###################################################################
#
#       This script is a part of the pam_script_ses_open script
#       and is not stand-alone!
#

VOLUME=
SEARCH=
RESULT=
REAL_ACCOUNT=
WAIT=
if ! grep -q "^${PAM_USER}:" "/etc/passwd"; then
	# determine fileserver and share for home directories
	SEARCH=$(mktemp)
	ldapsearch -l 3 -o nettimeout=3 -o ldif-wrap=no -x -LLL uid="${PAM_USER}" dn distinguishedName homeMount realAccount > "${SEARCH}" 2>&1
	BINDDN=$(cat "${SEARCH}" | grep -E '^(dn|distinguishedName):' | head -n 1 | cut -d ' ' -f 2-)
	if [ -z "$BINDDN" ]; then
		slxlog "pam-ad-ldapquery" "Could not query DN of user ${PAM_USER}. No home directory available" "${SEARCH}"
		WAIT=1
	else
		RESULT=$(mktemp)
		PW="/tmp/pw.${RANDOM}.${RANDOM}.${PAM_USER}.${RANDOM}"
		mkfifo -m 0600 "${PW}" || slxlog "pam-ad-fifo" "Could not create FIFO at ${PW}"
		(
			echo -n "${PAM_AUTHTOK}" > "${PW}"
		) &
		if ! ldapsearch -y "${PW}" -D "$BINDDN" -l 5 -o nettimeout=5 -o ldif-wrap=no -x -LLL uid="${PAM_USER}" homeMount realAccount > "${RESULT}" 2>&1; then
			slxlog "pam-ad-ldapquery" "Could not query LDAP-AD-Proxy for parameters of user '${PAM_USER}' (${BINDDN})." "${RESULT}"
			WAIT=1
		fi
		rm -f -- "${PW}"
		VOLUME=$(cat "${RESULT}" | grep '^homeMount:' | head -n 1 | cut -d ' ' -f 2-)
		[ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT=$(cat "${RESULT}" | grep '^realAccount:' | head -n 1 | cut -d ' ' -f 2)
	fi
	[ -z "$VOLUME" ] && VOLUME=$(cat "${SEARCH}" | grep '^homeMount:' | head -n 1 | cut -d ' ' -f 2-)
	[ -z "$VOLUME" ] && slxlog "pam-ad-ldapvolume" "AD/Proxy did not provide 'homeMount'. Aborting mount for ${PAM_USER}." "${RESULT}"
	[ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT=$(cat "${SEARCH}" | grep '^realAccount:' | head -n 1 | cut -d ' ' -f 2)
	[ -z "$REAL_ACCOUNT" ] && REAL_ACCOUNT="${PAM_USER}"
fi

if [ -n "${VOLUME}" ]; then
	# Remember for hooks in pam_script_auth.d
	export PERSISTENT_NETPATH=$(echo "$VOLUME" | tr '/' '\')

	export USER="${REAL_ACCOUNT}"
	export PASSWD="${PAM_AUTHTOK}"

	echo '' > "${RESULT}"
	for opt in "vers=1.0,sec=ntlm" "vers=3.0,sec=ntlm" "vers=1.0,sec=ntlmv2" "vers=3.0,sec=ntlmv2"; do
		MOUNT_OPTS="-v -t cifs -o uid=${USER_UID},gid=${USER_GID},forceuid,forcegid,${opt},nounix,file_mode=0700,dir_mode=0700"
		/opt/openslx/bin/timeout -t 8 -s 9 /opt/openslx/bin/timeout -t 7 -s 15 mount ${MOUNT_OPTS} "${VOLUME}" "${PERSISTENT_HOME_DIR}" >> "${RESULT}" 2>&1
		RETVAL=$?
		[ "$RETVAL" = "0" ] && break
	done

	if [ "$RETVAL" = "124" ] || [ "$RETVAL" = "137" ] || [ "$RETVAL" = "143" ]; then
		slxlog "pam-ad-mount" "Mount of '${VOLUME}' to '${PERSISTENT_HOME_DIR}' timed out. (Args: ${MOUNT_OPTS})" "${RESULT}"
		WAIT=1
	elif [ "$RETVAL" != "0" ]; then
		slxlog "pam-ad-mount" "Mount of '${VOLUME}' to '${PERSISTENT_HOME_DIR}' failed. (Exit code: ${RETVAL}, Args: ${MOUNT_OPTS})" "${RESULT}"
		WAIT=1
	else
		PERSISTENT_OK=yes
		chmod -R u+rwX "${PERSISTENT_HOME_DIR}" 2>/dev/null
	fi

	unset USER
	unset PASSWD
fi

[ "$WAIT" = "1" ] && sleep 1
[ -n "${RESULT}" ] && rm -f -- "${RESULT}"
[ -n "${SEARCH}" ] && rm -f -- "${SEARCH}"
true