Fix pamd error when inserting a new rule at the end. Fixes #28487 (#28488)

* When inserting a new rule in `insert_after_rule`, check if the old rule is
the last rule, to avoid a list index out of range error when attempting to
access the next rule.
* Add a test for inserting a new rule after the last rule.
This commit is contained in:
David Kretch 2017-12-13 16:31:20 -05:00 committed by Adam Miller
parent 158b32cd7a
commit 98260f9884
2 changed files with 13 additions and 1 deletions

View file

@ -483,7 +483,10 @@ def insert_after_rule(service, old_rule, new_rule):
if (old_rule.rule_type == rule.rule_type and
old_rule.rule_control == rule.rule_control and
old_rule.rule_module_path == rule.rule_module_path):
if (new_rule.rule_type != service.rules[index + 1].rule_type or
if (index == len(service.rules) - 1):
service.rules.insert(len(service.rules), new_rule)
changed = True
elif (new_rule.rule_type != service.rules[index + 1].rule_type or
new_rule.rule_control !=
service.rules[index + 1].rule_control or
new_rule.rule_module_path !=

View file

@ -191,6 +191,15 @@ session \trequired\tpam_unix.so"""
line_to_test += str(new_rule).rstrip()
self.assertIn(line_to_test, str(self.pamd))
def test_insert_after_rule_last_rule(self):
old_rule = PamdRule.rulefromstring('session required pam_unix.so')
new_rule = PamdRule.rulefromstring('session required pam_permit.so arg1 arg2 arg3')
insert_after_rule(self.pamd, old_rule, new_rule)
line_to_test = str(old_rule).rstrip()
line_to_test += '\n'
line_to_test += str(new_rule).rstrip()
self.assertIn(line_to_test, str(self.pamd))
def test_remove_module_arguments_one(self):
old_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so nullok try_first_pass')
new_rule = PamdRule.rulefromstring('auth sufficient pam_unix.so try_first_pass')