pamd - fixed issue+minor refactorings (#3285) (#3309)

* pamd - fixed issue+minor refactorings * added changelog fragment * added unit test suggested in issue * Update tests/integration/targets/pamd/tasks/main.yml * fixed per PR + additional adjustment Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit edd7b84285) Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
2025-04-21 09:51:27 -07:00 · 2021-08-31 12:59:36 +02:00 · 2021-08-31 12:59:36 +02:00 · 2b6bbd9f91
commit 2b6bbd9f91
parent 0484abdddd
4 changed files with 59 additions and 30 deletions
--- a/plugins/modules/system/pamd.py
+++ b/plugins/modules/system/pamd.py
@ -274,8 +274,7 @@ RULE_REGEX = re.compile(r"""(?P<rule_type>-?(?:auth|account|session|password))\s
                        (?P<control>\[.*\]|\S*)\s+
                        (?P<path>\S*)\s*
                        (?P<args>.*)\s*""", re.X)
-
-RULE_ARG_REGEX = re.compile(r"""(\[.*\]|\S*)""")
+RULE_ARG_REGEX = re.compile(r"(\[.*\]|\S*)")

 VALID_TYPES = ['account', '-account', 'auth', '-auth', 'password', '-password', 'session', '-session']

@ -358,11 +357,9 @@ class PamdRule(PamdLine):

    # Method to check if a rule matches the type, control and path.
    def matches(self, rule_type, rule_control, rule_path, rule_args=None):
-        if (rule_type == self.rule_type and
+        return (rule_type == self.rule_type and
                rule_control == self.rule_control and
-                rule_path == self.rule_path):
-            return True
-        return False
+                rule_path == self.rule_path)

    @classmethod
    def rule_from_string(cls, line):
@ -507,25 +504,25 @@ class PamdService(object):
        # Get a list of rules we want to change
        rules_to_find = self.get(rule_type, rule_control, rule_path)

-        new_args = parse_module_arguments(new_args)
+        new_args = parse_module_arguments(new_args, return_none=True)

        changes = 0
        for current_rule in rules_to_find:
            rule_changed = False
            if new_type:
-                if(current_rule.rule_type != new_type):
+                if current_rule.rule_type != new_type:
                    rule_changed = True
                    current_rule.rule_type = new_type
            if new_control:
-                if(current_rule.rule_control != new_control):
+                if current_rule.rule_control != new_control:
                    rule_changed = True
                    current_rule.rule_control = new_control
            if new_path:
-                if(current_rule.rule_path != new_path):
+                if current_rule.rule_path != new_path:
                    rule_changed = True
                    current_rule.rule_path = new_path
-            if new_args:
-                if(current_rule.rule_args != new_args):
+            if new_args is not None:
+                if current_rule.rule_args != new_args:
                    rule_changed = True
                    current_rule.rule_args = new_args

@ -724,8 +721,9 @@ class PamdService(object):
        current_line = self._head

        while current_line is not None:
-            if not current_line.validate()[0]:
-                return current_line.validate()
+            curr_validate = current_line.validate()
+            if not curr_validate[0]:
+                return curr_validate
            current_line = current_line.next
        return True, "Module is valid"

@ -750,22 +748,25 @@ class PamdService(object):
        return '\n'.join(lines) + '\n'


-def parse_module_arguments(module_arguments):
-    # Return empty list if we have no args to parse
-    if not module_arguments:
-        return []
-    elif isinstance(module_arguments, list) and len(module_arguments) == 1 and not module_arguments[0]:
+def parse_module_arguments(module_arguments, return_none=False):
+    # If args is None, return empty list by default.
+    # But if return_none is True, then return None
+    if module_arguments is None:
+        return None if return_none else []
+    if isinstance(module_arguments, list) and len(module_arguments) == 1 and not module_arguments[0]:
        return []

    if not isinstance(module_arguments, list):
        module_arguments = [module_arguments]

-    parsed_args = list()
+    # From this point on, module_arguments is guaranteed to be a list, empty or not
+    parsed_args = []

+    re_clear_spaces = re.compile(r"\s*=\s*")
    for arg in module_arguments:
        for item in filter(None, RULE_ARG_REGEX.findall(arg)):
            if not item.startswith("["):
-                re.sub("\\s*=\\s*", "=", item)
+                re_clear_spaces.sub("=", item)
            parsed_args.append(item)

    return parsed_args
@ -861,8 +862,7 @@ def main():
                fd.write(str(service))

        except IOError:
-            module.fail_json(msg='Unable to create temporary \
-                                    file %s' % temp_file)
+            module.fail_json(msg='Unable to create temporary file %s' % temp_file)

        module.atomic_move(temp_file.name, os.path.realpath(fname))