forked from pool/rpmlint
Ludwig Nussel
52601ad106
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=114
50 lines
1.4 KiB
Python
50 lines
1.4 KiB
Python
# vim:sw=4:et
|
|
#############################################################################
|
|
# File : CheckPAMModules.py
|
|
# Package : rpmlint
|
|
# Author : Ludwig Nussel
|
|
# Purpose : Check for pam modules that are not authorized by the security team
|
|
#############################################################################
|
|
|
|
from Filter import *
|
|
import AbstractCheck
|
|
import re
|
|
import os
|
|
import string
|
|
|
|
PAM_WHITELIST = Config.getOption('PAMModules.WhiteList', ()) # set of file names
|
|
|
|
pam_module_re = re.compile('^(?:/usr)?/lib(?:64)?/security/([^/]+\.so)$')
|
|
|
|
class PAMModulesCheck(AbstractCheck.AbstractCheck):
|
|
def __init__(self):
|
|
AbstractCheck.AbstractCheck.__init__(self, "CheckPAMModules")
|
|
|
|
def check(self, pkg):
|
|
global PAM_WHITELIST
|
|
|
|
if pkg.isSource():
|
|
return
|
|
|
|
files = pkg.files()
|
|
|
|
for f in files:
|
|
if f in pkg.ghostFiles():
|
|
continue
|
|
|
|
m = pam_module_re.match(f)
|
|
if m:
|
|
bn = m.groups()[0]
|
|
if not bn in PAM_WHITELIST:
|
|
printError(pkg, "suse-pam-unauthorized-module", bn)
|
|
|
|
check=PAMModulesCheck()
|
|
|
|
if Config.info:
|
|
addDetails(
|
|
'suse-pam-unauthorized-module',
|
|
"""The package installs a PAM module. If the package
|
|
is intended for inclusion in any SUSE product please open a bug
|
|
report to request review of the service by the security team.""",
|
|
)
|