#!/bin/sh

. /etc/control.d/functions

RULES=/etc/polkit-1/rules.d/90-corectrl.rules
CORECTRL_BINARY=/usr/bin/corectrl

setup_rule() {
	new_subst "$1" \
		"subject\.isInGroup\(\"$3\"\)\)[[:space:]]{\$" \
		"s/subject\.isInGroup(\".*\$/subject.isInGroup(\"$3\")) {/"
}

setup_rule corectrlonly 0660 corectrl
setup_rule wheelonly 0660 wheel
setup_rule restricted 0600 root

new_fmode corectrlonly 710 root corectrl
new_fmode wheelonly 710 root wheel
new_fmode restricted 700 root root

new_help corectrlonly "Only \"corectrl\" group members can execute $CORECTRL_BINARY"
new_help wheelonly "Only \"wheel\" group members can execute $CORECTRL_BINARY"
new_help restricted "Only root can execute $CORECTRL_BINARY"

case "$*" in
	status|'')
		RULES_STATUS="`control_subst "$RULES"  status`" || exit 1
		if [ -e $CORECTRL_BINARY ]; then
			CORECTRL_STATUS="`control_fmode "$CORECTRL_BINARY" status`" || exit 1
		fi

		if [ ! -e $CORECTRL_BINARY ]; then
			STATUS='unknown'
		elif [ -e $CORECTRL_BINARY ]; then
			STATUS=$CORECTRL_STATUS
		else
			STATUS='unknown'
		fi

		[ "$STATUS" = "$RULES_STATUS" ] || STATUS='unknown'
		echo "$STATUS"
		;;
	*)
		if is_builtin_mode "$*"; then
			control_fmode "$CORECTRL_BINARY" "$*" && exit 0 || exit 1
		fi

		[ ! -e $CORECTRL_BINARY ] && exit 1
		control_subst "$RULES"  "$*" || exit 1

		if [ -e $CORECTRL_BINARY ]; then
			control_fmode "$CORECTRL_BINARY" "$*" || exit 1
		fi
		;;
esac

exit 0
