#!/bin/sh
#
# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# ident	"@(#)postinstall.tmpl	1.5	04/07/15 SMI"
#

#
# Copyright 2002 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
# ident	"@(#)proc.pam_install	1.1	02/09/16 SMI"
#
# proc.pam_install -- common code for pam.conf entry addition
#
# pam_init	: call before any other functions
# pam_add	: if the regular expression specified as argument 1
#		  does not match any line in pam.conf, add the lines
#		  provided on stdin to the file
# pam_undo	: call if rest of procedure script fails
# pam_fini	: call if rest of procedure script succeeds
#
# pam_init and pam_add will perform necessary clean-up and
# return a non-zero exit code on failure.

pamconf=${PKG_INSTALL_ROOT:-/}/etc/pam.conf
pamconfold=/tmp/pam.conf.$$

pam_init() {
	cat $pamconf > $pamconfold
	if [ $? -ne 0 ]; then
		echo "can't create $pamconfold"
		return 1
	fi
	return 0
}

pam_fini() {
	rm -f -- $pamconfold
	return 0
}

pam_undo() {
	cat $pamconfold > $pamconf
	pam_fini
}

pam_add() {
	grep -s "$1" $pamconf > /dev/null 2>&1 || cat >> $pamconf
	if [ $? -ne 0 ]; then
		echo "can't edit $pamconf"
		pam_undo
		return 1
	fi
	return 0
}

#
# update the pam.conf file
#

pam_init

# Delete the "acceptor" option everywhere

cat $pamconfold | \
	sed "s/acceptor//g" > $pamconf
if [ $? -ne 0 ]; then
	echo "can't edit $pamconf"
	pam_undo
	exit 1
fi

pam_add "^[#	]*ktelnet[	]*auth" << EOF
#
# Kerberized telnet service
#
ktelnet		auth	binding		pam_krb5.so.1
ktelnet		auth	required	pam_unix_auth.so.1
EOF
if [ $? -ne 0 ]; then
	exit 1
fi

pam_fini