#! /bin/sh

. /etc/control.d/functions-local-policy

CONFIG=/etc/sssd/sssd.conf

new_help disabled 'Do not update MACHINE ACCOUNT PASSWORD in the samba database when sssd updates the password'
new_help enabled 'Update MACHINE ACCOUNT PASSWORD in the samba database when sssd updates the password'
new_help default 'Do not update MACHINE ACCOUNT PASSWORD in the samba database when sssd updates the password'

new_subst default \
	'^\s*[#;]?\s*ad_update_samba_machine_account_password\s*=\s*([Tt][Rr][Uu][Ee]|[Ff][Aa][Ll][Ss][Ee])\s*' \
	's/^\s*[#;]\?\s*\(ad_update_samba_machine_account_password\)\s*=.*/; \1 = false/'

new_subst enabled \
	'^\s*ad_update_samba_machine_account_password\s*=\s*[Tt][Rr][Uu][Ee]\s*' \
	's/^\s*[#;]\?\s*\(ad_update_samba_machine_account_password\)\s*\=.*/\1 = true/'

new_subst disabled \
	'^\s*ad_update_samba_machine_account_password\s*=\s*[Ff][Aa][Ll][Ss][Ee]\s*' \
	's/^\s*[#;]\?\s*\(ad_update_samba_machine_account_password\)\s*=.*/\1 = false/'

new_summary 'If enabled, when SSSD renews the machine account password, it will also be updated in the samba database.'

check_default_sssd_ad_option "$CONFIG" "$*" "ad_update_samba_machine_account_password" "false" "enabled disabled default" || exit $?
control_subst_with_file_check "$CONFIG" "$*" "enabled disabled default"
