#!/usr/bin/bash
#
# Generate a repeatable password using a system wide seed
#
# TODO: Error handling when authseed is missing

SEED=/etc/sysconfig/authseed

# If run as non-root sudo (this will use a derrived authseed based on the caller)
SUDOED=0

if [ $(id -u) -ne 0 ]; then
	sudo -n $(readlink -f $0) --sudo "$1" "$2"
	exit $?
fi

if [ "$1" == "--sudo" ]; then
	SUDOED=1
	shift
fi

if [ $# -ne 2 ]; then
	echo "Usage: $(basename $0) <username-or-token> <length>" >>/dev/stderr
	exit 1
fi

if [[ $2 -lt 1 || $2 -gt 128 ]]; then
	echo "Usage: $(basename $0) <username-or-token> <length>" >>/dev/stderr
	echo "   **  <length> must be between 1 and 128 characters" >>/dev/stderr
	exit 2
fi

if [ "$SUDOED" == "1" ] && [ -n "${SUDO_USER}" ]; then

	echo "$1" \
	  | sha512hmac -K $($(readlink -f $0) "sudo:${SUDO_USER}" 128) - \
	  | base64 \
	  | tr -dc 0-9A-Za-z \
	  | cut -c1-$2
else
	echo "$1" \
	| sha512hmac -k ${SEED} - \
	| base64 \
	| tr -dc 0-9A-Za-z \
	| cut -c1-$2
fi


