# --- T2-COPYRIGHT-BEGIN ---
# t2/package/*/pam/pam.conf
# Copyright (C) 2004 - 2025 The T2 SDE Project
# Copyright (C) 1998 - 2003 ROCK Linux Project
# SPDX-License-Identifier: GPL-2.0
# --- T2-COPYRIGHT-END ---

# pam/w3c needs temporary disc space
atstage native || export HOME=/tmp

# Install PAM libs in /lib so they are
# also available if /usr is not mounted.
#
libdir="/${libdir##*/}"
includedir="/$prefix/include/security"

var_append confopt ' ' --enable-dbm

# checking for prelude support
# pam is able to act as prelude sensor since version 0.79
if [ $stagelevel -ge 5 ] && pkginstalled libprelude; then
	pkgprefix -t libprelude
	var_append confopt ' ' --enable-prelude
	var_append CFLAGS   ' ' "-I$(pkgprefix includedir libprelude)"
	var_append LDFLAGS  ' ' "-L$(pkgprefix libdir libprelude)"
	export CFLAGS LDFLAGS
else
	var_append confopt ' ' --disable-prelude
fi

# Install default pam.d/* files (without them,
# nobody can log in on the system.. ;-)
#
install_pam_configs() {
	mkdir -p $root/etc/pam.d
	for x in $confdir/etc_pamd_*.txt; do
		file="`echo $x | sed -e 's,.*etc_pamd_,/etc/pam.d/,' -e s,.txt,,`"
		if [ ! -f $root$file ]; then
			cp -vf $x $root$file
		else
			touch $root$file
		fi
	done
}
hook_add postmake 5 "install_pam_configs"

# Outch: --disable-debug enables debugging...
#
var_remove confopt ' ' --disable-debug

pam_postmake() {
	# Install documentation
	(cd $root$docdir; tar -v $taropt `match_source_file -p '.*doc.*'`)

	# Allow unprivileged processes to check against passwords e.g. screen lockers
	chgrp shadow $root$sbindir/unix_chkpwd \
		&& chmod g+s $root$sbindir/unix_chkpwd
}
hook_add postmake 5 "pam_postmake"