From 116b9395523ea4285a593afad2b746a63e6c1b74 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Wed, 29 Mar 2023 08:37:13 +0000
Subject: T5110: Fix op-mode FRR vtysh_pam account validation

With FRR 8.5 there is exists file /etc/pam.d/frr
With this file by default we have cosmtetic error for any op-mode
command

$ show ip bgp
vtysh_pam: Failed in account validation: Success(0)No BGP prefixes displayed, 0 exist

Fix it
---
 debian/vyos-1x.postinst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index f6693c799..ddc189508 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -115,5 +115,12 @@ done
 sed -i '/^\/var\/log\/messages$/d' /etc/logrotate.d/rsyslog
 sed -i '/^\/var\/log\/auth.log$/d' /etc/logrotate.d/rsyslog
 
+# Fix FRR pam.d "vtysh_pam" vtysh_pam: Failed in account validation T5110
+if test -f /etc/pam.d/frr; then
+    if grep -q 'pam_rootok.so' /etc/pam.d/frr; then
+        sed -i -re 's/rootok/permit/' /etc/pam.d/frr
+    fi
+fi
+
 # Generate API GraphQL schema
 /usr/libexec/vyos/services/api/graphql/generate/generate_schema.py
-- 
cgit v1.2.3