#!/bin/bash


#Preupgrade Assistant performs system upgradability assessment
#and gathers information required for successful operating system upgrade.
#Copyright (C) 2013 Red Hat Inc.
#Pavel Reichl <preichl@redhat.com>
#
#This program is free software: you can redistribute it and/or modify
#it under the terms of the GNU General Public License as published by
#the Free Software Foundation, either version 3 of the License, or
#(at your option) any later version.
#
#This program is distributed in the hope that it will be useful,
#but WITHOUT ANY WARRANTY; without even the implied warranty of
#MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#GNU General Public License for more details.
#
#You should have received a copy of the GNU General Public License
#along with this program.  If not, see <http://www.gnu.org/licenses/>.
. /usr/share/preupgrade/common.sh
check_applies_to "sssd"
#END GENERATED SECTION

check_root

function solution() {
    printf '%s\n\n' "$@" >> "$SOLUTION_FILE" || exit_error
}

function check_problematic_option() {
    MATCH=$(grep -o -i -z "${2}" "${1}")
    if [ "$MATCH" != "" ]; then
        solution "The ${1} configuration file contains a problematic \
option '$MATCH'."
        return 0
    else
        return 1
    fi
}

PROBLEMATIC_OPT_FOUND=0
CONF_FILE='/etc/sssd/sssd.conf'


if [ ! -e "$CONF_FILE" ]; then
    solution "The $CONF_FILE configuration file is missing on the source system."
    exit_not_applicable
fi

# backup config file
mkdir -p $VALUE_TMP_PREUPGRADE/$(dirname $CONF_FILE)
cp $CONF_FILE $VALUE_TMP_PREUPGRADE$CONF_FILE

check_problematic_option "${CONF_FILE}" "\bkrb5_ccachedir\b" && PROBLEMATIC_OPT_FOUND=1
check_problematic_option "${CONF_FILE}" "\bkrb5_ccname_template[[:space:]]*=[[:space:]]*DIR:" && PROBLEMATIC_OPT_FOUND=1

if [ "$PROBLEMATIC_OPT_FOUND" == "1" ]; then
    solution 'The Kerberos provider is no longer able to create public directories when evaluating the krb5_ccachedir option. This is a change incompatible with earlier versions. The system administrator should create public directories with the correct permissions so that they allow the authentication daemon to create user directories as private only.'
    exit_informational
fi

exit_pass
