###################################################################
#
#       This script is a part of the pam_script_auth script
#       and is not stand-alone!
#
#       It will try to mount the common share as specified in the
#       variables SLX_COMMON_SHARE_PATH and SLX_COMMON_SHARE_AUTH of
#       the global slx config '/opt/openslx/config'. Supported AUTH
#       are 'guest' and 'user'. First is self-explanatory, second 
#       will use the user's credentials to authorize the mount.
#
#       Example:
#                 SLX_COMMON_SHARE_PATH='//windows.server/sharename'
#                 SLX_COMMON_SHARE_AUTH='user'
#
#

mount_common_share() {
	# at this point we need the slx config to do anything
	[ -e "/opt/openslx/config" ] || \
		{ slxlog "pam-share-noconfig" "File '/opt/openslx/config' not found."; return; }
	
	# we have it as we should, source it
	. /opt/openslx/config || \
		{ slxlog "pam-share-sourceconfig" "Could not source '/opt/openslx/config'."; return; }
	
	# lets check if we have our variables
	[ "x${SLX_COMMON_SHARE_PATH}" != "x" ] || \
		{ slxlog "pam-share-noconfig" "No variable 'SLX_COMMON_SHARE_PATH' found in config!"; return; }
	[ "x${SLX_COMMON_SHARE_AUTH}" != "x" ] || \
		{ slxlog "pam-share-noconfig" "No variable 'SLX_COMMON_SHARE_AUTH' found in config!"; return; }
	
	# all good: now we can mount depending on the type
	# supports: cifs?/nfs? 
	if [ "${SLX_COMMON_SHARE_PATH:0:2}" = "//" ]; then
		# '//' prefixed, assume windows share
		# prepare common mount options for either authentication type
		MOUNT_OPTS="-t cifs -o nounix,uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,nobrl,noacl"

		# flag for failure
		SIGNAL=$(mktemp)
		rm -f -- "${SIGNAL}"
		# output of command
		MOUNT_OUTPUT=$(mktemp)
		# now see if the share needs credentials
		if [ "${SLX_COMMON_SHARE_AUTH}" = "guest" ]; then
			MOUNT_OPTS="${MOUNT_OPTS},guest,file_mode=0777,dir_mode=0777"
		elif [ "${SLX_COMMON_SHARE_AUTH}" = "user" ]; then
			export USER="{PAM_USER}"
			export PASSWD="{PAM_AUTHTOK}"
			MOUNT_OPTS="${MOUNT_OPTS},sec=ntlm,file_mode=0700,dir_mode=0700"
		else
			slxlog "pam-share-auth" "Auth type '${SLX_COMMON_SHARE_AUTH}' not supported."
			return;
		fi

		# now try to mount it
		( mount ${MOUNT_OPTS} "${SLX_COMMON_SHARE_PATH}" "${COMMON_SHARE_MOUNT_POINT}" > "${MOUNT_OUTPUT}" 2>&1 || touch "${SIGNAL}" ) &
		MOUNT_PID=$!
		for COUNTER in 1 1 2 4; do
			kill -0 "${MOUNT_PID}" 2>/dev/null || break
			sleep "${COUNTER}"
		done

		# check for failures
		if [ -e "${SIGNAL}" ]; then
			slxlog "pam-share-mount" "Mount of '${SLX_COMMON_SHARE_PATH}' to '${COMMON_SHARE_MOUNT_POINT}' failed. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}"
			rm -f -- "${SIGNAL}"
		elif kill -9 "${MOUNT_PID}" 2>/dev/null; then
			slxlog "pam-share-mount" "Mount of '${SLX_COMMON_SHARE_PATH}' to '${COMMON_SHARE_MOUNT_POINT}' timed out. (Args: ${MOUNT_OPTS}" "${MOUNT_OUTPUT}"
		fi
		( sleep 2; rm -f -- "${MOUNT_OUTPUT}" ) &

		# always unset credentials
		unset USER
		unset PASSWD
	fi

	# TODO support more than CIFS? NFS maybe?
}

mount_common_share