#!@l_prefix@/lib/openpkg/bash @l_prefix@/etc/rc
##
##  rc.kerberos -- Run-Commands
##

%config
    kerberos_enable="$openpkg_rc_def"
    kerberos_kdc_log="@l_prefix@/var/kerberos/log/krb5kdc.log"
    kerberos_kdc_prolog="true"
    kerberos_kdc_epilog="true"
    kerberos_kdc_numfiles="10"
    kerberos_kdc_minsize="1M"
    kerberos_kdc_complevel="9"
    kerberos_admin_log="@l_prefix@/var/kerberos/log/kadmin.log"
    kerberos_admin_prolog="true"
    kerberos_admin_epilog="true"
    kerberos_admin_numfiles="10"
    kerberos_admin_minsize="1M"
    kerberos_admin_complevel="9"
    kerberos_def_log="@l_prefix@/var/kerberos/log/krb5lib.log"
    kerberos_def_prolog="true"
    kerberos_def_epilog="true"
    kerberos_def_numfiles="10"
    kerberos_def_minsize="1M"
    kerberos_def_complevel="9"

%common
    krb5kdc_pidfile="@l_prefix@/var/kerberos/krb5kdc.pid"
    kadmind_pidfile="@l_prefix@/var/kerberos/kadmind.pid"
    krb5kdc_signal () {
        [ -f $krb5kdc_pidfile ] && kill -$1 `cat $krb5kdc_pidfile`
    }
    kadmind_signal () {
        [ -f $kadmind_pidfile ] && kill -$1 `cat $kadmind_pidfile`
    }

%status -u @l_susr@ -o
    kerberos_usable="no"
    kerberos_active="no"
    rcService kerberos enable yes && \
        krb5kdc_signal 0 && kadmind_signal 0 && kerberos_active="yes"
    echo "kerberos_enable=\"$kerberos_enable\""
    echo "kerberos_usable=\"$kerberos_usable\""
    echo "kerberos_active=\"$kerberos_active\""

%start -u @l_susr@
    rcService kerberos enable yes || exit 0
    rcService kerberos active yes && exit 0
    @l_prefix@/libexec/kerberos/krb5kdc -n &
    echo $! >$krb5kdc_pidfile
    @l_prefix@/libexec/kerberos/kadmind -nofork &
    echo $! >$kadmind_pidfile

%stop -u @l_susr@
    rcService kerberos enable yes || exit 0
    rcService kerberos active no && exit 0
    krb5kdc_signal TERM
    kadmind_signal TERM
    rm -f $krb5kdc_pidfile 2>/dev/null || true
    rm -f $kadmind_pidfile 2>/dev/null || true

%restart -u @l_susr@
    rcService kerberos enable yes || exit 0
    rcService kerberos active no && exit 0
    rc kerberos stop
    sleep 2
    rc kerberos start

%daily -u @l_susr@
    rcService kerberos enable yes || exit 0

    #   rotate logfiles
    rcTmp -i
    hintfile=`rcTmp -f -n hint`
    shtool rotate -f \
        -n ${kerberos_kdc_numfiles} -s ${kerberos_kdc_minsize} -d \
        -z ${kerberos_kdc_complevel} -o @l_susr@ -g @l_mgrp@ -m 644 \
        -P "${kerberos_kdc_prolog}" \
        -E "${kerberos_kdc_epilog}; echo 1 >$hintfile" \
        ${kerberos_kdc_log}
    shtool rotate -f \
        -n ${kerberos_admin_numfiles} -s ${kerberos_admin_minsize} -d \
        -z ${kerberos_admin_complevel} -o @s_susr@ -g @m_mgrp@ -m 644 \
        -P "${kerberos_admin_prolog}" \
        -E "${kerberos_admin_epilog}; echo 1 >$hintfile" \
        ${kerberos_admin_log}
    shtool rotate -f \
        -n ${kerberos_def_numfiles} -s ${kerberos_def_minsize} -d \
        -z ${kerberos_def_complevel} -o @l_susr@ -g @l_mgrp@ -m 644 \
        -P "${kerberos_def_prolog}" \
        -E "${kerberos_def_epilog}; echo 1 >$hintfile" \
        ${kerberos_def_log}
    if [ -s $hintfile ]; then
        rc kerberos restart
    fi
    rcTmp -k