#!/usr/bin/perl
use strict;
use warnings;

sub 
{
	my ($sourcepath) = @_;
	if ($sourcepath !~ /auth$/ ) {
		return;
	}

        my $blacklistpath = '/var/lib/deepin/authenticate/blacklist';
        my $unixtmppath = '/etc/pam.d/deepin_pam_unix.tmp';
        my $unixtargetpath = '/etc/pam.d/deepin_pam_unix';

	if (! -e $unixtargetpath or ! -e $blacklistpath) {
	        return;
        }

        open(INPUT, "$sourcepath");
        open(UNIXOUTPUT, "> $unixtmppath");
        open(BLACKLIST, "< $blacklistpath");


        my @mods;
        my @blacklist = <BLACKLIST>;
        chomp(@blacklist);
        close(BLACKLIST) or die("close $blacklistpath failed: $!");

        while (<INPUT>) {
                if (/^auth\s+(\[[^]]+\])\s+(\S+)\.so\s(.*)/) {
                        if (!grep { $_ eq $2 } @blacklist ) {
                                my %module = ('control'=>"$1", 'name'=>"$2", 'opt'=>"$3");
                                my $line = "control: " . $module{'control'} . ", module: " . $module{'name'} . ", opt: " . $module{'opt'} . "\n";
                                push (@mods, \%module);
                        }
                }
        }

        seek INPUT,0,0;
        my $state = 1;
        while (<INPUT>) {
                if (/^auth\s+(\[[^]]+\])\s+(\S+)\.so\s(.*)/) {
                        next;
                }
                if (/^# here are the per-package modules \(the "Primary" block\)/) {
                        print UNIXOUTPUT;
                        my $size = @mods;
                        for(my $i = $size ; $i >= 1; $i--) {
                                my %pam_module = %{$mods[$size - $i]};
                                if (grep { $_ eq $pam_module{'name'} } @blacklist) {
                                        next;
                                }

                                my $newidx = $pam_module{'control'};
                                $newidx =~ s/=\d+/=$i/g;
                                my $line = "auth\t$newidx\t$pam_module{'name'}.so $pam_module{'opt'}\n";
                                print UNIXOUTPUT $line;
                        }

                        next;
                }

                print UNIXOUTPUT;
        }

        close(INPUT) or die("close $sourcepath failed: $!");
        close(UNIXOUTPUT) or die("close $unixtmppath failed: $!");

        rename($unixtmppath, $unixtargetpath)
                    or die("rename($unixtmppath, $unixtargetpath) failed: $!");
}

