#!/bin/sh

pamdir=/etc/pam.d
pamcommon="login su sumac sumac.xauth fly-dm fly-dm-np xrdp-sesman"

install_pam_cap()
{
	awk 'BEGIN{ \
			is_cap_session=0; \
		} \
		{ \
			print $0; \
			if (is_cap_session == 0 && $1 ~ "@include" && $2 ~ "common-session") { \
				print "session required pam_parsec_cap.so"; \
				is_cap_session=1; \
			} \
		}' $1
}

uninstall_pam_cap()
{
	egrep -v 'pam_parsec_cap.so' $1
}

del()
{
	for cfg in $pamcommon; do
		if [ ! -w $pamdir/$cfg ]; then
			continue
		fi
		uninstall_pam_cap $pamdir/$cfg > $pamdir/$cfg.parsec
		mv $pamdir/$cfg.parsec $pamdir/$cfg
	done
}

add()
{
	for cfg in $pamcommon; do
		if [ ! -w $pamdir/$cfg ]; then
			continue
		elif grep -q 'pam_parsec_cap.so' $pamdir/$cfg; then
			echo -e "$0: has already been added into $pamdir/$cfg"
			continue
		fi
		install_pam_cap $pamdir/$cfg > $pamdir/$cfg.parsec
		mv $pamdir/$cfg.parsec $pamdir/$cfg
	done
}

fix()
{
	del
	add
}

case "$1" in
  add)
	add
	errcode=$?
	;;
  del)
	del
	errcode=$?
        ;;
  fix)
	fix
	errcode=$?
	;;
  *)
	echo "Usage: $0 {add|del|fix}" >&2
	exit 1
	;;
esac

exit $errcode
