From f0741ecaa055abd33eef1762b361986b90a25f09 Mon Sep 17 00:00:00 2001 From: "R. Francis Smith" Date: Thu, 30 Nov 2017 14:32:02 -0600 Subject: [PATCH] updated pamd rule args regexp to match file paths also (#33432) * Added . and / to rule args regexp Things like pam_echo.so file=/etc/foo.txt weren't being matched and causing incorrect change counts. Adding / and . fixed that. Fixes #33351 (cherry picked from commit e957760d5240722cb1c8742a734c65e2bf95ea43) --- CHANGELOG.md | 7 +++++++ lib/ansible/modules/system/pamd.py | 13 +++++++------ test/units/modules/system/test_pamd.py | 16 ++++++++++++++++ 3 files changed, 30 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ae0e2f4229..882e8c743f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,13 @@ Ansible Changes By Release ========================== + + +## 2.4.3 "Dancing Days" - TBD + +### Bugfixes +* Fix `pamd` rule args regexp to match file paths (https://github.com/ansible/ansible/pull/33432) + ## 2.4.2 "Dancing Days" - 2017-11-29 diff --git a/lib/ansible/modules/system/pamd.py b/lib/ansible/modules/system/pamd.py index 6fc7a041fb..73695a1415 100644 --- a/lib/ansible/modules/system/pamd.py +++ b/lib/ansible/modules/system/pamd.py @@ -219,6 +219,7 @@ dest: ... ''' + from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.pycompat24 import get_exception import os @@ -259,18 +260,18 @@ class PamdRule(object): if '[' in stringline: pattern = re.compile( - r"""([\-A-Za-z0-9_]+)\s* # Rule Type - \[([A-Za-z0-9_=\s]+)\]\s* # Rule Control - ([A-Za-z0-9_\.]+)\s* # Rule Path - ([A-Za-z0-9_=<>\-\s]*)""", # Rule Args + r"""([\-A-Za-z0-9_]+)\s* # Rule Type + \[([A-Za-z0-9_=\s]+)\]\s* # Rule Control + ([A-Za-z0-9_\-\.]+)\s* # Rule Path + ([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args re.X) complicated = True else: pattern = re.compile( r"""([\-A-Za-z0-9_]+)\s* # Rule Type ([A-Za-z0-9_]+)\s* # Rule Control - ([A-Za-z0-9_\.]+)\s* # Rule Path - ([A-Za-z0-9_=<>\-\s]*)""", # Rule Args + ([A-Za-z0-9_\-\.]+)\s* # Rule Path + ([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args re.X) result = pattern.match(stringline) diff --git a/test/units/modules/system/test_pamd.py b/test/units/modules/system/test_pamd.py index 3ecce7aedc..e485eaa4e2 100644 --- a/test/units/modules/system/test_pamd.py +++ b/test/units/modules/system/test_pamd.py @@ -45,6 +45,22 @@ class PamdRuleTestCase(unittest.TestCase): self.assertEqual(complicated, module_string.rstrip()) self.assertEqual('try_first_pass', module.get_module_args_as_string()) + def test_rule_with_arg(self): + line = "account optional pam_echo.so file=/etc/lockout.txt" + module = PamdRule.rulefromstring(stringline=line) + self.assertEqual(module.rule_type, 'account') + self.assertEqual(module.rule_control, 'optional') + self.assertEqual(module.rule_module_path, 'pam_echo.so') + self.assertEqual(module.rule_module_args, ['file=/etc/lockout.txt']) + + def test_rule_with_args(self): + line = "account optional pam_echo.so file1=/etc/lockout1.txt file2=/etc/lockout2.txt" + module = PamdRule.rulefromstring(stringline=line) + self.assertEqual(module.rule_type, 'account') + self.assertEqual(module.rule_control, 'optional') + self.assertEqual(module.rule_module_path, 'pam_echo.so') + self.assertEqual(module.rule_module_args, ['file1=/etc/lockout1.txt', 'file2=/etc/lockout2.txt']) + def test_less_than_in_args(self): rule = "auth requisite pam_succeed_if.so uid >= 1025 quiet_success" module = PamdRule.rulefromstring(stringline=rule)