archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

updated pamd rule args regexp to match file paths also (#33432)

Browse Source 
* Added . and / to rule args regexp

Things like pam_echo.so file=/etc/foo.txt weren't being matched and
causing incorrect change counts.  Adding / and . fixed that.

Fixes #33351

* pamd: test argument with value

Relates #33351
pull/33437/head
R. Francis Smith 7 years ago committed by Sam Doran
parent e0c94aa6a7
commit e957760d52
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File

4
lib/ansible/modules/system/pamd.py
Unescape Escape View File

@ -286,7 +286,7 @@ class PamdRule(object):
r"""([\-A-Za-z0-9_]+)\s* # Rule Type r"""([\-A-Za-z0-9_]+)\s* # Rule Type
\[([A-Za-z0-9_=\s]+)\]\s* # Rule Control \[([A-Za-z0-9_=\s]+)\]\s* # Rule Control
([A-Za-z0-9_\-\.]+)\s* # Rule Path ([A-Za-z0-9_\-\.]+)\s* # Rule Path
([A-Za-z0-9,_=<>\-\s]*)""", # Rule Args ([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args
re.X) re.X)
complicated = True complicated = True
else: else:
@ -294,7 +294,7 @@ class PamdRule(object):
r"""([\-A-Za-z0-9_]+)\s* # Rule Type r"""([\-A-Za-z0-9_]+)\s* # Rule Type
([A-Za-z0-9_]+)\s* # Rule Control ([A-Za-z0-9_]+)\s* # Rule Control
([A-Za-z0-9_\-\.]+)\s* # Rule Path ([A-Za-z0-9_\-\.]+)\s* # Rule Path
([A-Za-z0-9,_=<>\-\s]*)""", # Rule Args ([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args
re.X) re.X)
result = pattern.match(stringline) result = pattern.match(stringline)

16
test/units/modules/system/test_pamd.py
Unescape Escape View File

@ -45,6 +45,22 @@ class PamdRuleTestCase(unittest.TestCase):
self.assertEqual(complicated, module_string.rstrip()) self.assertEqual(complicated, module_string.rstrip())
self.assertEqual('try_first_pass', module.get_module_args_as_string()) self.assertEqual('try_first_pass', module.get_module_args_as_string())
def test_rule_with_arg(self):
line = "account optional pam_echo.so file=/etc/lockout.txt"
module = PamdRule.rulefromstring(stringline=line)
self.assertEqual(module.rule_type, 'account')
self.assertEqual(module.rule_control, 'optional')
self.assertEqual(module.rule_module_path, 'pam_echo.so')
self.assertEqual(module.rule_module_args, ['file=/etc/lockout.txt'])
def test_rule_with_args(self):
line = "account optional pam_echo.so file1=/etc/lockout1.txt file2=/etc/lockout2.txt"
module = PamdRule.rulefromstring(stringline=line)
self.assertEqual(module.rule_type, 'account')
self.assertEqual(module.rule_control, 'optional')
self.assertEqual(module.rule_module_path, 'pam_echo.so')
self.assertEqual(module.rule_module_args, ['file1=/etc/lockout1.txt', 'file2=/etc/lockout2.txt'])
def test_less_than_in_args(self): def test_less_than_in_args(self):
rule = "auth requisite pam_succeed_if.so uid >= 1025 quiet_success" rule = "auth requisite pam_succeed_if.so uid >= 1025 quiet_success"
module = PamdRule.rulefromstring(stringline=rule) module = PamdRule.rulefromstring(stringline=rule)

Write Preview
Loading…
Cancel
Save