#!/bin/sh
# File	: modify_mss01_access.sh
# By	: Maarten.deBoer@Atos.net, 210113
# Subject	: Script to generate access to nlnafvmss01
#(0.2),210118	: Copied from create_mss01_access.sh
#(0.3),210504	: DO_NEWPWD
PGM=`basename $0|cut -d\. -f1`
VER="0.3"
TMP="/tmp/${PGM}.$$"
LOG="${HOME}/log/${PGM}.log"
SSH="/usr/bin/ssh -n"
MAILTO="maarten.deboer@atos.net"

USERLIST="${HOME}/etc/mss01_access.userlist"
DONELIST="${HOME}/data/mss01_access.donelist"
FILER="nlnaf25"
VFILER="nlnafvmss01"
NEWPWD="Welkom2MSS!"
GROUP="Administrators"
DO_NEWPWD=""

FUSERNAME="[?]*"
CHK_GROUPS=""
CREATE_USERS=""



USAGE()
{
  echo "Usage: ${PGM} <options>"
  echo "  Version: ${VER}"
  echo "  options       :"
  echo "    -c          : Create user(s) based on USERLIST (${USERLIST})"
  echo "    -n          : New password (-u NEEDED)"
  echo "    -g          : check Groupsnames"
  echo "    -u          : filter Username (${FUSERNAME})"
  echo "    -h|--help   : this help"
  echo "    -V          : Version"
  echo "    -x          : set -x"
}
# Check options
if [ $# -le 0 ]; then
  USAGE 
  echo "NO options selected. Please provide. Exiting."
  exit 1
fi
while [ $# -gt 0 ]
  do
  case $1 in
    -c) CREATE_USERS=1 ;;
    -n) DO_NEWPWD=1 ;;
    -u) FUSERNAME=$2; shift ;;
    -g) CHK_GROUPS=1 ;;
    -h | --help) USAGE; exit 1 ;;
    -V) echo "${PGM}: v${VER}"; exit 3 ;;
    -x)  set -x ;;
    *)  echo "Option $1 not known."; USAGE; exit 1 ;;
  esac
    shift
done


echo "`date` ${PGM} v${VER} started."|tee -a ${LOG}
echo "CHK_GROUPS=${CHK_GROUPS}"
echo "DO_NEWPWD=${DO_NEWPWD}"
echo "FILER=${FILER}"
echo "VFILER=${VFILER}"
echo "FUSERNAME=${FUSERNAME}"
echo "USERLIST=${USERLIST}"
sleep 1

if [ ! -f ${USERLIST} ]; then
  echo "  NO USERLIST (${USERLIST}) found. Exiting ..."|tee -a ${LOG}
  exit 3
fi
if [ ${DO_NEWPWD} ]; then
  if [ "${FUSERNAME}" = "[?]*" ]; then
    echo "  With -n (New password), a Username (-u) is NEEDED too. Exiting ..."|tee -a ${LOG}
    exit 4
  fi
fi

touch ${TMP}.mail ${TMP}.done

# ------------------------------------
if [ ${CREATE_USERS} ]; then
  echo "  Creating (new) users based on USERLIST (${USERLIST}) ..."|tee -a ${LOG}
# Set some "global" settings 1st
  ${SSH} ${FILER} "vfiler run -q ${VFILER} options security.passwd.firstlogin.enable off"
  ${SSH} ${FILER} "vfiler run -q ${VFILER} options security.passwd.rules.minimum 10"

# Create NEW user
# And check is not already DONE. Based on UserNAME
  cat ${DONELIST}|cut -d\; -f1|sort -u > ${TMP}.done
  cat ${USERLIST}| grep -v ^#|grep -vf ${TMP}.done|while read LINE REST
  do
    UNAME=`echo ${LINE}|awk -F\; '{print $1}'`  # UserNAME
# Filter @atos.net 
    MNAME=`echo ${LINE}|awk -F\; '{print $2}'|grep "@atos.net"`  # MailNAME
    GNAMES=`echo ${LINE}|awk -F\; '{print $3}'`  # GroupNAMES
# Check also for not empty UNAME & MNAME
    if [ "${UNAME}" != "" ] && [ "${MNAME}" != "" ]; then
# UNAME not found. So, continue
      echo "  |${UNAME}|${MNAME}|${GNAMES}|"
# 
      NEWPWD="W2MSS!`date +%H%M%S`"
      ANSW=`${SSH} ${FILER} "vfiler run -q ${VFILER} useradmin user list ${UNAME}" 2>&1 |grep "User does not exist"`
      if [ "${ANSW}" != "" ]; then
        echo "   ${UNAME} : User does not exist. Will be created. With (new)PWD."|tee -a ${LOG}
        ${SSH} ${FILER} "vfiler run ${VFILER} useradmin user add ${UNAME} -g \"${GNAMES}\" -c ${MNAME} -p ${NEWPWD}"
      fi  # ANSW

      STATUS=`${SSH} ${FILER} "vfiler run -q ${VFILER} useradmin user list -x ${UNAME}"|grep Status|awk -F\: '{print $2}'|grep enabled`
      if [ "${STATUS}" = "" ]; then
        echo "    User ${UNAME} NOT enabled. So, removed & added again ..."|tee -a ${LOG}
        ${SSH} ${FILER} "vfiler run -q ${VFILER} useradmin user delete ${UNAME}"
        ${SSH} ${FILER} "vfiler run ${VFILER} useradmin user add ${UNAME} -g \"${GNAMES}\" -c ${MNAME}"
        echo "    User ${UNAME} enabled. So, will set (new)PWD again ..."|tee -a ${LOG}
        ${SSH} ${FILER} "vfiler run -q ${VFILER} useradmin user modify ${UNAME} -p ${NEWPWD} "
      fi  # STATUS

      STATUS=`${SSH} ${FILER} "vfiler run -q ${VFILER} useradmin user list -x ${UNAME}"|grep Status|awk -F\: '{print $2}'|grep enabled`
      if [ "${STATUS}" != "" ]; then
        echo "     User ${UNAME} enabled. Sending a mail to ${MNAME} ..."|tee -a ${LOG}
        echo "Hello ${UNAME}" > ${TMP}.mail
        echo "You have access to the NLNAFVMSS01-shares at 161.89.52.117 (via URA-FR !) with username ${UNAME}" >> ${TMP}.mail
        echo "and password will follow in seperate mail." >> ${TMP}.mail
        echo "" >> ${TMP}.mail
        echo "This mail is (auto-)generated at `hostname`" >> ${TMP}.mail
        echo "Questions can be send to ${MAILTO}" >> ${TMP}.mail
        echo "" >> ${TMP}.mail
        cat ${TMP}.mail | mailx -s "Created access to MSS01-shares [${PGM} v${VER}]" ${MAILTO} ${MNAME}
        echo "${NEWPWD}" | mailx -s " " ${MNAME}
        echo "${UNAME};${MNAME};${GNAMES};`date`;" >> ${DONELIST}
      fi  # STATUS
    else
      echo "  ${UNAME} (${MNAME}) already done. Or Username | Mail-name is empty."
    fi  # CHECK
# For generating diff NEWPWD's (based on H:M:S)
    sleep 1
  done  # cat ${USERLIST}
fi  # CREATE_USERS

# ------------------------------------
if [ ${CHK_GROUPS} ]; then
# Check useradmin user -g with USERLIST
  echo "  Check GROUPS ..."|tee -a ${LOG}
  cat ${USERLIST}| grep -v ^#|grep "${FUSERNAME}"|while read LINE REST
  do
    UNAME=`echo ${LINE}|awk -F\; '{print $1}'`  # UserNAME
    MNAME=`echo ${LINE}|awk -F\; '{print $2}'|grep "@atos.net"`  # MailNAME
    GNAMES=`echo ${LINE}|awk -F\; '{print $3}'`  # GroupNAMES
    echo "  ;${UNAME};${MNAME};${GNAMES};"
    V_GROUPS=`${SSH} ${FILER} "vfiler run -q ${VFILER} useradmin user list -x ${UNAME}"|grep "Groups:"|awk -F\: '{print $2}'|sed "s/ //g"|grep "${GNAMES}"`
    echo "    ;${V_GROUPS};"
    if [ "${V_GROUPS}" = "" ]; then
# Groups in file (GNAMES) are not same as in Vfiler (V_GROUPS).
# Then modify
      echo "    Groups are NOT the same. Modifying at Vfiler ..."|tee -a ${LOG}
      ${SSH} ${FILER} "vfiler run -q ${VFILER} useradmin user modify ${UNAME} -g \"${GNAMES}\" "
      echo "${UNAME};${MNAME};${GNAMES};`date`" >> ${DONELIST}
    fi  # V_GROUPS
  done  # cat ${USERLIST}
fi  # CHK_GROUPS


# ------------------------------------
if [ ${DO_NEWPWD} ]; then
  echo "  NEW password for ${FUSERNAME} ..."|tee -a ${LOG}
  ANSW=`grep ^${FUSERNAME} ${USERLIST}`
  if [ "${ANSW}" = "" ]; then
    echo "  Username (${FUSERNAME}) NOT found in USERLIST. Exiting ..."|tee -a ${LOG}
    exit 5
  fi
  ANSW=`${SSH} ${FILER} "vfiler run -q ${VFILER} useradmin user list ${FUSERNAME}" 2>&1 |grep "User does not exist"`
# Check if "User does not exist". So, when EMPTY, user exists
  if [ "${ANSW}" = "" ]; then
    MNAME=`grep ^${FUSERNAME} ${USERLIST}|awk -F\; '{print $2}'|grep "@atos.net"`  # MailNAME
    NEWPWD="W2MSS!`date +%H%M%S`"
    ${SSH} ${FILER} "vfiler run ${VFILER} useradmin user modify ${FUSERNAME} -p ${NEWPWD}"

    echo "Hello ${FUSERNAME}" > ${TMP}.mail
    echo "You have access to the NLNAFVMSS01-shares at 161.89.52.117 (via URA-FR !) with username ${FUSERNAME}" >> ${TMP}.mail
    echo "and password will follow in seperate mail." >> ${TMP}.mail
    echo "" >> ${TMP}.mail
    echo "This mail is (auto-)generated at `hostname`" >> ${TMP}.mail
    echo "Questions can be send to ${MAILTO}" >> ${TMP}.mail
    echo "" >> ${TMP}.mail
    cat ${TMP}.mail | mailx -s "Re-set password of MSS01-shares [${PGM} v${VER}]" ${MAILTO} ${MNAME}
    echo "${NEWPWD}" | mailx -s " " ${MNAME}
    echo "${FUSERNAME};${MNAME};newpwd;`date`;" >> ${DONELIST}

    echo "     Password of ${FUSERNAME} re-set. Sended 2 mails to ${MNAME} ..."|tee -a ${LOG}

  fi  # ANSW}" = ""

fi  # CHK_GROUPS


rm ${TMP}.mail ${TMP}.done
echo "`date` ${PGM} v${VER} finished."|tee -a ${LOG}
exit 0