1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
expected_lines = {
"account required pam_unix.so",
"account sufficient @@pam_krb5@@/lib/security/pam_krb5.so",
"auth [default=die success=done] @@pam_ccreds@@/lib/security/pam_ccreds.so action=validate use_first_pass",
"auth [default=ignore success=1 service_err=reset] @@pam_krb5@@/lib/security/pam_krb5.so use_first_pass",
"auth required pam_deny.so",
"auth sufficient @@pam_ccreds@@/lib/security/pam_ccreds.so action=store use_first_pass",
"auth sufficient pam_rootok.so",
"auth sufficient pam_unix.so likeauth try_first_pass",
"password sufficient @@pam_krb5@@/lib/security/pam_krb5.so use_first_pass",
"password sufficient pam_unix.so nullok sha512",
"session optional @@pam_krb5@@/lib/security/pam_krb5.so",
"session required pam_env.so conffile=/etc/pam/environment readenv=0",
"session required pam_unix.so",
}
actual_lines = set(machine.succeed("cat /etc/pam.d/chfn").splitlines())
missing_lines = expected_lines - actual_lines
extra_lines = actual_lines - expected_lines
non_functional_lines = set([line for line in extra_lines if (line == "" or line.startswith("#"))])
unexpected_functional_lines = extra_lines - non_functional_lines
with subtest("All expected lines are in the file"):
assert not missing_lines, f"Missing lines: {missing_lines}"
with subtest("All remaining lines are empty or comments"):
assert not unexpected_functional_lines, f"Unexpected lines: {unexpected_functional_lines}"
|
