mfrischknecht · January 6, 2025 22:31
diff --git a/test.sh b/test.sh
 #!/usr/bin/env bash

 if [ "$#" -ne 4 ]; then
 >&2 cat <<EOF
 Usage:
        test.sh print <systemd_nginx_unit> <pam_service> <username>

        test.sh run   <systemd_nginx_unit> <pam_service> <username>
 EOF
 exit -1
 fi

 set -euo pipefail

 command="$1"
 unit="$2"
 service="$3"
 user="$4"

 case "$command" in
        print | run) : ;;
        *) >&2 echo 'Only the commands `print` and `run` are supported'; exit -1; ;;
 esac

 if ! systemctl status "$unit" > /dev/null; then
        >&2 echo "Unknown systemd unit '$unit'"; exit -1;
 fi

 if ! [ -f "/etc/pam.d/$service" ]; then
        >&2 echo "Unknown PAM service '$service'"; exit -1;
 fi

 if ! id -u "$user" > /dev/null; then
        >&2 echo "Unknown user '$user'"; exit -1;
 fi

 systemdRunCommand="$(

 systemctl show "$unit" \
 | grep -E '(^(User|Group|Supplementary|Protect|Private|Restrict|Lock|NoNew|Environment|SystemCallFilter)|(Capabilit|Deny))' \
 | while IFS= read property; do printf "%q\\n" "$property"; done \
 | awk -v "unit=$unit" -v "service=$service" -v "user=$user" '

 BEGIN { print "\nsystemd-run --pty -u test-pamtester --collect --wait \\"; }

 1 { printf("--property=%s \\\n",$0) }

 END { printf("-- pamtester %s %s authenticate\n", service, user) }'
 )"

 if [[ "$command" != "run" ]]; then
        echo "$systemdRunCommand";
        exit
 fi


 start="$(date --iso=seconds)"

 bash -c "$systemdRunCommand" || true

 echo
 echo Log:
 journalctl -u test-pamtester --since="$start" --no-pager
	#!/usr/bin/env bash

	if [ "$#" -ne 4 ]; then
	>&2 cat <<EOF
	Usage:
	test.sh print <systemd_nginx_unit> <pam_service> <username>

	test.sh run <systemd_nginx_unit> <pam_service> <username>
	EOF
	exit -1
	fi

	set -euo pipefail

	command="$1"
	unit="$2"
	service="$3"
	user="$4"

	case "$command" in
	print \| run) : ;;
	*) >&2 echo 'Only the commands `print` and `run` are supported'; exit -1; ;;
	esac

	if ! systemctl status "$unit" > /dev/null; then
	>&2 echo "Unknown systemd unit '$unit'"; exit -1;
	fi

	if ! [ -f "/etc/pam.d/$service" ]; then
	>&2 echo "Unknown PAM service '$service'"; exit -1;
	fi

	if ! id -u "$user" > /dev/null; then
	>&2 echo "Unknown user '$user'"; exit -1;
	fi

	systemdRunCommand="$(

	systemctl show "$unit" \
	\| grep -E '(^(User\|Group\|Supplementary\|Protect\|Private\|Restrict\|Lock\|NoNew\|Environment\|SystemCallFilter)\|(Capabilit\|Deny))' \
	\| while IFS= read property; do printf "%q\\n" "$property"; done \
	\| awk -v "unit=$unit" -v "service=$service" -v "user=$user" '

	BEGIN { print "\nsystemd-run --pty -u test-pamtester --collect --wait \\"; }

	1 { printf("--property=%s \\\n",$0) }

	END { printf("-- pamtester %s %s authenticate\n", service, user) }'
	)"

	if [[ "$command" != "run" ]]; then
	echo "$systemdRunCommand";
	exit
	fi


	start="$(date --iso=seconds)"

	bash -c "$systemdRunCommand" \|\| true

	echo
	echo Log:
	journalctl -u test-pamtester --since="$start" --no-pager
No results found