mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
pamd module regression fix (#42025)
* pamd: typo fix sufficicent->sufficient * pamd: is_valid is a property, not a method; return a tuple * pamd: define is_valid for all PamdLine classes * pamd: use validate() for verbose errors, define generically * pamd: PamdRule: rule_control is always str, use _control Fixes https://github.com/ansible/ansible/issues/41179
This commit is contained in:
parent
8eacbd0381
commit
3627aa3391
1 changed files with 21 additions and 6 deletions
|
@ -290,6 +290,17 @@ class PamdLine(object):
|
||||||
self.prev = None
|
self.prev = None
|
||||||
self.next = None
|
self.next = None
|
||||||
|
|
||||||
|
@property
|
||||||
|
def is_valid(self):
|
||||||
|
if self.line == '':
|
||||||
|
return True
|
||||||
|
return False
|
||||||
|
|
||||||
|
def validate(self):
|
||||||
|
if not self.is_valid:
|
||||||
|
return False, "Rule is not valid " + self.line
|
||||||
|
return True, "Rule is valid " + self.line
|
||||||
|
|
||||||
# Method to check if a rule matches the type, control and path.
|
# Method to check if a rule matches the type, control and path.
|
||||||
def matches(self, rule_type, rule_control, rule_path, rule_args=None):
|
def matches(self, rule_type, rule_control, rule_path, rule_args=None):
|
||||||
return False
|
return False
|
||||||
|
@ -324,7 +335,7 @@ class PamdInclude(PamdLine):
|
||||||
class PamdRule(PamdLine):
|
class PamdRule(PamdLine):
|
||||||
|
|
||||||
valid_types = ['account', 'auth', 'password', 'session']
|
valid_types = ['account', 'auth', 'password', 'session']
|
||||||
valid_simple_controls = ['required', 'requisite', 'sufficicent', 'optional', 'include', 'substack']
|
valid_simple_controls = ['required', 'requisite', 'sufficient', 'optional', 'include', 'substack']
|
||||||
valid_control_values = ['success', 'open_err', 'symbol_err', 'service_err', 'system_err', 'buf_err',
|
valid_control_values = ['success', 'open_err', 'symbol_err', 'service_err', 'system_err', 'buf_err',
|
||||||
'perm_denied', 'auth_err', 'cred_insufficient', 'authinfo_unavail', 'user_unknown',
|
'perm_denied', 'auth_err', 'cred_insufficient', 'authinfo_unavail', 'user_unknown',
|
||||||
'maxtries', 'new_authtok_reqd', 'acct_expired', 'session_err', 'cred_unavail',
|
'maxtries', 'new_authtok_reqd', 'acct_expired', 'session_err', 'cred_unavail',
|
||||||
|
@ -405,15 +416,19 @@ class PamdRule(PamdLine):
|
||||||
return True
|
return True
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
@property
|
||||||
|
def is_valid(self):
|
||||||
|
return self.validate()[0]
|
||||||
|
|
||||||
def validate(self):
|
def validate(self):
|
||||||
# Validate the rule type
|
# Validate the rule type
|
||||||
if self.rule_type not in PamdRule.valid_types:
|
if self.rule_type not in PamdRule.valid_types:
|
||||||
return False, "Rule type, " + self.rule_type + ", is not valid in rule " + self.line
|
return False, "Rule type, " + self.rule_type + ", is not valid in rule " + self.line
|
||||||
# Validate the rule control
|
# Validate the rule control
|
||||||
if isinstance(self.rule_control, str) and self.rule_control not in PamdRule.valid_simple_controls:
|
if isinstance(self._control, str) and self.rule_control not in PamdRule.valid_simple_controls:
|
||||||
return False, "Rule control, " + self.rule_control + ", is not valid in rule " + self.line
|
return False, "Rule control, " + self.rule_control + ", is not valid in rule " + self.line
|
||||||
elif isinstance(self.rule_control, list):
|
elif isinstance(self._control, list):
|
||||||
for control in self.rule_control:
|
for control in self._control:
|
||||||
value, action = control.split("=")
|
value, action = control.split("=")
|
||||||
if value not in PamdRule.valid_control_values:
|
if value not in PamdRule.valid_control_values:
|
||||||
return False, "Rule control value, " + value + ", is not valid in rule " + self.line
|
return False, "Rule control value, " + value + ", is not valid in rule " + self.line
|
||||||
|
@ -653,8 +668,8 @@ class PamdService(object):
|
||||||
current_line = self._head
|
current_line = self._head
|
||||||
|
|
||||||
while current_line is not None:
|
while current_line is not None:
|
||||||
if not current_line.is_valid()[0]:
|
if not current_line.validate()[0]:
|
||||||
return current_line.is_valid()
|
return current_line.validate()
|
||||||
current_line = current_line.next
|
current_line = current_line.next
|
||||||
return True, "Module is valid"
|
return True, "Module is valid"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue