pull/35756/head
Ken Evensen 7 years ago committed by Adam Miller
parent 754dd89d86
commit 5cce0249f3

@ -302,14 +302,13 @@ class PamdRule(object):
complicated = True complicated = True
else: else:
pattern = re.compile( pattern = re.compile(
r"""([\-A-Za-z0-9_]+)\s* # Rule Type r"""([@\-A-Za-z0-9_]+)\s* # Rule Type
([A-Za-z0-9_]+)\s* # Rule Control ([A-Za-z0-9_\-]+)\s* # Rule Control
([A-Za-z0-9/_\-\.]+)\s* # Rule Path ([A-Za-z0-9/_\-\.]*)\s* # Rule Path
([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args ([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args
re.X) re.X)
result = pattern.match(stringline) result = pattern.match(stringline)
rule_type = result.group(1) rule_type = result.group(1)
if complicated: if complicated:
rule_control = '[' + result.group(2) + ']' rule_control = '[' + result.group(2) + ']'
@ -353,13 +352,13 @@ class PamdService(object):
self.name = self.ansible.params["name"] self.name = self.ansible.params["name"]
def load_rules_from_file(self): def load_rules_from_file(self):
self.fname = self.path + "/" + self.name self.fname = os.path.join(self.path, self.name)
stringline = '' stringline = ''
try: try:
for line in open(self.fname, 'r'): for line in open(self.fname, 'r'):
stringline += line.rstrip() stringline += line.rstrip().lstrip()
stringline += '\n' stringline += '\n'
self.load_rules_from_string(stringline) self.load_rules_from_string(stringline.replace("\\\n", ""))
except IOError: except IOError:
e = get_exception() e = get_exception()
@ -375,6 +374,10 @@ class PamdService(object):
elif (not line.startswith('#') and elif (not line.startswith('#') and
not line.isspace() and not line.isspace() and
len(line) != 0): len(line) != 0):
try:
self.ansible.log(msg="Creating rule from string %s" % stringline)
except AttributeError:
pass
self.rules.append(PamdRule.rulefromstring(stringline)) self.rules.append(PamdRule.rulefromstring(stringline))
def write(self): def write(self):

@ -98,10 +98,13 @@ auth \trequired\tpam_env.so
auth \tsufficient\tpam_unix.so nullok try_first_pass auth \tsufficient\tpam_unix.so nullok try_first_pass
auth \trequisite\tpam_succeed_if.so uid auth \trequisite\tpam_succeed_if.so uid
auth \trequired\tpam_deny.so auth \trequired\tpam_deny.so
auth \tsufficient\tpam_rootok.so
account \trequired\tpam_unix.so account \trequired\tpam_unix.so
account \tsufficient\tpam_localuser.so account \tsufficient\tpam_localuser.so
account \tsufficient\tpam_succeed_if.so uid account \tsufficient\tpam_succeed_if.so uid
account [success=1 default=ignore] \
\t\t\t\tpam_succeed_if.so user = vagrant use_uid quiet
account \trequired\tpam_permit.so account \trequired\tpam_permit.so
account \trequired\tpam_access.so listsep=, account \trequired\tpam_access.so listsep=,
session \tinclude\tsystem-auth session \tinclude\tsystem-auth
@ -115,15 +118,14 @@ session \trequired\tpam_limits.so
-session \toptional\tpam_systemd.so -session \toptional\tpam_systemd.so
session \t[success=1 default=ignore]\tpam_succeed_if.so service in crond quiet use_uid session \t[success=1 default=ignore]\tpam_succeed_if.so service in crond quiet use_uid
session \t[success=1 test=me default=ignore]\tpam_succeed_if.so service in crond quiet use_uid session \t[success=1 test=me default=ignore]\tpam_succeed_if.so service in crond quiet use_uid
session \trequired\tpam_unix.so""" session \trequired\tpam_unix.so
@include \tcommon-auth
@include \tcommon-account
@include \tcommon-session"""
self.pamd = PamdService() self.pamd = PamdService()
self.pamd.load_rules_from_string(self.system_auth_string) self.pamd.load_rules_from_string(self.system_auth_string)
def test_load_rule_from_string(self):
self.assertEqual(self.system_auth_string.rstrip().replace("\n\n", "\n"), str(self.pamd).rstrip().replace("\n\n", "\n"))
def test_update_rule_type(self): def test_update_rule_type(self):
old_rule = PamdRule.rulefromstring('auth required pam_env.so') old_rule = PamdRule.rulefromstring('auth required pam_env.so')
new_rule = PamdRule.rulefromstring('session required pam_env.so') new_rule = PamdRule.rulefromstring('session required pam_env.so')
@ -212,6 +214,15 @@ session \trequired\tpam_unix.so"""
line_to_test += str(new_rule).rstrip() line_to_test += str(new_rule).rstrip()
self.assertIn(line_to_test, str(self.pamd)) self.assertIn(line_to_test, str(self.pamd))
def test_insert_after_rule_another(self):
old_rule = PamdRule.rulefromstring('auth sufficient pam_rootok.so')
new_rule = PamdRule.rulefromstring('auth required pam_wheel.so use_id')
insert_after_rule(self.pamd, old_rule, new_rule)
line_to_test = str(old_rule).rstrip()
line_to_test += '\n'
line_to_test += str(new_rule).rstrip()
self.assertIn(line_to_test, str(self.pamd))
def test_insert_after_rule_last_rule(self): def test_insert_after_rule_last_rule(self):
old_rule = PamdRule.rulefromstring('session required pam_unix.so') old_rule = PamdRule.rulefromstring('session required pam_unix.so')
new_rule = PamdRule.rulefromstring('session required pam_permit.so arg1 arg2 arg3') new_rule = PamdRule.rulefromstring('session required pam_permit.so arg1 arg2 arg3')

Loading…
Cancel
Save