# Installation directories.
PREFIX ?= $(DESTDIR)/usr
BINDIR ?= $(PREFIX)/bin
MANDIR ?= $(PREFIX)/share/man
ETCDIR ?= $(DESTDIR)/etc
LOCALEDIR = /usr/share/locale
PAMH = $(shell ls /usr/include/security/pam_appl.h 2>/dev/null)
AUDITH = $(shell ls /usr/include/libaudit.h 2>/dev/null)
# Enable capabilities to permit newrole to generate audit records.
# This will make newrole a setuid root program.
# The capabilities used are: CAP_AUDIT_WRITE.
AUDIT_LOG_PRIV ?= n
# Enable capabilities to permit newrole to utilitize the pam_namespace module.
# This will make newrole a setuid root program.
# The capabilities used are: CAP_SYS_ADMIN, CAP_CHOWN, CAP_FOWNER and
# CAP_DAC_OVERRIDE. 
NAMESPACE_PRIV ?= n
# If LSPP_PRIV is y, then newrole will be made into setuid root program.
# Enabling this option will force AUDIT_LOG_PRIV and NAMESPACE_PRIV to be y.
LSPP_PRIV ?= n
VERSION = $(shell cat ../VERSION)

CFLAGS ?= -Werror -Wall -W
EXTRA_OBJS =
override CFLAGS += -DVERSION=\"$(VERSION)\" $(LDFLAGS) -I$(PREFIX)/include -DUSE_NLS -DLOCALEDIR="\"$(LOCALEDIR)\"" -DPACKAGE="\"policycoreutils\""
LDLIBS += -lselinux -L$(PREFIX)/lib
ifeq ($(PAMH), /usr/include/security/pam_appl.h)
	override CFLAGS += -DUSE_PAM
	EXTRA_OBJS += hashtab.o
	LDLIBS += -lpam -lpam_misc
else
	override CFLAGS += -D_XOPEN_SOURCE=500
	LDLIBS += -lcrypt
endif
ifeq ($(AUDITH), /usr/include/libaudit.h)
	override CFLAGS += -DUSE_AUDIT
	LDLIBS += -laudit
endif
ifeq ($(LSPP_PRIV),y)
	override AUDIT_LOG_PRIV=y
	override NAMESPACE_PRIV=y
endif
ifeq ($(AUDIT_LOG_PRIV),y)
	override CFLAGS += -DAUDIT_LOG_PRIV
	IS_SUID=y
endif
ifeq ($(NAMESPACE_PRIV),y)
	override CFLAGS += -DNAMESPACE_PRIV
	IS_SUID=y
endif
ifeq ($(IS_SUID),y)
	MODE := 4555
	LDLIBS += -lcap-ng
else
	MODE := 0555
endif

all: newrole

newrole: newrole.o $(EXTRA_OBJS)
	$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)

install: all
	test -d $(BINDIR)      || install -m 755 -d $(BINDIR)
	test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
	test -d $(MANDIR)/man1 || install -m 755 -d $(MANDIR)/man1
	install -m $(MODE) newrole $(BINDIR)
	install -m 644 newrole.1 $(MANDIR)/man1/
ifeq ($(PAMH), /usr/include/security/pam_appl.h)
	test -d $(ETCDIR)/pam.d || install -m 755 -d $(ETCDIR)/pam.d
ifeq ($(LSPP_PRIV),y)
	install -m 644 newrole-lspp.pamd $(ETCDIR)/pam.d/newrole
else
	install -m 644 newrole.pamd $(ETCDIR)/pam.d/newrole
endif
endif

clean:
	rm -f newrole *.o 

indent:
	../../scripts/Lindent $(wildcard *.[ch])

relabel: install
	/sbin/restorecon $(BINDIR)/newrole