misc/56486: /etc/security should be updated for recent password hash changes

[rvp%SDF.ORG@localhost]

>Number:         56486
>Category:       misc
>Synopsis:       /etc/security should be updated for recent password hash changes
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    misc-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Nov 04 07:45:00 +0000 2021
>Originator:     RVP
>Release:        NetBSD/amd64 9.99.92
>Organization:
>Environment:
NetBSD x202e.localdomain 9.99.92 NetBSD 9.99.92 (MYKERNEL) #0: Tue Nov  2 04:11:56 UTC 2021  bld@x202e.localdomain:/usr/obj/usr/src/sys/arch/amd64/compile/MYKERNEL amd64
>Description:
/etc/security should be updated for recent password hash changes.
Otherwise you get complaints in the mail:

Checking the /etc/master.passwd file:
Login root is off but still has a valid shell (/bin/sh)
Login XXX is off but still has a valid shell (/usr/pkg/bin/bash)
Login YYY is off but still has a valid shell (/bin/sh)

>How-To-Repeat:
Update to latest NetBSD-HEAD.
Leave the system running overnight.
At the enchanted, rarely-observed, magical hour of 4:15 AM,
let the /etc/security fairy appear and inspect the system.
>Fix:
--- src/etc/security.orig	2021-01-10 23:24:25.000000000 +0000
+++ src/etc/security	2021-11-04 07:15:16.513615181 +0000
@@ -274,6 +274,7 @@
 		    	$2 !~ /^\$1/ &&
 		    	$2 !~ /^\$2/ &&
 			$2 !~ /^\$sha1/ &&
+			$2 !~ /^\$argon2(i|d|id)/ &&
 		    	$2 != "" &&
 			(permit_star || $2 != "*") &&
 		    	$2 !~ /^\*[A-z-]+$/ &&