#!/bin/sh
PATH=/bin:/usr/bin

uid=$(id -u "$PAM_USER")
lastlog_date=
[ -n "$uid" ] || exit
# local user
if [ "$uid" -le 4999 ]; then
	lastlog_date="$(LC_ALL=C lastlog -u $uid | grep -oE '(Mon|Tue|Wed|Thu|Fri|Sat|Sun) (Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec) [0-9]+.*')"
else
# fetch lastlog information from kerberos LDAP
	txt_record=$(host -t TXT _kerberos)
	[ -n "$txt_record" ] || exit
	dn=$(echo $txt_record | cut -d ' ' -f1|sed 's/^_kerberos./dc=/;s/\./,dc=/g')
	realm=$(echo $txt_record | cut -d\" -f2)
	base=krbPrincipalName=$PAM_USER@$realm,cn=$realm,cn=kerberos,ou=kdcroot,$dn

	lastlog_date="$(ldapsearch -LL -x -b $base krbLastSuccessfulAuth | 
	grep krbLastSuccessfulAuth | 
	cut -d' ' -f2 | 
	sed -r 's/^([0-9]{4})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})([0-9]{2})Z$/\1-\2-\3 \4:\5:\6Z/')"
fi
[ -n "$lastlog_date" ] && date +%s -d "$lastlog_date" > /var/cache/lastlog-notification/$uid ||:
