#!/bin/sh -e
#
# 2011 Steven Armstrong (steven-cdist at armstrong.cc)
# 2011 Nico Schottelius (nico-cdist at schottelius.org)
# 2013 Daniel Heule (hda at sfs.biz)
# 2018 Thomas Eckert (tom at it-eckert.de)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
#
# Manage users.
#
#set -x

name="$__object_id"

os="$(cat "$__global/explorer/os")"

state=$(cat "$__object/parameter/state")

# We need to shorten options for both usermod and useradd since on some
# systems (such as *BSD, Darwin) those commands do not handle GNU style long
# options.
shorten_property() {
    unset ret
    case "$1" in
	comment) ret="-c";;
	home) ret="-d";;
	gid) ret="-g";;
	groups) ret="-G";;
	password) ret="-p";;
	shell) ret="-s";;
	uid) ret="-u";;
    create-home) ret="-m";;
    system) ret="-r";;
    esac
    echo "$ret"
}

if [ "$state" = "present" ]; then
    cd "$__object/parameter"
    if grep -q "^${name}:" "$__object/explorer/passwd"; then
       for property in *; do
          new_value="$(cat "$property")"
          unset current_value

          file="$__object/explorer/passwd"

          case "$property" in
             gid)
                if echo "$new_value" | grep -q '^[0-9][0-9]*$'; then
                   field=4
                else
                   # We were passed a group name.  Compare the gid in
                   # the user's /etc/passwd entry with the gid of the
                   # group returned by the group explorer.
                   gid_from_group=$(awk -F: '{ print $3 }' "$__object/explorer/group")
                   gid_from_passwd=$(awk -F: '{ print $4 }' "$file")
                   if [ "$gid_from_group" != "$gid_from_passwd" ]; then
                      current_value="$gid_from_passwd"
                   else
                      current_value="$new_value"
                   fi
                fi
             ;;
             password)
                field=2
                file="$__object/explorer/shadow"
             ;;
             comment) field=5 ;;
             home)    field=6 ;;
             shell)   field=7 ;;
             uid)     field=3 ;;
             create-home) continue;; # Does not apply to user modification
             system) continue;; # Does not apply to user modification
             state) continue;; # Does not apply to user modification
             remove-home) continue;; # Does not apply to user modification
          esac

          # If we haven't already set $current_value above, pull it from the
          # appropriate file/field.
          if [ -z "$current_value" ]; then
             export field
             current_value="$(awk -F: '{ print $ENVIRON["field"] }' < "$file")"
          fi

          if [ "$new_value" != "$current_value" ]; then
              set -- "$@" "$(shorten_property "$property")" \'"$new_value"\'
          fi
       done

       if [ $# -gt 0 ]; then
          echo mod >> "$__messages_out"
          if [ "$os" = "freebsd" ]; then
             echo pw usermod "$@" -n "$name"
          else
             echo usermod "$@" "$name"
          fi
       else
          true
       fi
    else
        echo add >> "$__messages_out"
        for property in *; do
            [ "$property" = "state" ] && continue
            [ "$property" = "remove-home" ] && continue
            new_value="$(cat "$property")"
            if [ -z "$new_value" ];then       # Boolean values have no value
              set -- "$@" "$(shorten_property "$property")"
            else
              set -- "$@" "$(shorten_property "$property")" \'"$new_value"\'
            fi
        done

       if [ "$os" = "freebsd" ]; then
          echo pw useradd "$@" -n "$name"
       else
          echo useradd "$@" "$name"
       fi
    fi
elif [ "$state" = "absent" ]; then
    if grep -q "^${name}:" "$__object/explorer/passwd"; then
        #user exists, but state != present, so delete it
        if [ -f "$__object/parameter/remove-home" ]; then
            if [ "$os" = "freebsd" ]; then
                printf "pw userdel '%s' -r >/dev/null 2>&1\\n" "${name}"
            else
                printf "userdel -r '%s' >/dev/null 2>&1\\n" "${name}"
            fi
            echo "userdel -r" >> "$__messages_out"
        else
            if [ "$os" = "freebsd" ]; then
                printf "pw userdel '%s' >/dev/null 2>&1\\n" "${name}"
            else
                printf "userdel '%s' >/dev/null 2>&1\\n" "${name}"
            fi
            echo "userdel" >> "$__messages_out"
        fi
    fi
else
    echo "Invalid state $state" >&2
fi
