#!/bin/sh
#
# Set or get allowed(s) ip(s) of <jailname>
# Usage: ip <jailname> [<ip>|all]
#

# shellcheck source=./includes
LIBDIR="$(dirname $0)" && . "${LIBDIR}/includes"

jail_name="${1:?}"
ip="${2:-}"

if [ ! -n "${jail_name}" ]; then
    "${LIBDIR}/bkctld-help" && exit 1
fi
jail_path=$(jail_path "${jail_name}")

test -d "${jail_path}" || error "${jail_name}: jail is missing."

if [ -z "${ip}" ]; then
    grep -E "^AllowUsers" "${jail_path}/${SSHD_CONFIG}" | grep -Eo "root@[^ ]+" | while read allow; do
        echo "${allow}" | cut -d'@' -f2
    done
else
    if [ "${ip}" = "all" ] || [ "${ip}" = "0.0.0.0/0" ]; then
        ips="0.0.0.0/0"
    else
        ips=$("${LIBDIR}/bkctld-ip" "${jail_name}")
        ips=$(echo "${ips}" "${ip}" | xargs -n1 | grep -v "0.0.0.0/0" | sort | uniq)
    fi
    allow="AllowUsers"
    for ip in $ips; do
        allow="${allow} root@${ip}"
    done
    sed -i "s~^AllowUsers .*~${allow}~" "${jail_path}/${SSHD_CONFIG}"
    notice "${jail_name}: update ip => ${ip}"
    "${LIBDIR}/bkctld-reload" "${jail_name}"
    "${LIBDIR}/bkctld-firewall" "${jail_name}"
fi