#!/bin/zsh
#adduser script, must be run as root
# 2013 Jul 12 -benm@filewave.com - Updated to write to client log and a line 28 syntax error
# 2013 JUL 24 -benm@filewave.com - added quotes in line 25 to handle spaces in realnames
# 2014 Feb 21 - christiang@filewave.com - Update to allow creation of non-admin users
# 2020 Mar 06 - sean.holden@filewave.com - Provide user id options, changed to zsh
# 2023 Oct 30 - sean.holden@filewave.com - Converting dscl to sysadminctl (some commands cannot be converted)
exec 1>>/var/log/fwcld.log
exec 2>>/var/log/fwcld.log

# edit provided environment variables with desired values
# username - unix shortname (no spaces)
# realname - Long display name
# password - users password 
# group_id - users primary group id
# shell_type - e.g /bin/bash, /bin/zsh
# islocaladmin  - set user to be a local admin TRUE/FALSE
# is_hidden - set user to be an invisble account TRUE/FALSE
# id_choice - set to be a dedicated value [static_id] or find next available value [next_id]
# unique_id - For static_id used as the desired user id, for next_id starting id to test from
# end_id - for next_id, the end value of range of IDs to stop testing and if reached script will exit 1
# admin_user - shortname of an administrator for the device
# admin_password - password for the above administrator
# enable_secure_token - enable secure token for the new user TRUE/FALSE

#### don't edit below this line #####
id -u $username &>/dev/null

if [ $? -eq 0 ]
then
	echo "$username in use, exiting..."
	exit 1
fi

if [[ -z $unique_id ]]
then
	echo "No values supplied, please read KB"
	echo "Exiting..."
	exit 1
fi

case $id_choice in

	"static_id")
		id -F $unique_id &>/dev/null
		if [ $? -eq 0 ]
		then
			echo "User id in use: $unique_id"
			echo "Exiting..."
			exit 1
		fi
		;;
	"next_id")
		if [[ -z $end_id ]]
		then
			echo "No end value supplied, please read KB"
			echo "Exiting..."
			exit 1
		fi

		while [ $unique_id -le $end_id ]
		do
			id -F $unique_id &>/dev/null

			if [ $? -eq 0 ]
			then
				unique_id=$((unique_id + 1))

				if [ $unique_id -eq $((end_id + 1)) ]
				then
					echo "Reached id: $end_id"
					echo "No free user id found, exiting..."
					exit 1
				fi
			else
				break
			fi
		done 
		;;
	*)
		echo "Incorrect value supplied, please read KB.  Exiting..."
		exit 1
		;;
esac

#add the user, homedirectory, shell, etc.
echo "Creating local Account"
echo "USERNAME: $realname, USER_ID: $unique_id"

if [[ "$islocaladmin" == "TRUE" ]]
then
	echo "Enabling $username as admin"
	enable_admin_user="-admin"
fi

sysadminctl -addUser $username -fullName "$realname" -UID $unique_id -GID $group_id -shell $shell_type -password $password -home /Users/$username "$enable_admin_user"

if [[ "$enable_secure_token" == "TRUE" ]]
then
	echo "Enabling secure token"
	sysadminctl -adminUser $admin_user -adminPassword $admin_password -secureTokenOn $username -password $password
fi

# Below line will hide the newly created user from the login window and System Preferences -> Users & Groups. 
if [[ "$is_hidden" == "TRUE" ]]
then
	echo "Using dscl to hide user, sysadminctl does not have a hidden option"
	echo "Setting $realname as a hidden account"
	sudo dscl . create /Users/$username IsHidden 1
fi

exit 0
