#!/bin/bash
#
# postinst script for linuxmuster-client
#
# Thomas Schmitt <schmitt@lmz-bw.de>
# 18.12.2009
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
#

# read debconf stuff
. /usr/share/debconf/confmodule

case "$1" in

    configure)

        # read default variables
        . /etc/linuxmuster-client/auth/config || exit 1

        # check the distribution and do specific stuff
        binpath=bin
        cups=cupsys

        # adding administrator and pgmadmin to sudoers
        if [ -e /etc/sudoers ]; then
            for admin in $ADMINISTRATOR $PGMADMIN; do
            if ! grep -q ^$admin /etc/sudoers; then
                    echo "Adding $admin to sudoers ..."
                    echo >> /etc/sudoers
                    echo "# linuxmuster: $admin may gain root privileges" >> /etc/sudoers
                    echo "$admin ALL=(ALL) ALL" >> /etc/sudoers
                fi
            done
        fi

        # configure package
        PRIORITY="critical"
        db_title "linuxmuster-client-auth Konfiguration"

        # ldap server uri
        db_get ldap-auth-config/ldapns/ldap-server || true
        URI=$RET
        IP=$(echo $URI \
            | sed 's/\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\).*/_\1/' \
            | sed 's/.*_//' \
            | sed -n 's/\([0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\)/\1/p' \
            )
        if [ -n "$IP" ]; then
            db_set shared/ldapns/ldap-server $IP || true
        fi
        while [ -z "$IP_NEW" ]; do
              db_input $PRIORITY shared/ldapns/ldap-server || true
              db_go || true
              db_get shared/ldapns/ldap-server || true
              IP_NEW=$RET
        done
        URI_NEW=ldap://$IP_NEW/
        if [ "$URI" != "$URI_NEW" ]; then
         db_set ldap-auth-config/ldapns/ldap-server $URI_NEW || true
        fi

        # ldap basedn
        db_get ldap-auth-config/ldapns/base-dn || true
        BASEDN=$RET
        if [ -n "$BASEDN" ]; then
         db_set shared/ldapns/base-dn $BASEDN || true
        fi
        while [ -z "$BASEDN_NEW" ]; do
          db_input $PRIORITY shared/ldapns/base-dn || true
          db_go || true
          db_get shared/ldapns/base-dn || true
          BASEDN_NEW=$RET
        done
        if [ "$BASEDN" != "$BASEDN_NEW" ]; then
         db_set ldap-auth-config/ldapns/base-dn $BASEDN_NEW || true
        fi

        # basedn
        db_get shared/ldapns/ldap-server || true
        serverip=$RET
        if [ -z "$serverip" ]; then
            echo "Cannot get the ip for the ldap server! Skipping configuration!"
            exit 0
        fi

        # serverip
        db_get shared/ldapns/base-dn || true
        basedn=$RET
        if [ -z "$basedn" ]; then
            echo "Cannot get ldap basedn! Skipping configuration!"
            exit 0
        fi

        # patching configuration files
        echo "Patching configuration ..."
        cd /var/lib/linuxmuster-client-auth/templates
            find -type f | xargs -i -t sh -c \
            "sed -e 's%@@basedn@@%${basedn}%g
                     s%@@administrator@@%${ADMINISTRATOR}%g
                     s%@@pgmadmin@@%${PGMADMIN}%g
                     s%@@serverip@@%${serverip}%g' {} > /{}" 2> /dev/null 1> /dev/null
            cd ../../

        # fixing ldap.conf to ignore self signed server certificate with queries from localhost
        conffile=/etc/ldap/ldap.conf
        if ! grep -q "TLS_REQCERT never" $conffile &> /dev/null; then
            echo "Fixing $conffile ..."
            cp $conffile ${conffile}.dpkg-old
            echo "TLS_REQCERT never" >> $conffile
        fi

        echo "Note: You have to reboot the client if you have installed the package for the first time!"

        ;;

    abort-upgrade|abort-remove|abort-deconfigure)

        ;;

    *)

        echo "postinst called with unknown argument \`$1'" >&2
        exit 1

        ;;

esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.

#DEBHELPER#

db_stop

exit 0

