Update pamd.py to allow module path with slashes (#32197)

pull/35031/head
Aron Szekely 7 years ago committed by Abhijeet Kasurde
parent 630ae01f91
commit 943730b70c

@ -200,6 +200,17 @@ EXAMPLES = """
module_path: pam_faillock.so module_path: pam_faillock.so
module_arguments: 'fail_interval=300' module_arguments: 'fail_interval=300'
state: args_present state: args_present
- name: Add pam common-auth rule for duo
pamd:
name: common-auth
new_type: auth
new_control: '[success=1 default=ignore]'
new_module_path: '/lib64/security/pam_duo.so'
state: after
type: auth
module_path: pam_sss.so
control: 'requisite'
""" """
RETURN = ''' RETURN = '''
@ -285,7 +296,7 @@ class PamdRule(object):
pattern = re.compile( pattern = re.compile(
r"""([\-A-Za-z0-9_]+)\s* # Rule Type r"""([\-A-Za-z0-9_]+)\s* # Rule Type
\[([A-Za-z0-9_=\s]+)\]\s* # Rule Control \[([A-Za-z0-9_=\s]+)\]\s* # Rule Control
([A-Za-z0-9_\-\.]+)\s* # Rule Path ([A-Za-z0-9/_\-\.]+)\s* # Rule Path
([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args ([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args
re.X) re.X)
complicated = True complicated = True
@ -293,7 +304,7 @@ class PamdRule(object):
pattern = re.compile( pattern = re.compile(
r"""([\-A-Za-z0-9_]+)\s* # Rule Type r"""([\-A-Za-z0-9_]+)\s* # Rule Type
([A-Za-z0-9_]+)\s* # Rule Control ([A-Za-z0-9_]+)\s* # Rule Control
([A-Za-z0-9_\-\.]+)\s* # Rule Path ([A-Za-z0-9/_\-\.]+)\s* # Rule Path
([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args ([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args
re.X) re.X)

@ -74,6 +74,20 @@ class PamdRuleTestCase(unittest.TestCase):
module_string = re.sub(' +', ' ', str(module).replace('\t', ' ')) module_string = re.sub(' +', ' ', str(module).replace('\t', ' '))
self.assertEqual(rule, module_string.rstrip()) self.assertEqual(rule, module_string.rstrip())
def test_slash_in_args(self):
rule = "auth sufficient /lib64/security/pam_duo.so".rstrip()
module = PamdRule.rulefromstring(stringline=rule)
module_string = re.sub(' +', ' ', str(module).replace('\t', ' '))
self.assertEqual(rule, module_string.rstrip())
self.assertEqual('', module.get_module_args_as_string())
def test_slash_in_args_more(self):
rule = "auth [success=1 default=ignore] /lib64/security/pam_duo.so".rstrip()
module = PamdRule.rulefromstring(stringline=rule)
module_string = re.sub(' +', ' ', str(module).replace('\t', ' '))
self.assertEqual(rule, module_string.rstrip())
self.assertEqual('', module.get_module_args_as_string())
class PamdServiceTestCase(unittest.TestCase): class PamdServiceTestCase(unittest.TestCase):
def setUp(self): def setUp(self):
@ -145,6 +159,13 @@ session \trequired\tpam_unix.so"""
self.assertIn(str(new_rule).rstrip(), str(self.pamd)) self.assertIn(str(new_rule).rstrip(), str(self.pamd))
self.assertNotIn(str(old_rule).rstrip(), str(self.pamd)) self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_update_rule_module_path_slash(self):
old_rule = PamdRule.rulefromstring('auth required pam_env.so')
new_rule = PamdRule.rulefromstring('auth required /lib64/security/pam_duo.so')
update_rule(self.pamd, old_rule, new_rule)
self.assertIn(str(new_rule).rstrip(), str(self.pamd))
self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
def test_update_rule_module_args(self): def test_update_rule_module_args(self):
old_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so nullok try_first_pass') old_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so nullok try_first_pass')
new_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so uid uid') new_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so uid uid')

Loading…
Cancel
Save