#!/bin/bash

. /usr/lib/eole/ihm.sh

if [ -f /etc/eole/samba4-vars.conf ];then
    . /etc/eole/samba4-vars.conf
    [ "$(CreoleGet ad_server_role)" == "controleur de domaine" ] || exit 0
    # Seth DC
    SALT_IP=$AD_HOST_IP
    CONTAINER_EXEC=''
elif [ -f /usr/lib/eole/eolead.sh ];then
    . /usr/lib/eole/eolead.sh
    # ScribeAD/HorusAD
    . $CONTAINER_ROOTFS/etc/eole/samba4-vars.conf
    AD_HOST_IP=$CONTAINER_IP
    SALT_IP=$(CreoleGet adresse_ip_eth0)
    CONTAINER_EXEC='lxc-attach -n addc --'
else
    exit 0
fi

SALT_ADDR=$(dig @$AD_HOST_IP salt.$AD_REALM +short)
if [ "$SALT_ADDR" != "$SALT_IP" ]
then

    $CONTAINER_EXEC kinit ${AD_HOST_NAME^^}@${AD_REALM^^} -k -t $AD_HOST_KEYTAB_FILE
    if [ -n "$SALT_ADDR" ]; then
        EchoOrange "Attention : Le nom d'hôte \"salt\" est résolu en $SALT_ADDR alors qu'il devrait être en $SALT_IP"
        for ADDR in $SALT_ADDR;do
            echo -n "Suppression de la résolution du nom d'hôte \"salt\" en $ADDR : "
            $CONTAINER_EXEC samba-tool dns delete $AD_HOST_NAME.$AD_REALM $AD_REALM salt A $ADDR -k 1
        done
    fi
    echo -n "Résolution du nom d'hôte \"salt\" en $SALT_IP : "
    $CONTAINER_EXEC samba-tool dns add $AD_HOST_NAME.$AD_REALM $AD_REALM salt A $SALT_IP -k 1
    $CONTAINER_EXEC kdestroy
    echo

fi

PRIVATE_DIR=/etc/eole/private
MANAGER_PASSWORD_FILE="${PRIVATE_DIR}/eole-workstation-manager.password"
READER_PASSWORD_FILE="${PRIVATE_DIR}/eole-workstation-reader.password"

user_exists() {
    local username="${1}"
    $CONTAINER_EXEC samba-tool user show "${username}" > /dev/null 2>&1
}

if [ ! -s "${MANAGER_PASSWORD_FILE}" ]
then
    EchoRouge "Le fichier de mot de passe '${MANAGER_PASSWORD_FILE}' n’existe pas"
else
    MANAGER_PASSWORD=$(cat "${MANAGER_PASSWORD_FILE}")
    if ! user_exists eole-workstation-manager
    then
	echo "Ajout du compte de jonction au domaine 'eole-workstation-manager'... "
	$CONTAINER_EXEC samba-tool user create --random-password eole-workstation-manager
    fi

    echo "Mise en conformité de l’utilisateur 'eole-workstation-manager'... "
    $CONTAINER_EXEC samba-tool user setexpiry eole-workstation-manager --noexpiry
    $CONTAINER_EXEC samba-tool group addmembers 'Domain Admins' eole-workstation-manager
    $CONTAINER_EXEC samba-tool user setpassword eole-workstation-manager --newpassword="${MANAGER_PASSWORD}"
fi

if [ ! -s "${READER_PASSWORD_FILE}" ]
then
    EchoRouge "Le fichier de mot de passe '${READER_PASSWORD_FILE}' n’existe pas"
else
    READER_PASSWORD=$(cat "${READER_PASSWORD_FILE}")
    if ! user_exists eole-workstation-reader
    then
	echo "Ajout du compte de lecture 'eole-workstation-reader'... "
	$CONTAINER_EXEC samba-tool user create --random-password eole-workstation-reader
    fi

    echo "Mise en conformité de l’utilisateur 'eole-workstation-reader'... "
    $CONTAINER_EXEC samba-tool user setexpiry eole-workstation-reader --noexpiry
    $CONTAINER_EXEC samba-tool user setpassword eole-workstation-reader --newpassword="${READER_PASSWORD}"
fi

exit 0
