#!/bin/sh

set -ex

## This script is run by www-data using sudo. Keep that in mind!
## Make sure that malicious execution cannot hurt.##

HOST="$1"

kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern"
kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
kadmin.local -q "add_principal -policy hosts -randkey nfs/$HOST.intern"
kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern"
logger -t gosa-modify-host -p notice Krb5 principals and keytab file for host \'$HOST\' created.

# update services:
/usr/share/debian-edu-config/tools/gosa-sync-dns-nfs

# cleanup from leftover host principals and keytab file:
for i in $(basename -a /etc/debian-edu/host-keytabs/* | sed 's#.intern.keytab##') ; do
    if slapcat | grep $i | grep -q dhcp ; then
	    :
	else
		kadmin.local delprinc host/$i.intern@INTERN
		kadmin.local delprinc nfs/$i.intern@INTERN
		rm /etc/debian-edu/host-keytabs/$i.intern.keytab
    fi
done

exit 0
