#!/bin/sh

KDC_CONF="/var/lib/kerberos/krb5kdc/kdc.conf"

_()
{
LANG=${in_language%%;*}.utf8 gettext "alterator-kerberos" "$1"
}

read_realm()
{
    sed -rn '/^\[realms\]$/,+1 {s,^[[:space:]]*([^[:space:]]+)[[:space:]]*=.*$,\1,;p}' "$KDC_CONF" |
	tail -n1
}

list_principals()
{
    local realm="$(read_realm)"
    kadmin.local -q 'list_principals' -r "$realm" |
	sed -nr '2,$ p'|
	sed "s,@$realm$,,"
}

#turn off auto expansion
set -f

. /usr/share/alterator/build/backend3.sh

on_message()
{
	case "$in_action" in
		constraints)
			echo '('
			local required="$([ "$in_orig_action" = "new" ] && echo "#t" || echo "#f")"
			printf 'name (required #t label "%s" match ("^[a-zA-Z0-9/]+$" "%s"))' \
					"`_ "Principal"`" \
					"`_ "should be only small latin letters and digits"`"
			printf 'passwd1 (required %s equal passwd2 label "%s")' \
					"$required" \
					"`_ "Password"`"
			printf 'passwd2 (required %s)' \
					"$required"
			echo ')'
			;;
		list)
			echo '('
			list_principals| 
			    egrep -v "(^K/M$|^kadmin/.*$|^krbtgt/$(read_realm))"|
			    sed 's,.*,("&"),'
			echo ')'
			;;
		read)
			echo '()'
			;;
		write)
			[ -n "$in_passwd1" ] &&
			    kadmin.local -r "$(read_realm)" -q "change_password -pw \"$in_passwd1\" $in__objects" >&2
			echo '()'
			;;
		new)
			[ -n "$in_name" -a -n "$in_passwd1" ] &&
			    if list_principals|grep -qs "$in_name" ;then
				printf '(error "%s")' "`_ "Same principal already exists"`"
			    else
				kadmin.local -r "$(read_realm)" -q "add_principal -pw \"$in_passwd1\" $in_name" >&2
		    	    fi
			echo '()'
			;;
		delete)
			kadmin.local -r "$(read_realm)" -q "delete_principal -force $in__objects" >&2
			echo '()'
			;;
		*)
			echo '#f'
			;;
	esac
}

message_loop
