78441ed37b
- encryption_method_nis.diff: obsolete, NIS clients shouldn't require DES anymore. - etc.environment: removed, the sources contain the same - Update to version 1.3.1+git20190807.e31dd6c: * pam_tty_audit: Manual page clarification about password logging * pam_get_authtok_verify: Avoid duplicate password verification * Mention that ./autogen.sh is needeed to be run if you check out the sources from git * pam_unix: Correct MAXPASS define name in the previous two commits. * Restrict password length when changing password * Trim password at PAM_MAX_RESP_SIZE chars * pam_succeed_if: Request user data only when needed * pam_tally2: Remove unnecessary fsync() * Fixed a grammer mistake * Fix documentation for pam_wheel * Fix a typo in the documentation * pam_lastlog: Improve silent option documentation * pam_lastlog: Respect PAM_SILENT flag * Fix regressions from the last commits. * Replace strndupa with strncpy * build: ignore pam_lastlog when logwtmp is not available. * build: ignore pam_rhosts if neither ruserok nor ruserok_af is available. * pam_motd: Cleanup the code and avoid unnecessary logging * pam_lastlog: Limit lastlog file use by LASTLOG_UID_MAX option in login.defs. * Move the duplicated search_key function to pam_modutil. * pam_unix: Use pam_syslog instead of helper_log_err. * pam_unix: Report unusable hashes found by checksalt to syslog. * Revert "pam_unix: Add crypt_default method, if supported." * pam_unix: Add crypt_default method, if supported. * Revert part of the commit 4da9febc OBS-URL: https://build.opensuse.org/request/show/724569 OBS-URL: https://build.opensuse.org/package/show/Linux-PAM/pam?expand=0&rev=191
47 lines
1.4 KiB
Bash
47 lines
1.4 KiB
Bash
#!/bin/bash
|
|
|
|
# Extract list of variables supported by su/runuser.
|
|
#
|
|
# If you edit this file, you will probably need to edit
|
|
# shadow-login_defs-check.sh from shadow sources in a similar way.
|
|
|
|
set -o errexit
|
|
|
|
echo -n "Checking login.defs variables in pam... " >&2
|
|
grep -rh LOGIN_DEFS . |
|
|
sed -n 's/^.*search_key *("\([A-Z0-9_]*\)", *LOGIN_DEFS).*$/\1/p' |
|
|
LC_ALL=C sort -u >pam-login_defs-vars.lst
|
|
|
|
if test $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//') != da39a3ee5e6b4b0d3255bfef95601890afd80709 ; then
|
|
|
|
echo "does not match!" >&2
|
|
echo "Checksum is: $(sha1sum pam-login_defs-vars.lst | sed 's/ .*$//')" >&2
|
|
|
|
cat >&2 <<EOF
|
|
|
|
You have to perform following steps:
|
|
|
|
Check whether the error is false positive (script failed to extract
|
|
variables) or true positive (variable list changed).
|
|
|
|
If it is false positive:
|
|
- Fix this script.
|
|
- The same fix is needed in shadow package in shadow-login_defs-check.sh.
|
|
|
|
If it is true positive:
|
|
- Check-out shadow package and call shadow-login_defs-check.sh.
|
|
- Compare its output shadow-login_defs-check-pam.lst with
|
|
pam-login_defs-vars.lst in the pam build directory.
|
|
- Update shadow encryption_method_nis.patch, if needed.
|
|
- If encryption_method_nis.patch was updated, update
|
|
login_defs-support-for-pam symbol version in both shadow and
|
|
pam spec files accordingly.
|
|
- Update checksum in this script.
|
|
|
|
EOF
|
|
|
|
exit 1
|
|
else
|
|
echo "OK" >&2
|
|
fi
|