#!/bin/bash
#
# sec_users_uid_zero
#   Health check program for the Linux Health Checker
#
# Copyright IBM Corp. 2012
#
# Author(s): Rajesh K Pirati <rapirati@in.ibm.com>
#
# All rights reserved. This program and the accompanying materials
# are made available under the terms of the Eclipse Public License v1.0
# which accompanies this distribution, and is available at
# http://www.eclipse.org/legal/epl-v10.html
#
# Contributors: See file CONTRIBUTORS which is part of this package
#
# Global variables
#

# Exception IDs
LNXHC_EXCEPTION_NON_ROOT_UID0="non_root_uid0"

# Non-zero if health check program should output debugging information
DEBUG="$LNXHC_DEBUG"

# Health check ID
CHECK_ID="$LNXHC_CHECK_ID"

# Health check installation directory
CHECK_DIR="$LNXHC_CHECK_DIR"

# Path to the file used to report exceptions
EX_FILE="$LNXHC_EXCEPTION"

# Value of parameter 'trusted_superusers'
PARAM_AUTHORIZED_USERS="$LNXHC_PARAM_trusted_superusers"

# Path to the file containing data for sysinfo item 'passwd'
SYSINFO_PASSWD="$LNXHC_SYSINFO_passwd"


#
# Functions
#

#
# lnxhc_setup - validate input from framework
#
function lnxhc_setup()
{
	if [ -z "$DEBUG" -o -z "$CHECK_ID" -o -z "$CHECK_DIR" -o \
	     -z "$EX_FILE" ] ; then
		echo "sec_users_uid_zero: This program cannot be called directly." >&2
		echo "Please use the 'lnxhc run' function to call this " \
		     "program." >&2
		exit 1
	fi
}

#
# lnxhc_exception - report exception
# @ex_id: ID of the exception to report
#
function lnxhc_exception()
{
	local EX_ID="$1"

	echo "$EX_ID" >> "$EX_FILE" || exit 1
}

#
# lnxhc_exception_var - report value of an exception template variable
# @var_id: ID of the exception template variable
# @value: value of the exception template variable
#
function lnxhc_exception_var()
{
	local VAR_ID="$1"
	local VALUE="$2"

	echo "$VAR_ID=\"$VALUE\"" >> "$EX_FILE" || exit 1
}


#
# Code entry
#

# Validate input from framework
lnxhc_setup


var=0
# Parsing the user provided parameters
input_parameters=($LNXHC_PARAM_trusted_superusers)

# Finding the array length
len=${#input_parameters[@]}

# Filtering user id's who are having numeric UID 0
while read line
 do
        set -- $(IFS=: ; echo $line)
        uid="$3"
	if [ -z "$uid" ]; then
		continue
	elif [ $uid -eq 0 ]; then
		username="$1"
                user_found=0
                # Excluding the user names which are provided by user
                for((id=0;id<$len;id++))
                do
                        if [ "$username" == "${input_parameters[$id]}" ];then
                                user_found=1
                                continue;
                        fi
                done
                if [ $user_found -eq 0 ]; then
                        arr[$var]=$username
                        let var++
                fi
        fi

done<$LNXHC_SYSINFO_passwd

# verifying the number of root privileges users count more than 0
if [ $var -gt 0 ]; then

      lnxhc_exception "$LNXHC_EXCEPTION_NON_ROOT_UID0"

        # listing user details having numeric UID 0

        for((id=0;id<$var;id++))
        do
		# listing only 4 user names to restrict the summary
		# to a maximum size
		if [ $id -lt 4 ]; then
			lnxhc_exception_var "non_root_user_ids" "${arr[$id]}"
		fi
                lnxhc_exception_var "non_uid_root_list" "#${arr[$id]}"

        done
	# if user count more than 4 adding ... to the summary
	if [ $var -gt 4 ];then
		lnxhc_exception_var "non_root_user_ids" "..."
	fi

else
	echo "+++++++++++++++++++No user having UID Zero+++++++++++++++++"
fi
exit 0
