#!/bin/sh
# DocumentId:	$Id: update-twinspot-users 2576 2008-04-07 20:00:51Z ola $
# Author:	$Author: ola $
# Date:		$Date: 2008-04-07 22:00:51 +0200 (mån, 07 apr 2008) $
# Summary:
#	Updates the twinspot base users.

# When adding a user, just do adduser --disabled-password $USER
# With name from /usr/share/twinspot/users/$USER if that file exist.
# If not the name is the same as the login.

# Read the default twinspot config.
. /usr/share/twinspot/defaults.conf
. /usr/share/twinspot/change.func
. /usr/share/twinspot/owner.func

TUSERCFG=/etc/twinspot/adduser.conf.user
TUDIR=/etc/twinspot/adduser

for TEST in / $DHOME /etc /var /var/mail /var/spool/mail ; do
    if mount | grep "on[[:space:]][[:space:]]*$TEST[[:space:]].*type[[:space:]][[:space:]]*nfs[[:space:]]" > /dev/null 2>&1 ; then
	echo "Does not add or remove users when $TEST is nfsmounted."
	exit 0
    fi
done

LAST_SYSTEM_UID=$(($BASE_UID-1))

if ! grep "LAST_SYSTEM_UID=$LAST_SYSTEM_UID" $ADDUSERCFG > /dev/null 2>&1 ; then
    echo "Updates $ADDUSERCFG and sets LAST_SYSTE_UID=$LAST_SYSTEM_UID."
    changefile \
	"s|LAST_SYSTEM_UID=[0-9]*|LAST_SYSTEM_UID=$LAST_SYSTEM_UID|g;" \
	$ADDUSERCFG
fi

LAST_UID=$(($FIRST_UID-1))
FIRST_UID=$BASE_UID

cat $ADDUSERCFG | sed -e "
s|LAST_UID=[0-9]*|LAST_UID=$LAST_UID|g;
s|FIRST_UID=[0-9]*|FIRST_UID=$FIRST_UID|g;" > $TUSERCFG

# Users that exist in password file.
EUSERS=$(grep "^[^:]*:[^:]*:[5-9][0-9][0-9]:" $PWDF | sed -e "s|:.*||g;")

# Users that should exist.
FUSERS=$(find $USERSRC -maxdepth 2 -path "$USERSRC/*/*" -type d | sed -e "s|/CVS||;" | sed -e "s|.*/||;" | sort -u)

# When removing a user do the following:
# * Sparka ut anvndaren, ps & kill.
# * Ta bort (flytta?) $DHOME/$USER/.ssh/authorized_keys
# * userdel $USER
# * Tarra ner $DHOME/$USER till $DHOME/user.tar.gz.
# * Ta bort $DHOME/$USER

for RU in $EUSERS ; do
    UPID=$(grep "^$RU:" $PWDF | sed -e "s|^[^:]*:[^:]*:\([^:]*\):.*|\1|;")
    if [ $UPID -ge 1000 ] ; then
	echo "User $RU is a ordinary user and should not be removed."
	echo "THIS SHOULD NEVER HAPPEN, error in update script."
    elif [ $UPID -lt 500 ] ; then
	echo "User $RU is a system user and should not be removed."
	echo "THIS SHOULD NEVER HAPPEN, error in update script."
    elif ! echo "$FUSERS" | grep "^$RU$" > /dev/null 2>&1 ; then
	echo "Del user $RU"
	if [ "$SUDO_USER" = "$RU" -o "$USER" = "$RU" ] ; then
	    echo "The script does not kick out any process that the admin runs."
	    echo "FIX THIS MANUALLY:"
	    echo "Log out the user and kill all its processes."
	    echo "Run the following commands (as root, using an other admin account):"
	    echo "	userdel $RU"
	    if [ -d $DHOME/$RU ] ; then
		echo "	/usr/sbin/twinspot-delhome $RU &"
	    fi
	    if [ -e /var/mail/$RU ] ; then
		echo "	mv /var/mail/$RU $DHOME/$RU.mail"
	    fi
	    if [ -e /var/spool/mail/$RU ] ; then
		echo "	mv /var/spool/mail/$RU $DHOME/$RU.mailspool"
	    fi
	else
	    # First kill all root processes.
	    ps --user $RU -H | grep -v "^[[:space:]]*PID" | grep "[[:space:]]*[0-9][0-9]*[[:space:]][^[:space:]][^[:space:]]*[[:space:]][[:space:]]*[0-9][0-9]:[0-9][0-9]:[0-9][0-9][[:space:]][^[:space:]]" | sed -e "s|[[:space:]]*\([0-9][0-9]*\).*|\1|;" | {
		while read -e PL ; do
		    kill $PL
		done
	    }
	    sleep 1
	    # Then kill all processes that did not want to be killed.
	    ps --user $RU | grep -v "^[[:space:]]*PID" | sed -e "s|^[[:space:]]*\([0-9][0-9]*\).*|\1|;" | {
		while read -e PL ; do
		    kill -9 $PL
		done
	    }
	    userdel $RU
	    if [ -d $DHOME/$RU ] ; then
		/usr/sbin/twinspot-delhome $RU &
	    fi
	    if [ -e /var/mail/$RU ] ; then
		mv /var/mail/$RU $DHOME/$RU.mail
	    fi
	    if [ -e /var/spool/mail/$RU ] ; then
		mv /var/spool/mail/$RU $DHOME/$RU.mailspool
	    fi
	fi
    fi
done

# Users that exist in password file.
EUSERS=$(grep "^[^:]*:[^:]*:[5-9][0-9][0-9]:" $PWDF | sed -e "s|:.*||g;")

# Who should be added to or modified in the passwd file.

for AU in $FUSERS ; do
    . $USERSC
    if [ -f $USERSRC/$AU ] ; then
	. $USERSRC/$AU
    fi
    UPID=$(grep "^$AU:" $PWDF | sed -e "s|^[^:]*:[^:]*:\([^:]*\):.*|\1|;")
    if ! echo "$EUSERS" | grep "^$AU$" > /dev/null 2>&1 ; then
	# If the user is not in the passwd file.
	if grep "^$AU:" $PWDF > /dev/null 2>&1 ; then
	    if [ $UPID -ge 100 ] ; then
		echo "User $AU ($UPID) does already exist, FIX THIS MANUALLY!!!"
	    fi
	else
	    # CREATING USER.
	    adduser --conf $TUSERCFG --gecos "$NAME" --disabled-password $AU
	    if [ -f $DHOME/$AU.tar.gz ] ; then
		cd /
		echo "Restore user ($AU) home directory."
		tar xfz $DHOME/$AU.tar.gz
	    fi
	    changeowner $AU $AU "$DHOME/$AU"
	    if [ -f $DHOME/$AU.mail ] ; then
		echo "Restore user $AU incoming mail."
		if [ -e /var/mail/$AU ] ; then
		    cat $DHOME/$AU.mail >> /var/mail/$AU
		    rm $DHOME/$AU.mail
		else
		    mv $DHOME/$AU.mail /var/mail/$AU
		fi
		changeowner $AU mail "/var/mail/$AU"
	    fi
	    if [ -f $DHOME/$AU.mailspool ] ; then
		echo "Restore user $AU incoming mailspool."
		if [ -e /var/spool/mail/$AU ] ; then
		    cat $DHOME/$AU.mailspool >> /var/spool/mail/$AU
		    rm $DHOME/$AU.mailspool
		else
		    mv $DHOME/$AU.mailspool /var/spool/mail/$AU
		fi
		changeowner $AU mail "/var/spool/mail/$AU"
	    fi
	fi
    else
	changeowner $AU mail "/var/spool/mail/$AU"
	changeowner $AU mail "/var/mail/$AU"
	if ! grep "^$AU:[^:]*:[^:]*:[^:]*:$NAME" $PWDF > /dev/null 2>&1 ; then
	    if [ $UPID -ge 1000 ] ; then
		echo "User $AU is a ordinary user and should not be changed."
	    else
		echo "Changing information for user $AU."
		usermod -c "$NAME" $AU
	    fi
	fi
    fi
done
