#!/bin/ash
# This is being sourced and running in ash

if [ -n "$TEMP_HOME_DIR" ]; then
	if [ -z "$PAM_TTY" ] || [ "x$PAM_TTY" = "x:0" ]; then
		# Pass on network path to home directory
		if [ -z "$PERSISTENT_NETPATH" ]; then
			PERSISTENT_NETPATH=$(grep -m1 -F " ${PERSISTENT_HOME_DIR} " "/proc/mounts" | awk '{print $1}')
		fi
		if [ -n "$PERSISTENT_NETPATH" ]; then
			[ "x${PERSISTENT_NETPATH:0:2}" = "x//" ] && PERSISTENT_NETPATH=$(echo "$PERSISTENT_NETPATH" | tr '/' '\\')
			echo "${PERSISTENT_NETPATH}" > "${TEMP_HOME_DIR}/.openslx/home"
			chmod 0644 "${TEMP_HOME_DIR}/.openslx/home"
		fi

		# pwdaemon

		# Figure out username
		XUSER="${REAL_ACCOUNT}"
		[ -z "$XUSER" ] && XUSER="${PAM_USER}"
		# Figure out domain
		XDOMAIN=

		if [ -d "/opt/openslx/pam/slx-ldap.d" ]; then
			# New pretty approach - modular with multiple auth sources
			if [ -n "$SHARE_DOMAIN" ]; then
				[ "x$SHARE_DOMAIN" != "x#" ] && XDOMAIN="$SHARE_DOMAIN"
			else
				if [ -z "$XDOMAIN" ] && [ -n "$PERSISTENT_HOME_DIR" ]; then
					XDOMAIN=$(grep -F " ${PERSISTENT_HOME_DIR} " "/proc/mounts" | grep -m1 -F 'domain=' | sed -r 's/^.*[ ,]domain=([^ ,]*)[ ,].*$/\1/g')
				fi
				if [ -z "$XDOMAIN" ] && [ -n "$USER_DN" ]; then
					XDOMAIN=$(echo "$USER_DN" | grep -o -E -i 'DC=([^,;]+)' | head -n 1 | cut -c 4-)
				fi
				if [ -z "$XDOMAIN" ] && [ -n "$LDAP_BASE" ]; then
					XDOMAIN=$(echo "$LDAP_BASE" | grep -o -E -i 'DC=([^,;]+)' | head -n 1 | cut -c 4-)
				fi
				if [ -z "$XDOMAIN" ]; then
					XDOMAIN="WORKGROUP"
				fi
			fi
		else
			# Old approach - just one global config
			# Take explicitly configured domain
			if [ -s "/opt/openslx/inc/shares" ]; then
				. /opt/openslx/inc/shares
				XDOMAIN="${SHARE_DOMAIN}"
			fi
			if [ "x$XDOMAIN" = "x#" ]; then
				XDOMAIN=
			else
				# Guess domain
				if [ -z "$XDOMAIN" ] && [ -n "$PERSISTENT_HOME_DIR" ]; then
					XDOMAIN=$(grep -F " ${PERSISTENT_HOME_DIR} " "/proc/mounts" | grep -m1 -F 'domain=' | sed -r 's/^.*[ ,]domain=([^ ,]*)[ ,].*$/\1/g')
				fi
				if [ -z "$XDOMAIN" ]; then
					XDOMAIN=$(<"/etc/ldap.conf" grep -m1 -i '^BASE\s.*DC=' | grep -o -E -i 'DC=([^,;]+)' | head -n 1 | cut -c 4-)
				fi
				if [ -z "$XDOMAIN" ]; then
					XDOMAIN=$(<"/etc/sssd/sssd.conf" grep -m1 -i '^ldap_search_base\s*=.*DC=' | grep -o -E -i 'DC=[^,;]+' | head -n 1 | cut -c 4-)
				fi
				if [ -z "$XDOMAIN" ]; then
					XDOMAIN="WORKGROUP"
				fi
			fi
		fi
		[ -n "$XDOMAIN" ] && XDOMAIN="$(echo "$XDOMAIN" | tr 'a-z' 'A-Z')\\"

		[ -z "${SLX_PXE_CLIENT_IP}${SLX_KCL_SERVERS}" ] && . /opt/openslx/config
		# Allow querying password via UNIX Socket?
		pw=0
		[ "$SLX_PRINT_REUSE_PASSWORD" = "yes" ] && pw=1

		USERNAME="${XDOMAIN}${XUSER}" PASSWORD="$PAM_AUTHTOK" PWSOCKET="${TEMP_HOME_DIR}/.pwsocket" \
			LOCAL_PW="$pw" pwdaemon --daemon "${USER_UID}"
		unset XUSER XDOMAIN
	fi
fi

# Now copy all the share mount options over from the current ldap plugin
if [ -n "$SLX_LDAP_FILE" ] && [ -s "$SLX_LDAP_FILE" ]; then
	grep '^SHARE_' "$SLX_LDAP_FILE"
	if [ -n "$USER_DN" ] && [ "$(echo "$USER_DN" | wc -l)" = 1 ]; then
		set | grep '^USER_DN='
	fi
fi > "${TEMP_HOME_DIR}/.openslx/shares"

true