#!/bin/sh
#
# Turns on or off the nss-sysinit module db by editing the
# global PKCS #11 congiguration file. Displays the status.
#
# This script can be invoked by the user as super user.
# It is invoked at nss-sysinit post install time with argument on.
#
usage()
{
  cat <<EOF
Usage: setup-nsssysinit [on|off]
  on     - turns on nsssysinit
  off    - turns off nsssysinit
  status - reports whether nsssysinit is turned on or off
EOF
  exit $1
}

# validate
if [ $# -eq 0 ]; then
  usage 1 1>&2
fi

# the system-wide configuration file
p11conf="/etc/pki/nssdb/pkcs11.txt"
# must exist, otherwise report it and exit with failure
if [ ! -f $p11conf ]; then
  echo "Could not find ${p11conf}"
  exit 1
fi

# check if nsssysinit is currently enabled or disabled
sysinit_enabled()
{
  grep -q '^library=libnsssysinit' ${p11conf}
}

umask 022
case "$1" in
  [Oo][Nn])
    if sysinit_enabled; then 
      exit 0 
    fi
    sed -i \
	-e 's/^library=$/library=libnsssysinit.so/' \
	-e '/^NSS/s/\(Flags=internal\)\(,[^m]\)/\1,moduleDBOnly\2/' \
	${p11conf}
    ;;
  [Oo][Ff][Ff])
    if ! sysinit_enabled; then
      exit 0
    fi
    sed -i \
	-e 's/^library=libnsssysinit.so/library=/' \
	-e '/^NSS/s/Flags=internal,moduleDBOnly/Flags=internal/' \
	${p11conf}
    ;;
  status)
    echo -n 'NSS sysinit is '
    sysinit_enabled && echo 'enabled' || echo 'disabled'
    ;;
  *)
    usage 1 1>&2
    ;;
esac