#!/usr/bin/sh

get_new_pam_config_file() {
  #
  # Get configuration for sshd, service modules types auth and account
  #
  sshd_conf=`egrep "^[# ]*sshd[ ]+(auth|account)" /etc/pam.conf`
  if [ $? -ne 0 ]; then
    # No match found
    # sshd not explicitly configured.
    # Use passwd
    sshd_conf=`echo "omi    auth requisite          pam_authtok_get.so.1
omi    auth required           pam_dhkeys.so.1
omi    auth required           pam_unix_auth.so.1
omi    account requisite       pam_roles.so.1
omi    account required        pam_unix_account.so.1"`
  fi
  
  #
  # Substitute sshd with omi.
  #
  omi_conf=`echo "$sshd_conf" | sed "s/sshd/omi/g"`
  if [ $? -ne 0 ]; then
    echo "can't parse /etc/pam.conf"
    return 1
  fi
}

configure_pam_file() {
  #
  # First check if omi is already configured in pam.conf
  #
  grep -s "^[# ]*omi" /etc/pam.conf > /dev/null 2>&1
  if [ $? -eq 0 ]; then
    # Match found
    # Looks like omi is already configured
    echo "omi already configured"
    return 0
  fi
  
  get_new_pam_config_file 
  
  #
  # Write the final configuration to pam.conf
  #
  # copy file first and modify this copy, so in case of low disk space we preserve the original file
  cp /etc/pam.conf /etc/pam.conf.omi-copy && echo "# The configuration of omi is generated by the omi installer.
$omi_conf
# End of section generated by the omi installer.
" >> /etc/pam.conf.omi-copy
  if [ $? -ne 0 ]; then
    echo "can't update file /etc/pam.conf.omi-copy"
    rm -f /etc/pam.conf.omi-copy
    return 1
  fi
  # verify that complete file was written 
  grep "# End of section generated by the omi installer." /etc/pam.conf.omi-copy > /dev/null 2>&1
  if [ $? -ne 0 ]; then
    echo "can't update file /etc/pam.conf.omi-copy"
    rm -f /etc/pam.conf.omi-copy
    return 1
  fi
  # use move to substitute original file with verified copy
  mv /etc/pam.conf.omi-copy /etc/pam.conf
  if [ $? -ne 0 ]; then
    echo "can't replace /etc/pam.conf"
    return 1
  fi
}

get_new_pam_config_dir() {
  #
  # Get configuration for sshd, service modules types auth and account
  #
  sshd_conf=`egrep "(auth|account)" /etc/pam.d/sshd 2> /dev/null`
  if [ $? -ne 0 ]; then
    # No match found
    # sshd not explicitly configured.
    # Use passwd
    sshd_conf=`echo "auth requisite          pam_authtok_get.so.1
auth required           pam_dhkeys.so.1
auth required           pam_unix_auth.so.1
account requisite       pam_roles.so.1
account required        pam_unix_account.so.1"`
  fi
  
  omi_conf=$sshd_conf
}

configure_pam_dir() {
  #
  # First check if omi is already configured
  #
  if [ -f /etc/pam.d/omi ]; then
    # Match found
    # Looks like omi is already configured
    echo "omi already configured"
    return 0
  fi
  
  get_new_pam_config_dir 
  echo "#%PAM-1.0
# The configuration of omi is generated by the omi installer.
$omi_conf" > /etc/pam.d/omi
  if [ $? -ne 0 ]; then
    echo "can't create /etc/pam.d/omi"
    return 1
  fi
}

configure_pam() {
  #
  # Check if pam is configured with single
  # configuration file or with configuration
  # directory.
  #
  if [ -s /etc/pam.conf ]; then
    configure_pam_file 
  elif [ -d /etc/pam.d ]; then
    configure_pam_dir 
  else
    # No pam configuration.
    echo "PAM does not seem to be configured."
    echo "Checked both /etc/pam.conf and /etc/pam.d."
    return 1
  fi
  return 0
}

id=`./buildtool username`

if [ "$id" != "root" ]; then
    echo
    echo "************************************************************"
    echo "* Warning: PAM configuration not performed (requires root  *"
    echo "* privileges).                                             *"
    echo "************************************************************"
    echo
    exit 0
fi

configure_pam
exit 0