#!/bin/sh
# $Id: syncsipb,v 1.12 2009/04/20 09:44:42 mitchb Exp $ 

# put /bin/athena first in PATH to get an athena-configured
# hesinfo binary
PATH=/bin/athena:/bin:/usr/bin:/usr/sbin:/usr/athena/bin
export PATH

group=spehn-login
accessconf=/etc/security/access.conf

files=$accessconf
for file in $files; do
    addcount=0
    updcount=0
    hesiod_suckers=
    echo "-> Setting up $file"
    for i in `blanche $group -r -u -n`; do
        num=`grep -c \^$i: $file`
        entry=`hesinfo $i passwd`
        uid=`echo "$entry" | awk -F: '{print $3}'`
        grplist=`hesinfo $i grplist`
        # Is their hesiod grplist truncated because they're in too many
        # NFS groups?  If so, we'll list them in the access.conf file
        # individually so they can still log in even if gsipb doesn't
        # make it into their list.
        echo $grplist | grep -q ':$'
        if [ $? = 0 ]; then
            hesiod_suckers="${hesiod_suckers}${i} "
            addcount=`expr $addcount + 1`
        fi
    done
    configured=0
    uniqusers=
    hesiod_suckers=`echo $hesiod_suckers | sed -e 's/^ *//' -e 's/ *$//'`
    config="#SYNCSPEHN BEGIN\n+:$group $hesiod_suckers:ALL\n#SYNCSPEHN END"
    rm -f $accessconf.new
    exec 4< $accessconf
    while read accessline <&4; do
        if [ $configured = 1 ]; then
            echo $accessline >> $accessconf.new
            continue
        fi
        permission=`echo $accessline | awk -F: '{ print $1; }'`
        if [ "x$permission" = "x-" ]; then
            echo $config >> $accessconf.new
            configured=1
            echo $accessline >> $accessconf.new
        elif [ "x$permission" = "x+" ]; then
            origins=`echo $accessline | awk -F: '{ print $3; }'`
            if [ "x$origins" = "xALL" ]; then
                users=`echo $accessline | awk -F: '{ print $2; }'`
                users="$users $group $hesiod_suckers"
                users=`echo $users | sed -e 's/ /\n/g' | sort`
                uniqusers=`echo $users | sed -e 's/ /\n/g' | uniq -u`
                newusers=
                for user in `echo $users | sed -e 's/ /\n/g' | uniq`; do
                    newusers="$newusers $user"
                done
                newusers=`echo $newusers | sed -e 's/^ *//'`
                echo "+:$newusers:ALL" >> $accessconf.new
                configured=1
            else
                echo $accessline >> $accessconf.new
            fi
        else
            echo $accessline >> $accessconf.new
        fi
    done
    mv -f $accessconf.new $accessconf
    echo "   Individually listed $addcount users with truncated hesiod grplists."
    echo "      ($hesiod_suckers)"
    echo "   Users in $accessconf but not in $passwdadd:"
    count=0
    for i in $uniqusers; do
        if [ "$i" = "$group" ]; then
            continue
        fi
        echo " $hesiod_suckers " | grep -q " $i "
        if [ $? = 1 ]; then
            echo "       $i"
            count=`expr $count + 1`
        fi
    done
    if [ $count = 0 ]; then
        echo "       (none)"
    fi
done