#!/bin/sh
#
# Dummy implementation of the WebAuth user information service for testing.
#
# This script is intended to be run under remctl and provides a dummy
# implementation of the WebAuth user information service.  It only supports
# the webkdc-validate subcommand.  It expects the following arguments:
#
#    username
#    ip
#    code
#    type (optional)
#    state (optional)
#
# but ignores everything other than the username and IP.  It returns a
# successful authentication if the username is "success" and the code is
# 123456, and an unsuccessful authentication in every other case.
#
# Written by Russ Allbery <rra@stanford.edu>
# Copyright 2013
#     The Board of Trustees of the Leland Stanford Junior University
#
# See LICENSE for licensing terms.

set -e

# Check that the correct subcommand was called.
if [ "$1" != 'webkdc-validate' ] ; then
    echo "Unknown subcommand $1" >&2
    exit 1
fi
shift

# Check number of arguments.
if [ -z "$3" ] ; then
    echo 'Too few arguments' >&2
    exit 1
fi
if [ -n "$6" ] ; then
    echo 'Too many arguments' >&2
    exit 1
fi

# Extract the username and code.
username="$1"
code="$3"

# Return success or failure.
if [ "$username" = 'success' ] && [ "$code" = '123456' ] ; then
    cat <<'EOF'
<authdata user="success">
  <success>yes</success>
  <factors>
    <expiration>1893484800</expiration>
    <factor>o</factor>
    <factor>o3</factor>
  </factors>
</authdata>
EOF
else
    echo "<authdata user=\"$username\"><success>no</success></authdata>"
fi
exit 0
