mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-24 22:00:22 -07:00
Update pamd.py to allow module path with slashes (#32197)
This commit is contained in:
parent
630ae01f91
commit
943730b70c
2 changed files with 34 additions and 2 deletions
|
@ -200,6 +200,17 @@ EXAMPLES = """
|
||||||
module_path: pam_faillock.so
|
module_path: pam_faillock.so
|
||||||
module_arguments: 'fail_interval=300'
|
module_arguments: 'fail_interval=300'
|
||||||
state: args_present
|
state: args_present
|
||||||
|
|
||||||
|
- name: Add pam common-auth rule for duo
|
||||||
|
pamd:
|
||||||
|
name: common-auth
|
||||||
|
new_type: auth
|
||||||
|
new_control: '[success=1 default=ignore]'
|
||||||
|
new_module_path: '/lib64/security/pam_duo.so'
|
||||||
|
state: after
|
||||||
|
type: auth
|
||||||
|
module_path: pam_sss.so
|
||||||
|
control: 'requisite'
|
||||||
"""
|
"""
|
||||||
|
|
||||||
RETURN = '''
|
RETURN = '''
|
||||||
|
@ -285,7 +296,7 @@ class PamdRule(object):
|
||||||
pattern = re.compile(
|
pattern = re.compile(
|
||||||
r"""([\-A-Za-z0-9_]+)\s* # Rule Type
|
r"""([\-A-Za-z0-9_]+)\s* # Rule Type
|
||||||
\[([A-Za-z0-9_=\s]+)\]\s* # Rule Control
|
\[([A-Za-z0-9_=\s]+)\]\s* # Rule Control
|
||||||
([A-Za-z0-9_\-\.]+)\s* # Rule Path
|
([A-Za-z0-9/_\-\.]+)\s* # Rule Path
|
||||||
([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args
|
([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args
|
||||||
re.X)
|
re.X)
|
||||||
complicated = True
|
complicated = True
|
||||||
|
@ -293,7 +304,7 @@ class PamdRule(object):
|
||||||
pattern = re.compile(
|
pattern = re.compile(
|
||||||
r"""([\-A-Za-z0-9_]+)\s* # Rule Type
|
r"""([\-A-Za-z0-9_]+)\s* # Rule Type
|
||||||
([A-Za-z0-9_]+)\s* # Rule Control
|
([A-Za-z0-9_]+)\s* # Rule Control
|
||||||
([A-Za-z0-9_\-\.]+)\s* # Rule Path
|
([A-Za-z0-9/_\-\.]+)\s* # Rule Path
|
||||||
([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args
|
([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args
|
||||||
re.X)
|
re.X)
|
||||||
|
|
||||||
|
|
|
@ -74,6 +74,20 @@ class PamdRuleTestCase(unittest.TestCase):
|
||||||
module_string = re.sub(' +', ' ', str(module).replace('\t', ' '))
|
module_string = re.sub(' +', ' ', str(module).replace('\t', ' '))
|
||||||
self.assertEqual(rule, module_string.rstrip())
|
self.assertEqual(rule, module_string.rstrip())
|
||||||
|
|
||||||
|
def test_slash_in_args(self):
|
||||||
|
rule = "auth sufficient /lib64/security/pam_duo.so".rstrip()
|
||||||
|
module = PamdRule.rulefromstring(stringline=rule)
|
||||||
|
module_string = re.sub(' +', ' ', str(module).replace('\t', ' '))
|
||||||
|
self.assertEqual(rule, module_string.rstrip())
|
||||||
|
self.assertEqual('', module.get_module_args_as_string())
|
||||||
|
|
||||||
|
def test_slash_in_args_more(self):
|
||||||
|
rule = "auth [success=1 default=ignore] /lib64/security/pam_duo.so".rstrip()
|
||||||
|
module = PamdRule.rulefromstring(stringline=rule)
|
||||||
|
module_string = re.sub(' +', ' ', str(module).replace('\t', ' '))
|
||||||
|
self.assertEqual(rule, module_string.rstrip())
|
||||||
|
self.assertEqual('', module.get_module_args_as_string())
|
||||||
|
|
||||||
|
|
||||||
class PamdServiceTestCase(unittest.TestCase):
|
class PamdServiceTestCase(unittest.TestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
|
@ -145,6 +159,13 @@ session \trequired\tpam_unix.so"""
|
||||||
self.assertIn(str(new_rule).rstrip(), str(self.pamd))
|
self.assertIn(str(new_rule).rstrip(), str(self.pamd))
|
||||||
self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
|
self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
|
||||||
|
|
||||||
|
def test_update_rule_module_path_slash(self):
|
||||||
|
old_rule = PamdRule.rulefromstring('auth required pam_env.so')
|
||||||
|
new_rule = PamdRule.rulefromstring('auth required /lib64/security/pam_duo.so')
|
||||||
|
update_rule(self.pamd, old_rule, new_rule)
|
||||||
|
self.assertIn(str(new_rule).rstrip(), str(self.pamd))
|
||||||
|
self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
|
||||||
|
|
||||||
def test_update_rule_module_args(self):
|
def test_update_rule_module_args(self):
|
||||||
old_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so nullok try_first_pass')
|
old_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so nullok try_first_pass')
|
||||||
new_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so uid uid')
|
new_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so uid uid')
|
||||||
|
|
Loading…
Add table
Add a link
Reference in a new issue