#!/usr/bin/sh

. /etc/control.d/functions

CONFIG1=/etc/pam.d/system-auth
CONFIG2=/etc/pam.d/password-auth

new_subst pwquality \
	'^password\s+requisite\s+pam_pwquality\.so' \
	's,^password\s\+requisite\s\+pam_passwdqc.so config=/etc/passwdqc\.conf$,password    requisite     pam_pwquality\.so try_first_pass local_users_only retry=3 authtok_type=,'

new_subst passwdqc \
	'^password\s+requisite\s+pam_passwdqc.so config=/etc/passwdqc\.conf' \
	's,^password\s\+requisite\s\+pam_pwquality\.so.*$,password    requisite     pam_passwdqc.so config=/etc/passwdqc.conf,'

new_help pwquality 'Upstream pwquality password policy is in use'
new_help passwdqc 'Override passwdqc password policy is in use'

new_summary 'Password policy in use by PAM-aware programs'

if is_builtin_mode "$*"; then
	case "$*" in
	status|'')
		STATUS1="`control_subst "$CONFIG1" status`" || exit 1
		STATUS2="`control_subst "$CONFIG2" status`" || exit 1
		if [ -n "$STATUS1" -a "$STATUS1" = "$STATUS2" ]; then
			echo "$STATUS1"
		else
			echo "unknown"
		fi
		;;
	*)
		control_subst "$CONFIG1" "$*" || exit 1
		;;
	esac
else
	control_subst "$CONFIG1" "$*" || exit 1
	control_subst "$CONFIG2" "$*" || exit 1
fi
