#!/bin/bash
#
# Univention samba backup
#  backup samba provision
#
# Like what you see? Join us!
# https://www.univention.com/about-us/careers/vacancies/
#
# Copyright 2014-2022 Univention GmbH
#
# https://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <https://www.gnu.org/licenses/>.
#
# Copyright (C) Matthieu Patou <mat@matws.net> 2010-2011
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.
#
# Revised 2013-09-25, Brian Martin, as follows:
#    - Allow retention period ("DAYS") to be specified as a parameter.
#    - Allow individual positional parameters to be left at the default
#      by specifying "-"
#    - Use IS0 8601 standard dates (yyyy-mm-dd instead of mmddyyyy).
#    - Display tar exit codes when reporting errors.
#    - Don't send error messages to /dev/null, so we know what failed.
#    - Suppress useless tar "socket ignored" message.
#    - Fix retention period bug when deleting old backups ($DAYS variable
#      could be set, but was ignored).

. /usr/share/univention-lib/backup.sh

display_help() {
	cat <<-EOL
		univention-samba4-backup: backups the samba provision directory

		Syntax:
		    univention-samba4-backup [options]

		Options:
		    --help|-h			display this message
		    --where|-w <DIR>		backup directory
		    --from-where|-f <DIR>	samba provision directory
		    --days|-d <INT>		retention period in days
	EOL
}

terminate_on_error() {
	>&2 echo "$*"
	exit 1
}

FROMWHERE=/var/lib/samba
WHERE=/var/univention-backup/samba
DAYS=""
DIRS="private sysvol"
WHEN="$(date +%Y-%m-%d)"
IGNORE_TDBS=()
IGNORE_TDBS+=(netlogon_creds_cli.tdb)

while [ $# -gt 0 ]; do
	case "$1" in
		"--from-where"|"-f")
			FROMWHERE="${2:?missing parameter for $1}"
                        shift 2 || exit 2
			;;
		"--where"|"-w")
			WHERE="${2:?missing parameter for $1}"
			shift 2 || exit 2
			;;
		"--days"|"-d")
			DAYS="${2:?missing parameter for $1}"
			[ $DAYS -eq $DAYS ] 2>/dev/null
			if [ ! $? -eq 0 ]; then
				display_help
				exit 1
			fi
			shift 2 || exit 2
			;;
		"--help"|"-h"|"-?")
			display_help
			exit 0
			;;
		*)
			display_help
			exit 1
			;;
	esac
done

if [ ! -d $WHERE ]; then
	terminate_on_error "Missing backup directory $WHERE"
fi

if [ ! -d $FROMWHERE ]; then
	terminate_on_error "Missing or wrong provision directory $FROMWHERE"
fi

cd $FROMWHERE
for d in $DIRS; do
	relativedirname=`find . -type d -name "$d" -prune`
	n=`echo $d | sed 's/\//_/g'`
	if [ "$d" = "private" ]; then
		for db in tdb ldb; do
			find $relativedirname -name "*.$db.bak" -exec rm {} \;
			for file in `find $relativedirname -name "*.$db"`; do
				ignore=false
				for i in ${IGNORE_TDBS[@]}; do
					test "$(basename $file)" = "$i" && ignore=true && break
				done
				if ! $ignore; then
					tdbbackup $file
					Status=$?
					if [ $Status -ne 0 ]; then
						terminate_on_error "Error while backing up $file with tdbbackup - status $Status"
					fi
				fi
			done
		done
		# Run the backup.
		#    --warning=no-file-ignored set to suppress "socket ignored" messages.
		#    --warning=no-file-changed set to suppress "file changed as we read it" messages.
		tar cjf ${WHERE}/samba4_${n}.${WHEN}.tar.bz2 \
			--exclude=smbd.tmp \
			--exclude=\*.ldb \
			--exclude=\*.tdb \
			--warning=no-file-ignored \
			--warning=no-file-changed \
			--transform 's/.ldb.bak$/.ldb/' \
			--transform 's/.tdb.bak$/.tdb/' \
			$relativedirname
		Status=$?
		if [ $Status -ne 0 -a $Status -ne 1 ]; then
			# Ignore 1 - private dir is always changing.
			terminate_on_error "Error while archiving ${WHERE}/samba4_${n}.${WHEN}.tar.bz2 - status = $Status"
		fi
		for db in tdb ldb; do
			find $relativedirname -name "*.$db.bak" -exec rm {} \;
		done
	else
		# Run the backup.
		#    --warning=no-file-ignored set to suppress "socket ignored" messages.
		#    --warning=no-file-changed set to suppress "file changed as we read it" messages.
		tar cjf ${WHERE}/${n}.${WHEN}.tar.bz2  $relativedirname \
			--warning=no-file-ignored \
			--warning=no-file-changed
		Status=$?
		if [ $Status -ne 0 -a $Status -ne 1 ]; then
			# Ignore 1 - sysvol may change
			terminate_on_error "Error while archiving ${WHERE}/${n}.${WHEN}.tar.bz2 - status = $Status"
		fi
	fi
done

clean_old_backups 'samba/\(samba4_\|sysvol\).*.bz2' "$DAYS"
