#!/bin/bash
# Vexor wrapper around check_wmi_plus.pl
#
# Translates Vexor credential references (-c <id>) into a Check WMI Plus
# AUTHFILE on stdin/tmpfs and invokes the real plugin. All other args
# are passed through unchanged.
#
# Vexor credentials are stored as:
#   /etc/naemon/keys/cred_<id>.user   (USER, may be "DOMAIN/USER")
#   /etc/naemon/keys/cred_<id>.pw     (PASSWORD, raw bytes, no newline)
#   /etc/naemon/keys/cred_<id>.dom    (DOMAIN, optional)
#
# License: GPL-2.0-or-later (same as check_wmi_plus.pl)

set -u

PLUGIN=/opt/vexor/plugins/check_wmi_plus.pl
KEYS=/etc/naemon/keys

cred_id=""
args=()
while [ $# -gt 0 ]; do
  case "$1" in
    -c|--cred)
      cred_id="$2"; shift 2 ;;
    *)
      args+=("$1"); shift ;;
  esac
done

if [ -z "$cred_id" ]; then
  exec "$PLUGIN" "${args[@]}"
fi

USER_FILE="$KEYS/cred_${cred_id}.user"
PW_FILE="$KEYS/cred_${cred_id}.pw"
DOM_FILE="$KEYS/cred_${cred_id}.dom"

if [ ! -r "$PW_FILE" ]; then
  echo "WMI UNKNOWN - cannot read credential id=$cred_id (file: $PW_FILE)"
  exit 3
fi

USER="$(cat "$USER_FILE" 2>/dev/null | tr -d '\r\n')"
PASS="$(cat "$PW_FILE"   2>/dev/null)"
DOMAIN="$(cat "$DOM_FILE" 2>/dev/null | tr -d '\r\n')"

if [ -z "${USER:-}" ]; then
  echo "WMI UNKNOWN - empty username for credential id=$cred_id"
  exit 3
fi

AUTH=$(mktemp /dev/shm/vexor-wmi.XXXXXX) || AUTH=$(mktemp)
trap 'rm -f "$AUTH"' EXIT
chmod 0600 "$AUTH"
{
  printf 'username=%s\n' "$USER"
  printf 'password=%s\n' "$PASS"
  if [ -n "${DOMAIN:-}" ]; then
    printf 'domain=%s\n'  "$DOMAIN"
  fi
} > "$AUTH"

exec "$PLUGIN" -A "$AUTH" "${args[@]}"
