#!/bin/sh

RETVAL=0

change_nsswitch()
{
    sed -E 's/(passwd:.*) sss/\1/; s/(passwd:.*)/\1 sss/;' -i /etc/nsswitch.conf
    sed -E 's/(group:.*) sss/\1/; s/(group:.*)/\1 sss/;' -i /etc/nsswitch.conf
    sed -E 's/(shadow:.*) sss/\1/; s/(shadow:.*)/\1 sss/;' -i /etc/nsswitch.conf
    sed -E 's/(services:.*) sss/\1/; s/(services:.*)/\1 sss/;' -i /etc/nsswitch.conf
    sed -E 's/(netgroup:.*) sss/\1/; s/(netgroup:.*)/\1 sss/;' -i /etc/nsswitch.conf
    RETVAL=$?
    return $RETVAL
}

rollback_nsswitch()
{
    sed -E 's/(passwd:.*) sss/\1/;' -i /etc/nsswitch.conf
    sed -E 's/(group:.*) sss/\1/;' -i /etc/nsswitch.conf
    sed -E 's/(shadow:.*) sss/\1/;' -i /etc/nsswitch.conf
    sed -E 's/(services:.*) sss/\1/;' -i /etc/nsswitch.conf
    sed -E 's/(netgroup:.*) sss/\1/;' -i /etc/nsswitch.conf
    RETVAL=$?
    return $RETVAL
}

reexecute_daemon() {
    telinit_bin=/sbin/telinit
    systemctl_bin=/usr/bin/systemctl
    if sd_booted; then
        "$systemctl_bin" daemon-reexec
    else
        "$telinit_bin" u
    fi
    RETVAL=$?
    return $RETVAL
}

set_domain_group_mapping()
{
    groupadd -r localadmins 2>&1
    # Add domain groups by its name
    echo "Domain Users:users" >> /etc/role.d/domain.role
    echo "Domain Admins:localadmins" >> /etc/role.d/domain.role
    control libnss-role enabled
    RETVAL=$?
    return $RETVAL
}

rollback_domain_group_mapping()
{
    groupdel -f localadmins 2>&1
    rm -fr /etc/role.d/domain.role
    control libnss-role disabled
    RETVAL=$?
    return $RETVAL
}

control_system_auth_sss()
{
    control system-auth sss
    RETVAL=$?
    return $RETVAL
}

control_system_auth_local()
{
    control system-auth local
    RETVAL=$?
    return $RETVAL
}

enable()
{
    change_nsswitch
    control_system_auth_sss
    set_domain_group_mapping
    reexecute_daemon
    RETVAL=$?
    return $RETVAL
}

disable()
{
    rollback_nsswitch
    control_system_auth_local
    rollback_domain_group_mapping
    reexecute_daemon
    RETVAL=$?
    return $RETVAL
}

case "$1" in
    enable)
        enable
        ;;
    disable)
        disable
        ;;
    *)
        echo "${0##*/} {enable|disable}"
        RETVAL=1
esac

exit $RETVAL
