#!/bin/sh

sudopamfiles="/etc/pam.d/sudo /etc/pam.d/sudo-i"
sudopammodule="pam_sudo.so"

install_pam_sudo()
{
	sed -e "3i account requisite $sudopammodule\\n" "$1"
}

uninstall_pam_sudo()
{
	sed -e "/$sudopammodule/,+1d" "$1"
}

del()
{
	for sudopamfile in $sudopamfiles; do
		if [ -w "$sudopamfile" ]; then
			uninstall_pam_sudo "$sudopamfile" > "$sudopamfile".parsec
			mv "$sudopamfile".parsec "$sudopamfile"
		fi
	done
}

add()
{
	for sudopamfile in $sudopamfiles; do
		if grep -q "$sudopammodule" "$sudopamfile"; then
			echo "$0: has already been added into $sudopamfile"
		elif [ -w "$sudopamfile" ]; then
			install_pam_sudo "$sudopamfile" > "$sudopamfile".parsec
			mv "$sudopamfile".parsec "$sudopamfile"
		fi
	done
}

fix()
{
	del
	add
}

case "$1" in
  add)
	add
	errcode=$?
	;;
  del)
	del
	errcode=$?
        ;;
  fix)
	fix
	errcode=$?
	;;
  *)
	echo "Usage: $0 {add|del|fix}" >&2
	exit 1
	;;
esac

exit $errcode
