From 943730b70c1f1cf2f3cd21b268a1d5e8638a5f8a Mon Sep 17 00:00:00 2001 From: Aron Szekely Date: Wed, 17 Jan 2018 23:27:12 -0500 Subject: [PATCH] Update pamd.py to allow module path with slashes (#32197) --- lib/ansible/modules/system/pamd.py | 15 +++++++++++++-- test/units/modules/system/test_pamd.py | 21 +++++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) diff --git a/lib/ansible/modules/system/pamd.py b/lib/ansible/modules/system/pamd.py index 965a373e82b..625abd085cb 100644 --- a/lib/ansible/modules/system/pamd.py +++ b/lib/ansible/modules/system/pamd.py @@ -200,6 +200,17 @@ EXAMPLES = """ module_path: pam_faillock.so module_arguments: 'fail_interval=300' state: args_present + +- name: Add pam common-auth rule for duo + pamd: + name: common-auth + new_type: auth + new_control: '[success=1 default=ignore]' + new_module_path: '/lib64/security/pam_duo.so' + state: after + type: auth + module_path: pam_sss.so + control: 'requisite' """ RETURN = ''' @@ -285,7 +296,7 @@ class PamdRule(object): pattern = re.compile( r"""([\-A-Za-z0-9_]+)\s* # Rule Type \[([A-Za-z0-9_=\s]+)\]\s* # Rule Control - ([A-Za-z0-9_\-\.]+)\s* # Rule Path + ([A-Za-z0-9/_\-\.]+)\s* # Rule Path ([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args re.X) complicated = True @@ -293,7 +304,7 @@ class PamdRule(object): pattern = re.compile( r"""([\-A-Za-z0-9_]+)\s* # Rule Type ([A-Za-z0-9_]+)\s* # Rule Control - ([A-Za-z0-9_\-\.]+)\s* # Rule Path + ([A-Za-z0-9/_\-\.]+)\s* # Rule Path ([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args re.X) diff --git a/test/units/modules/system/test_pamd.py b/test/units/modules/system/test_pamd.py index 3203210f4fa..99fdde7d5f7 100644 --- a/test/units/modules/system/test_pamd.py +++ b/test/units/modules/system/test_pamd.py @@ -74,6 +74,20 @@ class PamdRuleTestCase(unittest.TestCase): module_string = re.sub(' +', ' ', str(module).replace('\t', ' ')) self.assertEqual(rule, module_string.rstrip()) + def test_slash_in_args(self): + rule = "auth sufficient /lib64/security/pam_duo.so".rstrip() + module = PamdRule.rulefromstring(stringline=rule) + module_string = re.sub(' +', ' ', str(module).replace('\t', ' ')) + self.assertEqual(rule, module_string.rstrip()) + self.assertEqual('', module.get_module_args_as_string()) + + def test_slash_in_args_more(self): + rule = "auth [success=1 default=ignore] /lib64/security/pam_duo.so".rstrip() + module = PamdRule.rulefromstring(stringline=rule) + module_string = re.sub(' +', ' ', str(module).replace('\t', ' ')) + self.assertEqual(rule, module_string.rstrip()) + self.assertEqual('', module.get_module_args_as_string()) + class PamdServiceTestCase(unittest.TestCase): def setUp(self): @@ -145,6 +159,13 @@ session \trequired\tpam_unix.so""" self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd)) + def test_update_rule_module_path_slash(self): + old_rule = PamdRule.rulefromstring('auth required pam_env.so') + new_rule = PamdRule.rulefromstring('auth required /lib64/security/pam_duo.so') + update_rule(self.pamd, old_rule, new_rule) + self.assertIn(str(new_rule).rstrip(), str(self.pamd)) + self.assertNotIn(str(old_rule).rstrip(), str(self.pamd)) + def test_update_rule_module_args(self): old_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so nullok try_first_pass') new_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so uid uid')