1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

pamd module regression fix (#42025)

* pamd: typo fix sufficicent->sufficient

* pamd: is_valid is a property, not a method; return a tuple

* pamd: define is_valid for all PamdLine classes

* pamd: use validate() for verbose errors, define generically

* pamd: PamdRule: rule_control is always str, use _control

Fixes https://github.com/ansible/ansible/issues/41179
This commit is contained in:
James Cassell 2018-06-29 17:34:20 -04:00 committed by Adam Miller
parent 8eacbd0381
commit 3627aa3391

View file

@ -290,6 +290,17 @@ class PamdLine(object):
self.prev = None self.prev = None
self.next = None self.next = None
@property
def is_valid(self):
if self.line == '':
return True
return False
def validate(self):
if not self.is_valid:
return False, "Rule is not valid " + self.line
return True, "Rule is valid " + self.line
# Method to check if a rule matches the type, control and path. # Method to check if a rule matches the type, control and path.
def matches(self, rule_type, rule_control, rule_path, rule_args=None): def matches(self, rule_type, rule_control, rule_path, rule_args=None):
return False return False
@ -324,7 +335,7 @@ class PamdInclude(PamdLine):
class PamdRule(PamdLine): class PamdRule(PamdLine):
valid_types = ['account', 'auth', 'password', 'session'] valid_types = ['account', 'auth', 'password', 'session']
valid_simple_controls = ['required', 'requisite', 'sufficicent', 'optional', 'include', 'substack'] valid_simple_controls = ['required', 'requisite', 'sufficient', 'optional', 'include', 'substack']
valid_control_values = ['success', 'open_err', 'symbol_err', 'service_err', 'system_err', 'buf_err', valid_control_values = ['success', 'open_err', 'symbol_err', 'service_err', 'system_err', 'buf_err',
'perm_denied', 'auth_err', 'cred_insufficient', 'authinfo_unavail', 'user_unknown', 'perm_denied', 'auth_err', 'cred_insufficient', 'authinfo_unavail', 'user_unknown',
'maxtries', 'new_authtok_reqd', 'acct_expired', 'session_err', 'cred_unavail', 'maxtries', 'new_authtok_reqd', 'acct_expired', 'session_err', 'cred_unavail',
@ -405,15 +416,19 @@ class PamdRule(PamdLine):
return True return True
return False return False
@property
def is_valid(self):
return self.validate()[0]
def validate(self): def validate(self):
# Validate the rule type # Validate the rule type
if self.rule_type not in PamdRule.valid_types: if self.rule_type not in PamdRule.valid_types:
return False, "Rule type, " + self.rule_type + ", is not valid in rule " + self.line return False, "Rule type, " + self.rule_type + ", is not valid in rule " + self.line
# Validate the rule control # Validate the rule control
if isinstance(self.rule_control, str) and self.rule_control not in PamdRule.valid_simple_controls: if isinstance(self._control, str) and self.rule_control not in PamdRule.valid_simple_controls:
return False, "Rule control, " + self.rule_control + ", is not valid in rule " + self.line return False, "Rule control, " + self.rule_control + ", is not valid in rule " + self.line
elif isinstance(self.rule_control, list): elif isinstance(self._control, list):
for control in self.rule_control: for control in self._control:
value, action = control.split("=") value, action = control.split("=")
if value not in PamdRule.valid_control_values: if value not in PamdRule.valid_control_values:
return False, "Rule control value, " + value + ", is not valid in rule " + self.line return False, "Rule control value, " + value + ", is not valid in rule " + self.line
@ -653,8 +668,8 @@ class PamdService(object):
current_line = self._head current_line = self._head
while current_line is not None: while current_line is not None:
if not current_line.is_valid()[0]: if not current_line.validate()[0]:
return current_line.is_valid() return current_line.validate()
current_line = current_line.next current_line = current_line.next
return True, "Module is valid" return True, "Module is valid"