#!/usr/bin/perl -w

package esmith;

use strict;
use Errno;
use esmith::AccountsDB;
use esmith::ConfigDB;
use esmith::util;

# events: console-save, bootstrap-console-save, group-modify-samba, group-create
#         post-install, post-upgrade, workgroup-update
my $debug = "--debuglevel=1";

my $a = esmith::AccountsDB->open_ro or die "Couldn't open accounts db\n";
my $c = esmith::ConfigDB->open_ro or die "Could not open Config DB";

my $ldapauth = $c->get('ldap')->prop('Authentication') || 'disabled';
my $pw = esmith::util::LdapPassword();

my $g = `/usr/bin/net getlocalsid`;
unless ($g =~ /SID.*is: (.+)/) {
    warn "Unable to determine SID.  Clearning cache to see if it helps.";
    rename '/etc/samba/secrets.tdb','/etc/samba/secrets.'.time;
    rename '/var/cache/samba/gencache.tdb','/var/cache/samba/gencache.'.time;
    rename '/var/cache/samba/wins.dat','/var/cache/samba/wins.'.time;
    $g = `/usr/bin/net getlocalsid`;
    $g =~ /SID.*is: (.+)/ or die "Could not get current sid\n";
    if ($ldapauth eq 'enabled')
    {
        # Add the LDAP admin password in secret.tdb
        warn "Couldn't add LDAP password in secret.tdb\n" unless
            system("/usr/bin/smbpasswd", "-w", "$pw") == 0;
    }
}
my $local_sid = $1;

my %mappings = (
	'Domain Admins' => 'admin',
	'Domain Users' => 'shared',
	'Domain Guests' => 'nobody',
    (map { $_->prop('FirstName')." ".$_->prop('LastName'), $_->key } $a->users()),
    (map { $_->prop('Description'), $_->key } $a->groups()));

$mappings{$a->get_prop('admin','FirstName')." ".$a->get_prop('admin','LastName')} = 'admin' unless $mappings{'Domain Admins'} eq 'admin';

my %ridmap = (
	'Domain Admins' => '512',
	'Domain Users' => '513',
	'Domain Guests' => '514');

my %sidmap = ();
foreach (`/usr/bin/net groupmap list`)
{
    chomp;
    if (/^(.*?) \((S-.*-(\d+))\) -> (.*)$/)
    {
	my ($nt, $sid, $rid, $group) = ($1, $2, $3, $4);

	# Skip local groups
	next if ($sid =~ /^S-1-5-32-\d+$/);

	if (exists $mappings{$nt})
	{
	    if ($ridmap{$nt} && $ridmap{$nt} ne $rid)
	    {
		# Wrong (old?) sid
		system('/usr/bin/net','groupmap','delete',"sid=$sid");
	    }
	    elsif ($sid =~ /^$local_sid-/)
	    {
		my $ug = $mappings{$nt};
		if ($group eq $ug)
		{
		    $sidmap{$nt} = 'done';
		}
		else
		{
		    system('/usr/bin/net','groupmap','delete',"sid=$sid");
		}
	    }
	    else
	    {
		# Wrong (old?) sid
		system('/usr/bin/net','groupmap','delete',"sid=$sid");
	    }
	}
	else
	{
	    # Non existant group
	    system('/usr/bin/net','groupmap','delete',"sid=$sid");
	}
    }
}

foreach (keys %mappings)
{
    next if $sidmap{$_} && $sidmap{$_} eq 'done';
    system('/usr/bin/net',$debug,
	    'groupmap','add',
	    "ntgroup=$_",
	    "unixgroup=" . $mappings{$_},
	    $ridmap{$_} ? "rid=$ridmap{$_}" : (),
	    $sidmap{$_} && ! $ridmap{$_} ? "sid=$sidmap{$_}" : (),
	    'type=d');
}