ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-05-02 15:21:25 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

updated pamd rule args regexp to match file paths also (#33432)

Browse source 
* Added . and / to rule args regexp

Things like pam_echo.so file=/etc/foo.txt weren't being matched and
causing incorrect change counts.  Adding / and . fixed that.

Fixes #33351

* pamd: test argument with value

Relates #33351
This commit is contained in:
R. Francis Smith 2017-11-30 14:32:02 -06:00 committed by Sam Doran
parent e0c94aa6a7
commit e957760d52
2 changed files with 18 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/ansible/modules/system/pamd.py
View file

@ -286,7 +286,7 @@ class PamdRule(object):
r"""([\-A-Za-z0-9_]+)\s* # Rule Type r"""([\-A-Za-z0-9_]+)\s* # Rule Type
\[([A-Za-z0-9_=\s]+)\]\s* # Rule Control \[([A-Za-z0-9_=\s]+)\]\s* # Rule Control
([A-Za-z0-9_\-\.]+)\s* # Rule Path ([A-Za-z0-9_\-\.]+)\s* # Rule Path
([A-Za-z0-9,_=<>\-\s]*)""", # Rule Args ([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args
re.X) re.X)
complicated = True complicated = True
else: else:
@ -294,7 +294,7 @@ class PamdRule(object):
r"""([\-A-Za-z0-9_]+)\s* # Rule Type r"""([\-A-Za-z0-9_]+)\s* # Rule Type
([A-Za-z0-9_]+)\s* # Rule Control ([A-Za-z0-9_]+)\s* # Rule Control
([A-Za-z0-9_\-\.]+)\s* # Rule Path ([A-Za-z0-9_\-\.]+)\s* # Rule Path
([A-Za-z0-9,_=<>\-\s]*)""", # Rule Args ([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args
re.X) re.X)
result = pattern.match(stringline) result = pattern.match(stringline)

16
test/units/modules/system/test_pamd.py
View file

@ -45,6 +45,22 @@ class PamdRuleTestCase(unittest.TestCase):
self.assertEqual(complicated, module_string.rstrip()) self.assertEqual(complicated, module_string.rstrip())
self.assertEqual('try_first_pass', module.get_module_args_as_string()) self.assertEqual('try_first_pass', module.get_module_args_as_string())
def test_rule_with_arg(self):
line = "account optional pam_echo.so file=/etc/lockout.txt"
module = PamdRule.rulefromstring(stringline=line)
self.assertEqual(module.rule_type, 'account')
self.assertEqual(module.rule_control, 'optional')
self.assertEqual(module.rule_module_path, 'pam_echo.so')
self.assertEqual(module.rule_module_args, ['file=/etc/lockout.txt'])
def test_rule_with_args(self):
line = "account optional pam_echo.so file1=/etc/lockout1.txt file2=/etc/lockout2.txt"
module = PamdRule.rulefromstring(stringline=line)
self.assertEqual(module.rule_type, 'account')
self.assertEqual(module.rule_control, 'optional')
self.assertEqual(module.rule_module_path, 'pam_echo.so')
self.assertEqual(module.rule_module_args, ['file1=/etc/lockout1.txt', 'file2=/etc/lockout2.txt'])
def test_less_than_in_args(self): def test_less_than_in_args(self):
rule = "auth requisite pam_succeed_if.so uid >= 1025 quiet_success" rule = "auth requisite pam_succeed_if.so uid >= 1025 quiet_success"
module = PamdRule.rulefromstring(stringline=rule) module = PamdRule.rulefromstring(stringline=rule)