#!/bin/sh /etc/rc.common

START=11
STOP=90
USE_PROCD=1

create_group() {
	local group="$1"
	local enabled deleted old_name
	config_get enabled "$group" enabled ""
	config_get deleted "$group" deleted ""
	config_get old_name "$group" old_name ""
	
	groupname=${group#*_}

	if [ "$deleted" = "1" ]; then
		groupdel -f "$groupname"
		uci -q delete users."$group"
		return 0
	fi

	if [ -n "$old_name" ]; then
		del_group=${old_name#*_}
		grep -rq "^$del_group:" /etc/group
		if [ "$?" = "0" ]; then
			groupdel -f "$del_group"
		fi
		uci -q delete users."$group".old_name
	fi

	if [ "$enabled" = "1" ]; then
		grep -rq "^$groupname:" /etc/group
		if [ "$?" = "1" ]; then
			groupadd -f "$groupname"
		fi
	else
		grep -rq "^$groupname:" /etc/group
		if [ "$?" = "0" ]; then
			groupdel -f "$groupname"
		fi
	fi
}

create_user() {
        local user="$1"
        local enabled password member_groups shell old_name deleted encrypted_password
	config_get password "$user" password ""
	config_get enabled "$user" enabled ""
	config_get old_name "$user" old_name ""
	config_get member_groups "$user" member_groups ""
	config_get shell "$user" shell ""
	config_get deleted "$user" deleted ""
	config_get encrypted_password "$user" encrypted_password ""

	if [ "$deleted" = "1" ]; then
		userdel -f "$user"
		uci -q delete users."$user"
		return 0
	fi

	if [ -n "$old_name" ]; then
		cat /etc/passwd | cut -d: -f1 | grep -qE "^$old_name$"
		if [ "$?" = "0" ]; then
			usermod -b -l "$user" "$old_name"
		fi
		uci -q delete users."$user".old_name
	fi

	grep -rq "^$user:" /etc/passwd
	if [ "$?" = "1" ]; then
		adduser -D -H -s /bin/false "$user"
	fi

	# set password
	if [ -n "$password" ]; then
		echo "$user:$password" | chpasswd
		uci -q delete users."$user".password
	fi

	# set encrypted_password
	if [ -n "$encrypted_password" ]; then
		str=$(ubus call bbf.secure decode "{'data':'$encrypted_password'}" |jsonfilter -e @.value)
		if [ -n "$str" ]; then
			echo "$user:$str" | chpasswd
		fi
	fi

	# set shell
	usermod -s /bin/false "$user"
	if [ -n "$shell" ] && [ "$shell" != "false" ]; then
		shellname=$(cat /etc/shells | grep -r "/$shell$")
		if [ -n "$shellname" ]; then
			shell_sec=""
			shell_en=""
			uci_param=$(uci -q show users | grep -E "^users\.@shell\[[0-9]+\]\.name=\'$shell\'$")
			if [ -n "$uci_param" ]; then
				shell_sec=$(echo "$uci_param" | cut -d= -f1 | cut -d. -f2)
			fi

			if [ -n "$shell_sec" ]; then
				shell_en=$(uci -q get users."$shell_sec".enabled)
			fi

			if [ "$shell_en" = "1" ]; then
				usermod -s "$shellname" "$user"
			fi
		fi
	fi

	# add groups
	usermod -G "" "$user"
	if [ -n "$member_groups" ]; then
		for i in ${member_groups//,/ }
		do
			group=${i#*_}
			grep -rq "^$group:" /etc/group
			if [ "$?" = "0" ]; then
				usermod -aG "$group" "$user"
			fi
		done
	fi

	if [ "$enabled" = "1" ]; then
		usermod -U "$user"
	else
		usermod -L "$user"
	fi
}

start_service() {
	config_load users

	# creation of non-static groups and users
	config_foreach create_group group
	config_foreach create_user user
	uci commit users
}

reload_service() {
	stop
	start
}

service_triggers()
{
	procd_add_reload_trigger "users"
}