#
# Core Packages for Chakra, part of chakraos.org
#

pkgname=pam
pkgver=1.1.8
pkgrel=3
pkgdesc="PAM (Pluggable Authentication Modules) library"
arch=('x86_64')
license=('GPL2')
url="http://www.kernel.org/pub/linux/libs/pam/"
depends=('glibc' 'db' 'cracklib' 'libtirpc')
makedepends=('flex' 'w3m' 'docbook-xml>=4.4' 'docbook-xsl')
backup=(etc/security/{access.conf,group.conf,limits.conf,namespace.conf,namespace.init,pam_env.conf,time.conf} etc/pam.d/other etc/default/passwd etc/environment)
source=("https://fedorahosted.org/releases/l/i/linux-pam/Linux-PAM-$pkgver.tar.bz2"
        #http://www.kernel.org/pub/linux/libs/pam/library/Linux-PAM-$pkgver.tar.bz2
        "pam_unix2-glibc216.patch"
        # file below should have been at https://build.opensuse.org/package/show/Linux-PAM/pam-modules
        #"pam_unix2-2.9.1.tar.bz2" # actually now from Arch
        "ftp://ftp.archlinux.org/other/pam_unix2/pam_unix2-2.9.1.tar.bz2"
        pam-1.1.8-cve-2013-7041.patch
        pam-1.1.8-cve-2014-2583.patch
        other)
md5sums=('35b6091af95981b1b2cd60d813b5e4ee'
         'dac109f68e04a4df37575fda6001ea17'
         'da6a46e5f8cd3eaa7cbc4fc3a7e2b555'
         '653661bea920de3bb2713bb85b408bc2'
         '144ea8e2f9d49a0f4021027ca2c1558f'
         'ac4900287a767654a3e8d9251a43f5e4')
options=('!emptydirs')

prepare() {
  cd $srcdir/Linux-PAM-$pkgver
  # fix CVEs in pam
  patch -Np1 -i  "${srcdir}/pam-1.1.8-cve-2013-7041.patch"
  patch -Np1 -i  "${srcdir}/pam-1.1.8-cve-2014-2583.patch"

  # fix pam_unix2 building
  cd $srcdir/pam_unix2-2.9.1
  patch -Np1 -i "../pam_unix2-glibc216.patch"
}

build() {
  cd $srcdir/Linux-PAM-$pkgver
  ./configure --libdir=/usr/lib --sbindir=/usr/sbin
  make

  cd $srcdir/pam_unix2-2.9.1
  # modify flags to build against the pam compiled here, not a system lib.
  ./configure \
      CFLAGS="$CFLAGS -I$srcdir/Linux-PAM-$pkgver/libpam/include/" \
      LDFLAGS="$LDFLAGS -L$srcdir/Linux-PAM-$pkgver/libpam/.libs/" \
      --libdir=/usr/lib \
      --sbindir=/usr/sbin
  make
}

package() {
  cd $srcdir/Linux-PAM-$pkgver
  make DESTDIR=$pkgdir SCONFIGDIR=/etc/security install
  install -D -m644 ../other $pkgdir/etc/pam.d/other

  # build pam_unix2 module
  # source ftp://ftp.suse.com/pub/people/kukuk/pam/pam_unix2
  cd $srcdir/pam_unix2-2.9.1
  make DESTDIR=$pkgdir install

  # add the realtime permissions for audio users
  sed -i 's|# End of file||' $pkgdir/etc/security/limits.conf
  cat >>$pkgdir/etc/security/limits.conf <<_EOT
*               -       rtprio          0
*               -       nice            0
@audio          -       rtprio          65
@audio          -       nice           -10
@audio          -       memlock         40000
_EOT

  # fix some missing symlinks from old pam for compatibility
  cd $pkgdir/usr/lib/security
  ln -s pam_unix.so pam_unix_acct.so
  ln -s pam_unix.so pam_unix_auth.so
  ln -s pam_unix.so pam_unix_passwd.so
  ln -s pam_unix.so pam_unix_session.so

  # set unix_chkpwd uid
  chmod +s $pkgdir/usr/sbin/unix_chkpwd
}