|
|
|
@ -98,10 +98,13 @@ auth \trequired\tpam_env.so
|
|
|
|
|
auth \tsufficient\tpam_unix.so nullok try_first_pass
|
|
|
|
|
auth \trequisite\tpam_succeed_if.so uid
|
|
|
|
|
auth \trequired\tpam_deny.so
|
|
|
|
|
auth \tsufficient\tpam_rootok.so
|
|
|
|
|
|
|
|
|
|
account \trequired\tpam_unix.so
|
|
|
|
|
account \tsufficient\tpam_localuser.so
|
|
|
|
|
account \tsufficient\tpam_succeed_if.so uid
|
|
|
|
|
account [success=1 default=ignore] \
|
|
|
|
|
\t\t\t\tpam_succeed_if.so user = vagrant use_uid quiet
|
|
|
|
|
account \trequired\tpam_permit.so
|
|
|
|
|
account \trequired\tpam_access.so listsep=,
|
|
|
|
|
session \tinclude\tsystem-auth
|
|
|
|
@ -115,15 +118,14 @@ session \trequired\tpam_limits.so
|
|
|
|
|
-session \toptional\tpam_systemd.so
|
|
|
|
|
session \t[success=1 default=ignore]\tpam_succeed_if.so service in crond quiet use_uid
|
|
|
|
|
session \t[success=1 test=me default=ignore]\tpam_succeed_if.so service in crond quiet use_uid
|
|
|
|
|
session \trequired\tpam_unix.so"""
|
|
|
|
|
session \trequired\tpam_unix.so
|
|
|
|
|
@include \tcommon-auth
|
|
|
|
|
@include \tcommon-account
|
|
|
|
|
@include \tcommon-session"""
|
|
|
|
|
|
|
|
|
|
self.pamd = PamdService()
|
|
|
|
|
self.pamd.load_rules_from_string(self.system_auth_string)
|
|
|
|
|
|
|
|
|
|
def test_load_rule_from_string(self):
|
|
|
|
|
|
|
|
|
|
self.assertEqual(self.system_auth_string.rstrip().replace("\n\n", "\n"), str(self.pamd).rstrip().replace("\n\n", "\n"))
|
|
|
|
|
|
|
|
|
|
def test_update_rule_type(self):
|
|
|
|
|
old_rule = PamdRule.rulefromstring('auth required pam_env.so')
|
|
|
|
|
new_rule = PamdRule.rulefromstring('session required pam_env.so')
|
|
|
|
@ -212,6 +214,15 @@ session \trequired\tpam_unix.so"""
|
|
|
|
|
line_to_test += str(new_rule).rstrip()
|
|
|
|
|
self.assertIn(line_to_test, str(self.pamd))
|
|
|
|
|
|
|
|
|
|
def test_insert_after_rule_another(self):
|
|
|
|
|
old_rule = PamdRule.rulefromstring('auth sufficient pam_rootok.so')
|
|
|
|
|
new_rule = PamdRule.rulefromstring('auth required pam_wheel.so use_id')
|
|
|
|
|
insert_after_rule(self.pamd, old_rule, new_rule)
|
|
|
|
|
line_to_test = str(old_rule).rstrip()
|
|
|
|
|
line_to_test += '\n'
|
|
|
|
|
line_to_test += str(new_rule).rstrip()
|
|
|
|
|
self.assertIn(line_to_test, str(self.pamd))
|
|
|
|
|
|
|
|
|
|
def test_insert_after_rule_last_rule(self):
|
|
|
|
|
old_rule = PamdRule.rulefromstring('session required pam_unix.so')
|
|
|
|
|
new_rule = PamdRule.rulefromstring('session required pam_permit.so arg1 arg2 arg3')
|
|
|
|
|