#!/bin/sh
#save/load users and groups from/to flash (not TFFS)

SAVE_DIR=/tmp/flash/users
FILES="passwd group shadow gshadow"

load() {
	local f=, u=, perm=

	mkdir -pm 700 $SAVE_DIR

	for f in $FILES; do
		touch "/tmp/$f"

		# set permissions: 644 for passwd & group, 600 for shadow & gshadow
		[ "$f" == "${f%shadow}" ] && perm=644 || perm=600
		chmod $perm "/tmp/$f"

		# freetz users/groups available?
		if [ -e "$SAVE_DIR/$f" ]; then
			# do load them, for user related files ignore
			#  boxusr*/ftpuser-internet (are always taken from AVM's passwd)
			#  ftpuser & nobody (used both by AVM and by freetz and thus treated specially)
			# note: ftpuser & ftpuser-internet are matched using common prefix ftpuser
			case "$f" in
				passwd|shadow)
					grep -vE "^(boxusr|ftpuser|nobody:)" "$SAVE_DIR/$f"
					;;
				*) # actually group|gshadow)
					cat "$SAVE_DIR/$f"
					;;
			esac > "/tmp/${f/passwd/passwd.mod}" 2>/dev/null
		else
			# save default users/groups from var.tar
			cat "/tmp/$f" > "$SAVE_DIR/$f" 2>/dev/null
			chmod $perm "$SAVE_DIR/$f"
		fi
	done

	# the very 1st invocation of load => no freetz passwd is available/loaded
	if [ ! -e /tmp/passwd.mod ]; then
		# create passwd.mod from var.tar
		cat /tmp/passwd > /tmp/passwd.mod 2>/dev/null
	fi
	chmod 644 /tmp/passwd.mod

	# /var/tmp/passwd.tmp is created by ctlmgr, do NOT MoVe due to libctlmgr
	cp /var/tmp/passwd.tmp /var/tmp/passwd.avm 2>/dev/null && rm -rf /var/tmp/passwd.tmp

	# load AVM's boxusr* / ftpuser* (created by ctlmgr)
	# ignore root - we always use freetz (shadowed) version
	# ignore ftpuser (no suffix) & nobody, both treated specially below
	[ -e /var/tmp/passwd.avm ] && grep -vE "^(root|ftpuser|nobody):" /var/tmp/passwd.avm >> /tmp/passwd.mod

	# users ftpuser & nobody are created/used by both AVM and freetz
	# do always prefer AVM version of them, add freetz one only if AVM's one is missing
	for u in ftpuser nobody; do
		cat /var/tmp/passwd.avm "$SAVE_DIR/passwd" 2>/dev/null | grep -m1 "^${u}:" >> /tmp/passwd.mod
		# if it's a user with shadowed pwd, do copy the corresponding shadow-entry
		# from $SAVE_DIR/shadow (AVM doesn't use shadowed passwd)
		if grep -q "^${u}:x:" /tmp/passwd.mod 2>/dev/null; then
			grep -m1 "^${u}:" "$SAVE_DIR/shadow" >> "/tmp/shadow" 2>/dev/null
		fi
	done

	# all passwd related entries has been so far written to /tmp/passwd.mod
	# this was done in order to prevent possible race-conditions
	# we're done, move it to /tmp/passwd now
	mv /tmp/passwd.mod /tmp/passwd

	touch /tmp/.usersloaded
}

save() {
	local rc=0
	[ ! -e /tmp/.usersloaded ] && return 1
	rm -rf $SAVE_DIR
	mkdir -pm 700 $SAVE_DIR
	for f in $FILES; do
		cp -p "/tmp/$f" "$SAVE_DIR/$f" || rc=1
	done
	return $rc
}

case $1 in
	load)
		load
		;;
	save)
		save
		;;
	update)
		save
		load
		;;
	*)
		echo "Usage: $0 [load|save|update]" 1>&2
		exit 1
		;;
esac