#!/bin/sh
#
# Univention License
#  Import Univention License file
#
# SPDX-FileCopyrightText: 2004-2026 Univention GmbH
# SPDX-License-Identifier: AGPL-3.0-only

PATH="/usr/sbin:/usr/bin:/sbin:/bin"

display_help() {
	display_header
	echo "Syntax:"
	echo "  univention-license-import <license file>"
	echo "  univention-license-import [--help] [--version]"
	echo ""
	echo "Options:"
	echo "  '-h | --help | -?:           print this usage message"
	echo "  '--version:                  print version information"
	echo ""
	echo "Description:"
	echo "  univention-license-import is a tool for importing license keys"
	echo "  for UCS from file."
}

display_header() {
	echo "univention-license-import: import license key for UCS"
	echo "copyright (c) 2001-2026 Univention GmbH, Germany"
	echo ""
}

display_version() {
	echo "univention-license-import 4.0"
}

#if [ "`id -u`" != "0" ]; then
#	echo "You need to be root to install a new license." >&2
#	exit 1
if [ -z "$1" ]; then
	display_help
	exit 1
else
	case $1 in
		--version)
			display_version
			exit 0
			;;
		-h|--help|-\?)
			display_help
			exit 0
			;;
		*)
			if ! [ -f "$1" ]; then
				echo "E: '$1' is not a valid file" >&2
				exit 1
			fi
			;;
	esac
fi

# extract DN and check that only one DN has been found
file="$1"
for i in $(fromdos <"$file" | \
		ldapsearch-wrapper | sed -n "s/^dn: //p"); do
	if [ "$dn" ]; then
		echo "E: License file contains more than one DN." >&2
		exit 1
	fi
	dn="$i"
done
if [ -z "$dn" ]; then
	echo "E: License file does not contain DN." >&2
	exit 1
fi

eval "$(univention-config-registry shell ldap/base ldap/master ldap/master/port)"
if [ -z "$ldap_master_port" ]; then
	ldap_master_port=7389
fi

if ! echo "$dn" | grep -i -q "$ldap_base\$"; then
	echo "E: Your system is configured to use the LDAP base DN" >&2
	echo "E:   $ldap_base" >&2
	echo "E: but the given license file was created for" >&2
	dn_base=$(echo "$dn" | sed 's/^.*,cn=license,cn=univention,//')
	echo "E:   $dn_base" >&2
	echo >&2
	echo "Please reinstall your system with the LDAP base DN" >&2
	echo "matching your license file or get in contact with" >&2
	echo "Univention to request a new license file matching your" >&2
	echo "system's LDAP base DN." >&2
	exit 1
fi

# ldapadd and ldapmodify work correctly with DOS linebreaks
err=$(ldapadd -x -H "ldap://$ldap_master:$ldap_master_port" -ZZ -D "cn=admin,$ldap_base" -y /etc/ldap.secret -f "$file" 2>&1)
rv=$?
if [ "$rv" = "68" ]; then
	mkdir -p "/var/univention-backup"
	backupfile="/var/univention-backup/univention_license_replaced_at_$(date +%Y_%m_%d_%H_%M_%S)"
	echo "Backing up old license to $backupfile"

	umask 0077
	touch "$backupfile"
	chmod 0600 "$backupfile"

	ldapsearch -xLLL -H "ldap://$ldap_master:$ldap_master_port" -ZZ -D "cn=admin,$ldap_base" -y /etc/ldap.secret cn=admin -b "cn=license,cn=univention,$ldap_base" | ldapsearch-wrapper > "$backupfile"

	ldapdelete -x -H "ldap://$ldap_master:$ldap_master_port" -ZZ -D "cn=admin,$ldap_base" -y /etc/ldap.secret "cn=admin,cn=license,cn=univention,$ldap_base"

	ldapadd -x -H "ldap://$ldap_master:$ldap_master_port" -ZZ -D "cn=admin,$ldap_base" -y /etc/ldap.secret -f "$file"
	ldapmodify -H "ldap://$ldap_master:$ldap_master_port" -ZZ -D "cn=admin,$ldap_base" -y /etc/ldap.secret <<__EOF__
dn: cn=admin,cn=license,cn=univention,$ldap_base
changetype: modify
add: univentionObjectIdentifier
univentionObjectIdentifier: $(python3 -c "import uuid; print(uuid.uuid4())")
__EOF__

	echo "Replaced license."
elif [ "$rv" != 0 ] && [ "$rv" != 89 ]; then
	echo "$err" >&2
	exit 1
else
	echo "Added license."
fi
