#!/bin/bash
set -eu

err() {
    ok=
    echo "$@"
}

if [ $# -eq 0 ]; then
    filter="objectClass=posixAccount"
else
    filter=
    for user; do
	filter="$filter(uid=$user)"
    done
    filter="(&(objectClass=posixAccount)(|$filter))"
fi

unset "${!l_@}"
while read attr value; do
    ok=t
    if [ -n "$attr" ]; then
	declare "l_${attr%:}=$value"
	continue
    fi

    read f_type f_data < <(hesinfo -- "$l_uid" filsys | sort -nk5,5) || :
    if [ -z "$f_type" ]; then
	err "$l_uid" "no_hesiod"
    elif [ "$f_type" = "ERR" ]; then
	err "$l_uid" "hesiod_err ERR $f_data"
    elif [ "$f_type" = "AFS" ]; then
	read f_path f_perm f_link z \
	    < <(echo "$f_data")
	[ "${l_homeDirectory#/disabled}" = "$f_path" ] || \
	    err "$l_uid" "hesiod_path $f_path (LDAP $l_homeDirectory)"
    else
	err "$l_uid" "wrong_hesiod $f_type"
    fi

    p_cell=
    case "$l_homeDirectory" in
	/afs/*)
	    p_cell="${l_homeDirectory#/afs/}"
	    p_cell="${p_cell%%/*}"
	    ;;
	/disabled/afs/*)
	    err "$l_uid" "disabled $l_homeDirectory"
	    l_homeDirectory="${l_homeDirectory#/disabled}"
	    p_cell="${l_homeDirectory#/afs/}"
	    p_cell="${p_cell%%/*}"
	    ;;
	/*)
	    err "$l_uid" "not_afs $l_homeDirectory"
	    ;;
	*)
	    err "$l_uid" "relative_home $l_homeDirectory"
	    ;;
    esac

    read v_vname v_vol v \
	< <(vos examine -noauth -id "$l_uidNumber" -cell "${p_cell#.}" 2>/dev/null) || :
    [ "$v_vol" = "$l_uidNumber" ] ||
	err "$l_uid" "no_vol ${p_cell#.} $l_uidNumber"

    if ! [ -d "$l_homeDirectory" ]; then
	if ! [ -e "$l_homeDirectory" ]; then
	    err "$l_uid" "no_home $l_homeDirectory"
	else
	    err "$l_uid" "not_dir $l_homeDirectory"
	fi
    else
	read c c_path c c c c_cell \
	    < <(fs whichcell -path "$l_homeDirectory" 2>/dev/null) || :
	[ "$c_path" = "$l_homeDirectory" ] || \
	    err "$l_uid" "no_cell $l_homeDirectory"
	[ "$c_cell" = "'${p_cell#.}'" ] || \
	    err "$l_uid" "wrong_cell $p_cell $l_homeDirectory $c_cell"

	read m_path m m m m m m m_vname \
	    < <(fs lsmount -dir "$l_homeDirectory" 2>/dev/null) || :
	[ "$m_path" = "'$l_homeDirectory'" ] || \
	    err "$l_uid" "no_mount $l_homeDirectory"

	case "$m_vname" in
	    "'#$v_vname'" | "'%$v_vname'" | "'#${p_cell#.}:$v_vname'" | "'%{p_cell#.}:$v_vname'")
		;;
	    *)
		m_vname2="${m_vname#\'[#%]}"
		m_vname2="${m_vname2%\'}"
		m_cell="${m_vname2%%:*}"
		[ "$m_cell" != "$m_vname2" ] || m_cell="${p_cell#.}"
		m_vname2="${m_vname2#*:}"
		read m_vname2 m_vol m \
		    < <(vos examine -noauth -id "$m_vname2" -cell "$m_cell" 2>/dev/null) || :
		err "$l_uid" "wrong_mount ${m_cell} $m_vname = $m_vol (${p_cell#.} $l_uidNumber = $v_vname)"
		;;
	esac
    fi

    if [ "$ok" = t ]; then
	err "$l_uid" "ok"
    fi

    unset "${!l_@}"
done < <(
    ldapsearch -LLL -x -D 'cn=Directory Manager' -y /etc/signup-ldap-pw \
        -b ou=People,dc=scripts,dc=mit,dc=edu "$filter" \
        uid uidNumber homeDirectory loginShell | \
        perl -0pe 's/\n //g;'
    )
