#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 2002 Javier Fernandez-Sanguino Pen~a 
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# check_ftpusers - jfs -  Sat May 18 18:39:35 CEST 2002
# 
# Analyses the system's /etc/ftpusers and determines if the administrative
# users are in that file.
#
# 10/01/2003 jfs Removed passwd files if not used any longer.
#
# 07/25/2002 jfs Added a sanity check for password files.
#                Changed TigerInstallDir to .
#
# 05/18/2002 jfs Created based on check_root with ideas inspired on Titan's
#		 modules/ftpusers.sh
#
# 08/09/2002 jfs Fixed call to grep adding quotes (now works in Solaris)
#
#-----------------------------------------------------------------------------
#
TigerInstallDir='.'

#
# Set default base directory.
# Order or preference:
#      -B option
#      TIGERHOMEDIR environment variable
#      TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}

for parm
do
   case $parm in
   -B) basedir=$2; break;;
   esac
done

#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
  echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
  exit 1
}

. $basedir/config

. $BASEDIR/initdefs
#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
  haveallcmds AWK GREP CAT GEN_PASSWD_SETS JOIN LS RM || exit 1
  haveallfiles BASEDIR WORKDIR || exit 1
  haveallvars TESTLINK HOSTNAME || exit 1
  
  echo "--CONFIG-- [init003c] $0: Configuration ok..."
  exit 0
}

#------------------------------------------------------------------------
echo
echo "# Performing common access checks for root..."

haveallcmds AWK GREP CAT GEN_PASSWD_SETS JOIN LS RM || exit 1
haveallfiles BASEDIR WORKDIR || exit 1

safe_temp "$WORKDIR/pass.list.$$"
trap 'delete $WORKDIR/pass.list.$$ ; exit 1' 1 2 3 15

# Just in case if it's not configured properly
[ -z "${Tiger_Accounts_Trust}" ] && { 
	Tiger_Accounts_Trust = 999
	export Tiger_Accounts_Trust
}

# Do this only if ftpusers exists
if [ -f /etc/ftpusers ]; then

if [ -n "$Tiger_PasswdFiles" ]; then
    [ -f $Tiger_PasswdFiles ] && $CAT "$Tiger_PasswdFiles" > $WORKDIR/pass.list.$$
else
     $GEN_PASSWD_SETS $WORKDIR/pass.list.$$
fi

for passwd_set in `$CAT $WORKDIR/pass.list.$$`
do
	$CAT $passwd_set |
	while read line 
	do
	runawk="$AWK -F: '(\$3 <= $Tiger_Accounts_Trust) { print \$1 }'"
	user=`echo $line | eval $runawk`
# This does not work since $Tiger_Accounts_Trust does not get expanded
#	user=`echo $line | $AWK -F: '($3 <= $Tiger_Accounts_Trust) { print $1 }'`

	# Note: root is removed since it is checked for in check_root
	[ -n "$user" -a "$user" != "root" ] && [ -z "`$GREP \"^$user\" /etc/ftpusers`" ]  && 
		message FAIL netw018f "" "Administrative user $user allowed access in /etc/ftpusers"
	done 
        [ ! -n "$Tiger_PasswdFiles" ] && delete $passwd_set $passwd_set.src
done

else
	message FAIL netw020f "" "There is no /etc/ftpusers file."

fi

delete $WORKDIR/pass.list.$$ 

exit 0
