#!/bin/bash

if [[ $UID != 0 ]] ; then
        echo "Password reset drive can only be run as root!"
        exit 1
fi

if [[ ! -e /dev/sda1 ]] ; then
        echo "A flash drive is required and must be plugged in before running."
        exit 1
fi

if [[ $# != 1 ]] ; then
        echo "Usage:  generate-usb-password-reset USERNAME"
        exit 1
fi

USERNAME=$1
USERNAME_CHECK_RVA="x$(grep "$USERNAME" /etc/passwd)"
if [[ "$USERNAME_CHECK_RVA" = "x" ]] ; then
        echo "Username $USERNAME does not exist!"
        exit 1
fi

MOUNT_DIR=$(mktemp -d)
mount /dev/sda1 $MOUNT_DIR

UUID=$(python -c 'import uuid; print str(uuid.uuid4())')
echo $UUID
echo $UUID > /etc/reset-password-conf
echo $USERNAME >> /etc/reset-password-conf

openssl rand -out $MOUNT_DIR/$UUID -base64 4096
cat $MOUNT_DIR/$UUID | md5sum >> /etc/reset-password-conf
chmod 600 /etc/reset-password-conf

umount $MOUNT_DIR
rmdir $MOUNT_DIR

echo "PASSWORD RECOVERY FLASH DRIVE CREATION COMPLETED"
echo "NOTE:  This key you generated will only work ONCE and on THIS device."

