#!/bin/sh
#writen by Zane C. Bowers <vvelox@vvelox.net>

. `which sh-include`
include random
include lugtools


usage(){
    echo "lgmod: add a POSIX group to LDAP for use with NSS LDAP"
    echo "version 0.1.2"
    echo ""
    echo "-a append -u to a group (default)"
    echo "-c <file> the config file to use... the default is ~/.lugtools"
    echo "-G <GID>  the GID of the group to add"
    echo "-n <new groupname> for renaming a group"
    echo "-r remove the users in the group as specified by -u"
    echo "-s set users in the group to the -u"
    echo "-u <camma seperated list> a list of users for group"
    echo ""
    echo "required:"
    echo "-g <group>	 the primary group of the user"
    echo ""
    echo "-h	display this"
}

#default config file
config=~/.lugtools
USERaction="add"
USERreplace="false"

#get the options
while getopts hg:G:u:n:hars OPTION ; do
    case "$OPTION" in
	g) groupname="$OPTARG" ;;
	G) GID="$OPTARG" ;;
	u) USERlist="$OPTARG" ;;
	a) USERoaction="add" ;;
	r) USERoaction="remove" ;;
	s) USERoaction="add" ; USERreplace="true" ;;
	n) NEWgroupname="$OPTARG" ;;
        h) usage=true ;;
       \?) usage=true ;;
    esac
done

#if usage is defined, print the usage info and exit
if  [ ! -z $usage ]; then
    usage;
    exit 1;
fi

#includes the config file
if [ -e $config ]; then
    . $config
else
    echo $config does not exist
    exit 1
fi

#real in -a, -r, or -s if it was given
if [ ! -z $USERoaction ]; then
    USERaction="$USERoaction"
fi

#exit if no groupname is specified
if [ -z $groupname ]; then
    echo "-g not used to define a groupname"
    exit 1
fi

#exits if the group already exists
if [ ! `groupExists $groupname` = "true" ]; then
    echo "$groupname does not exists"
    exit 1
fi

#if it is renaming, make sure the new name does not exist yet
if [ ! -z "$NEWgroupname" ]; then
    if [ `groupExists $NEWgroupname` = "true" ]; then
	echo "can't rename $groupname to $NEWgroupname... it already exists"
	exit 1
    fi
fi

#make sure GID is not in use if reGIDing
if [ ! -z "$GID" ]; then
    if [ `groupExists $GID` = "true" ]; then
	echo "can't reGID $groupname to $GID... $GID is already in use"
        exit 1
    fi
fi

#makes sure all the users passed to it using -u exist... as well as making sure they are not already in the group
if [ ! -z $USERlist ]; then

    #make sure it has a , in it for cut
    USERlist="$USERlist,"
    USERlist=`echo $USERlist | sed 's/,,/,/'` #clean up any double ,,

    USERlistCount=1
    USERlistLoop=1
    while [ $USERlistLoop = "1" ]; do
        USERlistItem=`echo $USERlist | cut -d, -f$USERlistCount`

        if [ -z $USERlistItem ]; then
            USERlistLoop="0"
        else

	    #if it is set to remove the list from a group, exit if it user is not in the group
	    if [ $USERaction = "remove" ]; then
        	if [ `userExists $USERlistItem` = "false" ]; then
            	    echo "$USERlistItem is not a member of $groupname"
            	    exit 1
        	fi
	    fi

	    #if it is set to add the list to a group, do these tests
	    if [ $USERaction = "add" ]; then
        	if [ `userExists $USERlistItem` = "false" ]; then
            	    echo "$USERlistItem is a non-existant username"
            	    exit 1
        	fi
		#only do this check if not -s for adding the users
		if [ "$USERreplace" = "false" ]; then
            	    if [ `userMemberOfGroup $USERlistItem $groupname` = "true" ]; then
            		echo "$USERlistItem is already a member of $groupname"
            		exit 1
        	    fi
		fi 
	    fi
        fi

        USERlistCount=`expr 1 + $USERlistCount`
    done
fi

#rename a group if needed before any thing else
if [ ! -z $NEWgroupname ]; then


    #if renaming fails, exit 1
    #if it works, set groupname equal to NEWgroupname
    if [ `LDAPgroupRename "$groupname" "$NEWgroupname" "$GROUPBASE" "$BIND" "$PASSWDFILE"` = "true" ]; then
	echo "$groupname renamed to $NEWgroupname"
	groupname="$NEWgroupname"
    else
	echo "failed to rename $groupname to $NEWgroupname"
	exit 1
    fi
fi

#reGID it if asked to
if [ ! -z $GID ]; then

    #if it fails, exit 1
    #if it works, make a note of it
    if [ `LDAPgroupReGID "$groupname" "$GID" "$GROUPBASE" "$BIND" "$PASSWDFILE"` = "true" ]; then
	echo "$groupname reGID to $GID"
    else
	echo "failed to reGID $groupname to $GID"
	exit 1
    fi    
fi

#acts on the user list
if [ ! -z $USERlist ]; then

    #make sure it has a , in it for cut
    USERlist="$USERlist,"
    USERlist=`echo $USERlist | sed 's/,,/,/'` #clean up any double ,,

    #removes the users from a group if needed... other wise add it
    if [ $USERaction = "remove" ]; then

	if [ `removeUsersFromLDAPgroup "$groupname" "$USERlist" "$GROUPBASE" "$BIND" "$PASSWDFILE"` = "true" ]; then
	    echo "$USERlist removed from $groupname"
	else
	    echo "failed to remove $USERlist from $groupname"
	fi	
    else
	if [ $USERreplace = "true" ]; then
	    if [ `clearUsersFromLDAPgroup "$groupname" "$GROUPBASE" "$BIND" "$PASSWDFILE"` = "true" ]; then
		echo "cleared $groupname of users"
	    else
		clearUsersFromLDAPgroup "$groupname" "$GROUPBASE" "$BIND" "$PASSWDFILE"
		echo "failed to clear $groupname of users"
		exit 1
	    fi
	fi
	if [ `addUsersToLDAPgroup "$USERlist" "$groupname" "$USERBASE" "$GROUPBASE" "$BIND" "$PASSWDFILE"` = "true" ]; then
	    echo "$USERlist added to $groupname"
	else
	    echo "failed to added $USERlist to $groupname"
	fi	
    fi

fi