PACKAGES += cifs-utils libpam-mount libpam-script lightdm nis nscd samba-common-bin usermode libnss-nis

ifndef nis_server
  nis_server := nismaster
endif
ifndef nis_domain
  nis_domain := ${nis_server}
endif
ifndef smb_server
  smb_server := ${nis_server}
endif

define DEBCONF +=

nis	nis/domain	string	${nis_domain}
endef

export smb_nis_pamscript smb_nis_pammount

define smb_nis_pamscript :=
#!/bin/sh

# forced through bash, to hide euid from smbpasswd
/bin/bash -c '
  printf "%s\n" "$$PAM_OLDAUTHTOK" "$$PAM_AUTHTOK" "$$PAM_AUTHTOK" \
  | smbpasswd -sr ${smb_server} -U "$$PAM_USER"
'

exit $?

endef

define smb_nis_pammount :=
<pam_mount> <debug enable="0" />
  <!-- Volume definitions -->
  <volume options="vers=1.0,user=%(USER)" fstype="cifs" server="${smb_server}"     path="%(USER)" mountpoint="~" />
  <mntoptions require="nosuid,nodev" />
  <logout wait="0" hup="no" term="no" kill="no" />
  <mkmountpoint enable="1" remove="true" />
</pam_mount>

endef

.PHONY: _smb_nis _ypbind
_config: _smb_nis _ypbind

_smb_nis: ${CFGROOT}/opt/pam_script/pam_script_passwd ${CFGROOT}/etc/security/pam_mount.conf.xml
_smb_nis: ${CFGROOT}/etc/yp.conf ${CFGROOT}/etc/defaultdomain ${CFGROOT}/etc/default/nis

_smb_nis: ${CFGROOT}
	sed -Ei 's;^(passwd:|group:|shadow:|gshadow:).*$$;\1	files nis;' $${CFGROOT}/etc/nsswitch.conf
	sed -Ei '/pam_(script|mount).so/d' $${CFGROOT}/etc/pam.d/common-*
	printf '\nauth		required	pam_mount.so\n' >>$${CFGROOT}/etc/pam.d/common-auth
	printf '\nsession	optional	pam_mount.so\n' >>$${CFGROOT}/etc/pam.d/common-session
	printf '\npassword	required	pam_script.so dir=/opt/pam_script\n'  >$${CFGROOT}/etc/pam.d/common-password

_ypbind: ${CFGROOT}
	chroot "$<" systemctl enable ypbind

${CFGROOT}/opt/pam_script/pam_script_passwd: ${CFGROOT} .FORCE
	mkdir -p "$(dir $@)"
	printf '%s' "$${smb_nis_pamscript}" >"$@"
	chmod a+x "$@"

${CFGROOT}/etc/security/pam_mount.conf.xml: ${CFGROOT} .FORCE
	mkdir -p "$(dir $@)"
	printf '%s' "$${smb_nis_pammount}" >"$@"

${CFGROOT}/etc/yp.conf: ${CFGROOT} .FORCE
	printf 'ypserver	%s\n' "${nis_server}" >"$@"

${CFGROOT}/etc/defaultdomain: ${CFGROOT} .FORCE
	printf '%s\n' "${nis_domain}" >"$@"
	printf 'kernel.domainname = %s\n' "${nis_domain}" >"${CFGROOT}/etc/sysctl.d/10-domainname.conf"

${CFGROOT}/etc/default/nis: ${CFGROOT} .FORCE
	printf '%s\n' "NISSERVER=false" "NISCLIENT=true" "YPPWDDIR=/etc" "NISMASTER=${nis_server}" >"$@"