From c3af4959eda6c4ea7ad228836c28f8b695621822 Mon Sep 17 00:00:00 2001
From: Andrey Limachko <liannnix@altlinux.org>
Date: Sat, 3 Dec 2022 07:52:27 +0400
Subject: [PATCH] Add check_system_policy and test_gpupdate_system_policy.

---
 domain-diag | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/domain-diag b/domain-diag
index dfcafd2..9f2d15f 100755
--- a/domain-diag
+++ b/domain-diag
@@ -184,6 +184,23 @@ is_system_auth_local()
     test "$SYSTEM_AUTH" = "local"
 }
 
+check_system_policy()
+{
+    local policy=$(/usr/sbin/control system-policy)
+    _command /usr/sbin/control system-policy
+    _command readlink -f /etc/pam.d/system-policy
+    _command -x cat /etc/pam.d/system-policy
+    test -n "$policy" -a "$policy" != "unknown"
+}
+
+test_gpupdate_system_policy()
+{
+    test -n "$SYSTEM_POLICY" ||
+        SYSTEM_POLICY=local
+    _command /usr/sbin/control system-policy
+    _command test "$SYSTEM_POLICY" == "gpupdate" || return 2
+}
+
 check_krb5_conf_exists()
 {
     local retval=0
@@ -474,6 +491,7 @@ init_vars()
     fi
 
     SYSTEM_AUTH="$(/usr/sbin/control system-auth)"
+    SYSTEM_POLICY="$(/usr/sbin/control system-policy)"
 }
 
 test -z $listcmd || runcmd=list_run
@@ -486,6 +504,8 @@ $runcmd check_hostnamectl "Check hostname persistance"
 $runcmd test_hostname "Test hostname is FQDN (not short)"
 $runcmd check_system_auth "System authentication method"
 $runcmd test_domain_system_auth "Domain system authentication enabled"
+$runcmd check_system_policy "System policy method"
+$runcmd test_gpupdate_system_policy "System group policy enabled"
 $runcmd check_krb5_conf_exists "Check Kerberos configuration exists"
 $runcmd check_krb5_conf_ccache "Kerberos credential cache status"
 $runcmd test_keyring_krb5_conf_ccache "Using keyring as kerberos credential cache"