#!/bin/sh
# /sbin/pamconfig - Adds appropriate entries to /etc/pam.conf
# Unless otherwise specified, takes defaults for each service type
# from the appropriate "DEFAULT" (case-sensitive) entry in /etc/pam.conf.
# Only adds entries if *no* entries for the service type exist yet.
# When asked to remove a service type, comments it out.

# This script is made obsolete by pam-0.56, and the pamconfig
# package can be removed if the command
#   rpm -q --whatrequires pamconfig
# finds no packages that require pamconfig

usage ()
{
	if [ ! -z "$1" ] ; then
		echo $1 1>&2
	fi
	echo 'usage: /sbin/pamconfig --remove --service=<service>'
	exit 1
}

while [ ! -z "$1" ] ; do
  case $1 in
    --add)
	action=add
	;;
    --remove)
	action=remove
	;;
    --service*)
	service=$(echo $1 | sed 's/--service=//')
	;;
    --authlist*)
	authlist=$(echo $1 | sed 's/--authlist=//')
	;;
    --acctlist*)
	acctlist=$(echo $1 | sed 's/--acctlist=//')
	;;
    --password*)
	password=$(echo $1 | sed 's/--password=//')
	;;
    --sesslist*)
	sesslist=$(echo $1 | sed 's/--sesslist=//')
	;;
    *)
	usage
	;;
  esac
  shift
done

if [ -z "$action" ] ; then
	usage "Need to specify --remove"
fi
if [ -z "$service" ] ; then
	usage "Need to specify --service=<service>"
fi

if [ "$action" = add ] ; then
	# we no longer support adding
	echo 'pamconfig: --add no longer supported.
          '"$service needs updated pam support for /etc/pam.d/ directory" 1>&2
	exit 1
else
	# action must be remove
        # comment the sucker out...
	cp /etc/pam.conf /tmp/pam$$.tmp
	awk 'tolower($1) ~ /^'"$service"'$/ { sub("^", "#") }
	    { print }' < /etc/pam.conf > /tmp/pam$$.tmp && \
	  mv /tmp/pam$$.tmp /etc/pam.conf
        rm -f /tmp/pam$$.tmp
fi

exit 0