#!/bin/bash
set -e
[ "$EUID" -eq 0 ] || { sudo "$0" "$@"; exit $?; }
SHARE_ROOTS=("$HOME/.local/share" "/usr/local/share" "/usr/share")
for SHARE_ROOT in "${SHARE_ROOTS[@]}"; do
	if [ -d "$SHARE_ROOT/sudo-nopasswd" ]; then
		SHARE_DIR="$SHARE_ROOT/sudo-nopasswd"
		break
	fi
done
CONSTANTS="sudo_no_passwd_constants.sh"
source "$SHARE_DIR/$CONSTANTS"
cp "$SUDOERS_FILE" "$SUDOERS_BAK"

if grep -q "^%sudo.*NOPASSWD" "$SUDOERS_FILE"; then
    grep "%sudo.*NOPASSWD" "$SUDOERS_FILE" |
        sed -E 's/.*NOPASSWD: //;s/([^\\]),/\1\n/g;s/\\\\//g' > "$BEFORE_COMMANDS"
else
    touch "$BEFORE_COMMANDS"
fi
output="$(
    cat "$ETC_FILE" |
        awk -F' ' '{"command -v "$1 | getline program; $1=program; print}' |
        sed -E 's/([:,#])/\\\\\1/g' |
        paste -sd,
)"
sep=$(printf '\001')
if [ "$output" ]; then
    if grep -q "^%sudo.*NOPASSWD" "$SUDOERS_FILE"; then
        sed -i "s${sep}^%sudo.*NOPASSWD: .*${sep}%sudo ALL=(ALL:ALL) NOPASSWD: $output${sep}" "$SUDOERS_FILE"
    else
        sed -i "/^%sudo/a %sudo ALL=(ALL:ALL) NOPASSWD: $output" "$SUDOERS_FILE"
    fi
else
    sed -i "/^%sudo.*NOPASSWD/d" "$SUDOERS_FILE"
fi
if ! visudo -c "$SUDOERS_FILE" >/dev/null 2>&1; then
    cat "$SUDOERS_BAK" | grep "%sudo.*NOPASSWD"
    cp "$SUDOERS_BAK" "$SUDOERS_FILE"
    echo "Syntax error detected in $SUDOERS_FILE. Reverted to backup."
    exit 1
else
    rm "$SUDOERS_BAK"
fi
cat "$ETC_FILE" |
    awk -F' ' '{"command -v "$1 | getline program; $1=program; print}' > "$AFTER_COMMANDS"
diff -u "$BEFORE_COMMANDS" "$AFTER_COMMANDS" --color=always |
    grep $'^\x1b\\[[0-9;]*m[+-]' |
    grep -Ev $'^\x1b\\[[0-9;]*m([+][+][+]|[-][-][-])'
rm "$BEFORE_COMMANDS" "$AFTER_COMMANDS"