# Copyright 1999-2004 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2


IUSE="pam openssl gmp libtomcrypt libtommath mpi cryptolib"

#inherit eutils libtool gnuconfig flag-o-matic

#FORCE_SYSTEMAUTH_UPDATE="no"

#SELINUX_PATCH="shadow-4.0.3-selinux.diff"

S="${WORKDIR}/${P}"
HOMEPAGE="http://srp.stanford.edu/"
DESCRIPTION="SRP is a secure password-based authentication and key-exchange protocol."
SRC_URI="http://srp.stanford.edu/source/${P}.tar.gz"

LICENSE="BSD"
SLOT="0"
KEYWORDS="~x86"

DEPEND=">=sys-libs/cracklib-2.7-r3
	pam? ( >=sys-libs/pam-0.75-r4 )
	openssl? ( >=dev-libs/openssl-0.9.5a )
	gmp? ( >=dev-libs/gmp-2.0.2 )
	libtomcrypt? ( >=dev-libs/libtomcrypt-0.83 )
	libtommath? ( >=dev-libs/libtommath-0.15 )
	mpi? ( >=mpi-1.8.6 )
	cryptolib? ( >=cryptolib-1.1 )"

RDEPEND=">=sys-libs/cracklib-2.7-r3
	pam? ( >=sys-libs/pam-0.75-r4 )
	openssl? ( >=dev-libs/openssl-0.9.5a )
	gmp? ( >=dev-libs/gmp-2.0.2 )
	libtomcrypt? ( >=dev-libs/libtomcrypt-0.83 )
	libtommath? ( >=dev-libs/libtommath-0.15 )
	mpi? ( >=mpi-1.8.6 )
	cryptolib? ( >=cryptolib-1.1 )"


pkg_preinst() {
	rm -f ${ROOT}/etc/pam.d/system-auth.new
}

src_unpack() {
	unpack ${A}

	cd ${S}

	epatch ${FILESDIR}/${P}-gentoo.patch
}

src_compile() {
	# Allows shadow configure detect mips systems properly
#	gnuconfig_update

#	elibtoolize

	local myconf=""
#	use pam \
#		&& myconf="${myconf} --with-pam" \
#		|| myconf="${myconf} --without-pam"
#	use openssl \
#		&& myconf="${myconf} --with-openssl=<path to openssl>"
#	use gmp \
#		&& myconf="${myconf} --with-gmp=<path to openssl>"
#	use tomcrypt \
#		&& myconf="${myconf} --with-tomcrypt=<path to openssl>"
#	use tommath \
#		&& myconf="${myconf} --with-tommath=<path to openssl>"
#	use mpi \
#		&& myconf="${myconf} --with-mpi=<path to openssl>"
#	use cryptolib \
#		&& myconf="${myconf} --with-cryptolib=<path to openssl>"


	./configure --with-srp \
		--enable-forward_x \
		--enable-fwdx_unix_sock \
		--prefix=/ \
		--includedir==/usr/include \
		--mandir=/usr/share/man \
		--host=${CHOST} \
		${myconf} || die "bad configure"

	# Parallel make fails sometimes
	emake || die "compile problem"
}

src_install() {
#	dodir /etc/default /etc/skel

	make prefix=${D} \
		exec_prefix=${D} \
		libdir=${D}/lib \
		includedir=${D}/usr/include \
		mandir=${D}/usr/share/man \
		infodir=${D}/usr/share/info \
		install || die "install problem"

#	make DESTDIR=${D} install || die

	# Do not install this login, but rather the one from
	# pam-login, as this one have a serious root exploit
	# with pam_limits in use.
#	use pam && rm ${D}/bin/login

#	mv ${D}/lib ${D}/usr
#	dosed "s:/lib':/usr/lib':g" /usr/lib/libshadow.la
#	dosym /usr/bin/newgrp /usr/bin/sg
#	dosym /usr/sbin/useradd /usr/sbin/adduser
#	dosym /usr/sbin/vipw /usr/sbin/vigr
	# Remove dead links
#	rm -f ${D}/bin/{sg,vipw}

#	insinto /etc
	# Using a securetty with devfs device names added
	# (compat names kept for non-devfs compatibility)
#	insopts -m0600 ; doins ${FILESDIR}/securetty
#	insopts -m0600 ; doins ${S}/etc/login.access
#	insopts -m0644 ; doins ${S}/etc/limits

	# needed for 'adduser -D'
#	insinto /etc/default
#	insopts -m0600
#	doins ${FILESDIR}/default/useradd
# From sys-apps/pam-login now
#	insopts -m0644 ; doins ${FILESDIR}/login.defs

	if [ `use pam` ] ; then
		insinto /etc/pam.d ; insopts -m0644
		for x in ${FILESDIR}/pam.d/*
		do
			[ -f ${x} ] && doins ${x}
		done
#		cd ${FILESDIR}/pam.d
		# Make sure /etc/pam.d/system-auth is the new version ..
#		mv ${D}/etc/pam.d/system-auth-1.1 ${D}/etc/pam.d/system-auth
#		newins system-auth system-auth.new || die
#		newins shadow chage
#		newins shadow chsh
#		newins shadow chfn
#		newins shadow useradd
#		newins shadow groupadd
	fi

    # login.defs for the login util

	cd ${S}/base/etc
	insinto /etc
	newins login.defs.linux login.defs

	# If we're using pam, then we don't need to install the standard utils
	if [ `use pam` ] ; then
		rm -f ${D}/bin/passwd
		rm -f ${D}/bin/login
		rm -f ${D}/bin/su
		rm -f ${D}/etc/login.defs
	fi

#	cd ${S}
	# The manpage install is beyond my comprehension, and
	# also broken. Just do it over.
#	rm -rf ${D}/usr/share/man/*

#	rm -f man/id.1 man/getspnam.3 man/passwd.5
#	for x in man/*.[0-9]
#	do
#		[ -f ${x} ] && doman ${x}
#	done

#	if [ ! `use pam` ] ; then
		# Dont install the manpage, since we dont use
		# login with shadow
#		rm -f ${D}/usr/share/man/man1/login.*
		# We use pam, so this is not applicable.
#		rm -f ${D}/usr/share/man/man5/suauth.*
#	fi

	cd ${S}
	dodoc CHANGES INSTALL README README.NIS
	cd ${S}/docs
	dodoc *

	# Fix sparc serial console
#	if [ "${ARCH}" = "sparc" -o "${ARCH}" = "" ]
#	then
		# ttyS0 and its devfsd counterpart (Sparc serial port "A")
#		dosed 's:\(vc/1\)$:tts/0\n\1:' /etc/securetty
#		dosed 's:\(tty1\)$:ttyS0\n\1:' /etc/securetty
#	fi
}

pkg_postinst() {
	use pam || return 0;

	ewarn "Pam installation is a two part process.  "
	ewarn "${ROOT}etc/pam.d/system-auth needs to be updated so that"
	ewarn "password changes will be reflected in the old shadow"
	ewarn "and new eps password files when they are changed."
	ewarn
	ewarn "When all passwords have been updated in the new"
	ewarn "password file, comment out the auth and password"
	ewarn "pam_unix.so lines and uncomment the auth pam_eps_auth.so line"
	ewarn
	ewarn "Please run /bin/tconf now to complete your setup."
	echo
}