
      privilege_escalation_tool_ok=false
   fi

   if [ ! "$privilege_escalation_tool_output" = "" ]; then
      privilege_escalation_tool_ok=false
   fi

   if [ "$privilege_escalation_tool_ok" = "true" ]; then
      local MSG="<p>Check '<code>$privilege_escalation_tool_first_argument</code>' Result: OK</p>"
      if [ "$verbose" -ge "1" ]; then
         $output_x ${output_opts[@]} --messagex --typex "info" --message "$MSG"
         $output_cli ${output_opts[@]} --messagecli --typecli "info" --message "$MSG"
      fi
      return 0
   fi

   local MSG="<p>Check '<code>$privilege_escalation_tool_first_argument</code>' result: System misconfiguration detected. No need to panic. This is not a severe issue. However, other tests may be affected due to this.
<br><br>
The following command:
<blockquote>$privilege_escalation_tool_command ; echo \$?</blockquote>
was expected to produce no output with an exit code of zero. The opposite of that happened, indicating an unexpected result.
<br><br>
exit_code: <code>$exit_code</code>
<br><br>
<code>privilege_escalation_tool_output</code>:
<blockquote><code>$privilege_escalation_tool_output</code></blockquote>
</p>"

   $output_x ${output_opts[@]} --messagex --typex "error" --message "$MSG"
   $output_cli ${output_opts[@]} --messagecli --typecli "error" --message "$MSG"
   EXIT_CODE="1"

   ## sudo hostname wrong-hostname
   ## sudo test
   ## sudo: unable to resolve host wrong-hostname: Temporary failure in name resolution
}