#!/bin/sh
#
# Fake remctl backend for WebKDC user information queries.  Usually just
# returns a stock XML file from the data/xml directory based on the command
# given, but also embeds various logic to manipulate that file based on
# parameters passed by the test suite.  Assumes that $SOURCE is set in the
# environment to the root of the tests directory in the source.
#
# Written by Russ Allbery <eagle@eyrie.org>
# Copyright 2011, 2012, 2013, 2014
#     The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.

set -e

cd "$SOURCE"
. "${SOURCE}/tap/libtap.sh"

# Verify that the front-end passed the correct data and determine the XML
# directory to use for responses.
if [ "$1" = "webkdc-userinfo" ] ; then
    dir=info
    if [ "$3" != "127.0.0.1" ] ; then
        echo "invalid IP address $3" >&2
        exit 1
    fi
    if [ "$5" != "0" ] && [ "$5" != "1" ] ; then
        echo "invalid random flag $5" >&2
        exit 1
    fi
    if [ -z "$6" ] ; then
        echo 'missing return URL' >&2
        exit 1
    fi
elif [ "$1" = "webkdc-validate" ] ; then
    dir=validate
    if [ "$3" != "127.0.0.1" ] ; then
        echo "invalid IP address $3" >&2
        exit 1
    fi
else
    echo "invalid command $1" >&2
    exit 1
fi

# If the user is "delay", then sleep for three seconds and then exit with an
# error.
if [ "$2" = "delay" ] ; then
    sleep 3
    echo "unknown user $2" >&2
    exit 1
fi

# See if the file exists, and if so, return it.
if [ -f "data/xml/$dir/$2.xml" ] ; then
    if [ "$1" = "webkdc-userinfo" ] ; then
        # Return multifactor-required for user random for random multifactor.
        if [ "$5" = "1" ] && [ "$2" = "random" ] ; then
            cat "data/xml/$dir/$2.xml" \
                | sed 's%<max%<multifactor-required /><max%'
            exit $?

        # Return the restricted data if the URL is a restricted URL.
        elif [ "$6" = "https://example.com/restrict/" ] ; then
            exec cat "data/xml/$dir/restrict.xml"

        # Return multifactor required for user factor if there's no device
        # factor.
        elif [ "$2" = "factor" ] ; then
            case "$7" in
                *d*)
                    exec cat "data/xml/$dir/$2.xml"
                    ;;
                *)
                    required="<required-factors><factor>m</factor>"
                    required="${required}</required-factors>"
                    cat "data/xml/$dir/$2.xml" \
                        | sed "s%<max%${required}<max%"
                    exit $?
                    ;;
            esac

        # Otherwise, just return the file verbatim.
        else
            exec cat "data/xml/$dir/$2.xml"
        fi
    elif [ "$1" = "webkdc-validate" ] ; then
        if [ "$4" != "123456" ] ; then
            exec cat "data/xml/$dir/fail.xml"
        else
            exec cat "data/xml/$dir/$2.xml"
        fi
    fi

# Otherwise, see if the user matches our Kerberos configuration.  If so, send
# the additional.xml data with the user replaced by the Kerberos user.
else
    passfile=`test_file_path config/password`
    if [ -n "$passfile" ] ; then
        krbuser=`head -1 "$passfile"`
        if [ "$2" = "$krbuser" ] ; then
            cat "data/xml/$dir/additional.xml" \
                | sed "s/\"additional\"/\"$krbuser\"/"
            exit $?
        fi
    fi
    echo "unknown user $2" >&2
    exit 1
fi
