#!/bin/sh

supamfile=/etc/pam.d/su
supammodule="pam_su.so"

install_pam_su()
{
	sed -e "/include common-account/i account requisite $supammodule\\n" "$1"
}

uninstall_pam_su()
{
	sed -e "/$supammodule/,+1d" "$1"
}

del()
{
	if [ -w $supamfile ]; then
		uninstall_pam_su $supamfile > $supamfile.parsec
		mv $supamfile.parsec $supamfile
	fi
}

add()
{
	if grep -q "$supammodule" $supamfile; then
		echo "$0: has already been added into $supamfile"
	elif [ -w $supamfile ]; then
		install_pam_su $supamfile > $supamfile.parsec
		mv $supamfile.parsec $supamfile
	fi
}

fix()
{
	del
	add
}

case "$1" in
  add)
	add
	errcode=$?
	;;
  del)
	del
	errcode=$?
        ;;
  fix)
	fix
	errcode=$?
	;;
  *)
	echo "Usage: $0 {add|del|fix}" >&2
	exit 1
	;;
esac

exit $errcode
