pam/pam-login_defs-check.sh

#!/bin/bash

# Extract list of variables supported by su/runuser.
#
# If you edit this file, you will probably need to edit
# shadow-login_defs-check.sh from shadow sources in a similar way.

set -o errexit

echo -n "Checking login.defs variables in pam... " >&2
grep -rh LOGIN_DEFS . |
	sed -n 's/^.*search_key *("\([A-Z0-9_]*\)", *LOGIN_DEFS).*$/\1/p' |
	LC_ALL=C sort -u >pam-login_defs-vars.lst

if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != da39a3ee5e6b4b0d3255bfef95601890afd80709 ; then

	echo "does not match!" >&2
	echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2

cat >&2 <<EOF

You have to perform following steps:

Check whether the error is false positive (script failed to extract
variables) or true positive (variable list changed).

If it is false positive:
- Fix this script.
- The same fix is needed in shadow package in shadow-login_defs-check.sh.

If it is true positive:
- Check-out shadow package and call shadow-login_defs-check.sh.
- Compare its output shadow-login_defs-check-pam.lst with
  pam-login_defs-vars.lst in the pam build directory.
- Update shadow encryption_method_nis.patch, if needed.
- If encryption_method_nis.patch was updated, update
  login_defs-support-for-pam symbol version in both shadow and
  pam spec files accordingly.
- Update checksum in this script.

EOF

	exit 1
else
	echo "OK" >&2
fi
Accepting request 700497 from home:sbrabec:branches:util-linux-2.33.1 Depends on https://build.opensuse.org/request/show/700494! - Add virtual symbols for login.defs compatibility (bsc#1121197). - Add login.defs safety check pam-login_defs-check.sh (bsc#1121197). OBS-URL: https://build.opensuse.org/request/show/700497 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=189 2019-05-06 09:09:44 +02:00			`#!/bin/bash`

			`# Extract list of variables supported by su/runuser.`
			`#`
			`# If you edit this file, you will probably need to edit`
			`# shadow-login_defs-check.sh from shadow sources in a similar way.`

			`set -o errexit`

			`echo -n "Checking login.defs variables in pam... " >&2`
			`grep -rh LOGIN_DEFS . \|`
			`sed -n 's/^.search_key ("\([A-Z0-9_]\)", LOGIN_DEFS).*$/\1/p' \|`
			`LC_ALL=C sort -u >pam-login_defs-vars.lst`

Accepting request 724569 from home:kukuk:branches:Linux-PAM - encryption_method_nis.diff: obsolete, NIS clients shouldn't require DES anymore. - etc.environment: removed, the sources contain the same - Update to version 1.3.1+git20190807.e31dd6c: * pam_tty_audit: Manual page clarification about password logging * pam_get_authtok_verify: Avoid duplicate password verification * Mention that ./autogen.sh is needeed to be run if you check out the sources from git * pam_unix: Correct MAXPASS define name in the previous two commits. * Restrict password length when changing password * Trim password at PAM_MAX_RESP_SIZE chars * pam_succeed_if: Request user data only when needed * pam_tally2: Remove unnecessary fsync() * Fixed a grammer mistake * Fix documentation for pam_wheel * Fix a typo in the documentation * pam_lastlog: Improve silent option documentation * pam_lastlog: Respect PAM_SILENT flag * Fix regressions from the last commits. * Replace strndupa with strncpy * build: ignore pam_lastlog when logwtmp is not available. * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. * pam_motd: Cleanup the code and avoid unnecessary logging * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. * Move the duplicated search_key function to pam_modutil. * pam_unix: Use pam_syslog instead of helper_log_err. * pam_unix: Report unusable hashes found by checksalt to syslog. * Revert "pam_unix: Add crypt_default method, if supported." * pam_unix: Add crypt_default method, if supported. * Revert part of the commit 4da9febc OBS-URL: https://build.opensuse.org/request/show/724569 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=191 2019-08-19 14:43:33 +02:00			`if test $(sha1sum pam-login_defs-vars.lst \| sed 's/ .*$//') != da39a3ee5e6b4b0d3255bfef95601890afd80709 ; then`
Accepting request 700497 from home:sbrabec:branches:util-linux-2.33.1 Depends on https://build.opensuse.org/request/show/700494! - Add virtual symbols for login.defs compatibility (bsc#1121197). - Add login.defs safety check pam-login_defs-check.sh (bsc#1121197). OBS-URL: https://build.opensuse.org/request/show/700497 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=189 2019-05-06 09:09:44 +02:00
			`echo "does not match!" >&2`
			`echo "Checksum is: $(sha1sum pam-login_defs-vars.lst \| sed 's/ .*$//')" >&2`

			`cat >&2 <<EOF`

			`You have to perform following steps:`

			`Check whether the error is false positive (script failed to extract`
			`variables) or true positive (variable list changed).`

			`If it is false positive:`
			`- Fix this script.`
			`- The same fix is needed in shadow package in shadow-login_defs-check.sh.`

			`If it is true positive:`
			`- Check-out shadow package and call shadow-login_defs-check.sh.`
			`- Compare its output shadow-login_defs-check-pam.lst with`
			`pam-login_defs-vars.lst in the pam build directory.`
			`- Update shadow encryption_method_nis.patch, if needed.`
			`- If encryption_method_nis.patch was updated, update`
			`login_defs-support-for-pam symbol version in both shadow and`
			`pam spec files accordingly.`
			`- Update checksum in this script.`

			`EOF`

			`exit 1`
			`else`
			`echo "OK" >&2`
			`fi`