#!/usr/bin/env bash
# SF | Cleanup Warning Banner (Linux)
# Removes the GDM login banner and all associated locks/profiles.

set -euo pipefail

if [[ ${EUID:-$(id -u)} -ne 0 ]]; then
  echo "This script must be run as root."
  exit 1
fi

# --- Paths ---

GDM_DCONF_DIR="/etc/dconf/db/gdm.d"
GDM_LOCK_DIR="/etc/dconf/db/gdm.d/locks"
GDM_PROFILE_FILE="/etc/dconf/profile/gdm"

echo "Removing Secureframe warning banner..."

# 1. Remove all files in the GDM dconf directory related to the banner
# This targets the specific names used in our previous scripts

rm -f "$GDM_DCONF_DIR/01-secureframe-banner"
rm -f "$GDM_DCONF_DIR/00-secureframe-login-screen"
rm -f "$GDM_DCONF_DIR/00-login-screen"

# 2. Remove the locks

rm -f "$GDM_LOCK_DIR/01-secureframe-lock"
rm -f "$GDM_LOCK_DIR/00-secureframe-lock"

# 3. Remove the GDM profile to restore system default behavior

rm -f "$GDM_PROFILE_FILE"

# 4. Clean up the Terminal (TTY) banner

if [[ -f /etc/issue ]]; then
    # Removes lines containing 'Secureframe' OR the 'Authorized use' phrase
    sed -i '/Secureframe/d' /etc/issue || true
    sed -i '/Authorized use only/d' /etc/issue || true
    sed -i '/monitoring and auditing/d' /etc/issue || true

    # If the file is now just empty or whitespace, fully clear it

    if [[ ! -s /etc/issue ]]; then
        : > /etc/issue
    fi
fi

if [[ -f /etc/motd ]]; then
    sed -i '/Authorized use only/d' /etc/motd || true
    sed -i '/monitoring and auditing/d' /etc/motd || true
fi

# 5. Remove the internal marker

rm -rf /etc/secureframe/

# 6. CRITICAL: Re-compile the dconf database so the changes take effect

if command -v dconf >/dev/null 2>&1; then
  dconf update
  echo "Dconf database updated."
fi

echo "Cleanup complete. The login banner has been removed."
exit 0