%define _hardened_build 1

Name:           nss-pam-ldapd
Version:        0.9.9
Release:        5
Summary:        NSS and PAM libraries for name lookups and authentication using LDAP
License:        LGPLv2+
URL:            http://arthurdejong.org/nss-pam-ldapd/
Source0:        http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz
Source1:        http://arthurdejong.org/nss-pam-ldapd/nss-pam-ldapd-%{version}.tar.gz.sig
Source3:        nslcd.tmpfiles
Source4:        nslcd.service

Patch0001:      0001-Disable-pylint-tests.patch
Patch0002:      0002-Watch-for-uint32_t-overflows.patch

Patch9001:      Create-var-run-nslcd-socket-after-dropping-privilege.patch
Patch9002:      Fix-crash-in-chsh.ldap.patch

BuildRequires:  gcc, openldap-devel, krb5-devel, autoconf, automake, pam-devel, systemd-units
%{?systemd_requires}

Recommends:     nscd

Provides:       nss-ldapd = %{version}-%{release}
Provides:       nss_ldap = 265-12
Provides:       pam_ldap = 185-15

Obsoletes:      nss-ldapd < 0.7
Obsoletes:      nss_ldap < 265-11
Obsoletes:      pam_ldap < 185-15

%description
The nss-pam-ldapd package provides a Name Service Switch (NSS, nsswitch) module
that allows your LDAP server to provide user account, group, host name, alias,
netgroup, and basically any other information that you would normally get from
/etc flat files or NIS. It also provides a Pluggable Authentication Module (PAM)
to do identity and authentication management with an LDAP server on unix systems.

%package help
Summary: The help package for nss-pam-ldapd

%description help
This is the help package of nss-pam-ldapd which includes the man docs.

%prep
%autosetup -p1
autoreconf -f -i

%build
%configure --libdir=/%{_lib} \
           --disable-utils \
           --with-pam-seclib-dir=/%{_lib}/security
%make_build

%check
make check

%install
rm -rf $RPM_BUILD_ROOT
%make_install
mkdir -p $RPM_BUILD_ROOT/{%{_libdir},%{_unitdir}}
install -p -m644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir}/

ln -s libnss_ldap.so.2 $RPM_BUILD_ROOT/%{_lib}/libnss_ldap.so

sed -i -e 's,^uid.*,uid nslcd,g' -e 's,^gid.*,gid ldap,g' \
$RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
touch -r nslcd.conf $RPM_BUILD_ROOT/%{_sysconfdir}/nslcd.conf
mkdir -p -m 0755 $RPM_BUILD_ROOT/var/run/nslcd
mkdir -p -m 0755 $RPM_BUILD_ROOT/%{_tmpfilesdir}
install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT/%{_tmpfilesdir}/%{name}.conf

%pre
getent group  ldap  > /dev/null || \
/usr/sbin/groupadd -r -g 55 ldap
getent passwd nslcd > /dev/null || \
/usr/sbin/useradd -r -g ldap -c 'LDAP Client User' \
    -u 65 -d / -s /sbin/nologin nslcd 2> /dev/null || :

%post
/sbin/ldconfig
%systemd_post nslcd.service

%preun
%systemd_preun nslcd.service

%postun
/sbin/ldconfig
%systemd_postun_with_restart nslcd.service

%files
%doc AUTHORS ChangeLog COPYING HACKING NEWS README TODO
%{_sbindir}/*
/%{_lib}/*.so*
/%{_lib}/security/pam_ldap.so
%attr(0600,root,root) %config(noreplace) %verify(not md5 size mtime) /etc/nslcd.conf
%attr(0644,root,root) %config(noreplace) %{_tmpfilesdir}/%{name}.conf
%{_unitdir}/nslcd.service
%attr(0775,nslcd,root) /var/run/nslcd

%files help
%{_mandir}/*/*

%changelog
* Mon Apr 08 2019 yanghua<yanghua21@huawei.com> - 0.9.9-5
- Type:bugfix
- ID:NA
- SUG:restart
- DESC:Create /var/run/nslcd/socket after dropping privileges
       Fix crash in chsh.ldap

* Fri Mar 01 2019 openEuler Buildteam<buildteam@openeuler.org> - 0.9.9-4
- Package init