diff --git a/lib/ansible/modules/system/pamd.py b/lib/ansible/modules/system/pamd.py index 625abd085c..652736fe7a 100644 --- a/lib/ansible/modules/system/pamd.py +++ b/lib/ansible/modules/system/pamd.py @@ -302,14 +302,13 @@ class PamdRule(object): complicated = True else: pattern = re.compile( - r"""([\-A-Za-z0-9_]+)\s* # Rule Type - ([A-Za-z0-9_]+)\s* # Rule Control - ([A-Za-z0-9/_\-\.]+)\s* # Rule Path + r"""([@\-A-Za-z0-9_]+)\s* # Rule Type + ([A-Za-z0-9_\-]+)\s* # Rule Control + ([A-Za-z0-9/_\-\.]*)\s* # Rule Path ([A-Za-z0-9,_=<>\-\s\./]*)""", # Rule Args re.X) result = pattern.match(stringline) - rule_type = result.group(1) if complicated: rule_control = '[' + result.group(2) + ']' @@ -353,13 +352,13 @@ class PamdService(object): self.name = self.ansible.params["name"] def load_rules_from_file(self): - self.fname = self.path + "/" + self.name + self.fname = os.path.join(self.path, self.name) stringline = '' try: for line in open(self.fname, 'r'): - stringline += line.rstrip() + stringline += line.rstrip().lstrip() stringline += '\n' - self.load_rules_from_string(stringline) + self.load_rules_from_string(stringline.replace("\\\n", "")) except IOError: e = get_exception() @@ -375,6 +374,10 @@ class PamdService(object): elif (not line.startswith('#') and not line.isspace() and len(line) != 0): + try: + self.ansible.log(msg="Creating rule from string %s" % stringline) + except AttributeError: + pass self.rules.append(PamdRule.rulefromstring(stringline)) def write(self): diff --git a/test/units/modules/system/test_pamd.py b/test/units/modules/system/test_pamd.py index 99fdde7d5f..653402a244 100644 --- a/test/units/modules/system/test_pamd.py +++ b/test/units/modules/system/test_pamd.py @@ -98,10 +98,13 @@ auth \trequired\tpam_env.so auth \tsufficient\tpam_unix.so nullok try_first_pass auth \trequisite\tpam_succeed_if.so uid auth \trequired\tpam_deny.so +auth \tsufficient\tpam_rootok.so account \trequired\tpam_unix.so account \tsufficient\tpam_localuser.so account \tsufficient\tpam_succeed_if.so uid +account [success=1 default=ignore] \ +\t\t\t\tpam_succeed_if.so user = vagrant use_uid quiet account \trequired\tpam_permit.so account \trequired\tpam_access.so listsep=, session \tinclude\tsystem-auth @@ -115,15 +118,14 @@ session \trequired\tpam_limits.so -session \toptional\tpam_systemd.so session \t[success=1 default=ignore]\tpam_succeed_if.so service in crond quiet use_uid session \t[success=1 test=me default=ignore]\tpam_succeed_if.so service in crond quiet use_uid -session \trequired\tpam_unix.so""" +session \trequired\tpam_unix.so +@include \tcommon-auth +@include \tcommon-account +@include \tcommon-session""" self.pamd = PamdService() self.pamd.load_rules_from_string(self.system_auth_string) - def test_load_rule_from_string(self): - - self.assertEqual(self.system_auth_string.rstrip().replace("\n\n", "\n"), str(self.pamd).rstrip().replace("\n\n", "\n")) - def test_update_rule_type(self): old_rule = PamdRule.rulefromstring('auth required pam_env.so') new_rule = PamdRule.rulefromstring('session required pam_env.so') @@ -212,6 +214,15 @@ session \trequired\tpam_unix.so""" line_to_test += str(new_rule).rstrip() self.assertIn(line_to_test, str(self.pamd)) + def test_insert_after_rule_another(self): + old_rule = PamdRule.rulefromstring('auth sufficient pam_rootok.so') + new_rule = PamdRule.rulefromstring('auth required pam_wheel.so use_id') + insert_after_rule(self.pamd, old_rule, new_rule) + line_to_test = str(old_rule).rstrip() + line_to_test += '\n' + line_to_test += str(new_rule).rstrip() + self.assertIn(line_to_test, str(self.pamd)) + def test_insert_after_rule_last_rule(self): old_rule = PamdRule.rulefromstring('session required pam_unix.so') new_rule = PamdRule.rulefromstring('session required pam_permit.so arg1 arg2 arg3')