#!/bin/sh

password=$(echo "$1" | sed -n 's/.*%\(.*\)/\1/p')
if [ -n "$password" ]; then
	user=$(echo "$1" | sed -n 's/\(.*\)%.*/\1/p')
else
	user="$1"
fi

usersid=$(wbinfo -n "$user" | awk '{ print $1 }')
if [ -z "$usersid" ]; then
	exit 1
fi
printf "sid:\t\t$usersid\n"

username=$(wbinfo -s "$usersid" | awk '{ print $1 }')
if [ -z "$username" ]; then
	exit 1
fi
printf "username:\t$username\n"

uid=$(wbinfo -S "$usersid" | awk '{ print $1 }')
if [ -z "$uid" ]; then
	exit 1
fi
printf "uid:\t\t$uid\n"

sid=$(wbinfo -U "$uid" | awk '{ print $1 }')
if [ "$sid" != "$usersid" ]; then
	printf "reverse sid mismatch:\t${sid}\n"
	exit 1
fi

usergids=$(wbinfo --user-groups="$user")
if [ -z "$usergids" ]; then
	printf "ERROR: lookup of GIDs for user failed\n"
else
	printf "GIDs:\t\t$usergids\n"
fi

usergroupsids=$(wbinfo --user-sids="$usersid")
for groupsid in $usergroupsids; do
	if [ "$usersid" != "$groupsid" ]; then
		printf "groupsid:\t$groupsid\n"
		gid=$(wbinfo -Y "$groupsid" | awk '{ print $1 }')
		if [ -z "$gid" ]; then
			exit 1
		fi
		sid=$(wbinfo -G "$gid" | awk '{ print $1 }')
		if [ "$sid" != "$groupsid" ]; then
			printf "reverse sid mismatch:\t${sid}\n"
			exit 1
		fi
		groupname=$(wbinfo -s "$groupsid" | awk '{ print $1 }')
		if [ -z "$groupname" ]; then
			exit 1
		fi
		printf "groupname:\t$groupname\n"
	fi
done

getent_passwd=$(getent passwd "$user")
if [ -z "$getent_passwd" ]; then
	printf "ERROR: getent passwd: no entry\n"
else
	printf "getent passwd:\t$getent_passwd\n"
fi

if [ -z "$password" ]; then
	echo "WARNING: No password given, authentication test skipped" >&2
else
	wbinfo -a "$user%$password"
fi

wbseparator=$(wbinfo --separator)
domain=$(echo "$user" | sed -n 's/\(.*\)'"${wbseparator}"'.*/\1/p')

dcname=$(wbinfo --getdcname="$domain")
if [ -z "$dcname" ]; then
	exit 1
fi
printf "dcname:\t\t$dcname\n"

if ! wbinfo -N "$dcname" >/dev/null; then
	printf "trying DNS: "
	host "$dcname"
fi

domainuserlist=$(wbinfo -u --domain="$domain")
if [ -z "$domainuserlist" ]; then
	echo "WARNING: enum users failed for domain $domain" >&2
else
	echo "enum users for domain $domain successfull" >&2
fi

domaingrouplist=$(wbinfo -g --domain="$domain")
if [ -z "$domaingrouplist" ]; then
	echo "WARNING: enum groups failed for domain $domain" >&2
else
	echo "enum groups for domain $domain successfull" >&2
fi