#!/bin/bash

set -e

. /etc/eole/gposcript.conf
. /etc/eole/samba4-vars.conf
KEYFILE="/tmp/gpoinit.keytab"
[ -f "$KEYFILE" ] && rm -f "$KEYFILE"
GPONAME="eole_script"
USER="$AD_ADMIN@"$(echo $AD_REALM | tr a-z A-Z)
SCRIPTS_DIR="/home/sysvol/$AD_REALM/scripts"

function kinituser()
{
    # init kerberos ticket
    samba-tool domain exportkeytab "$KEYFILE" --principal="$USER" > /dev/null 2>&1
    kinit "$USER" -k -t "$KEYFILE"
}

function kdestroyuser()
{
    # destroy kerberos ticket
    kdestroy
    rm -f "$KEYFILE"
}

function makedirs()
{
    if [ -d $SCRIPTS_DIR ];then
        for dir in users groups machines os;do
            [ -d "$SCRIPTS_DIR/$dir" ] || mkdir "$SCRIPTS_DIR/$dir"
        done
    fi
}

if [ $GPOSCRIPT -eq 0 ]; then

    kinituser
    makedirs

    # exit if GPO already exists, should update it if needs
    if $(samba-tool gpo listall -k 1 |grep -q "display name : $GPONAME");
    then
        kdestroyuser
        exit 0
    fi

    echo "Enregistrement du GPO EOLE \"$GPONAME\""

    # create GPO
    msg=$(samba-tool gpo create "$GPONAME" -k 1)
    GPOID=$(echo $msg | awk -F" created as " '{ print $2 }')

    # register WaitNetwork policy and configure it
    gpo-tool policy inspect WaitNetwork > /dev/null 2>&1 || gpo-tool policy register 'WaitNetwork' '{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F73-3407-48AE-BA88-E8213C6761F1}' 'Registry.pol' 'User' 'HKLM\Software\Policies\Microsoft\Windows NT\CurrentVersion\Winlogon;SyncForegroundPolicy;REG_DWORD;4;{value}'
    gpo-tool policy add "$GPONAME" "WaitNetwork" -v "value:1" -k 1

    # link to base DN
    samba-tool gpo setlink "$BASEDN" $GPOID -k 1 > /dev/null

    # Convert regfiles in Registry.xml format
    /usr/share/eole/gpo/script/reg_to_xml.py

    # import scripts and Registry.xml files in GPO
    /usr/share/eole/gpo/script/importation.py
else
    GPOID=$(ldbsearch -H /var/lib/samba/private/sam.ldb "(&(objectClass=groupPolicyContainer)(displayname=$GPONAME))" cn|grep ^"cn: {"|cut -d " " -f2)
    [ -z $GPOID ] && exit 0
    echo "Suppression du GPO EOLE \"$GPONAME\""
    kinituser
    samba-tool gpo del $GPOID -k 1
fi

kdestroyuser
