#!/bin/bash

kerberos=0
while getopts ":k" opt; do
  case $opt in
    k) kerberos=1
  esac
done
shift $((OPTIND-1))

user="$1"; shift
if [ -z "$user" ]; then
  echo >&2 "Usage: become [-k] <user>"
  echo >&2 "Options: -k   Delegate Kerberos credentials even if target user is not root."
  exit 1
fi

PRINCIPAL=$(klist 2>/dev/null | sed -n 's/^Default principal: //p')
if [ -n "$DISPLAY" -a "${DISPLAY##localhost:}" = "$DISPLAY" ]; then
  COOKIE="$(xauth list $DISPLAY)"
fi
BECOME="$HOME/.become"
profile="$BECOME/$user"
[ -f "$profile" ] || profile="$BECOME/all"

file="$(mktemp)"
if [ -n "$file" ]; then
  exec 3>"$file"
  exec <"$file"
  rm "$file"

  echo >&3 "cd"
  echo >&3 "PROFILE_HOME='$HOME'"
  if [ -n "$PRINCIPAL" ]; then
    echo >&3 "PRINCIPAL='$PRINCIPAL'"
    if [ $kerberos = 1 ]; then
      ccname=$(klist 2>/dev/null | sed -n 's/^Ticket cache: FILE://p')
      if [ -f "$ccname" ]; then
        openssl=$(find_working openssl)
        if [ -n "$openssl" ]; then
          echo >&3 "KRB5OPENSSL='$openssl'"
          echo >&3 "KRB5BASE64='$($openssl enc -a -in $ccname)'"
        fi
      fi
    fi
  fi
  if [ -n "$DISPLAY" -a -n "$COOKIE" ]; then
    echo >&3 "xauth add $COOKIE"
  else
    echo >&3 "unset DISPLAY"
  fi

  echo >&3 2>/dev/null ". $HOME/.bash_profile"
  [ -f "$BECOME/all" ] && cat >&3 2>/dev/null "$BECOME/all"
  [ -f "$BECOME/$user" ] && cat >&3 2>/dev/null "$BECOME/$user"
fi

dir=$(dirname "$0")
[ "$dir" = "." ] && dir="$PWD"
exec sudo -H -u "$user" "$dir/became"
exit 111