#!/bin/bash
. shell-config
if [ ! -f /etc/sysconfig/pw_krb_block ] ; then exit 0; fi;

CLUSTERMODE=$(shell_config_get "/etc/sysconfig/pw_krb_block" "cluster" "=")
BLOCKMODE=$(shell_config_get "/etc/sysconfig/pw_krb_block" "blockmode" "=")


if [ "$BLOCKMODE" == "permissive" ]; then
	logger "pw_krb_block checksum on postgresql database mismatch"
elif [ "$CLUSTERMODE" == "yes" ]; then
        systemctl stop postgresql
	logger "pw_krb_block checksum on postgresql database mismatch"
	logger "pw_krb_block stops database on this node"
elif [ "$BLOCKMODE" == "enforcing" ]; then
# disallow logins to a one-node installation	 
  TMPPRINC=$(mktemp)
  kadmin.local -q "listprincs */user@POSTGRESQL" >"$TMPPRINC"
  while read PRI
  do
    kadmin.local -q "modprinc -allow_tix $PRI"
  done <"$TMPPRINC"
  rm -f "$TMPPRINC"
  logger "pw_krb_block checksum on postgresql database mismatch"
  logger "pw_krb_block disabled user logins"
fi
