#!/bin/sh

KDC_PATH="/var/lib/kerberos/krb5kdc"
KDC_CONF="$KDC_PATH/kdc.conf"
KDC_ACL="$KDC_PATH/kadm5.acl"

_()
{
LANG=${in_language%%;*}.utf8 gettext "alterator-kerberos" "$1"
}

read_realm()
{
    sed -rn '/^\[realms\]$/,+1 {s,^[[:space:]]*([^[:space:]]+)[[:space:]]*=.*$,\1,;p}' "$KDC_CONF" |
	tail -n1
}

write_realm()
{
    sed -r "/^\[realms\]$/,+1 s,^[[:space:]]*[.A-Z0-9]+[[:space:]]*=,$1 =," -i "$KDC_CONF"
}

write_acl()
{
    sed -r "s,(\*/admin@)[A-Z0-9.-]+([[:space:]]*\*),\1$1\2," -i "$KDC_ACL"
}

#turn off auto expansion
set -f

. /usr/share/alterator/build/backend3.sh

on_message()
{
	case "$in_action" in
		constraints)
			echo '('
			printf 'realm (required #t label "%s" match ("^[A-Z][.A-Z0-9-]*$" "%s"))' \
					"`_ "Kerberos realm"`" \
					"`_ "should be only uppercase latin letters"`"
			printf 'passwd1 (required #t equal passwd2 label "%s")' \
					"`_ "Database password"`"
			printf 'passwd2 (required #t)'
			echo ')'
			;;
		read)
			printf '(realm "%s")' "$(read_realm)"
			;;
		write)
			if [ -n "$in_realm" -a -n "$in_passwd1" ];then
			    kdb5_util -r "$(read_realm)" destroy -f >&2
			    write_realm "$in_realm"
			    write_acl "$in_realm"
			    kdb5_util -r "$in_realm" create -s -P "$in_passwd1" >&2
			    service krb5kdc restart >&2
			    service kadmin restart >&2
			fi
			echo '()'
			;;
		*)
			echo '#f'
			;;
	esac
}

message_loop
