#!/bin/sh

. /etc/control.d/functions

CONFIG1=/etc/pam.d/system-auth
CONFIG2=/etc/pam.d/system-auth-use_first_pass

new_summary "system authentication type"

system_auth_helpstring()
{
	case "$1" in
	local)
		echo "local authentication"
		;;
	ldap)
		echo "authentication via LDAP"
		;;
	krb5)
		echo "authentication via Kerberos 5"
		;;
	krb5_ccreds)
		echo "authentication via Kerberos 5 with local caching"
		;;
	*)
		echo "use $1 authentication method"
	esac
}

for f in $CONFIG1-*; do
	v="${f#$CONFIG1-}"
	# ignore *.rpmnew and *.rpmsave
	if [ -z "${v##*.rpmsave}" -o -z "${v##*.rpmnew}" ]; then
		continue
	fi

	# check whether both configuration file exist
	if [ ! -f "$CONFIG1-$v" -o ! -f "$CONFIG2-$v" ]; then
		continue
	fi

	new_help "$v" "$(system_auth_helpstring $v)"
done

REQUEST="$*"

case "$REQUEST" in
	help|'help '*)
		control_help "${REQUEST#help}"
		;;
	list)
		control_list
		;;
	summary)
		control_summary
		;;
	status)
		CURRENT="$(readlink -e "$CONFIG1")"
		CURRENT="${CURRENT#$CONFIG1-}"
		CURRENT="${CURRENT##/*}"
		echo "${CURRENT:-unknown}"
		;;
	*)
		if [ ! -f "$CONFIG1-$REQUEST" -o ! -f "$CONFIG2-$REQUEST" ]; then
			printf '%s: %s\n' "${0##*/}" "Invalid mode: $REQUEST" >&2
			exit 1
		fi
		ln -sf "${CONFIG1##*/}-$REQUEST" "$CONFIG1"
		ln -sf "${CONFIG2##*/}-$REQUEST" "$CONFIG2"
		;;
esac