#!/bin/bash
# Get an AFS token for the given user.
#
# This is used to deliver mail with the appropriate credentials.
#
# Usage:
#
# get-token $USER
# - If user is root, call this script as $USER
#
# get-token $USER norecurse
# - Don't recursively call this script, even if user if root

REALUSER=$(whoami)
USER=$1
LOGFILE=/tmp/exim4/get-token-log.$USER

if [ "$REALUSER" = "root" ]; then
    if [ -n "$2" ]; then
        echo "Error: running as root even after trying to change to $USER" \
            > $LOGFILE
        exit 1
    fi

    # Decide whether the user exists: getent returns 0 error code if so
    getent passwd "$USER" >/dev/null
    if [ $? -ne 0 ]; then
        echo "$USER is not a local user, so ignoring them"
        exit 1
    else
        exec su $USER -c "$0 $1 norecurse"
    fi
fi

# fuse stdin and stderr
exec 2>&1

# all future output goes to this file
exec >& $LOGFILE

# print name of user
echo "Running as user $REALUSER"

# set the credentials cache
export KRB5CCNAME=FILE:/tmp/exim4/krb5cc_$USER.email

# eliminate any previous tokens
kdestroy
unlog
KEYTAB=/etc/keytabs/user.daemon/$USER

# display command-to-be-invoked as a sanity check
echo kinit -kt $KEYTAB $USER/daemon@HCOOP.NET

kinit -kt $KEYTAB $USER/daemon@HCOOP.NET
aklog

# list tokens, for the sake of debugging
#tokens