pamd: fix issue with trailing commas in module_arguments

2025-04-29 22:01:27 -07:00 · 2017-10-30 03:24:21 -04:00 · 2017-10-30 03:24:21 -04:00 · 8724ff3eae
commit 8724ff3eae
parent 7f92741c3d
2 changed files with 68 additions and 29 deletions
--- a/test/units/modules/system/test_pamd.py
+++ b/test/units/modules/system/test_pamd.py
@ -52,39 +52,47 @@ class PamdRuleTestCase(unittest.TestCase):
        self.assertEqual(rule, module_string.rstrip())
        self.assertEqual('uid >= 1025 quiet_success', module.get_module_args_as_string())

+    def test_trailing_comma(self):
+        rule = "account required pam_access.so listsep=,"
+        module = PamdRule.rulefromstring(stringline=rule)
+        module_string = re.sub(' +', ' ', str(module).replace('\t', ' '))
+        self.assertEqual(rule, module_string.rstrip())
+

 class PamdServiceTestCase(unittest.TestCase):
    def setUp(self):
        self.system_auth_string = """#%PAM-1.0
 # This file is auto-generated.
 # User changes will be destroyed the next time authconfig is run.
-auth      	required	pam_env.so
-auth      	sufficient	pam_unix.so nullok try_first_pass
-auth      	requisite	pam_succeed_if.so uid
-auth      	required	pam_deny.so
+auth      \trequired\tpam_env.so
+auth      \tsufficient\tpam_unix.so nullok try_first_pass
+auth      \trequisite\tpam_succeed_if.so uid
+auth      \trequired\tpam_deny.so

-account   	required	pam_unix.so
-account   	sufficient	pam_localuser.so
-account   	sufficient	pam_succeed_if.so uid
-account   	required	pam_permit.so
+account   \trequired\tpam_unix.so
+account   \tsufficient\tpam_localuser.so
+account   \tsufficient\tpam_succeed_if.so uid
+account   \trequired\tpam_permit.so
+account   \trequired\tpam_access.so listsep=,
+session   \tinclude\tsystem-auth

-password  	requisite	pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
-password  	sufficient	pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-password  	required	pam_deny.so
+password  \trequisite\tpam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
+password  \tsufficient\tpam_unix.so sha512 shadow nullok try_first_pass use_authtok
+password  \trequired\tpam_deny.so

-session   	optional	pam_keyinit.so revoke
-session   	required	pam_limits.so
-session  	optional	pam_systemd.so
-session   	[success=1 default=ignore]	pam_succeed_if.so service in crond quiet use_uid
-session   	[success=1 test=me default=ignore]	pam_succeed_if.so service in crond quiet use_uid
-session   	required	pam_unix.so"""
+session   \toptional\tpam_keyinit.so revoke
+session   \trequired\tpam_limits.so
+-session  \toptional\tpam_systemd.so
+session   \t[success=1 default=ignore]\tpam_succeed_if.so service in crond quiet use_uid
+session   \t[success=1 test=me default=ignore]\tpam_succeed_if.so service in crond quiet use_uid
+session   \trequired\tpam_unix.so"""

        self.pamd = PamdService()
        self.pamd.load_rules_from_string(self.system_auth_string)

    def test_load_rule_from_string(self):

-        self.assertEqual(self.system_auth_string, str(self.pamd))
+        self.assertEqual(self.system_auth_string.rstrip().replace("\n\n", "\n"), str(self.pamd).rstrip().replace("\n\n", "\n"))

    def test_update_rule_type(self):
        old_rule = PamdRule.rulefromstring('auth      	required	pam_env.so')
@ -201,3 +209,10 @@ session   	required	pam_unix.so"""
        old_rule = PamdRule.rulefromstring('account   	required	pam_unix.so')
        remove_rule(self.pamd, old_rule)
        self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
+
+    def test_add_module_args_with_string(self):
+        old_rule = PamdRule.rulefromstring("account     required    pam_access.so")
+        new_rule = PamdRule.rulefromstring("account     required    pam_access.so listsep=,")
+        args_to_add = ['listsep=,']
+        add_module_arguments(self.pamd, old_rule, args_to_add)
+        self.assertIn(str(new_rule).rstrip(), str(self.pamd))