Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Function pam.read_file is not available? #20809

Closed
lorengordon opened this issue Feb 18, 2015 · 5 comments
Closed

Function pam.read_file is not available? #20809

lorengordon opened this issue Feb 18, 2015 · 5 comments
Labels
Bug broken, incorrect, or confusing behavior Execution-Module P4 Priority 4 Platform Relates to OS, containers, platform-based utilities like FS, system based apps severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around
Milestone
Approved

Comments

@lorengordon
Copy link
Contributor

I've been helping work on a security baseline implemented via salt and saw that salt has the start of a pam module. But it appears salt will only load the module if libpam.so exists at /usr/lib/libpam.so. On a CentOS system with the 64bit version of the pam rpm, the corresponding file exists in /lib64. I'm not sure that os.path.exists will have the desired behavior anyway, though, since the file is really /lib64/libpam.so.0 and is a symlink to /lib64/libpam.so.0.82.2. Any idea why this loading restriction is in there?

https://github.com/saltstack/salt/blob/develop/salt/modules/pam.py

def __virtual__():
    '''
    Only load the module if iptables is installed
    '''
    if os.path.exists('/usr/lib/libpam.so'):
        return 'pam'
    return False

# salt-call --local pam.read_file /etc/pam.d/system-auth
Function pam.read_file is not available
@rallytime rallytime added the Question The issue is more of a question rather than a bug or a feature request label Feb 18, 2015
@rallytime rallytime added this to the Blocked milestone Feb 18, 2015
@rallytime
Copy link
Contributor

Thanks for the report @lorengordon. I am not very familiar with the particulars of the pam module, but it looks like @techhat can perhaps comment on your question here.

@rallytime
Copy link
Contributor

@lorengordon Apologies for never circling back around to your question. I think this restriction was just one way to check if pam is installed when the module was first written. If there are other file paths that would expose the installation of pam, that virtual check can certainly be adjusted.

@lorengordon
Copy link
Contributor Author

Heh, no worries. This looks like a pretty easy one. I'll try to come back to it and get it working.

@rallytime
Copy link
Contributor

That would be great. I'll change this to a more "this should be addressed" labeling scheme rather than just "Question". :)

@rallytime rallytime added Execution-Module Bug broken, incorrect, or confusing behavior severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around P4 Priority 4 Platform Relates to OS, containers, platform-based utilities like FS, system based apps and removed Question The issue is more of a question rather than a bug or a feature request labels Jun 10, 2016
@rallytime rallytime modified the milestones: Approved, Blocked Jun 10, 2016
lorengordon added a commit to lorengordon/salt that referenced this issue Jun 14, 2016
@lorengordon
Remove loader test for pam module
30423e4 
The test in the virtual function was unnecessary. The pam module
does not itself rely on any external python or pam libraries. The
only function present, pam.read_file(), accepts a file name as a
parameter, checks if it exists, and parses the file. There is no
reason to avoid loading the module.

Fixes saltstack#20809
@lorengordon lorengordon mentioned this issue Jun 14, 2016
Merged
rallytime pushed a commit that referenced this issue Jun 14, 2016
@lorengordon
Remove loader test for pam module (#34002)
4c7fac0 
The test in the virtual function was unnecessary. The pam module
does not itself rely on any external python or pam libraries. The
only function present, pam.read_file(), accepts a file name as a
parameter, checks if it exists, and parses the file. There is no
reason to avoid loading the module.

Fixes #20809
@rallytime
Copy link
Contributor

Fixed via #34002

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug broken, incorrect, or confusing behavior Execution-Module P4 Priority 4 Platform Relates to OS, containers, platform-based utilities like FS, system based apps severity-medium 3rd level, incorrect or bad functionality, confusing and lacks a work around
Projects
None yet
Milestone
Approved
Development

No branches or pull requests
2 participants
@rallytime @lorengordon