#!/bin/bash
###########################################
# DESY HTCondor Config                    #
###########################################

DEBUGFILE=/tmp/htckrb5debug.$USER

# UNCOMMENT THE LINE BELOW TO ENABLE DEBUGGING:
#touch $DEBUGFILE



##
## You should not need to modify anything below here unless
## you are overriding the auto-detected values and are sure
## that is what you want to do!
##

# for debugging, if it is enabled
COMMAND=$0
CCDIR="$*"

# debug function.  will only log if the log already exists.
logging () {
if [[ -f $DEBUGFILE ]]; then
    DATE=$(date +'%T %x')
    echo "$DATE $COMMAND $CCDIR $1" >> $DEBUGFILE
fi
}


# this is needed to bootstrap and find most other values
CCV=`which condor_config_val`
if [[ $CCV ]]; then
        logging "found condor_config_val $CCV"
else
        logging "couldn't find condor_config_val"
        exit 1
fi


# this will tell us where condor_aklog lives
CONDOR_SBIN=`condor_config_val SBIN`
if [[ $CONDOR_SBIN ]]; then
        logging "found CONDOR_SBIN $CONDOR_SBIN"
else
        logging "couldn't find CONDOR_SBIN"
        exit 1
fi


# make sure the environment variable is set
if [[ $KRB5CCNAME ]]; then
        logging "using KRB5CCNAME $KRB5CCNAME"
else
        # assume the default:  /tmp/krb5cc_<uid>
        KRB5CCNAME="/tmp/krb5cc_"
        KRB5CCNAME+=`id -u`
        # add to the environment for condor_aklog
        export KRB5CCNAME
        logging "KRB5CCNAME not set, using default $KRB5CCNAME"
fi


# make sure the credential cache exists where KRB5CCNAME says it does
if [[ -f ${KRB5CCNAME#FILE:} ]]; then
        logging "$KRB5CCNAME exists"
else
        logging "$KRB5CCNAME doesn't exist!"
        exit 1
fi


# we don't use this ourself but condor_aklog will fail so check it now
KL=`which klist`
if [[ $KL ]]; then
        logging "found klist $KL"
else
        logging "couldn't find klist"
        exit 1
fi


# we don't use this ourself but condor_aklog will fail so check it now
PRINCE=`klist 2>/dev/null | grep rincipal:`
if [[ $PRINCE ]]; then
        logging "using $PRINCE"
else
        logging "couldn't find user principal using klist"
        exit 1
fi


# make sure condor_aklog exists where we think it does
CONDOR_AKLOG=$CONDOR_SBIN/condor_aklog
if [[ -f $CONDOR_AKLOG ]]; then
        logging "$CONDOR_AKLOG exists"
else
        logging "$CONDOR_AKLOG doesn't exist!"
        exit 1
fi


# run condor_aklog and make sure it worked
if $CONDOR_AKLOG; then
	logging "successfully ran $CONDOR_AKLOG"
else
	logging "failed to run $CONDOR_AKLOG"
	exit 1
fi


# finally, produce the credential cache to stdout
CCFILE=${KRB5CCNAME#FILE:}
cat "$CCFILE"
logging "produced contents of $CCFILE"


# success!
exit 0

