#!/bin/sh

set -ex

## This script is run by www-data using sudo. Keep that in mind!
## Make sure that malicious execution cannot hurt.##

HOST="$1"

# This is only for kerberizing host entries in LDAP stemming from earlier installations
# of Debian Edu... Normally, host and service principals should have been created
# by the gosa-host-create hook script.
if ! LANG=C kadmin.local -q "get_principal host/$HOST.intern" 2>/dev/null  | grep -q "^Principal: host/$HOST.intern@.*"; then
	kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern"
	kadmin.local -q "ktadd -k /var/lib/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
	logger -t gosa-modify-host -p notice Krb5 host principal \'host/$HOST.intern\' created and added to host-specific keytab file.
fi
if ! LANG=C kadmin.local -q "get_principal nfs/$HOST.intern" 2>/dev/null  | grep -q "^Principal: nfs/$HOST.intern@.*"; then
	kadmin.local -q "add_principal -policy hosts -randkey nfs/$HOST.intern"
	kadmin.local -q "ktadd -k /var/lib/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern"
	logger -t gosa-modify-host -p notice Krb5 service principal \'nfs/$HOST.intern\' created and added to host-specific keytab file.
fi

# call DLW keytabs' update script (delay execution for 2s because GOsa² needs
# to write the NIS netgroup information first (this hook gets called between
# saving the host object to LDAP, but before updating the NIS netgroup settings).
( sleep 2; /usr/share/debian-edu-config/tools/update-dlw-krb5-keytabs ${@} 1>/dev/null 2>/dev/null) &

# update services:
/usr/share/debian-edu-config/tools/gosa-sync-dns-nfs

# clean-up Kerberos host keytabs
/usr/share/debian-edu-config/tools/clean-up-host-keytabs

exit 0
