#!/bin/bash

#set -e

PROGS="/usr/bin/fly-run /usr/bin/fly-menuedit /usr/bin/fly-dtedit /usr/bin/fly-randr /usr/bin/twm"
TERMINALS=`ls /usr/bin/*term*`

USAGE=$(cat <<EOF

*********************************************************
* Attention! This type of kiosk is no longer supported. *
*********************************************************

Usage: sudo fly-kiosk [options]
Locks user in kioks mode.

OPTIONS
    -h --help      display this help and exit
    -u --user      set user name
    -a --action    set action: unlock|lock
    -p --prog      set program to use in single application mode
    -j --home      use non-standart HOME location for user
    -d --default   use default Fly configuration in kiosk mode
    -s --status    see status

Examples: 
fly-kiosk -u user -a lock
fly-kiosk -u user --home /home/user --action lock -p /usr/bin/firefox

If you want to switch user to kiosk mode, you have to authenticate this user at least once, and launch fly-fm(file manager) once.
If you want to switch user, which has mandate access control level enabled you have to authenticate this user on each access level at least once. Then run fly-kiosk once for each access level. Let's say for example we have user named user with mandate access levels 1 and 2.

fly-kiosk -u user --action lock
fly-kiosk -u user --action lock --home /home/.pdp/user/l1i0c0x0t0x0
fly-kiosk -u user --action lock --home /home/.pdp/user/l2i0c0x0t0x0
Same for exiting kiosk mode.
fly-kiosk -u user --action unlock
fly-kiosk -u user --action unlock --home /home/.pdp/user/l1i0c0x0t0x0
fly-kiosk -u user --action unlock --home /home/.pdp/user/l2i0c0x0t0x0
If user has access levels except 0 then you shouldn't use fly-admin-smc to setup kiosk mode for that user.
EOF
)

USAGE_RU=$(cat <<EOF

*********************************************************
* Внимание! Данный тип киоска больше не поддерживается. *
*********************************************************

Запуск: sudo fly-kiosk [options]
Запирает пользователя в режиме графического киоска.

Если вы хотите перевести пользователя в режим киоска, то сначала надо хоть раз авторизоваться этим пользователем, запустить хотя бы один раз fly-fm(менеджер файлов)
и расположить необходимые пользователю ярлыки на рабочем столе.
Затем завершить сессию пользователя и администратором запустить fly-kiosk.


Если запускать без аргумента -p , пользователю доступны только программы которые ему администратор положил на рабочий стол,
и базовые возможности оконного менеджера. 
Если запускать с аргументом -p - в сессии запускается только одна программа, при ее завершении сессия тоже завершается.
Файловый менеджер работает с блокировкой запуска из него приложений.


OPTIONS
    -h --help      Показать справку и выйти
    -u --user      Имя пользователя
    -a --action    Действие с пользователем: unlock|lock
    -p --prog      Название программы для использования в режиме с единственной программой
    -j --home      использовать нестандартное расположение домашнего каталога пользователя
    -d --default   в режиме киоска использовать настройки по умолчанию для среды Fly
    -s --status    Вывод текущего состояния

Пример: fly-kiosk -u user --home /home/user --action lock -p /usr/bin/firefox

Если вы хотите перевести пользователя в режим киоска, то сначала надо хоть раз авторизоваться этим пользователем и запустить хотябы один раз fly-fm(менеджер файлов).
Если пользователю предоставлен доступ к мандатным уровням и категориям отличным от 0, то надо хоть раз авторизоваться на каждом уровне доступа. После чего запустить fly-kiosk для каждого уровня с соответствующим значением --home и без --home. Например для пользователя user с уровнями 1 и 2 нужно запустить
fly-kiosk -u user --action lock
fly-kiosk -u user --action lock --home /home/.pdp/user/l1i0c0x0t0x0
fly-kiosk -u user --action lock --home /home/.pdp/user/l2i0c0x0t0x0
Аналогично для выхода из режима киоска
fly-kiosk -u user --action unlock
fly-kiosk -u user --action unlock --home /home/.pdp/user/l1i0c0x0t0x0
fly-kiosk -u user --action unlock --home /home/.pdp/user/l2i0c0x0t0x0
Настройка режима киоска с помощью программы fly-admin-smc возможно только для пользователя который не имеет доступа к мандатным уровням и категориям отличным от 0.
EOF
)

usage () {
    if echo $LANG | grep -q "ru" ; then
        echo "${USAGE_RU}"
    else
        echo "${USAGE}"
    fi
}

is_locked()
{
    local user=$1
    id --groups --name ${user} 2>/dev/null | grep -qP '(^| )fly-kiosk( |$)'
    return $?
}

is_logged()
{
    local user=$1
    while read LINE; do
        if [ "$user" == "$LINE" ]; then
            return 0
        fi
    done < <(who | awk '{print $1}')
    return 1
}

add_to_group_fly_kiosk()
{
    local user=$1
    grep -q '^fly-kiosk' /etc/group || groupadd fly-kiosk
    usermod -a -G fly-kiosk ${user}
}

remove_from_group_fly_kiosk()
{
    local user=$1
    local prog_name=$2

    grep -q '^fly-kiosk' /etc/group && gpasswd -d ${user} fly-kiosk
    grep -q '^fly-kiosk:.*:$' /etc/group && groupdel fly-kiosk
}

create_dotfly()
{
    local user=$1
    local home=$2
    #sudo -u ${user} fly-wm -d :none 2>&1 >/dev/null
    sudo -u ${user} HOME=${home} XDG_CONFIG_HOME=${home}/.config XDG_DATA_HOME=${home}/.local/share fly-init-user 2>&1 >/dev/null
    chown -R ${user}:${user} ${home}
}

program_is_forbidden()
{
    local prog=${1}
    local result=1
    echo $PROGS | grep -q $(readlink -f $(which $prog)) && result=0
    readlink -f $(which $prog) | grep 'term' | grep -q '/usr/bin/' && result=0
    return $result
}

show_status()
{
    local username=$1
    if [ -z ${username} ]; then
        local users_in_group=$(getent group fly-kiosk)
        if [ -n ${users_in_group} ];then
            printf "These users are in kiosk mode: "
            echo ${users_in_group} | sed 's/.*://'
        else
            echo "There are no users in kiosk mode."
        fi
    else
        # Single user
        if id ${username} 1>&2 >/dev/null; then
            if is_locked ${username}; then
                # Locked
                if [ -z ${HOME_DIR} ]; then
                    local HOME_DIR=/home/${username}
                fi
                if [[ -s ${HOME_DIR}/.fly/lock ]]; then
                    local prog_name=`cat ${HOME_DIR}/.fly/lock`
                    echo "User ${username} is locked in single application kiosk mode."
                    echo "Application: ${prog_name}"
                else
                    echo "User ${username} is locked in kiosk mode."
                fi
            else
                # Common. Not locked.
                echo "User ${username} is not locked in kiosk mode."
            fi
        else
            echo "No such user ${username}"
            exit 6
        fi
    fi
}

sed_i() #Workaround for "sed -i" not working in mandated environments
{
    local script="$1"
    local file=$2

    tmp=$(mktemp)
    sed "$script" $file > $tmp
    cat $tmp > ${file}
    rm -f $tmp
}

mv_i() #Workaround for "mv" not working in mandated environments
{
    local src=$1
    local dst=$2

    if [ -f ${dst} ] ; then
       rm ${dst}
    fi

    cp -f ${src} ${dst}
    rm -f ${src}
}

lock_user()
{
    local username=$1
    local prog_name=$2
    local FLY_DIR="${HOME_DIR}/.fly"
    local DESKTOP_DIR="${HOME_DIR}/Desktops"
    #if [ x`cat /etc/astra_version | cut -f 1 -d " "` = "xSE" ] ; then 
    #  local pdp_tag=$(pdp-ls -Mnd ${HOME_DIR} | awk '{print $5}')
    #  pdpl-file ${pdp_tag} ${FLY_DIR}
    #  pdpl-file ${pdp_tag} ${FLY_DIR}/toolbar
    #fi

    printf "${prog_name}" > ${HOME_DIR}/.fly/lock

    add_to_group_fly_kiosk ${username}

#Console lock
if [ -f /usr/sbin/astra-console-lock ] ; then 
    /usr/sbin/astra-console-lock enable
    if [ -n "`id -Gn ${username} |  grep '\bastra-console\b'`" ] ; then
      deluser ${username} astra-console
    fi
fi
    #setfacl --modify user:${username}:- ${TERMINALS} || true
    setfacl --modify user:${username}:- ${PROGS} 2>/dev/null || true
    setfacl --modify user:${username}:- /usr/bin/fly-admin* || true

    #Don't let user write something.
    #chown -R root:root ${HOME_DIR}
    chown -R root:root $FLY_DIR
    chown -R root:root $DESKTOP_DIR
    setfacl --recursive --modify user:${username}:r-X ${FLY_DIR} || true
    setfacl --recursive --modify user:${username}:r-X ${DESKTOP_DIR} || true
    if [ -d $FLY_DIR.nonkiosk ]; then
        chown -R root:root $FLY_DIR.nonkiosk
        setfacl --recursive --modify user:${username}:r-x ${FLY_DIR}.nonkiosk
    fi
    setfacl             --modify user:${username}:r-- ${HOME_DIR}/.profile 2>/dev/null || true
    setfacl             --modify user:${username}:r-- ${HOME_DIR}/.bashrc  2>/dev/null || true
    setfacl             --modify user:${username}:- ${HOME_DIR}/.bash_profile  2>/dev/null || true
    setfacl             --modify user:${username}:- ${HOME_DIR}/.bash_login 2>/dev/null || true
    setfacl             --modify user:${username}:- ${HOME_DIR}/.xprofile 2>/dev/null || true
    setfacl             --modify user:${username}:- ${HOME_DIR}/.Xsession 2>/dev/null || true
    setfacl             --modify user:${username}:- ${HOME_DIR}/.xsession 2>/dev/null || true
    setfacl             --modify user:${username}:- ${HOME_DIR}/.xsessionrc 2>/dev/null || true

    #sudo find $DESKTOP_DIR -name *.desktop -exec rm -f {} \;

    #Add shutdown shortcut to toolbar.
    cp /usr/share/applications/fly-shutdown-dialog.desktop $FLY_DIR/toolbar/
    #start
    rm -f $FLY_DIR/toolbar/start.desktop
    rm -f $FLY_DIR/toolbar/switcher.desktop
    rm -f $FLY_DIR/toolbar/fly-fm.desktop
    #trash
    rm -f $FLY_DIR/toolbar/fly-fm.desktop
    rm -f $DESKTOP_DIR/Desktop1/mytrash.desktop

    sed_i 's/UseStartButton.*/UseStartButton=false/g' $FLY_DIR/theme/default.themerc
    sed_i 's/UseStartButton.*/UseStartButton=false/g' $FLY_DIR/theme/current.themerc

    sed_i 's/UsePager.*/UsePager=false/g' $FLY_DIR/theme/default.themerc
    sed_i 's/PagingSize.*/PagingSize=1x1/g' $FLY_DIR/theme/default.themerc
    sed_i 's/UsePager.*/UsePager=false/g' $FLY_DIR/theme/current.themerc
    sed_i 's/PagingSize.*/PagingSize=1x1/g' $FLY_DIR/theme/current.themerc


    if ! [ -f $FLY_DIR/keyshortcutrc.backup ] ; then
        mv_i $FLY_DIR/keyshortcutrc $FLY_DIR/keyshortcutrc.backup

        cat <<EOF > $FLY_DIR/keyshortcutrc
[ShortCutKeys]
Alt|Insert = FLYWM_DESKTOP_FOCUS
Alt|Shift|Delete = FLYWM_CHANGE_WIN_BACK_INSCR
Alt|Delete = FLYWM_CHANGE_WIN_INSCR
Alt|Shift|Escape = FLYWM_CHANGE_WIN_BACK
Alt|Escape = FLYWM_CHANGE_WIN
Mod4|d = FLYWM_TOGGLE_MINIMIZE_ALL_INSCR
Mod4|m = FLYWM_TOGGLE_MINIMIZE_ALL_INSCR
Alt|Shift|Tab = FLYWM_SWITCH_TASK_BACK
Alt|Tab = FLYWM_SWITCH_TASK
Alt|F4 = FLYWM_CLOSE
Ctrl|Alt|Down = FLYWM_LOWER
Ctrl|Alt|Up = FLYWM_RAISE
Alt|space = FLYWM_POPUP_MENU
Alt|BackSpace = FLYWM_POPUP_DESKTOP_MENU
Alt|Down = FLYWM_DOWN_PAGING
Alt|Up = FLYWM_UP_PAGING
Alt|Right = FLYWM_RIGHT_PAGING
Alt|Left = FLYWM_LEFT_PAGING
Ctrl|F1 = "fly-wmfunc FLYWM_GOTO_PAGING 1"
Ctrl|F2 = "fly-wmfunc FLYWM_GOTO_PAGING 2"
Ctrl|F3 = "fly-wmfunc FLYWM_GOTO_PAGING 3"
Ctrl|F4 = "fly-wmfunc FLYWM_GOTO_PAGING 4"
;None|F12= FLYWM_TOGGLE_FULLSCREEN_PAGER
Shift|Insert = FLYWM_ICON_PASTE
None|Return = FLYWM_EXEC_ICON
None|KP_Enter = FLYWM_EXEC_ICON
None|Up = FLYWM_ICON_UP
None|Down = FLYWM_ICON_DOWN
None|Left = FLYWM_ICON_LEFT
None|Right = FLYWM_ICON_RIGHT
None|KP_Up = FLYWM_ICON_UP
None|KP_Down = FLYWM_ICON_DOWN
None|KP_Left = FLYWM_ICON_LEFT
None|KP_Right = FLYWM_ICON_RIGHT
None|F2 = FLYWM_ICON_RENAME
None|Print = "spectacle -f"
Alt|Print = "spectacle -a"
Mod4|l = "fly-wmfunc FLYWM_LOCK"
None|XF86Eject = "eject"

EOF
    fi

    if ! [ -d /etc/xdg/rusbitech ]; then
        mkdir /etc/xdg/rusbitech
        chmod 755 /etc/xdg/rusbitech
    fi
    if ! [ -f /etc/xdg/rusbitech/fly-fm.conf ]; then
        touch /etc/xdg/rusbitech/fly-fm.conf
        chmod 644 /etc/xdg/rusbitech/fly-fm.conf
    fi
    kwriteconfig5 --file /etc/xdg/rusbitech/fly-fm.conf --group Global --key "kiosk/${username}" true
    if ! [ -f /etc/xdg/rusbitech/fly-fm-vfs.conf ]; then
        touch /etc/xdg/rusbitech/fly-fm-vfs.conf
        chmod 644 /etc/xdg/rusbitech/fly-fm.conf
    fi
    kwriteconfig5 --file /etc/xdg/rusbitech/fly-fm-vfs.conf --group Network --key "Enabled" false

    echo "[Desktop Entry]" > ${HOME_DIR}/.config/autostart/fly-reflex-service.desktop
    echo "Hidden=true" >> ${HOME_DIR}/.config/autostart/fly-reflex-service.desktop

    ##Have to do something with context menu.
    # if [ -f ${HOME_DIR}/.fly/en.miscrc ]; then
    #     cp ${HOME_DIR}/.fly/en.miscrc ${HOME_DIR}/.fly/en.miscrc.orig
    # fi
    # if [ -f ${HOME_DIR}/.fly/ru_RU-UTF-8.miscrc ]; then
    #     cp ${HOME_DIR}/.fly/ru_RU-UTF-8.miscrc ${HOME_DIR}/.fly/ru_RU-UTF-8.miscrc.orig
    # fi
    # cp /usr/share/fly-mode-switch/en.miscrc.modified ${HOME_DIR}/.fly/en.miscrc
    # cp /usr/share/fly-mode-switch/ru_RU.UTF-8.miscrc.modified ${HOME_DIR}/.fly/ru_RU-UTF-8.miscrc
}

unlock_user()
{
    local username=$1
    local FLY_DIR="${HOME_DIR}/.fly"
    local DESKTOP_DIR="${HOME_DIR}/Desktops"
    #if [ x`cat /etc/astra_version | cut -f 1 -d " "` = "xSE" ] ; then 
    #  local pdp_tag=$(pdp-ls -Mnd ${HOME_DIR} | awk '{print $5}')
    #  pdpl-file ${pdp_tag} ${FLY_DIR}
    #  pdpl-file ${pdp_tag} ${FLY_DIR}/toolbar
    #fi

    remove_from_group_fly_kiosk ${username}

#console unlock
    usermod -a -G astra-console ${username}

    #setfacl --remove user:${username} ${TERMINALS} || true
    setfacl --remove user:${username} ${PROGS} 2>/dev/null || true
    setfacl --remove user:${username} /usr/bin/fly-admin* || true


    #chown -R ${username}:${username} ${HOME_DIR}
    setfacl --recursive --remove user:${username} ${FLY_DIR} || true
    setfacl --recursive --remove user:${username} ${DESKTOP_DIR} || true
    if [ -d ${FLY_DIR}.nonkiosk ]; then
        setfacl --recursive --remove user:${username} ${FLY_DIR}.nonkiosk || true
    fi
    setfacl             --remove user:${username} ${HOME_DIR}/.profile 2>/dev/null || true
    setfacl             --remove user:${username} ${HOME_DIR}/.bashrc 2>/dev/null || true
    setfacl             --remove user:${username} ${HOME_DIR}/.bash_profile 2>/dev/null || true
    setfacl             --remove user:${username} ${HOME_DIR}/.bash_login 2>/dev/null || true
    setfacl             --remove user:${username} ${HOME_DIR}/.xprofile 2>/dev/null || true
    setfacl             --remove user:${username} ${HOME_DIR}/.Xsession 2>/dev/null || true
    setfacl             --remove user:${username} ${HOME_DIR}/.xsession 2>/dev/null || true
    setfacl             --remove user:${username} ${HOME_DIR}/.xsessionrc 2>/dev/null || true

    rm -f $FLY_DIR/toolbar/fly-shutdown-dialog.desktop
    cp -f /usr/share/fly-wm/toolbar/start.desktop $FLY_DIR/toolbar/
    if ! grep "Hidden=true" $FLY_DIR/toolbar/start.desktop ; then
       echo "Hidden=true" >> $FLY_DIR/toolbar/start.desktop
    fi
    cp -f /usr/share/fly-wm/toolbar/switcher.desktop $FLY_DIR/toolbar/
    cp -f /usr/share/fly-wm/toolbar/fly-fm.desktop $FLY_DIR/toolbar/

    cp -f /usr/share/fly-wm/Desktops/Desktop1/mytrash.desktop  $DESKTOP_DIR/Desktop1/
    if [ -d $DESKTOP_DIR/Desktop1-backup ]; then
        cp -f /usr/share/fly-wm/Desktops/Desktop1/mytrash.desktop  $DESKTOP_DIR/Desktop1-backup/
    fi

    sed_i 's/UseStartButton.*/UseStartButton=true/g' $FLY_DIR/theme/default.themerc
    sed_i 's/UseStartButton.*/UseStartButton=true/g' $FLY_DIR/theme/current.themerc

    sed_i 's/UsePager.*/UsePager=true/g' $FLY_DIR/theme/default.themerc
    sed_i 's/PagingSize.*/PagingSize=2x2/g' $FLY_DIR/theme/default.themerc
    sed_i 's/UsePager.*/UsePager=true/g' $FLY_DIR/theme/current.themerc
    sed_i 's/PagingSize.*/PagingSize=2x2/g' $FLY_DIR/theme/current.themerc

    if [ -f $FLY_DIR/keyshortcutrc.backup ] ; then
        mv_i $FLY_DIR/keyshortcutrc.backup $FLY_DIR/keyshortcutrc
    fi

    if ! [ -d /etc/xdg/rusbitech ]; then
        mkdir /etc/xdg/rusbitech
        chmod 755 /etc/xdg/rusbitech
    fi
    if ! [ -f /etc/xdg/rusbitech/fly-fm.conf ]; then
        touch /etc/xdg/rusbitech/fly-fm.conf
        chmod 644 /etc/xdg/rusbitech/fly-fm.conf
    fi
    kwriteconfig5 --file /etc/xdg/rusbitech/fly-fm.conf --group Global --key "kiosk/${username}" false
    if ! [ -f /etc/xdg/rusbitech/fly-fm-vfs.conf ]; then
        touch /etc/xdg/rusbitech/fly-fm-vfs.conf
        chmod 644 /etc/xdg/rusbitech/fly-fm.conf
    fi
    kwriteconfig5 --file /etc/xdg/rusbitech/fly-fm-vfs.conf --group Network --key "Enabled" true

    if [ -f ${HOME_DIR}/.fly/en.miscrc.orig ]; then
        mv_i ${HOME_DIR}/.fly/en.miscrc.orig ${HOME_DIR}/.fly/en.miscrc
    fi
    if [ -f ${HOME_DIR}/.fly/ru_RU-UTF-8.miscrc.orig ]; then
        mv_i ${HOME_DIR}/.fly/ru_RU-UTF-8.miscrc.orig ${HOME_DIR}/.fly/ru_RU-UTF-8.miscrc
    fi

    chown -R ${username}:${username} $FLY_DIR
    chown -R ${username}:${username} $DESKTOP_DIR


    rm -f ${HOME_DIR}/.fly/lock
    rm -f ${HOME_DIR}/.config/autostart/fly-reflex-service.desktop
}

# SCRIPT STARTS HERE. No function declarations below.

PROGRAM="fly-kiosk"
LONG_OPTIONS="help,user:,action:,prog:,home:,default,status"
LONG_OPTIONS="$(echo ${LONG_OPTIONS} | tr -d ' ')"
ARGUMENTS="$(getopt --longoptions ${LONG_OPTIONS} --name="${PROGRAM}" --options hu:a:p:j:ds --shell sh -- "${@}")"

if [ "${?}" != "0" ]; then
    echo "Terminating." >&2
    exit 1
fi

eval set -- "${ARGUMENTS}"

while true; do
    case "${1}" in
        -h|--help)
            SHOW_USAGE="true"
            usage
            exit 0
            ;;
        -u|--user)
            USER_NAME="${2}"
            shift 2
            ;;
        -a|--action)
            ACTION="${2}"
            shift 2
            ;;
        -p|--prog)
            PROG_NAME="${2}"
            shift 2
            ;;
        -j|--home)
            export HOME_DIR="${2}"
            shift 2
            ;;
        -d|--default)
            DEFAULT="true"
            shift
            ;;
        -s|--status)
            SHOW_STATUS="true"
            shift
            ;;
        --)
            shift
            break
            ;;
        *)
            echo "internal error %s" "${0}"
            exit 1
            ;;
    esac
done

if [ "${SHOW_USAGE}" == "true" ]; then
    usage
    exit 0
fi

if ! [ `id -u` = "0" ];then
    echo "Run fly-kiosk from root."
    usage
    exit 2
fi

#if [ x`cat /etc/astra_version | cut -f 1 -d " "` = "xSE" ] ; then
    if ! [ `cat /sys/module/parsec/parameters/max_ilev` = "0" ]; then
        if ! [ `pdp-id -i` = `cat /sys/module/parsec/parameters/max_ilev` ]; then
            echo "Run fly-kiosk under high integrity level."
            usage
            exit 2
        fi
    fi
#fi

#TODO astra-admin check


if [ "${SHOW_STATUS}" == "true" ]; then
    show_status ${USER_NAME}
    exit 0
fi

if [ -z ${ACTION} ]; then
    echo "You should set action." >&2
    usage
    exit 7
fi

if [ -z ${USER_NAME} ]; then
    echo "You should set username." >&2
    usage
    exit 8
else
    if is_logged ${USER_NAME}; then
        echo "User should not be logged in." >&2
        exit 10
    fi
fi

if [ -z ${HOME_DIR} ]; then
    # Use default HOME_DIR location if not set
    export HOME_DIR="/home/${USER_NAME}"
fi

if ! id ${USER_NAME} 1>&1 >/dev/null; then
    echo "No such user ${USER_NAME}" >&2
    exit 9
fi

if ! [ -d ${HOME_DIR}/.fly ]; then
    create_dotfly ${USER_NAME} ${HOME_DIR}
fi

if [ "${ACTION}" = "lock" ];then
    if [ "${DEFAULT}" == "true" ]; then
        if is_locked; then
            rm -rf ${HOME_DIR}/.fly
        else
            if ! [ -d ${HOME_DIR}/.fly.nonkiosk ];then
                mv ${HOME_DIR}/.fly ${HOME_DIR}/.fly.nonkiosk
            fi
        fi
        create_dotfly ${USER_NAME} ${HOME_DIR}
    fi
    if [ -z $PROG_NAME ]; then
        lock_user ${USER_NAME}
    else
        if program_is_forbidden ${PROG_NAME}; then
            echo "Program ${PROG_NAME} could not be used in single application kiosk mode." >&2
            exit 15
        else
            if which ${PROG_NAME} >/dev/null; then
                lock_user ${USER_NAME} ${PROG_NAME}
            else
                echo "No such program ${PROG_NAME}" >&2
                exit 5
            fi
        fi
    fi
elif [ "${ACTION}" = "unlock" ];then
    unlock_user ${USER_NAME}
    if [ -d ${HOME_DIR}/.fly.nonkiosk ];then
        mv ${HOME_DIR}/.fly.nonkiosk ${HOME_DIR}/.fly
        chown -R ${USER_NAME}:${USER_NAME} ${HOME_DIR}/.fly
    fi
else
    echo "Unknown action ${ACTION}" >&2
    usage
    exit 3
fi
