#!/bin/ash

. /opt/openslx/config || { echo "Could not source config!"; exit 23; }

#Redirect stdout and stderr to debuging
exec 1<&-
exec 2<&-

exec 1<>/var/log/ecrypt
exec 2>&1

# check if the /home partition exists
if mount | grep "/home" > /dev/null; then
    echo "/home partition found"
    foundhome="Yes"
else
    echo "/home partition not found"
    echo "Will create thing normaly, but will not be persistent"
    mkdir /home
    foundhome="Yes"
fi

modprobe ecryptfs

PATHPASSSIG="/opt/ecryptfs/" # Path to where the pass and sigs are stored
PATHECRYPT="/home/.ecryptfs/" # Path to where the .Private and .ecryptfs of users will be stored

echo "auth  optional  pam_ecryptfs.so unwrap" >> /etc/pam.d/common-auth
echo "password  optional  pam_ecryptfs.so" >> /etc/pam.d/common-password
echo "session optional  pam_ecryptfs.so unwrap" >> /etc/pam.d/common-session

chmod +s /sbin/mount.ecryptfs_private

for line in $SLX_USERS; do
  IFS=,
  set $line
  unset IFS
  username=$2
  echo "testando: $username, $1, $5"
  if ([ $5 = "Y" ] && [ $1 = "A" ]); then
    if ( [ -e /home/.ecryptfs/${username}/ ] ); then
      echo -e "\t$username, encrypted"
      #If someday, we manage to make possible to the server user changing his password
      #in the machine, this lines have to be deleted because it copies the 
      #old sig and wrapped-passphrase to the user details again
      #cp "${PATHPASSSIG}${username}.sig" "${PATHECRYPT}${username}/.ecryptfs/Private.sig"
      #cp "${PATHPASSSIG}${username}" "${PATHECRYPT}${username}/.ecryptfs/wrapped-passphrase"
      #chmod 600 "${PATHECRYPT}${username}/.ecryptfs/Private.sig"
      #chmod 600 "${PATHECRYPT}${username}/.ecryptfs/wrapped-passphrase"
      
      #chown -R "$username:$username" "${PATHECRYPT}${username}"
    
    else
      echo -e "\t Encrypting $username"

      mkdir -p "${PATHECRYPT}${username}/"
      mkdir -m 700 "${PATHECRYPT}${username}/.Private"
      mkdir -m 700 "${PATHECRYPT}${username}/.ecryptfs"

      touch "${PATHECRYPT}${username}/.ecryptfs/auto-mount"
      touch "${PATHECRYPT}${username}/.ecryptfs/auto-umount"
      echo "/home/${username}" > "${PATHECRYPT}${username}/.ecryptfs/Private.mnt"
      cp "${PATHPASSSIG}${username}.sig" "${PATHECRYPT}${username}/.ecryptfs/Private.sig"
      cp "${PATHPASSSIG}${username}" "${PATHECRYPT}${username}/.ecryptfs/wrapped-passphrase"

      chmod 600 "${PATHECRYPT}${username}/.ecryptfs/Private.sig"
      chmod 600 "${PATHECRYPT}${username}/.ecryptfs/Private.mnt"
      chmod 600 "${PATHECRYPT}${username}/.ecryptfs/wrapped-passphrase"
      chmod 644 "${PATHECRYPT}${username}/.ecryptfs/auto-mount"
      chmod 644 "${PATHECRYPT}${username}/.ecryptfs/auto-umount"
      chown -R "$username:$username" "${PATHECRYPT}${username}"

      rm -rf "/home/$username"
      mkdir "/home/$username"
      chmod 700 "/home/$username"
      chown "$username:$username" "/home/$username"

      ln -s "${PATHECRYPT}${username}/.ecryptfs/" "/home/$username/"
      ln -s "${PATHECRYPT}${username}/.Private/" "/home/$username/"
      ln -s "${PATHPASSSIG}README.txt" "/home/$username/README.txt"
      chown -h "$username:$username" "/home/$username/README.txt"
      chown -h "$username:$username" "/home/$username/.ecryptfs"
      chown -h "$username:$username" "/home/$username/.Private"
    
    fi
  fi
done
