#!/bin/bash
#
# Update both dbm (old style) and sql type nssdb files in users' homedirs.
#

set -e

BASE_HOME=/skole/tjener
for dir in "$BASE_HOME"/*/*; do
    # Skip if not a directory
    test -d "$dir" || continue

    # Extract username and check existence
    username=${dir##*/}
    id "$username" >/dev/null || continue

    if [ -d "$dir/.mozilla/firefox/debian-edu.default" ] ; then
        su - $username sh -c 'certutil  -A -d sql:$HOME/.mozilla/firefox/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt'
        su - $username sh -c 'certutil  -A -d dbm:$HOME/.mozilla/firefox/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt'
    fi
    if [ -d "$dir/.thunderbird/debian-edu.default" ] ; then
        su - $username sh -c 'certutil  -A -d sql:$HOME/.thunderbird/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt'
        su - $username sh -c 'certutil  -A -d dbm:$HOME/.thunderbird/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt'
    fi
    if [ -d "$dir/.pki/nssdb" ] ; then
        su - $username sh -c 'certutil  -A -d sql:$HOME/.pki/nssdb/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt'
    fi
    logger -t update-cert-dbs "Updated nssdb files for user $username in $dir"
done
