Since you are using multiple slist at the same time, CFEngine makes a
cross-product of each list : it calls change_or_add with
- "\s*password\s+\S+\s*pam_cracklib\.so\s+", "try_first_pass retry=3
minlen=8 lcredit=1 ucredit=1 dcredit=1 ocredit=1 difok=3",
"\s*password\s+", "password requisite pam_cracklib.so "
- "\s*password\s+\S+\s*pam_cracklib\.so\s+", "try_first_pass retry=3
minlen=8 lcredit=1 ucredit=1 dcredit=1 ocredit=1 difok=3",
"\s*password\s+", "password sufficient pam_unix.so "
- "\s*password\s+\S+\s*pam_cracklib\.so\s+", "try_first_pass retry=3
minlen=8 lcredit=1 ucredit=1 dcredit=1 ocredit=1 difok=3",
"\s*password\s+", "auth required pam_tally2.so "
- "\s*password\s+\S+\s*pam_cracklib\.so\s+", "try_first_pass retry=3
minlen=8 lcredit=1 ucredit=1 dcredit=1 ocredit=1 difok=3",
"\s*password\s+sufficient\s+", "password requisite pam_cracklib.so "
and so on (81 totals)
You will need to use arrays to do what you need to do
(this code is completely untested, but you'll get the idea)
vars:
"pamsysauth_ere[1]" string =>
"\s*password\s+\S+\s*pam_cracklib\.so\s+";
"pamsysauth_ere[2]" string => "\s*password\s+\S+\s*pam_unix\.so\s+";
"pamsysauth_ere[3]" string => "\s*auth\s+\S+\s*pam_tally2\.so\s+";
"pamsysauthsu_val[1]" string => "try_first_pass retry=3 minlen=8
lcredit=1 ucredit=1 dcredit=1 ocredit=1 difok=3";
"pamsysauthsu_val[2]" string => "shadow nullok try_first_pass
use_authtok remember=12";
"pamsysauthsu_val[3]" string => "onerr=fail deny=5 per_user";
"pamsysauthsu_stl[1]" string => "\s*password\s+";
"pamsysauthsu_stl[2]" string => "\s*password\s+sufficient\s+";
"pamsysauthsu_stl[3]" string => "\s*auth\s+";
"pamsysauthsu_add[1]" string => "password requisite
pam_cracklib.so ";
"pamsysauthsu_add[2]" string => "password sufficient
pam_unix.so ";
"pamsysauthsu_add[3]" string => "auth required
pam_tally2.so ";
#this is the slist you'll be iterating over
"indices" slist => getindices("pamsysauth_ere");
files:
"/etc/pam.d/system-auth"
comment => "BC_3266,BC_3021,BC_3020,BC_3014 password
complexity and aging",
create => "true",
edit_line => change_or_add(
$(pamsysauth_ere[$(indices)])","$(pamsysauth_val[$(indices)])","$(pamsysauth_stl[$(indices)])","$(pamsysauth_add[$(indices)])"
);
So you'll be sure that your edition is called with the right values. And
you can get rid of the slist copy in change_or_add (note that an
improvement could be to iterate over the array in the change_or_add
bundle, but it would be more difficult to reuse it in another promise)
Best regards
Nicolas CHARLES
On 17/10/2011 18:42, [email protected] wrote:
> Forum: CFEngine Help
> Subject: Help with coding needed
> Author: robson
> Link to topic: https://cfengine.com/forum/read.php?3,23758,23758#msg-23758
>
> Hi everybody,
>
> I'm beginner with cfengine. I'm using CFEngine Core 3.2.1. I learned some
> stuff myself, but I'm struggling with this. I have the code bellow in my
> promise file, but I want to use lists as a parameters. It works for a list
> with a single item, but it doesn't for lists with multiple items. I don't
> have enough experience to fix or modify the code. Basically I'm passing 4
> lists each with 3 items as arguments
> "change_or_add(eres,values,lstarts,addlines)" and I want change_or_add bundle
> to loop through 3 loops where first it takes all first items from all 4 lists
> and processes them, then it takes all second items from lists and processes
> them and eventually all the last items.
>
> If there is a solution for what I'm trying to do and somebody could please
> help me with fixing the code, I would really appreciate it. I also welcome
> any comment regards my code.
>
> ========================================================================
> This is a working code (works for a single item lists) which I use now:
>
> bundle agent secure {
> vars:
>
> "pamsysauth_ere" slist => {
> "\s*password\s+\S+\s*pam_cracklib\.so\s+","\s*password\s+\S+\s*pam_unix\.so\s+","\s*auth\s+\S+\s*pam_tally2\.so\s+"
> };
> "pamsysauthsu_val" slist => { "try_first_pass retry=3 minlen=8 lcredit=1
> ucredit=1 dcredit=1 ocredit=1 difok=3",
> "shadow nullok try_first_pass use_authtok
> remember=12","onerr=fail deny=5 per_user" };
> "pamsysauthsu_stl" slist => {
> "\s*password\s+","\s*password\s+sufficient\s+","\s*auth\s+" };
> "pamsysauthsu_add" slist => { "password requisite pam_cracklib.so
> ","password sufficient pam_unix.so ",
> "auth required pam_tally2.so "
> };
>
> file:
> "/etc/pam.d/system-auth"
>
> comment => "BC_3266,BC_3021,BC_3020,BC_3014 password
> complexity and aging",
> create => "true",
> edit_line => change_or_add(
> $(pamsysauth_ere)","$(pamsysauth_val)","$(pamsysauth_stl)","$(pamsysauth_add)"
> );
>
> }
>
> bundle edit_line change_or_add(eres,values,lstarts,addlines) {
>
> vars:
> "value" slist => { @(values)};
> "ere" slist => { @(eres)};
> "addline" slist => { @(addlines)};
> "lstart" slist => { @(lstarts)};
> "lncnt" int => countlinesmatching("^$(ere).*$","$(edit.filename)");
> "tmp" int => getfields("^$(lstart).*$","$(edit.filename)","","line");
>
> classes:
> "add1" expression => islessthan("$(lncnt)","1");
>
> replace_patterns:
> "^($(ere))(?!$(value)$)[^\n]*"
> replace_with => value("$(match.1)$(value)");
>
> insert_lines:
> add1::
> "$(addline)$(value)"
> location => before_line("^$(line[1])$");
>
> }
>
> _______________________________________________
> Help-cfengine mailing list
> [email protected]
> https://cfengine.org/mailman/listinfo/help-cfengine
_______________________________________________
Help-cfengine mailing list
[email protected]
https://cfengine.org/mailman/listinfo/help-cfengine
