#!/usr/share/ucs-test/runner bash
# shellcheck shell=bash
## desc: |
##  Test for used pam modules
##  This script test for all required pam modules.
## tags: [basic]
## exposure: safe

# Use: whitelist=(pam_module1.so pam_module2.so pam_modules3.so)
whitelist=(pam_gnome_keyring.so)

modules=$(grep -v '#' /etc/pam.conf $(run-parts --list /etc/pam.d) | grep -o 'pam_.*\.so' | sort -u | grep -F -v "$(IFS=$'\n\t '; echo ${whitelist[*]} )")

result=0
ARCH=$(perl -mDpkg::Arch=debarch_to_multiarch,get_raw_host_arch -e 'print debarch_to_multiarch(get_raw_host_arch())')

for mod in $modules # IFS
do
	if [ ! -e "/lib/security/$mod" ] && [ ! -e "/lib/$ARCH/security/$mod" ]
	then
		echo "$mod does not exist"
		result=1
	fi
done
exit $result

# vim: set ft=sh :
