#!/bin/sh

. /etc/control.d/functions

CONFIG1=/etc/pam.d/system-auth
CONFIG2=/etc/pam.d/system-auth-use_first_pass

new_summary 'system authentication type'

system_auth_helpstring()
{
	case "$1" in
	local)
		echo 'local authentication'
		;;
	ldap)
		echo 'authentication via LDAP'
		;;
	krb5)
		echo 'authentication via Kerberos 5'
		;;
	krb5_ccreds)
		echo 'authentication via Kerberos 5 with local caching'
		;;
	winbind)
		echo 'authentication via Winbind'
		;;
	*)
		echo "use $1 authentication method"
	esac
}

for f in $CONFIG1-*; do
	v="${f#$CONFIG1-}"
	# ignore backup files
	case "$v" in
		*.*|*~) continue;;
	esac

	# check whether both configuration file exist
	if [ ! -f "$CONFIG1-$v" -o ! -f "$CONFIG2-$v" ]; then
		continue
	fi

	new_help "$v" "$(system_auth_helpstring $v)"
done

REQUEST="$*"

case "$REQUEST" in
	help|'help '*)
		control_help "${REQUEST#help}"
		;;
	list)
		control_list
		;;
	summary)
		control_summary
		;;
	status)
		CURRENT="$(readlink -e "$CONFIG1")"
		CURRENT="${CURRENT#$CONFIG1-}"
		CURRENT="${CURRENT##/*}"
		echo "${CURRENT:-unknown}"
		;;
	*)
		if [ ! -f "$CONFIG1-$REQUEST" -o ! -f "$CONFIG2-$REQUEST" ]; then
			printf '%s: %s\n' "${0##*/}" "Invalid mode: $REQUEST" >&2
			exit 1
		fi
		ln -sf "${CONFIG1##*/}-$REQUEST" "$CONFIG1"
		ln -sf "${CONFIG2##*/}-$REQUEST" "$CONFIG2"
		;;
esac
