#!/bin/sh
#
# $FreeBSD$
#

# PROVIDE: ix-nfsd
# REQUIRE: ix-activedirectory

. /etc/rc.subr

hasspace()
{
	res=1
	if echo "${1}" | grep -qE ' +' 2>/dev/null; then
		res=$?
	fi

	return ${res}
}

setuser()
{
	local user="${1}"
	if hasspace "${user}"; then
		user=$(getent passwd "${user}"|cut -f3 -d:)
	fi

	echo "${user}"
}

setgroup()
{
	local group="${1}"
	if hasspace "${group}"; then
		group=$(getent group "${group}"|cut -f3 -d:)
	fi

	echo "${group}"
}

#
# TODO: For now we overwrite /etc/exports, it's desirable to teach mountd about another
# place so user can write their own entry.
#
generate_exports()
{
	rm /etc/exports
	local v4=0
	local IFS="|"
	local f="id nfs_network nfs_hosts nfs_alldirs nfs_ro nfs_quiet nfs_maproot_user nfs_maproot_group nfs_mapall_user nfs_mapall_group nfs_security"
	eval local $f
	local sf=$(var_to_sf $f)
	if [ "$(${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "SELECT nfs_srv_v4 FROM services_nfs")" -eq 1 ]; then
		if [ "$(${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "SELECT nfs_srv_v4_krb FROM services_nfs")" -eq 1 ]; then
			# The user has required kerberos for NFSv4 in the GUI.  We aren't going
			# to check for a keytab, we'll just do what we are told.
			echo "V4: / -sec=krb5:krb5i:krb5p" > /etc/exports
		else
			krb=$(${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "SELECT COUNT() FROM directoryservice_kerberoskeytab")
			# The user has not forced kerberized NFSv4 only, so we'll look for
			# a keytab and if we find one turn on kerberized NFSv4.
			if [ "${krb}" = "0" ]; then
				echo "V4: / -sec=sys" > /etc/exports
			else
				echo "V4: / -sec=sys:krb5:krb5i:krb5p" > /etc/exports
			fi
		fi
		v4=1
	fi
	${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "SELECT $sf FROM sharing_nfs_share AS us ORDER BY us.id DESC" | \
	while eval read -r $f; do
		local path paths line
		paths=`${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "SELECT path FROM sharing_nfs_share_path AS usp WHERE share_id = ${id} ORDER BY usp.id DESC" | \
		while read -r path; do
			if [ -d ${path} ]; then
				echo -n "${path} "
			fi
		done`
		if [ -z "${paths}" ]; then
			continue
		fi
		line=${paths}
		if [ "${nfs_alldirs}" = "1" ]; then
			line="${line} -alldirs"
		fi
		if [ "${nfs_ro}" = "1" ]; then
			line="${line} -ro"
		fi
		if [ "${nfs_quiet}" = "1" ]; then
			line="${line} -quiet"
		fi
                if [ -n "${nfs_mapall_user}" -o -n "${nfs_mapall_group}" ]; then
			mapall_user=$(setuser "${nfs_mapall_user}")
			mapall_group=$(setgroup "${nfs_mapall_group}")
			line="${line} -mapall=${nfs_mapall_user}:${nfs_mapall_group}"
                else
                        if [ -n "${nfs_maproot_user}" -o -n "${nfs_maproot_group}" ]; then
				maproot_user=$(setuser "${nfs_maproot_user}")
				maproot_group=$(setgroup "${nfs_maproot_group}")
			        line="${line} -maproot=${nfs_maproot_user}:${nfs_maproot_group}"
                        fi
		fi
		if [ -n "${nfs_security}" -a ${v4} -eq 1 ]; then
			security=`echo ${nfs_security} | tr "," ":"`
			if [ -n "${security}" ]; then
				line="${line} -sec=${security}"
			fi
		fi
		local IFS="|"
		echo ${nfs_network} | tr " " "\\n" | \
		while read -r network; do
			if [ -n "${network}" ]; then
				echo "${line} -network ${network}"
			fi
		done

		if [ -n "${nfs_hosts}" ]; then
			echo "${line} ${nfs_hosts}"
		elif [ -z "${nfs_network}" ]; then
			echo "${line}"
		fi
	done >> /etc/exports
	service mountd quietreload
}

name="ix-nfsd"
start_cmd='generate_exports'
stop_cmd=':'

load_rc_config $name
run_rc_command "$1"
