description="The Shadow package contains programs for handling passwords in a secure way."
url="http://shadow.pld.org.pl/"

packager="Grat-OS Team"
maintainer="Grat-OS Team"

name=shadow
version=4.15.1
release=1

source=(https://github.com/shadow-maint/shadow/releases/download/$version/shadow-$version.tar.xz)

build() {
  cd shadow-$version

  sed -i 's/groups$(EXEEXT) //' src/Makefile.in

  sed -i 's/bin_PROGRAMS   = groups login/bin_PROGRAMS   = login/' src/Makefile.am

  find man -name Makefile.in -exec sed -i 's/groups\.1 / /'   {} \;
  find man -name Makefile.in -exec sed -i 's/getspnam\.3 / /' {} \;
  find man -name Makefile.in -exec sed -i 's/passwd\.5 / /'   {} \;

  sed -e 's@#ENCRYPT_METHOD DES@ENCRYPT_METHOD SHA512@' \
      -e 's@#\(SHA_CRYPT_..._ROUNDS 5000\)@\100@'       \
      -e 's@/var/spool/mail@/var/mail@'                 \
      -e '/PATH=/{s@/sbin:@@;s@/bin:@@}'                \
      -i etc/login.defs
  
  autoreconf -fiv

  ./configure --sysconfdir=/etc \
              --without-libbsd \
              --with-group-name-max-length=32

  make
  make -C man DESTDIR=$PKG install-man
  make exec_prefix=/usr DESTDIR=$PKG install

  # sed -i 's/yes/no/' $PKG/etc/default/useradd
  # sed -i 's/GROUP/# GROUP/' $PKG/etc/default/useradd
  # mv -v $PKG/usr/bin/passwd $PKG/bin
  #
  # Following sed comment appropriate lines in etc/login.defs, and stop login
  # from performing these functions. First backup the etc/login.defs
  install -v -m644 $PKG/etc/login.defs{,.orig}
  for FUNCTION in FAIL_DELAY FAILLOG_ENAB \
                  LASTLOG_ENAB \
                  MAIL_CHECK_ENAB \
                  OBSCURE_CHECKS_ENAB \
                  PORTTIME_CHECKS_ENAB \
                  QUOTAS_ENAB \
                  CONSOLE MOTD_FILE \
                  FTMP_FILE NOLOGINS_FILE \
                  ENV_HZ PASS_MIN_LEN \
                  SU_WHEEL_ONLY \
                  CRACKLIB_DICTPATH \
                  PASS_CHANGE_TRIES \
                  PASS_ALWAYS_WARN \
                  CHFN_AUTH ENCRYPT_METHOD \
                  ENVIRON_FILE
  do
      sed -i "s/^${FUNCTION}/# &/" $PKG/etc/login.defs
  done

  #
  # Configuration files for pam
  mkdir -pv $PKG/etc/pam.d

  cat > $PKG/etc/pam.d/login << "EOF"
# Begin /etc/pam.d/login

# Set failure delay before next prompt to 3 seconds
auth      optional    pam_faildelay.so  delay=3000000

# Check to make sure that the user is allowed to login
auth      requisite   pam_nologin.so

# Check to make sure that root is allowed to login
# Disabled by default. You will need to create /etc/securetty
# file for this module to function. See man 5 securetty.
#auth      required    pam_securetty.so

# Additional group memberships - disabled by default
#auth      optional    pam_group.so

# include the default auth settings
auth      include     system-auth

# check access for the user
account   required    pam_access.so

# include the default account settings
account   include     system-account

# Set default environment variables for the user
session   required    pam_env.so

# Set resource limits for the user
session   required    pam_limits.so

# Display date of last login - Disabled by default
#session   optional    pam_lastlog.so

# Display the message of the day - Disabled by default
#session   optional    pam_motd.so

# Check user's mail - Disabled by default
#session   optional    pam_mail.so      standard quiet

# include the default session and password settings
session   include     system-session
password  include     system-password

# End /etc/pam.d/login
EOF

  cat > $PKG/etc/pam.d/passwd << "EOF"
# Begin /etc/pam.d/passwd

password  include     system-password

# End /etc/pam.d/passwd
EOF

  cat > $PKG/etc/pam.d/su << "EOF"
# Begin /etc/pam.d/su

# always allow root
auth      sufficient  pam_rootok.so
auth      include     system-auth

# include the default account settings
account   include     system-account

# Set default environment variables for the service user
session   required    pam_env.so

# include system session defaults
session   include     system-session

# End /etc/pam.d/su
EOF

  cat > $PKG/etc/pam.d/chage << "EOF"
#Begin /etc/pam.d/chage

# always allow root
auth      sufficient  pam_rootok.so

# include system defaults for auth account and session
auth      include     system-auth
account   include     system-account
session   include     system-session

# Always permit for authentication updates
password  required    pam_permit.so

# End /etc/pam.d/chage
EOF

  for PROGRAM in chfn chgpasswd chpasswd chsh groupadd groupdel \
    groupmems groupmod newusers useradd userdel usermod
  do
    install -v -m644 $PKG/etc/pam.d/chage $PKG/etc/pam.d/${PROGRAM}
    sed -i "s/chage/$PROGRAM/" $PKG/etc/pam.d/${PROGRAM}
  done

  # Replace the login and ressource limits file 
  if [ -f $PKG/etc/login.access ]; then
    mv -v $PKG/etc/login.access{,.NOUSE}
  fi
  if [ -f $PKG/etc/limits ]; then
    mv -v $PKG/etc/limits{,.NOUSE}
  fi
  # File conflict with coreutils, even the sed is properly done in the beginning
  rm $PKG/usr/share/man/man1/groups.1

}
