|
|
@ -52,39 +52,47 @@ class PamdRuleTestCase(unittest.TestCase):
|
|
|
|
self.assertEqual(rule, module_string.rstrip())
|
|
|
|
self.assertEqual(rule, module_string.rstrip())
|
|
|
|
self.assertEqual('uid >= 1025 quiet_success', module.get_module_args_as_string())
|
|
|
|
self.assertEqual('uid >= 1025 quiet_success', module.get_module_args_as_string())
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_trailing_comma(self):
|
|
|
|
|
|
|
|
rule = "account required pam_access.so listsep=,"
|
|
|
|
|
|
|
|
module = PamdRule.rulefromstring(stringline=rule)
|
|
|
|
|
|
|
|
module_string = re.sub(' +', ' ', str(module).replace('\t', ' '))
|
|
|
|
|
|
|
|
self.assertEqual(rule, module_string.rstrip())
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class PamdServiceTestCase(unittest.TestCase):
|
|
|
|
class PamdServiceTestCase(unittest.TestCase):
|
|
|
|
def setUp(self):
|
|
|
|
def setUp(self):
|
|
|
|
self.system_auth_string = """#%PAM-1.0
|
|
|
|
self.system_auth_string = """#%PAM-1.0
|
|
|
|
# This file is auto-generated.
|
|
|
|
# This file is auto-generated.
|
|
|
|
# User changes will be destroyed the next time authconfig is run.
|
|
|
|
# User changes will be destroyed the next time authconfig is run.
|
|
|
|
auth required pam_env.so
|
|
|
|
auth \trequired\tpam_env.so
|
|
|
|
auth sufficient pam_unix.so nullok try_first_pass
|
|
|
|
auth \tsufficient\tpam_unix.so nullok try_first_pass
|
|
|
|
auth requisite pam_succeed_if.so uid
|
|
|
|
auth \trequisite\tpam_succeed_if.so uid
|
|
|
|
auth required pam_deny.so
|
|
|
|
auth \trequired\tpam_deny.so
|
|
|
|
|
|
|
|
|
|
|
|
account required pam_unix.so
|
|
|
|
account \trequired\tpam_unix.so
|
|
|
|
account sufficient pam_localuser.so
|
|
|
|
account \tsufficient\tpam_localuser.so
|
|
|
|
account sufficient pam_succeed_if.so uid
|
|
|
|
account \tsufficient\tpam_succeed_if.so uid
|
|
|
|
account required pam_permit.so
|
|
|
|
account \trequired\tpam_permit.so
|
|
|
|
|
|
|
|
account \trequired\tpam_access.so listsep=,
|
|
|
|
password requisite pam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
|
|
|
|
session \tinclude\tsystem-auth
|
|
|
|
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
|
|
|
|
|
|
|
|
password required pam_deny.so
|
|
|
|
password \trequisite\tpam_pwquality.so try_first_pass local_users_only retry=3 authtok_type=
|
|
|
|
|
|
|
|
password \tsufficient\tpam_unix.so sha512 shadow nullok try_first_pass use_authtok
|
|
|
|
session optional pam_keyinit.so revoke
|
|
|
|
password \trequired\tpam_deny.so
|
|
|
|
session required pam_limits.so
|
|
|
|
|
|
|
|
-session optional pam_systemd.so
|
|
|
|
session \toptional\tpam_keyinit.so revoke
|
|
|
|
session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
|
|
|
session \trequired\tpam_limits.so
|
|
|
|
session [success=1 test=me default=ignore] pam_succeed_if.so service in crond quiet use_uid
|
|
|
|
-session \toptional\tpam_systemd.so
|
|
|
|
session required pam_unix.so"""
|
|
|
|
session \t[success=1 default=ignore]\tpam_succeed_if.so service in crond quiet use_uid
|
|
|
|
|
|
|
|
session \t[success=1 test=me default=ignore]\tpam_succeed_if.so service in crond quiet use_uid
|
|
|
|
|
|
|
|
session \trequired\tpam_unix.so"""
|
|
|
|
|
|
|
|
|
|
|
|
self.pamd = PamdService()
|
|
|
|
self.pamd = PamdService()
|
|
|
|
self.pamd.load_rules_from_string(self.system_auth_string)
|
|
|
|
self.pamd.load_rules_from_string(self.system_auth_string)
|
|
|
|
|
|
|
|
|
|
|
|
def test_load_rule_from_string(self):
|
|
|
|
def test_load_rule_from_string(self):
|
|
|
|
|
|
|
|
|
|
|
|
self.assertEqual(self.system_auth_string, str(self.pamd))
|
|
|
|
self.assertEqual(self.system_auth_string.rstrip().replace("\n\n", "\n"), str(self.pamd).rstrip().replace("\n\n", "\n"))
|
|
|
|
|
|
|
|
|
|
|
|
def test_update_rule_type(self):
|
|
|
|
def test_update_rule_type(self):
|
|
|
|
old_rule = PamdRule.rulefromstring('auth required pam_env.so')
|
|
|
|
old_rule = PamdRule.rulefromstring('auth required pam_env.so')
|
|
|
@ -201,3 +209,10 @@ session required pam_unix.so"""
|
|
|
|
old_rule = PamdRule.rulefromstring('account required pam_unix.so')
|
|
|
|
old_rule = PamdRule.rulefromstring('account required pam_unix.so')
|
|
|
|
remove_rule(self.pamd, old_rule)
|
|
|
|
remove_rule(self.pamd, old_rule)
|
|
|
|
self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
|
|
|
|
self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_add_module_args_with_string(self):
|
|
|
|
|
|
|
|
old_rule = PamdRule.rulefromstring("account required pam_access.so")
|
|
|
|
|
|
|
|
new_rule = PamdRule.rulefromstring("account required pam_access.so listsep=,")
|
|
|
|
|
|
|
|
args_to_add = ['listsep=,']
|
|
|
|
|
|
|
|
add_module_arguments(self.pamd, old_rule, args_to_add)
|
|
|
|
|
|
|
|
self.assertIn(str(new_rule).rstrip(), str(self.pamd))
|
|
|
|