#!/bin/bash
#
# logs when users login and logout
# thomas@linuxmuster.net
# 30.05.2014
#

#set -x

# source linuxmuster defaults
. /usr/share/linuxmuster/config/dist.conf || exit 1

# source helperfunctions
. $HELPERFUNCTIONS || exit 1

# parsing parameters
getopt $*

usage() {
  echo
  echo "Usage: samba-userlog --log=<in|out>"
  echo "                     --username=<userlogin>"
  echo "                     --hostname=<hostname or ip address>"
  echo "                     --homedir=<homedirectory>"
  echo
  exit 1
}

# test parameters
[ "$log" != "in" -a "$log" != "out" ] && usage
[ -z "$hostname" ] && usage
[ -z "$username" ] && usage
[ -z "$homedir" ] && usage

# test if hostname is an ip address
if validip $hostname; then
  get_hostname $hostname
  [ -n "$RET" ] && hostname=$RET
fi

# test if username is a hostname (for exams)
get_hostname $username
[ -n "$RET" ] && EXAMMODE=yes

# get primary group of user
get_pgroup $username
export PGROUP=${RET# }

# test for public_html (teachers only)
if [ "$log" = "in" -a "$PGROUP" = "$TEACHERSGROUP" -a ! -e "$homedir/public_html" ]; then
 mkdir $homedir/public_html
 chown $username:www-data $homedir/public_html
 chmod 2750 $homedir/public_html
fi

# change host password if user is a host (more security for exams, see #88)
if [ -n "$EXAMMODE" -a "$log" = "in" ]; then
 password="$(pwgen -s 24 1)"
 sophomorix-passwd -u "$username" --pass "$password" &> /dev/null
 [ "$hostname" != "$username" ] && sophomorix-passwd -u "$hostname" --pass "$password" &> /dev/null
fi

# check if there are valid logins in cache file
check_logins() {

  [ -s "$cachefile" ] || return

  for i in `cat $cachefile`; do

    if ! smbstatus -b -d 0 -u $i | grep -qw $i | grep -qw $hostname; then

      grep -vw $i $cachefile > $cachefile.tmp
      mv $cachefile.tmp $cachefile

    fi

  done

} # check_logins

# only if host account exists
if check_id $hostname; then

  # create cachefile and lock cachefile
  [ -d "$LOGINCACHE" ] || mkdir -p $LOGINCACHE
  cachefile=$LOGINCACHE/$hostname
  locker=/tmp/.samba-userlog_${hostname}.lock
  [ -e "$cachefile" ] || touch $cachefile
  chattr -i $cachefile
  lockfile -l 5 $locker

  if [ "$log" = "in" ]; then

    check_logins

    if ! grep -qw $username $cachefile; then
      echo $username >> $cachefile
      chattr +i $cachefile
    fi

    prep=on

  else

    grep -vw $username $cachefile > $cachefile.tmp
    mv $cachefile.tmp $cachefile

    if [ -s "$cachefile" ]; then
      chattr +i $cachefile
    else
      rm -f $cachefile
    fi

    prep=from

  fi

  rm -f $locker

fi


# log to userlogins
get_ip $hostname
export IP=$RET
get_realname $username
export REALNAME=${RET# }
locker=/tmp/.samba-userlog.lock
lockfile -l 5 $locker
echo "$DATETIME: $REALNAME ($username, $PGROUP) logs $log $prep $hostname ($IP)" >> $USERLOG

echo "log$log of user $username $prep host $hostname successfully logged!"

# source custom login and logout scripts
export USERNAME="$username"
export HOMEDIR="$homedir"
export HOSTNAME="$hostname"
case $log in
 in) run-parts "$PREEXECD" ;;
 out) run-parts "$POSTEXECD" ;;
 *) ;;
esac

rm -f $locker

exit 0
