#!/bin/bash
#
# $Id: debian-edu-winbind 3170 2005-03-23 20:19:21Z finnarne-guest $
# A Script to install packages and configure debian-edu to authenticate
# against a Microsoft Windows Active Directory Server.
# 

set -e 

# Set some defaults
DOMAIN=
REALM=
PWSERVER=
HDSERVER=
ADMIN=
HOSTNAME=
HIDDENHOME="$"

while [ $# -gt 0 ] ; do 
  case $1 in 
    -d) DOMAIN=$2 ; shift ;;
    -r) REALM=$2 ; shift ;;
    -pw) PWSERVER=$2 ; shift ;;
    -home) HOMESERVER=$2 ; shift ;;
    -u) ADMIN=$2 ; shift ;;
    -host) HOSTNAME=$2 ; shift ;;
    -visiblehome) HIDDENHOME="" ;; 
  esac
  shift 
done

#Normally pwServer and homeServer is the same - so try to set both if
#only one is given.
if [ -z "$PWSERVER" ] ; then 
  PWSERVER=$HOMESERVER
fi

if [ -z "$HOMESERVER" ] ; then 
  HOMESERVER=$PWSERVER
fi

if [ -z "$DOMAIN" -o -z "$REALM" -o -z "$PWSERVER" -o -z "$HOMESERVER" -o -z "$ADMIN" ] ; then 
  cat << EOF 1>&2
You need to specify some variables:
  DOMAIN     - your Windows domain 
  REALM      - your Kerberos realm
  PWSERVER   - name of your password Server 
  HOMESERVER - name of your home server
  ADMIN      - Username of Administrator
  HOSTNAME   - (optional) Samba name for the host

  specify -visiblehome if your homedirs are public visible
  
example: 
  $0 -d DOMAIN \\
     -r DOMAIN.REALM.ORG \\
     -pw SERVER.DOMAIN.REALM.ORG \\
     -home SERVER.DOMAIN.REALM.ORG \\
     -u ADMIN \\
     -host HOSTNAME \\
     -visiblehome

EOF
  exit 9
fi

FAILURE=
if ! host $PWSERVER 1>/dev/null 2>&1 ; then 
  echo "Unable to resolv passwordserver $PWSERVER"
  FAILURE=TRUE
fi

if ! host $HOMESERVER 1>/dev/null 2>&1 ; then 
  echo "Unable to resolv server for homedirectories $HOMESERVER"
  FAILURE=TRUE
fi

NTPSERVERS=
if [ -f /etc/default/ntpdate ] ; then 
  eval $(grep ^NTPSERVERS= /etc/default/ntpdate)
elif [ -f /etc/default/ntp-servers ] ; then 
  eval $(grep ^NTPSERVERS= /etc/default/ntp-servers)
fi

if [ -z "$NTPSERVERS" ] ; then 
  echo "No ntp-server defined"
  FAILURE=TRUE
else
  for NTPSERVER in $NTPSERVERS ; do 
    if ! host $NTPSERVER 1>/dev/null 2>&1 ; then 
      echo "Unable to resolv ntp-server $NTPSERVER"
      FAILURE=TRUE
    fi
  done
fi    
  
if [ "$FAILURE" ] ; then 
  echo "Something failed, Aborting installation ...."
  /bin/false
fi

# Set umask for creating safe temporary files
umask 022

# check if this is a lessdisks chroot
if [ "$LESSDISKS_START_STOP_DAEMON" ] ; then 
  HOSTNAME=lessdisks
  CONF=/etc/lessdisks/terminal_install.conf
  ADD_LESSDISKS_RW=
  grep -qe "^rw_dirs.*/home/$DOMAIN" $CONF || \
      ADD_LESSDISKS_RW="${ADD_LESSDISKS_RW:+$ADD_LESSDISKS_RW }/home/$DOMAIN"
  grep -qe "^rw_dirs.*/var/cache/samba" $CONF || \
      ADD_LESSDISKS_RW="${ADD_LESSDISKS_RW:+$ADD_LESSDISKS_RW }/var/cache/samba"
  grep -qe "^copy_dirs.*/var/lib/samba" $CONF || \
      ADD_LESSDISKS_COPY="${ADD_LESSDISKS_COPY:+$ADD_LESSDISKS_COPY }/var/lib/samba"
  if [ "$ADD_LESSDISKS_RW" -o  "$ADD_LESSDISKS_COPY" ] ; then 
    if [ -f $CONF -a ! -f $CONF-org ] ; then 
      [ "$HOSTNAME" ] || HOSTNAME=lessdisks
      cp $CONF $CONF-org
      if [ "$ADD_LESSDISKS_RW" ] ; then 
        sed -e "s%^rw_dirs=\"%rw_dirs=\"$ADD_LESSDISKS_RW %g" \
        $CONF > $CONF.tmp
	mv $CONF.tmp $CONF 
      fi
      if [ "$ADD_LESSDISKS_COPY" ] ; then 
	sed -e "s%^copy_dirs=\"%copy_dirs=\"$ADD_LESSDISKS_COPY %g" \
        $CONF > $CONF.tmp
	mv $CONF.tmp $CONF 
      fi
    else
      echo "Hmm, you are in a lessdisks chroot, "
      echo "and $CONF-org exists, or $CONF dont exist"
      echo "bailing out"
      exit 9
    fi
  fi  
fi

mkdir -p /home/$DOMAIN

# We want this install to be really quiet
debconf-set-frontend Noninteractive

apt-get -qy install winbind \
                krb5-user \
		samba \
		smbfs \
		libpam-mount \

# now it's time to get noisy again
debconf-set-frontend Dialog

case "$LANG" in 
  nb*|nn*|no*)
    CHARSET=iso8859-1
    CODEPAGE=cp850
    ;;
esac

# Replace existing files with configured files for winbind
for CONF in /etc/samba/smb /etc/security/pam_mount /etc/krb5 ; do 
  if [ -f $CONF.conf -a ! -f $CONF.conf-org ] ; then 
    mv $CONF.conf $CONF.conf-org
  fi
  rm -f $CONF.conf
  sed -e "s/%%HDSERVER%%/$HOMESERVER/g" \
      -e "s/%%DOMAIN%%/$DOMAIN/g" \
      -e "s/%%REALM%%/$REALM/g" \
      -e "s/%%PWSERVER%%/$PWSERVER/g" \
      -e "s/%%HOSTNAME%%/$HOSTNAME/g" \
      -e "s/%%CHARSET%%/${CHARSET:+,iocharset=$CHARSET}/g" \
      -e "s/%%CODEPAGE%%/${CODEPAGE:+,codepage=$CODEPAGE}/g" \
      -e "s/%%HIDDENHOME%%/${HIDDENHOME:+$HIDDENHOME}/g" \
      $CONF-winbind-debian-edu.conf > $CONF.conf
done

# Replace existing files with configured files for winbind
for CONF in /etc/pam.d/common-auth \
            /etc/pam.d/common-account \
	    /etc/pam.d/common-session \
	    /etc/pam.d/common-password ; do 
  if [ -f $CONF -a ! -f $CONF-org ] ; then 
    mv $CONF $CONF-org
  fi
  rm -f $CONF.conf
  ln -s $CONF-winbind-debian-edu $CONF
done

# Replace ldap in nsswitch.conf with winbind
cp /etc/nsswitch.conf /etc/nsswitch.conf-org
sed -e 's/ldap/winbind/g' /etc/nsswitch.conf-org > /etc/nsswitch.conf 

# Add the machine to the net account
net ads join -U $ADMIN

