#!/bin/sh
#
# attempting to create lower privileged user/group for dhcpy6d
# take from http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html#s-bpp-lower-privs
#

set -e

case "$1" in
    configure)

    # Sane defaults:

    [ -z "$SERVER_HOME" ] && SERVER_HOME=/var/lib/dhcpy6d
    [ -z "$SERVER_USER" ] && SERVER_USER=dhcpy6d
    [ -z "$SERVER_NAME" ] && SERVER_NAME="DHCPv6 server dhcpy6d"
    [ -z "$SERVER_GROUP" ] && SERVER_GROUP=dhcpy6d

    # Groups that the user will be added to, if undefined, then none.
    ADDGROUP=""

    # create user to avoid running server as root
    # 1. create group if not existing
    if ! getent group | grep -q "^$SERVER_GROUP:" ; then
      echo -n "Adding group $SERVER_GROUP.."
      addgroup --quiet --system $SERVER_GROUP 2>/dev/null ||true
      echo "..done"
    fi
    # 2. create homedir if not existing
    test -d $SERVER_HOME || mkdir $SERVER_HOME
    # 3. create user if not existing
    if ! getent passwd | grep -q "^$SERVER_USER:"; then
     echo -n "Adding system user $SERVER_USER.."
     adduser --quiet \
             --system \
             --ingroup $SERVER_GROUP \
             --no-create-home \
             --home $SERVER_HOME \
             --gecos "$SERVER_NAME" \
             --disabled-password \
             $SERVER_USER 2>/dev/null || true
     echo "..done"
    fi
    # 4. adjust file and directory permissions
    chown -R $SERVER_USER:$SERVER_GROUP $SERVER_HOME
    chmod -R 0770 $SERVER_HOME
    if [ ! -e /var/log/dhcpy6d.log ]; then
        touch /var/log/dhcpy6d.log
    fi
    if [ ! -e /var/lib/dhcpy6d/volatile.sqlite ]; then
        cp /usr/share/dhcpy6d/volatile.sqlite /var/lib/dhcpy6d/volatile.sqlite
    fi
    chown $SERVER_USER:$SERVER_GROUP /var/log/dhcpy6d.log /var/lib/dhcpy6d/volatile.sqlite
    chmod 0660 /var/log/dhcpy6d.log /var/lib/dhcpy6d/volatile.sqlite
    # 6. add DUID entry to /etc/default/dhcpy6d if not yet existing
    TMPFILE=`mktemp`
    cat /usr/share/dhcpy6d/default/dhcpy6d  > "${TMPFILE}"
    echo                                   >> "${TMPFILE}"
    echo "# LLT DUID generated by Debian"  >> "${TMPFILE}"
    if [ ! -e /etc/default/dhcpy6d ] || ! grep -q "DUID=" /etc/default/dhcpy6d; then
        echo "DUID=$(dhcpy6d --generate-duid)" >> "${TMPFILE}"
    else
        egrep "^DUID=" /etc/default/dhcpy6d    >> "${TMPFILE}"
    fi
    ucf "${TMPFILE}" /etc/default/dhcpy6d
    ucfr dhcpy6d /etc/default/dhcpy6d
    ;;
esac


# Automatically added by dh_python3
if command -v py3compile >/dev/null 2>&1; then
	py3compile -p dhcpy6d 
fi
if command -v pypy3compile >/dev/null 2>&1; then
	pypy3compile -p dhcpy6d  || true
fi

# End automatically added section
# Automatically added by dh_installinit/13.11.4
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
	if [ -z "${DPKG_ROOT:-}" ] && [ -x "/etc/init.d/dhcpy6d" ]; then
		update-rc.d dhcpy6d defaults >/dev/null
		if [ -n "$2" ]; then
			_dh_action=restart
		else
			_dh_action=start
		fi
		invoke-rc.d --skip-systemd-native dhcpy6d $_dh_action || exit 1
	fi
fi
# End automatically added section
# Automatically added by dh_installsystemd/13.11.4
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then
	if deb-systemd-helper debian-installed 'dhcpy6d.service'; then
		# The following line should be removed in trixie or trixie+1
		deb-systemd-helper unmask 'dhcpy6d.service' >/dev/null || true

		if deb-systemd-helper --quiet was-enabled 'dhcpy6d.service'; then
			# Create new symlinks, if any.
			deb-systemd-helper enable 'dhcpy6d.service' >/dev/null || true
		fi
	fi

	# Update the statefile to add new symlinks (if any), which need to be cleaned
	# up on purge. Also remove old symlinks.
	deb-systemd-helper update-state 'dhcpy6d.service' >/dev/null || true
fi
# End automatically added section