#!/bin/sh

#
# Fix up ownership and permissions on /Library/Application Support/Wireshark;
# for some reason, it's not being owned by root:wheel, and it's not
# publicly readable and, for directories and executables, not publicly
# searchable/executable.
#
# Also take away group write permission.
#
# XXX - that may be a problem with the process of building the installer
# package; if so, that's where it *should* be fixed.
#
chown -R root:wheel "/Library/Application Support/Wireshark"
chmod -R a+rX,go-w "/Library/Application Support/Wireshark"

CHMOD_BPF_PLIST="/Library/LaunchDaemons/org.wireshark.ChmodBPF.plist"
BPF_GROUP="access_bpf"
BPF_GROUP_NAME="BPF device access ACL"
min_gid=100

if ! dscl . -read /Groups/"$BPF_GROUP" > /dev/null 2>&1; then
   free_gid=$(dscl . -list /Groups PrimaryGroupID | sort -bnk2 | awk -v min_gid=$min_gid 'BEGIN{i=min_gid}{if($2==i)i++}END{print i}')
   dseditgroup -q -o create -i $free_gid -r "$BPF_GROUP_NAME" "$BPF_GROUP"
fi

dseditgroup -q -o edit -a "$USER" -t user "$BPF_GROUP"

chmod u=rw,g=r,o=r "$CHMOD_BPF_PLIST"
chown root:wheel "$CHMOD_BPF_PLIST"

# Clean up our legacy startup item if it's still around.
rm -rf /Library/StartupItems/ChmodBPF

# Try to bootout first, otherwise bootstrap will fail with
#   "Bootstrap failed: 5: Input/output error"
# if org.wireshark.ChmodBPF is already loaded.
launchctl bootout system "$CHMOD_BPF_PLIST" > /dev/null 2>&1

launchctl bootstrap system "$CHMOD_BPF_PLIST"