#!/bin/sh

set -e

## This script is run by www-data using sudo. Keep that in mind!
## Make sure that malicious execution cannot hurt.
##
## This script creates the home directories and principals for users
## added with gosa.  There are some tests that make sure only
## non-existent home directories are created.  Malicious execution
## cannot hurt, because either the user is missing in ldap or his home
## directory already exists. In both cases nothing should happen.

PREFIX=/skole
HOSTNAME=$(hostname -s)
USERID=$1

#FIXME Change this ldap search to only find new users, to not slow down as more users are added.
# One ide might be to look for objects without the krbPasswordExpiration attributes.

## lookup user and create home directory and principal:
ldapsearch -xLLL "(&(uid=$USERID)(objectClass=posixAccount)(!(objectClass=gosaUserTemplate)))" \
    cn homeDirectory gidNumber 2>/dev/null | perl -p0e 's/\n //g' | \
while read KEY VALUE ; do
	case "$KEY" in
		dn:) USERNAME= ; HOMEDIR= ; GROUPID= ; USERDN="dn=$VALUE" ;;
		cn:) USERNAME="$VALUE" ;;
		homeDirectory:) HOMEDIR="$VALUE" ;;
		gidNumber:) GROUPID="$VALUE"  ;;
		"")
			test "$HOMEDIR" || continue
			echo "$HOMEDIR" | grep -q "^$PREFIX/$HOSTNAME" || continue
			test -e "$HOMEDIR" && continue
			cp -r /etc/skel $HOMEDIR
			if type nscd > /dev/null 2>&1 ; then
				# These calls fail when nscd isn't running.  And then we do
				# not care about the result, as there is no cache to invalidate.
				nscd -i passwd || true
				nscd -i group || true
			fi
			certutil  -A -d dbm:$HOMEDIR/.mozilla/firefox/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt
			certutil  -A -d dbm:$HOMEDIR/.thunderbird/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt
			certutil  -A -d sql:$HOMEDIR/.pki/nssdb/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt
			logger -t gosa-create -p notice Both dbm and sql nssdb files created in \'$HOMEDIR\'.
			chown -R $USERID:$GROUPID $HOMEDIR
			kadmin.local -q "add_principal -policy users -randkey -x \"$USERDN\" $USERID"
			logger -t gosa-create -p notice Home directory \'$HOMEDIR\' and principal \'$USERID\' created.
## send a welcome-email:
			cat << EOF | /usr/lib/sendmail $USERID
Subject: Welcome to the mail-system

Hello $USERNAME,

welcome to the mail-system.

Your userID is $USERID, and your email address is:

    $USERID@postoffice.intern

Regards,

    Debian-Edu SysAdmin

EOF
			;;
		esac
done

exit 0
