#!/bin/bash

option=$1
force=$2

ldap_installed="$(CreoleGet openldap_installed oui)"

if [ $ldap_installed = 'non' ] && [ ! $force ]; then
    exit 0
fi


if [ "$ldap_installed" = 'non' ]; then
    CreoleRun "ldbsearch -H /var/lib/samba/private/sam.ldb cn=admin cn | grep -iq '^dn: cn=admin'" domaine
    res=$?
    export FORCEPTY=yes
else
    function CreoleRun () {
        $1
    }
    ldapsearch -x uid=admin dn | grep -q "^dn: uid=admin"
    res=$?
fi

if [ $res -ne 0 ]
then
    # pré-activation du shell (#4231)
    if [ -n "$(CreoleGet interface_client_ltsp 2>/dev/null)" ] || [ "$(CreoleGet activer_nfs 2>/dev/null)" = "oui" ];then
        shell="-s"
    else
        shell=""
    fi
    if [ -f /etc/eole/saslauthd.conf ];then
        password='instance'
    else
        password='Eole12345!'
    fi
    # ajout utilisateur admin
    if [ ! "$(CreoleGet aaf_file_format none)" = 'none' ]; then
       /usr/share/eole/sbin/addadmin
    elif [ -f /usr/share/eole/backend/creation-prof.py ];then
        # SCRIBE
        /usr/share/eole/backend/creation-prof.py -u admin -m "$password" -p admin -f admin -M 'internet' -z 1 -q 0 -x 1 $shell
        [ $? -ne 0 ] && [ "$(CreoleGet activer_ad non])" != 'oui' ] && exit 1
        if [ "$(CreoleGet ead_support_multietab)" = "oui" ];then
            numero_etab=$(CreoleGet numero_etab)
            echo "Ajout du groupe \"racine\" : $numero_etab"
            python3 -c """from scribe.eolegroup import Group
Group().add('Etablissement', '$numero_etab', 'restreint', 'rw')
"""
        fi
    else
        # HORUS
        python3 -c "from horus import backend; backend.add_user('admin', 'DomainUsers', ['DomainAdmins', 'PrintOperators'], shell='$shell')"
        if [ -L /data ];then
            python3 -c """from horus.backend import add_group, add_share
add_group('applidos')
add_group('minedu')
add_share('applidos', 'applidos', filepath='/data/applidos', sticky=True, sync=False, drive='F:')
add_share('minedu', 'minedu', filepath='/data/minedu', sticky=True, sync=False, drive='X:', model='minedu')
"""
        fi
    fi
    if [ "$password" != "instance" ]; then
        if [ "$option" = "instance" ]; then
            echo ""
            echo "#######################################################"
            echo "# Changement du mot de passe de l'utilisateur \"admin\" #"
            echo "#######################################################"
            res=1
            i=0
            while [ "$res" -ne 0 ]
            do
            i=$((i+1))
            [ $i = 10 ] && echo "erreur au changement de mot de passe de admin" && exit 1
                CreoleRun "/usr/sbin/smbldap-passwd admin" domaine
                res=$?
            done
        else
            # le mot de passe doit être changé à la prochaine connexion
            CreoleRun "/usr/bin/net sam set pwdmustchangenow admin yes &>/dev/null" domaine
            tput setaf 3; echo -n "L'utilisateur "
            tput smso; echo -n admin; tput rmso
            tput setaf 3; echo -n " a été re-créé avec le mot de passe "
            tput setaf 8; echo "admin"
            tput setaf 3; echo "Le système demandera son changement à la prochaine ouverture de session"
            tput sgr0
        fi
    fi
fi

echo -e "\n## Génération de la configuration Samba ##"
/usr/share/eole/sbin/synchro_file.py norestart

# Application des acls sur minedu & applidos si nécessaire (#7576 #5279)
for grp in "minedu" "applidos";do
    dir=/data/$grp
    if [ -d $dir ];then
        getfacl $dir 2>/dev/null | grep -v "^#" | grep -q $grp
        if [ $? -ne 0 ];then
            echo "Correction des ACL sur $dir"
            chgrp $grp $dir
            setfacl -PRm g:$grp:rwx $dir
            setfacl -dPRm g:$grp:rwx $dir
        fi
    fi
done

# create new homeDir (#28403)
mkdir -p /home/adhomes
chmod 755 /home/adhomes

exit 0

