#!/bin/bash

if [ "$(CreoleGet ad_password_available)" = "non" ]; then
    exit 0
fi

set -e

if [ -z $(CreoleGet ad_realm '') ]; then
    # cas Scribe
    SSHCMD="ssh -q -o LogLevel=ERROR -o StrictHostKeyChecking=no -o IdentitiesOnly=yes"
    function CreoleRun () {
        cmd="$1"
        unset SSH_AUTH_SOCK
        $SSHCMD root@addc "$cmd"
    }
elif [ -z $(CreoleGet container_ip_domaine '') ]; then
    # cas Seth
    function CreoleRun () {
        cmd="$1"
        eval "$cmd"
    }
fi

# cas Seth
if [ -f /etc/eole/samba4-vars.conf ]
then
    # shellcheck disable=SC1091,SC1090
    . /etc/eole/samba4-vars.conf
    if [ "${AD_SERVER_ROLE}" != "controleur de domaine" ]
    then
        # cas Seth Membre
        exit 0
    fi

    if [ "${AD_ADDITIONAL_DC}" != "non" ]
    then
        # cas Seth DC Additionel
        exit 0
    fi
else
    # cas Scribe Membre 
    if [ "$(CreoleGet ad_local)" = 'non' ]
    then
        exit 0
    fi
fi

###################################################################
# set default setting
cmd="samba-tool domain passwordsettings set "
cmd="$cmd --min-pwd-length=$(CreoleGet ad_default_min_pwd_length)"
cmd="$cmd --history-length=$(CreoleGet ad_default_history_length)"
cmd="$cmd --min-pwd-age=$(CreoleGet ad_default_min_pwd_age)"
cmd="$cmd --max-pwd-age=$(CreoleGet ad_default_max_pwd_age)"
if [ $(CreoleGet ad_default_complexity) = "oui" ]; then
    cmd="$cmd --complexity=on"
else
    cmd="$cmd --complexity=off"
fi
CreoleRun "$cmd" domaine >/dev/null

###################################################################
# set group settings

#delete old entries
old_entries=( $(CreoleRun "samba-tool domain passwordsettings pso list" domaine | grep " | EOLE_" | awk -F'|' '{ print $2 }') )
for group in ${old_entries[@]}; do
    CreoleRun "samba-tool domain passwordsettings pso delete $group" domaine >/dev/null
done

ad_group_name=( $(CreoleGet ad_group_name) )
ad_group_complexity=( $(CreoleGet ad_group_complexity) )
ad_group_min_pwd_length=( $(CreoleGet ad_group_min_pwd_length 2>/dev/null) )
ad_group_history_length=( $(CreoleGet ad_group_history_length 2>/dev/null) )
ad_group_min_pwd_age=( $(CreoleGet ad_group_min_pwd_age 2>/dev/null) )
ad_group_max_pwd_age=( $(CreoleGet ad_group_max_pwd_age 2>/dev/null) )
idx=0

for group in ${ad_group_name[@]}; do
    cmd="samba-tool domain passwordsettings pso create 'EOLE_$group' $((idx+2))"
    cmd="$cmd --min-pwd-length=${ad_group_min_pwd_length[$idx]}"
    cmd="$cmd --history-length=${ad_group_history_length[$idx]}"
    cmd="$cmd --min-pwd-age=${ad_group_min_pwd_age[$idx]}"
    cmd="$cmd --max-pwd-age=${ad_group_max_pwd_age[$idx]}"
    if [ "${ad_group_complexity[$idx]}" = "oui" ]; then
        cmd="$cmd --complexity=on"
    else
        cmd="$cmd --complexity=off"
    fi
    echo $cmd
    CreoleRun "$cmd" domaine  >/dev/null
    CreoleRun "samba-tool domain passwordsettings pso apply 'EOLE_$group' $group" domaine >/dev/null
    idx=$((idx+1))
done

exit 0
