updated pamd rule args regexp to match file paths also (#33432)

* Added . and / to rule args regexp

Things like pam_echo.so file=/etc/foo.txt weren't being matched and
causing incorrect change counts.  Adding / and . fixed that.

Fixes #33351

(cherry picked from commit e957760d52)

CHANGELOG.md

@@ -1,6 +1,13 @@
 Ansible Changes By Release
 ==========================
 
+<a id="2.4.3"></a>
+
+## 2.4.3 "Dancing Days" - TBD
+
+### Bugfixes
+* Fix `pamd` rule args regexp to match file paths (https://github.com/ansible/ansible/pull/33432)
+
 <a id="2.4.2"></a>
 
 ## 2.4.2 "Dancing Days" - 2017-11-29

lib/ansible/modules/system/pamd.py

@@ -219,6 +219,7 @@ dest:
 ...
 '''
 
+
 from ansible.module_utils.basic import AnsibleModule
 from ansible.module_utils.pycompat24 import get_exception
 import os
@@ -259,18 +260,18 @@ class PamdRule(object):
 
         if '[' in stringline:
             pattern = re.compile(
-                r"""([\-A-Za-z0-9_]+)\s*        # Rule Type
-                    \[([A-Za-z0-9_=\s]+)\]\s*   # Rule Control
-                    ([A-Za-z0-9_\.]+)\s*        # Rule Path
-                    ([A-Za-z0-9_=<>\-\s]*)""",  # Rule Args
+                r"""([\-A-Za-z0-9_]+)\s*         # Rule Type
+                    \[([A-Za-z0-9_=\s]+)\]\s*    # Rule Control
+                    ([A-Za-z0-9_\-\.]+)\s*         # Rule Path
+                    ([A-Za-z0-9,_=<>\-\s\./]*)""",  # Rule Args
                 re.X)
             complicated = True
         else:
             pattern = re.compile(
                 r"""([\-A-Za-z0-9_]+)\s*        # Rule Type
                     ([A-Za-z0-9_]+)\s*          # Rule Control
-                    ([A-Za-z0-9_\.]+)\s*        # Rule Path
-                    ([A-Za-z0-9_=<>\-\s]*)""",  # Rule Args
+                    ([A-Za-z0-9_\-\.]+)\s*        # Rule Path
+                    ([A-Za-z0-9,_=<>\-\s\./]*)""",  # Rule Args
                 re.X)
 
         result = pattern.match(stringline)

test/units/modules/system/test_pamd.py

@@ -45,6 +45,22 @@ class PamdRuleTestCase(unittest.TestCase):
         self.assertEqual(complicated, module_string.rstrip())
         self.assertEqual('try_first_pass', module.get_module_args_as_string())
 
+    def test_rule_with_arg(self):
+        line = "account       optional    pam_echo.so file=/etc/lockout.txt"
+        module = PamdRule.rulefromstring(stringline=line)
+        self.assertEqual(module.rule_type, 'account')
+        self.assertEqual(module.rule_control, 'optional')
+        self.assertEqual(module.rule_module_path, 'pam_echo.so')
+        self.assertEqual(module.rule_module_args, ['file=/etc/lockout.txt'])
+
+    def test_rule_with_args(self):
+        line = "account       optional    pam_echo.so file1=/etc/lockout1.txt file2=/etc/lockout2.txt"
+        module = PamdRule.rulefromstring(stringline=line)
+        self.assertEqual(module.rule_type, 'account')
+        self.assertEqual(module.rule_control, 'optional')
+        self.assertEqual(module.rule_module_path, 'pam_echo.so')
+        self.assertEqual(module.rule_module_args, ['file1=/etc/lockout1.txt', 'file2=/etc/lockout2.txt'])
+
     def test_less_than_in_args(self):
         rule = "auth requisite pam_succeed_if.so uid >= 1025 quiet_success"
         module = PamdRule.rulefromstring(stringline=rule)