#!/bin/bash

globalextra=$(findtemplate domain primary_globalextra.conf)
namedoption=$(findtemplate domain named.conf.options )

dhcpconf4=$(findtemplate  domain dhcpd4.conf)
dhcpconf6=$(findtemplate  domain dhcpd6.conf)
dhcpupdate=$(findtemplate domain update-samba-dns.sh)
radvdconf=$(findtemplate  domain radvd.conf)

sambaservice=$(findtemplate  domain mne_samba-ad-dc.service)

# -------------------------------------------
# permission certifikat files
# -------------------------------------------
check_cert

netdevicefile="$netconfigdir/$vanetdeviceInput"
if [ ! -f "$netdevicefile" ]; then
	echo "#mne_lang#Netzdevice ist nicht konfiguriert#" >&2
	exit 2
fi
eval "$(sed -e 's/\[/deviceconfarray=\(/' -e 's/\]/\)/' -e 's/,//g' < "$netdevicefile" )"
addr=$(echo ${deviceconfarray[3]} | cut -f1 -d/)

# -------------------------------------------
# bereinigen
# -------------------------------------------
cp "$sambaservice" "/lib/systemd/system"

systemctl daemon-reload
mne_error_ignore=1
systemctl disable --now smbd nmbd winbind systemd-resolved samba-ad-dc.service 2>&$logfile 1>&2
systemctl mask          smbd nmbd winbind samba-ad-dc.service 2>&$logfile 1>&2
mne_error_ignore=

systemctl enable mne_samba-ad-dc.service 2>&$logfile 1>&2
systemctl stop   mne_samba-ad-dc.service 2>&$logfile 1>&2

systemctl enable named.service 2>&$logfile 1>&2

systemctl daemon-reload

rm_config

# -------------------------------------------
# domain provision
# -------------------------------------------
savefile "$domainconfigfile"
if [ "$vadomaintypInput" == "primary" ]; then
  samba-tool domain provision \
    --option="interfaces=lo,$vanetdeviceInput" \
     --option="bind interfaces only=yes" \
     --use-rfc2307 \
     --realm="$vadomainInput" \
     --domain="$vaworkgroupInput" \
     --server-role=dc \
     --dns-backend=BIND9_DLZ \
     --adminpass="123()$vaadminpasswordInput" >&$logfile 2>&1

    samba_upgradedns --dns-backend=BIND9_DLZ >&$logfile 2>&1
else
    echo "nameserver $vaprimaryaddrInput" > /etc/resolv.conf
    echo "search $vadomainInput" >> /etc/resolv.conf

	samba-tool domain join $vadomainInput DC \
    --option="interfaces=lo,$vanetdeviceInput" \
    --option="bind interfaces only=yes" \
    --realm="$vadomainInput" -U"$vaadministratorInput" \
    --dns-backend=BIND9_DLZ \
    --password="$vaadminpasswordInput" >&$logfile 2>&1
    
    samba_upgradedns --dns-backend=BIND9_DLZ >&$logfile 2>&1
fi

mod_smbconf
mod_bind "$namedoption"
mod_netpar "$vadomainInput" "$vanetdeviceInput" "$vadnsforwarderInput" "$vadnssearchInput"
mod_cert "$vaworkgroupInput" "$globalextra"
mod_kerberos

mod_dhcp "${deviceconfarray[3]}" "$vadhcpstartInput" "$vadhcpendInput" "${deviceconfarray[2]}" "$vadhcp6startInput" "$vadhcp6endInput" \
         "$vadnssearchInput" "$vadomainInput" "${deviceconfarray[4]}" "${deviceconfarray[5]}" "$vanetdeviceInput" \
         "$dhcpconf4" "$dhcpconf6" "$dhcpupdate" "$radvdconf"

samba-tool user setexpiry --noexpiry administrator >&$logfile 2>&1
samba-tool user setexpiry --noexpiry dns-$(hostname) >&$logfile 2>&1
samba-tool domain passwordsettings set --complexity=off >&$logfile 2>&1
samba-tool domain passwordsettings set --min-pwd-length=1 >&$logfile 2>&1
samba-tool user setpassword "administrator" --newpassword="$vaadminpasswordInput" >&$logfile 2>&1
samba-tool group addmembers DnsAdmins dns-$(hostname) >&$logfile 2>&1
samba-tool user disable Guest

mne_need_error
samba-tool user show www-data >/dev/null 2>&1
if [ "$?" != "0" ]; then
  samba-tool user create www-data --rfc2307-from-nss --random-password --description="Unprivileged user for Webservices" >&$logfile 2>&1
  samba-tool user setexpiry --noexpiry www-data >&$logfile 2>&1
fi

mkdir -p /etc/mne/dns >&$logfile 2>&1
chmod 755 /etc/mne/dns

samba-tool domain exportkeytab --principal=dns-$(hostname)@$udomain /etc/mne/dns/dns.keytab >&$logfile 2>&1
chown root:dhcpd /etc/mne/dns/dns.keytab
chmod 440 /etc/mne/dns/dns.keytab

systemctl restart mne_samba-ad-dc >&$logfile 2>&1
systemctl restart named >&$logfile 2>&1
sleep 2
systemctl status mne_samba-ad-dc >&$logfile 2>&1

echo "$vaadminpasswordInput" | kinit  administrator@$udomain >&$logfile 2>&1
klist >&$logfile 2>&1

# -------------------------------------------
# Grant share Rights to Domainadmins
# -------------------------------------------
echo "$vaadminpasswordInput" | net rpc rights grant "$(toupper $vaworkgroupInput)\Domain Admins" SeDiskOperatorPrivilege -Uadministrator -I $addr >&$logfile 2>&1 

needreboot=1

