#!/bin/sh
#
# Univention Mobile/Managed Client
#  helper script: checks the connection to the LDAP server. If the
#  connection fails 'ldap' is removed from the list of possible
#  authentication methods
#
# Copyright 2004-2014 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.

LOCKFILE=/tmp/.univention_check_connection
# create lock file
if ! lockfile-create -q --retry 0 $LOCKFILE; then
	exit 0
fi


export PATH=$PATH:/sbin:/usr/sbin

eval "$(/usr/sbin/univention-config-registry shell)"

if [ -z "$auth_methods_default" ]; then
	/usr/sbin/univention-config-registry set auth/methods/default="$auth_methods" >/dev/null
fi

# do we need to run run-parts etc/network/if-$1.d
run_parts=false
if [ -n "$1" -a "$1" = "runParts" ]; then
	run_parts=true
fi


action () {
	dir="/etc/network/if-$1.d"
	export MODE=$1

	if [ -d "$dir" -a "$run_parts" = "true" ]; then
		run-parts "$dir" >/dev/null
	fi
}

connection_okay=0

if [ -n "$ldap_server_name" ]; then
	if /bin/netcat -q0 -w4 $ldap_server_name 7389 </dev/null >/dev/null 2>&1; then
		connection_okay=1
	fi
fi

if [ -n "$ldap_server_addition" ] && [ $connection_okay = 0 ]; then
	for h in  $ldap_server_addition; do
		if /bin/netcat -q0 -w4 $h 7389 </dev/null >/dev/null 2>&1; then
			connection_okay=1
			break
		fi
	done
fi

if [ $connection_okay = 1 ]; then
	res="`echo $auth_methods | grep ldap`"
	if [ -z "$res" ]; then
		/usr/sbin/univention-config-registry set auth/methods="$auth_methods_default" >/dev/null
		action up
	fi
else
	res="`echo $auth_methods | grep ldap`"
	if [ -n "$res" ]; then
		/usr/sbin/univention-config-registry set auth/methods=cache >/dev/null
		action down
	fi

fi

# remove lock file
lockfile-remove $LOCKFILE
