#!/bin/bash
# Join une machine Windows distante au domaine Active directory

set -e

die() { echo "$@" >&2 ; exit ${EXIT_CODE:-1}; }

SAMBA4_VARS=/etc/eole/samba4-vars.conf

[ -f "${SAMBA4_VARS}" ] && . "${SAMBA4_VARS}"

function usage
{
  echo "Usage :"
  echo "   $(basename $0) -U <domain admin> -u <host admin> [-p ] -m <machine> [-m <machine>...]"
  echo "      -U : Domain administrator account"
  echo "      -P : Domain administrator password"
  echo "      -u : host administrator account"
  echo "      -p : host administrator password"
  echo "      -m : windows Machines you need to join"
  echo "      -r : reboot the machine after joining to the domain"
  echo "      -n : dry-run mode"
  echo "      -f : do not ask question"
  exit 0
}

TEMP=$(getopt -o U:P:u:p:m:rfnhvcls --long force,dry-run,help,version,copyright,licence,changes,sources -- "$@")

test $? = 0 || exit 1
eval set -- "${TEMP}"

while true
do
    case "${1}" in
        # Default options for utilities
        -h|--help)
            usage
            exit 0
            ;;
        -v|--version)
            licence | head -n 2
            exit 0
            ;;
        -c|--copyright)
            licence | tail -n +2
            exit 0
            ;;
        -l|--licence)
            licence
            exit 0
            ;;
        --changes)
            changes
            exit 0
            ;;
        -s|--sources)
            sources
            exit 0
            ;;

        # Program options
	-f|--force)
	    FORCE=true
	    shift
	    ;;

        -n|--dry-run)
            DRY_RUN=:
	    DRY_RUN_MSG="Dry run mode: "
            shift
            ;;

        -U)
            [ -n "${2}" ] || die "Domain administrator account must not be empty"
            AD_ADMIN="${2}"
            shift 2
            ;;

        -P)
            [ -n "${2}" ] || die "Domain administrator password file must not be empty"
	    [ -r "${2}" ] || die "Domain administrator password file is not readable"
            AD_ADMIN_PASSWORD_FILE="${2}"
            shift 2
            ;;

        -u)
            [ -n "${2}" ] || die "Host administrator account must not be empty"
            HOST_ADMIN="${2}"
            shift 2
            ;;

        -p)
            [ -n "${2}" ] || die "Host administrator password file must not be empty"
	    [ -r "${2}" ] || die "Host administrator password file is not readable"
            HOST_ADMIN_PASSWORD_FILE="${2}"
            shift 2
            ;;

        -r)
            REBOOT=REBOOT
            shift
            ;;

        -m|--machine)
            [ -n "${2}" ] || die "Machine must not be empty"
            MACHINES="${MACHINES:+${MACHINES} } ${2}"
            shift 2
            ;;

        # End of options
        --)
            shift
            break
            ;;
        *)
            die "Error: unknown argument '${1}'"
            ;;
    esac
done

[ ! -z "${AD_ADMIN+x}" ] || die "Undefined domain administrator account"
[ ! -z "${HOST_ADMIN+x}" ] || die "Undefined host administrator account"
[ ! -z "${MACHINES+x}" ] || die "No machine specified"


if ! [[ "${AD_ADMIN}" =~ "\\" ]]
then
    AD_ADMIN="${AD_DOMAIN}\\${AD_ADMIN}"
fi

# Check for unset password
# See https://stackoverflow.com/questions/874389/bash-test-for-a-variable-unset-using-a-function
if [ -z "${AD_ADMIN_PASSWORD_FILE}" ]
then
    read -s -p "Password of domain account “${AD_ADMIN}”: " AD_ADMIN_PASSWORD
    echo
fi

if [ -z "${HOST_ADMIN_PASSWORD_FILE}" ]
then
    read -s -p "Password of host account “${HOST_ADMIN}”: " HOST_ADMIN_PASSWORD
    echo
fi

for machine in ${MACHINES}
do
    if ! [[ "${HOST_LOGIN}" =~ "\\" ]]
    then
	HOST_ADMIN="${machine}\\${HOST_ADMIN}"
    fi

    echo "Domain administrator account: “${AD_ADMIN}”"
    echo "Host administrator account: “${HOST_ADMIN}”"

    if [ -z "${FORCE+x}" ]
    then
	unset JOIN_MACHINE
	read -e -p "Join computer “${machine}” to domain “${AD_DOMAIN}”? [Yes/No/Quit]: " JOIN_MACHINE
	[[ "${JOIN_MACHINE}" =~ ^q(uit)?$ ]] && echo "Abort" && exit 0

	[[ "${JOIN_MACHINE}" =~ ^([yY]([eE][sS])?|[nN][oO]?)$ ]] \
	    || die "Bad answer: “$JOIN_MACHINE”"

	[[ "${JOIN_MACHINE}" =~ ^[yY]([eE][sS])?$ ]] \
	    || (echo && continue)
    fi

    echo "${DRY_RUN_MSG}Integrating “${machine}”..."
    ${DRY_RUN} net -S "${machine}" -U "${HOST_ADMIN}" \
    	       dom join DOMAIN="${REALM}" ACCOUNT="${AD_ADMIN}" PASSWORD="${AD_ADMIN_PASSWORD}" \
	       <<<"${HOST_ADMIN_PASSWORD}"

    if [ $? -eq 0 -a -n "${REBOOT}" ]
    then
	echo "${DRY_RUN_MSG}Rebooting “${machine}”..."
	${DRY_RUN} net -S "${machine}" -U "${HOST_ADMIN}" RPC SHUTDOWN -r -f -t 5 \
		   <<<"${HOST_ADMIN_PASSWORD}"
    fi
    echo
done
