Update pamd.py to allow module path with slashes (#32197)

lib/ansible/modules/system/pamd.py

@@ -200,6 +200,17 @@ EXAMPLES = """
     module_path: pam_faillock.so
     module_arguments: 'fail_interval=300'
     state: args_present
+
+- name: Add pam common-auth rule for duo
+  pamd:
+    name: common-auth
+    new_type: auth
+    new_control: '[success=1 default=ignore]'
+    new_module_path: '/lib64/security/pam_duo.so'
+    state: after
+    type: auth
+    module_path: pam_sss.so
+    control: 'requisite'
 """
 
 RETURN = '''
@@ -285,7 +296,7 @@ class PamdRule(object):
             pattern = re.compile(
                 r"""([\-A-Za-z0-9_]+)\s*         # Rule Type
                     \[([A-Za-z0-9_=\s]+)\]\s*    # Rule Control
-                    ([A-Za-z0-9_\-\.]+)\s*         # Rule Path
+                    ([A-Za-z0-9/_\-\.]+)\s*         # Rule Path
                     ([A-Za-z0-9,_=<>\-\s\./]*)""",  # Rule Args
                 re.X)
             complicated = True
@@ -293,7 +304,7 @@ class PamdRule(object):
             pattern = re.compile(
                 r"""([\-A-Za-z0-9_]+)\s*        # Rule Type
                     ([A-Za-z0-9_]+)\s*          # Rule Control
-                    ([A-Za-z0-9_\-\.]+)\s*        # Rule Path
+                    ([A-Za-z0-9/_\-\.]+)\s*        # Rule Path
                     ([A-Za-z0-9,_=<>\-\s\./]*)""",  # Rule Args
                 re.X)
 

test/units/modules/system/test_pamd.py

@@ -74,6 +74,20 @@ class PamdRuleTestCase(unittest.TestCase):
         module_string = re.sub(' +', ' ', str(module).replace('\t', ' '))
         self.assertEqual(rule, module_string.rstrip())
 
+    def test_slash_in_args(self):
+        rule = "auth sufficient /lib64/security/pam_duo.so".rstrip()
+        module = PamdRule.rulefromstring(stringline=rule)
+        module_string = re.sub(' +', ' ', str(module).replace('\t', ' '))
+        self.assertEqual(rule, module_string.rstrip())
+        self.assertEqual('', module.get_module_args_as_string())
+
+    def test_slash_in_args_more(self):
+        rule = "auth [success=1 default=ignore] /lib64/security/pam_duo.so".rstrip()
+        module = PamdRule.rulefromstring(stringline=rule)
+        module_string = re.sub(' +', ' ', str(module).replace('\t', ' '))
+        self.assertEqual(rule, module_string.rstrip())
+        self.assertEqual('', module.get_module_args_as_string())
+
 
 class PamdServiceTestCase(unittest.TestCase):
     def setUp(self):
@@ -145,6 +159,13 @@ session   \trequired\tpam_unix.so"""
         self.assertIn(str(new_rule).rstrip(), str(self.pamd))
         self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
 
+    def test_update_rule_module_path_slash(self):
+        old_rule = PamdRule.rulefromstring('auth      	required	pam_env.so')
+        new_rule = PamdRule.rulefromstring('auth      	required	/lib64/security/pam_duo.so')
+        update_rule(self.pamd, old_rule, new_rule)
+        self.assertIn(str(new_rule).rstrip(), str(self.pamd))
+        self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
+
     def test_update_rule_module_args(self):
         old_rule = PamdRule.rulefromstring('auth      	sufficient	pam_unix.so nullok try_first_pass')
         new_rule = PamdRule.rulefromstring('auth      	sufficient	pam_unix.so uid uid')