#!/bin/bash
#
# kadmind      Start and stop the Kerberos 5 administrative server.
#
# description: Kerberos 5 is a trusted third-party authentication system.
#	       This script starts and stops the Kerberos 5 administrative
#              server, which should only be run on the master server for a
#              realm.
#
# processname: kadmind
#
# config: /etc/sysconfig/kadmin
#
# October 11, 2012, Michael Perzl (michael@perzl.org)
#

NAME=kadmin
PROG=${NAME}d

PROG_BIN=/opt/freeware/sbin/${PROG}

PIDFILE=/var/run/${NAME}/${PROG}.pid


# define some generic commands
AWK=/usr/bin/awk
CAT=/usr/bin/cat
ECHO=/usr/bin/echo
GREP=/usr/bin/grep
KILL=/usr/bin/kill
MKDIR=/usr/bin/mkdir
PRINTF=/usr/bin/printf
PS=/usr/bin/ps
RM=/usr/bin/rm
SLEEP=/usr/bin/sleep


# check for missing binaries (stale symlinks should not happen)
test -x ${PROG_BIN} ||
    {
      $ECHO "${PROG_BIN} not installed"
      if [ "$1" = "stop" ] ; then
          exit 0
      else
          exit 5
      fi
    }


# source config
if [ -r /etc/sysconfig/${NAME} ] ; then
    . /etc/sysconfig/${NAME}
fi


case "$1" in
    start)
        if [ -r ${PIDFILE} ]; then
            pid=`$CAT ${PIDFILE}`
            if [ "`$PS -ef | $GREP -v grep | $GREP ${PROG} | $GREP ${pid} | $AWK '{ print $2 }' | $GREP ${pid}`" = "${pid}" ] ; then
                $ECHO "Kerberos 5 Admin Server daemon is already running with PID ${pid}."
                exit 1
            else
                $RM -f ${PIDFILE}
            fi
        fi
        if [ ! -f /var/kerberos/krb5kdc/principal ] ; then
            # Make an educated guess -- if they're using kldap somewhere,
            # then we don't know for sure that this is an error.
            if ! grep -q 'db_library.*=.*kldap' /opt/freeware/etc/krb5.conf ; then
                $ECHO "Error: Default principal database does not exist."
                exit 1
            fi
        fi
        if [ -f /var/kerberos/krb5kdc/kpropd.acl ] ; then
            $ECHO "Error: This appears to be a slave server, found kpropd.acl"
            exit 6
        fi

        $PRINTF "Starting Kerberos 5 Admin Server daemon... "
        ## start daemon and write PID to file ${PIDFILE}
        $MKDIR -p /var/run/${NAME}
        ${PROG_BIN} -r ${KRB5REALM} -P ${PIDFILE} ${KADMIND_ARGS}
        $ECHO "done."
        ;;
    stop)
        $PRINTF "Stopping Kerberos 5 Admin Server daemon... "
        ## stop daemon
        if [ -r ${PIDFILE} ]; then
            $KILL -TERM `$CAT ${PIDFILE}`
            $RM -f ${PIDFILE}
        fi
        $ECHO "done."
        ;;
    status)
        if [ -r ${PIDFILE} ]; then
            pid=`$CAT ${PIDFILE}`
            if [ "`$PS -ef | $GREP -v grep | $GREP ${PROG} | $GREP ${pid} | $AWK '{ print $2 }' | $GREP ${pid}`" = "${pid}" ] ; then
                $ECHO "Kerberos 5 Admin Server daemon is running with PID ${pid}."
            else
                $ECHO "Kerberos 5 Admin Server daemon is not running."
            fi
        else
            $ECHO "Kerberos 5 Admin Server daemon is not running."
        fi
        ;;
    condrestart)
        if [ -r ${PIDFILE} ]; then
            pid=`$CAT ${PIDFILE}`
            if [ "`$PS -ef | $GREP -v grep | $GREP ${PROG} | $GREP ${pid} | $AWK '{ print $2 }' | $GREP ${pid}`" = "${pid}" ] ; then
                $0 stop
	        $ECHO "Sleeping for 2 seconds for graceful kadmind shutdown ..."
                $SLEEP 2
                $0 start
            fi
        fi
        ;;
    restart)
	## stop the service and regardless of whether it was
	## running or not, start it again.
	$0 stop
	$ECHO "Sleeping for 2 seconds for graceful kadmind shutdown ..."
	$SLEEP 2
	$0 start
	;;
    reload)
        $PRINTF "Reopening Kerberos 5 Admin Server log file... "
        if [ -r ${PIDFILE} ]; then
            $KILL -HUP `$CAT ${PIDFILE}`
        fi
        $ECHO "done."
        ;;
    *)
	$ECHO "Usage: $0 {start|stop|status|condrestart|restart|reload}"
	exit 1
	;;
esac

