source: trunk/locker/sbin/check-users @ 2671

#!/bin/bash
set -eu

err() {
    ok=
    echo "$@"
}

if [ $# -eq 0 ]; then
    filter="objectClass=posixAccount"
else
    filter=
    for user; do
        filter="$filter(uid=$user)"
    done
    filter="(&(objectClass=posixAccount)(|$filter))"
fi

unset "${!l_@}"
while read attr value; do
    ok=t
    if [ -n "$attr" ]; then
        declare "l_${attr%:}=$value"
        continue
    fi

    read f_type f_data < <(hesinfo -- "$l_uid" filsys | sort -nk5,5) || :
    if [ -z "$f_type" ]; then
        err "$l_uid" "no_hesiod"
    elif [ "$f_type" = "ERR" ]; then
        err "$l_uid" "hesiod_err ERR $f_data"
    elif [ "$f_type" = "AFS" ]; then
        read f_path f_perm f_link z \
            < <(echo "$f_data")
        [ "${l_homeDirectory#/disabled}" = "$f_path" ] || \
            err "$l_uid" "hesiod_path $f_path (LDAP $l_homeDirectory)"
    else
        err "$l_uid" "wrong_hesiod $f_type"
    fi

    p_cell=
    case "$l_homeDirectory" in
        /afs/*)
            p_cell="${l_homeDirectory#/afs/}"
            p_cell="${p_cell%%/*}"
            ;;
        /disabled/afs/*)
            err "$l_uid" "disabled $l_homeDirectory"
            l_homeDirectory="${l_homeDirectory#/disabled}"
            p_cell="${l_homeDirectory#/afs/}"
            p_cell="${p_cell%%/*}"
            ;;
        /*)
            err "$l_uid" "not_afs $l_homeDirectory"
            ;;
        *)
            err "$l_uid" "relative_home $l_homeDirectory"
            ;;
    esac

    read v_vname v_vol v \
        < <(vos examine -noauth -id "$l_uidNumber" -cell "${p_cell#.}" 2>/dev/null) || :
    [ "$v_vol" = "$l_uidNumber" ] ||
        err "$l_uid" "no_vol ${p_cell#.} $l_uidNumber"

    if ! [ -d "$l_homeDirectory" ]; then
        if ! [ -e "$l_homeDirectory" ]; then
            err "$l_uid" "no_home $l_homeDirectory"
        else
            err "$l_uid" "not_dir $l_homeDirectory"
        fi
    else
        read c c_path c c c c_cell \
            < <(fs whichcell -path "$l_homeDirectory" 2>/dev/null) || :
        [ "$c_path" = "$l_homeDirectory" ] || \
            err "$l_uid" "no_cell $l_homeDirectory"
        [ "$c_cell" = "'${p_cell#.}'" ] || \
            err "$l_uid" "wrong_cell $p_cell $l_homeDirectory $c_cell"

        read m_path m m m m m m m_vname \
            < <(fs lsmount -dir "$l_homeDirectory" 2>/dev/null) || :
        [ "$m_path" = "'$l_homeDirectory'" ] || \
            err "$l_uid" "no_mount $l_homeDirectory"

        case "$m_vname" in
            "'#$v_vname'" | "'%$v_vname'" | "'#${p_cell#.}:$v_vname'" | "'%{p_cell#.}:$v_vname'")
                ;;
            *)
                m_vname2="${m_vname#\'[#%]}"
                m_vname2="${m_vname2%\'}"
                m_cell="${m_vname2%%:*}"
                [ "$m_cell" != "$m_vname2" ] || m_cell="${p_cell#.}"
                m_vname2="${m_vname2#*:}"
                read m_vname2 m_vol m \
                    < <(vos examine -noauth -id "$m_vname2" -cell "$m_cell" 2>/dev/null) || :
                err "$l_uid" "wrong_mount ${m_cell} $m_vname = $m_vol (${p_cell#.} $l_uidNumber = $v_vname)"
                ;;
        esac
    fi

    if [ "$ok" = t ]; then
        err "$l_uid" "ok"
    fi

    unset "${!l_@}"
done < <(
    ldapsearch -LLL -x -D 'cn=Directory Manager' -y /etc/signup-ldap-pw \
        -b ou=People,dc=scripts,dc=mit,dc=edu "$filter" \
        uid uidNumber homeDirectory loginShell | \
        perl -0pe 's/\n //g;'
    )