Update pamd.py to allow module path with slashes (#32197)

2018-01-17 23:27:12 -05:00 · 2018-01-17 23:27:12 -05:00 · 943730b70c
commit 943730b70c
parent 630ae01f91
2 changed files with 34 additions and 2 deletions
--- a/lib/ansible/modules/system/pamd.py
+++ b/lib/ansible/modules/system/pamd.py
@ -200,6 +200,17 @@ EXAMPLES = """
    module_path: pam_faillock.so
    module_arguments: 'fail_interval=300'
    state: args_present
+
+- name: Add pam common-auth rule for duo
+  pamd:
+    name: common-auth
+    new_type: auth
+    new_control: '[success=1 default=ignore]'
+    new_module_path: '/lib64/security/pam_duo.so'
+    state: after
+    type: auth
+    module_path: pam_sss.so
+    control: 'requisite'
 """

 RETURN = '''
@ -285,7 +296,7 @@ class PamdRule(object):
            pattern = re.compile(
                r"""([\-A-Za-z0-9_]+)\s*         # Rule Type
                    \[([A-Za-z0-9_=\s]+)\]\s*    # Rule Control
-                    ([A-Za-z0-9_\-\.]+)\s*         # Rule Path
+                    ([A-Za-z0-9/_\-\.]+)\s*         # Rule Path
                    ([A-Za-z0-9,_=<>\-\s\./]*)""",  # Rule Args
                re.X)
            complicated = True
@ -293,7 +304,7 @@ class PamdRule(object):
            pattern = re.compile(
                r"""([\-A-Za-z0-9_]+)\s*        # Rule Type
                    ([A-Za-z0-9_]+)\s*          # Rule Control
-                    ([A-Za-z0-9_\-\.]+)\s*        # Rule Path
+                    ([A-Za-z0-9/_\-\.]+)\s*        # Rule Path
                    ([A-Za-z0-9,_=<>\-\s\./]*)""",  # Rule Args
                re.X)

--- a/test/units/modules/system/test_pamd.py
+++ b/test/units/modules/system/test_pamd.py
@ -74,6 +74,20 @@ class PamdRuleTestCase(unittest.TestCase):
        module_string = re.sub(' +', ' ', str(module).replace('\t', ' '))
        self.assertEqual(rule, module_string.rstrip())

+    def test_slash_in_args(self):
+        rule = "auth sufficient /lib64/security/pam_duo.so".rstrip()
+        module = PamdRule.rulefromstring(stringline=rule)
+        module_string = re.sub(' +', ' ', str(module).replace('\t', ' '))
+        self.assertEqual(rule, module_string.rstrip())
+        self.assertEqual('', module.get_module_args_as_string())
+
+    def test_slash_in_args_more(self):
+        rule = "auth [success=1 default=ignore] /lib64/security/pam_duo.so".rstrip()
+        module = PamdRule.rulefromstring(stringline=rule)
+        module_string = re.sub(' +', ' ', str(module).replace('\t', ' '))
+        self.assertEqual(rule, module_string.rstrip())
+        self.assertEqual('', module.get_module_args_as_string())
+

 class PamdServiceTestCase(unittest.TestCase):
    def setUp(self):
@ -145,6 +159,13 @@ session   \trequired\tpam_unix.so"""
        self.assertIn(str(new_rule).rstrip(), str(self.pamd))
        self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))

+    def test_update_rule_module_path_slash(self):
+        old_rule = PamdRule.rulefromstring('auth      	required	pam_env.so')
+        new_rule = PamdRule.rulefromstring('auth      	required	/lib64/security/pam_duo.so')
+        update_rule(self.pamd, old_rule, new_rule)
+        self.assertIn(str(new_rule).rstrip(), str(self.pamd))
+        self.assertNotIn(str(old_rule).rstrip(), str(self.pamd))
+
    def test_update_rule_module_args(self):
        old_rule = PamdRule.rulefromstring('auth      	sufficient	pam_unix.so nullok try_first_pass')
        new_rule = PamdRule.rulefromstring('auth      	sufficient	pam_unix.so uid uid')