From d9613bbf4b67f6780f35f3bc6ab50daf85e1050f Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Aug 30 2018 22:43:41 +0000
Subject: Backport PR #78 to fix broken pwquality config (RHBZ #1618865)


---

diff --git a/0001-Don-t-write-options-without-value-to-pwquality-conf-.patch b/0001-Don-t-write-options-without-value-to-pwquality-conf-.patch
new file mode 100644
index 0000000..a604699
--- /dev/null
+++ b/0001-Don-t-write-options-without-value-to-pwquality-conf-.patch
@@ -0,0 +1,49 @@
+From 9e17c60b267f4c0a5e5f2fb33c409cd50c96ad10 Mon Sep 17 00:00:00 2001
+From: Adam Williamson <awilliam@redhat.com>
+Date: Tue, 28 Aug 2018 11:49:35 -0700
+Subject: [PATCH] Don't write options without value to pwquality conf
+ (#1618865)
+
+Per https://bugzilla.redhat.com/show_bug.cgi?id=1618865 , it is
+incorrect to write lines like this in a pwquality config file:
+
+minlen=
+minclass=
+maxrepeat=
+maxclassrepeat=
+
+There should either be an actual integer value, or the line
+should be omitted entirely. Including the option with no value
+is wrong and breaks pwquality. This should fix the problem by
+only writing the lines if the option is actually set.
+
+Signed-off-by: Adam Williamson <awilliam@redhat.com>
+---
+ src/compat/authcompat.py.in.in | 11 +++++++----
+ 1 file changed, 7 insertions(+), 4 deletions(-)
+
+diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
+index abe1e58..1b4f531 100755
+--- a/src/compat/authcompat.py.in.in
++++ b/src/compat/authcompat.py.in.in
+@@ -319,10 +319,13 @@ class Configuration:
+         def write(self):
+             config = EnvironmentFile(Path.System('pwquality.conf'))
+ 
+-            config.set("minlen", self.get("passminlen"))
+-            config.set("minclass", self.get("passminclass"))
+-            config.set("maxrepeat", self.get("passmaxrepeat"))
+-            config.set("maxclassrepeat", self.get("passmaxclassrepeat"))
++            # for each if these options, we want to write a line to the config
++            # *only if* it is set to an actual value, see
++            # https://bugzilla.redhat.com/show_bug.cgi?id=1618865
++            for pwval in ["minlen", "minclass", "maxrepeat", "maxclassrepeat"]:
++                if self.isset("pass{0}".format(pwval)):
++                    config.set(pwval, self.get("pass{0}".format(pwval)))
++
+             config.set("lcredit", self.getBoolAsValue("reqlower", -1, 0))
+             config.set("ucredit", self.getBoolAsValue("requpper", -1, 0))
+             config.set("dcredit", self.getBoolAsValue("reqdigit", -1, 0))
+-- 
+2.17.1
+
diff --git a/authselect.spec b/authselect.spec
index 39856d1..4c84958 100644
--- a/authselect.spec
+++ b/authselect.spec
@@ -1,11 +1,14 @@
 Name:           authselect
 Version:        1.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        Configures authentication and identity sources from supported profiles
 URL:            https://github.com/pbrezina/authselect
 
 License:        GPLv3+
 Source0:        %{url}/archive/%{version}/%{name}-%{version}.tar.gz
+# Backport https://github.com/pbrezina/authselect/pull/78 to fix
+# https://bugzilla.redhat.com/show_bug.cgi?id=1618865
+Patch0:         0001-Don-t-write-options-without-value-to-pwquality-conf-.patch
 
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -72,6 +75,7 @@ you develop a front-end for the authselect library.
 
 %prep
 %setup -q
+%patch0 -p1
 
 
 %build
@@ -220,6 +224,9 @@ fi
 exit 0
 
 %changelog
+* Thu Aug 30 2018 Adam Williamson <awilliam@redhat.com> - 1.0-2
+- Backport PR #78 to fix broken pwquality config (RHBZ #1618865)
+
 * Mon Aug 13 2018 Pavel Březina <pbrezina@redhat.com> - 1.0-1
 - Rebase to 1.0