#!/bin/bash
#
# Copyright 2005 Paul Blazejowski and Zach Borgerding <zborgerd@gmail.com>
# Copyright 2007 Dagmar d'Surreal
# Available under the terms of the GNU GPL.
#

NAME="pam"
VERSION="1.1.6"
REVISION="1"

PKG_SOURCEURL='https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-$VERSION.tar.bz2'

PKG_PATCH[0]="pam-1.1.x-edit-modules.patch"
PKG_PATCH[1]="pam-1.0.1-dropline-50-default.perms.patch"
# Not really "patches" here.  Just keeping the extra build stuff in the package.
PKG_PATCH[2]="https://fedorahosted.org/releases/p/a/pam-redhat/pam-redhat-0.99.10-1.tar.bz2"
PKG_PATCH[3]="config-util.5"
PKG_PATCH[4]="config-util.pamd"
PKG_PATCH[5]='rc.removestalelocks'
PKG_PATCH[6]="other.pamd"
PKG_PATCH[7]="system-auth.5"
PKG_PATCH[8]="system-auth.pamd"

. $DLG_ROOT/etc/config
. $DLG_ROOT/lib/dl-base

PKG_DISABLESMP="This is yet another package with questionable makefiles."
PKG_NEEDSTATIC="It goes without saying since we are building static binaries."

cflags -fstack-protector-all
cxxflags -fstack-protector-all
prepare

# This adds the extra modules that RedHat created, particularly pam_console
findpatch filename ${PKG_PATCH[2]}
if [ $? != 0 ]; then
	die "pam_console module couldn't be found."
fi
spewdo "cd $PKG_SRCROOT"
spewdo "tar xjf $filename"
spewdo "mv pam-redhat-0.99.10-1/pam_console modules/"

# Throw away the modules that we're simply not interested in.
for filename in tally2 selinux sepermit tty_audit; do
	spewdo "rm -rf $PKG_SRCROOT/modules/pam_$filename"
done

applypatch 0 1
applypatch 1 1

# Let's copy the PAM module README files to /usr/doc/pam-$VERSION/
createdir $PKG_STAGEROOT$PKG_PREFIX/doc/$NAME-$VERSION/
for readme in modules/pam_*/README ; do
	spewdo "cp -f ${readme} $PKG_STAGEROOT$PKG_PREFIX/doc/$NAME-$VERSION/README.`dirname ${readme} | sed -e 's|^modules/||'`"
done

analyzesource

# autoconf is needed due to our pacheroos
autoreconf
LDFLAGS="-L$PKG_SRCROOT" \
configure --libdir=/lib$LIBSUFFIX \
	--disable-selinux \
	--disable-prelude \
	--disable-audit \
	--localstatedir=/var \
	--enable-isadir=../../lib$LIBSUFFIX/security
make

# We need a config file for tests.
createdir /etc/pam.d
if [ ! -e /etc/pam.d/other ]; then
	no_config_existed="yes"
	cat > /etc/pam.d/other << EOF
auth     required       pam_deny.so
account  required       pam_deny.so
password required       pam_deny.so
session  required       pam_deny.so
EOF
fi
makecheck
if [ -n "$no_config_existed" ]; then
	rm -rf /etc/pam.d/other
	if [ -z "`ls -A /etc/pam.d`" ]; then
		removedir /etc/pam.d
	fi
fi

make install DESTDIR=$PKG_STAGEROOT LDCONFIG=""

# Forcibly strip binaries.
spewdo "strip -g $PKG_STAGEROOT/sbin/*"

# /sbin/unix_chkpwd has to be set setgid shadow, or else apps that use
# it, like xscreensaver, cannot auth when checking the password.
spewdo "chown root.shadow $PKG_STAGEROOT/sbin/unix_chkpwd"
spewdo "chmod 2755 $PKG_STAGEROOT/sbin/unix_chkpwd"

# /sbin/pam_timestamp_check needs to be setuid root, or it throws errors.
spewdo "chown root.root $PKG_STAGEROOT/sbin/pam_timestamp_check"
spewdo "chmod 4755 $PKG_STAGEROOT/sbin/pam_timestamp_check"

# Copy configs.
createdir $PKG_STAGEROOT/etc/pam.d
findpatch filename ${PKG_PATCH[6]}
spewdo "cp $filename $PKG_STAGEROOT/etc/pam.d/other"

findpatch filename ${PKG_PATCH[8]}
spewdo "cp $filename $PKG_STAGEROOT/etc/pam.d/system-auth"

findpatch filename ${PKG_PATCH[4]}
spewdo "cp $filename $PKG_STAGEROOT/etc/pam.d/config-util"

# Install man pages.
install -d -m 755 $PKG_STAGEROOT$PKG_PREFIX/man/man{3,5,8}
install -m 644 doc/man/*.3 $PKG_STAGEROOT$PKG_PREFIX/man/man3
install -m 644 doc/man/*.5 $PKG_STAGEROOT$PKG_PREFIX/man/man5
install -m 644 doc/man/*.8 $PKG_STAGEROOT$PKG_PREFIX/man/man8

# We'll make all of this prettier later on...  Copying over the module
# manfiles as well... There are no module man3's, so we won't bother.
install -m 644 modules/pam_*/*.5 $PKG_STAGEROOT$PKG_PREFIX/man/man5
install -m 644 modules/pam_*/*.8 $PKG_STAGEROOT$PKG_PREFIX/man/man8

# And a few we use for pam.d configs.
findpatch filename ${PKG_PATCH[3]}
findpatch filename0 ${PKG_PATCH[7]}
install -m 644 $filename $filename0 $PKG_STAGEROOT$PKG_PREFIX/man/man5

# Make sure every module subdirectory gave us a module. Yes, this is hackish.
for dir in modules/pam_* ; do
	if [ -d ${dir} ] ; then
        if ! ls -1 $PKG_STAGEROOT/lib$LIBSUFFIX/security/`basename ${dir}`*.so ; then
			echo ERROR `basename ${dir}` did not build a module.
                die "Module missing"
   	     fi
	fi
done

# Kill duplicate doc file sets.
spewdo "mv $PKG_STAGEROOT$PKG_PREFIX/share/doc/Linux-PAM/* $PKG_STAGEROOT$PKG_PREFIX/doc/$NAME-$VERSION"
removedir $PKG_STAGEROOT$PKG_PREFIX/share/doc

# Drop in the sysvinit script that will erase any stale lock files.
findpatch filename ${PKG_PATCH[5]}
sysvinitsetup $filename 345 00
chmod 755 $PKG_STAGEROOT$PKG_SYSCONFDIR/rc.d/${PKG_PATCH[5]}

# Remove the resulting kill links, since they're pointless.
rm -f $PKG_STAGEROOT$PKG_SYSCONFDIR/rc.d/rc?.d/K*

tidydocumentation
analyzebinaries
finalizepackage
packagize
cleanup
