#!/bin/bash

status=$(dpkg-query -W -f='${Status}\n' ucs-school-master 2>/dev/null)
if ! [ "$status" = "install ok installed" ]; then
	echo "Can only run on UCS@school Multischool Master"
	exit 2
fi

eval "$(ucr shell domainname kerberos/realm)"

check_dns_output=$(/usr/share/univention-samba4/scripts/check_essential_samba4_dns_records.sh | sed 's/has SRV record/IN SRV/;s/has address/A/')

ldif=$(univention-ldapsearch -xLLL "(&(univentionService=UCS@school)(univentionService=S4 Connector)(univentionServerRole=slave))" cn)
slaves=( $(sed -n 's/^cn: //p' <<<"$ldif") )

remove_non_msdcs_lines=""
remove_msdcs_lines=""

NL=$'\n'
for slave in "${slaves[@]}"; do
	fqdn="$slave.$domainname"
	remove_slave_lines=$(grep -i "$fqdn" <<<"$check_dns_output" | sed -n 's/^/update delete /p')

	slave_ipv4=$(dig +short "$fqdn" A)
	remove_non_msdcs_slave_ip=$(grep "^gc._msdcs.$domainname has address $slave_ipv4$" <<<"$remove_slave_lines")
	if [ -n "$remove_non_msdcs_slave_ip" ]; then
		remove_non_msdcs_lines="$remove_non_msdcs_lines$NL$remove_non_msdcs_slave_ip"
	fi

	remove_non_msdcs_slave_lines=$(grep -v '\._msdcs\.' <<<"$remove_slave_lines")
	if [ -n "$remove_non_msdcs_slave_lines" ]; then
		remove_non_msdcs_lines="$remove_non_msdcs_lines$NL$remove_non_msdcs_slave_lines"
	fi

	remove_msdcs_slave_lines=$(grep '\._msdcs\.' <<<"$remove_slave_lines")
	if [ -n "$remove_msdcs_slave_lines" ]; then
		remove_msdcs_lines="$remove_msdcs_lines$NL$remove_msdcs_slave_lines"
	fi
done

if [ -z "$remove_non_msdcs_lines" ] && [ -z "$remove_msdcs_lines" ]; then
	exit 0
fi

if ! klist -s || ! klist 2>/dev/null | grep -q "^ *Principal: Administrator@$kerberos_realm$"; then
        kinit Administrator
        if ! [ $? -eq 0 ]; then
                exit 1
        fi
fi

nsupdate -g <<%EOF
$remove_non_msdcs_lines
show
send
%EOF

nsupdate -g <<%EOF
zone _msdcs.$domainname
$remove_msdcs_lines
show
send
%EOF