{{% if CONTROL_FLAG is defined and CONTROL_FLAG|string|length %}}
   {{% set MATCH_CONTROL_FLAG = CONTROL_FLAG %}}
{{% else %}}
   {{% set MATCH_CONTROL_FLAG = '\S+' %}}
{{% endif %}}

<def-group>
  <definition class="compliance" id="{{{ _RULE_ID }}}" version="3">
    {{{ oval_metadata("Configure PAM module", rule_title=rule_title) }}}
    <criteria operator="AND" comment="Make sure arguments are properly configured">
{{% for arg in ARGUMENTS %}}
{{% if arg['variable']|length %}}
      <criterion test_ref="test_pam_{{{ TYPE|lower }}}_{{{ MODULE|lower|replace('.so', '') }}}_{{{ arg['variable']|lower }}}" comment="Verify {{{ arg['variable'] }}} is set to the desired state" />
{{% else %}}
      <criterion test_ref="test_pam_{{{ TYPE|lower }}}_{{{ MODULE|lower|replace('.so', '') }}}_{{{ arg['argument']|lower }}}" comment="Verify {{{ arg['argument'] }}} is set to the desired state" />
{{% endif %}}
{{% endfor %}}
    </criteria>
  </definition>

{{% for arg in ARGUMENTS %}}
{{% if arg['variable']|length %}}
  <ind:textfilecontent54_test id="test_pam_{{{ TYPE|lower }}}_{{{ MODULE|lower|replace('.so', '') }}}_{{{ arg['variable']|lower }}}"
  check="all"
  comment="Verify {{{ arg['variable'] }}} configuation of {{{ MODULE }}}" version="1">
    <ind:object object_ref="object_pam_{{{ TYPE|lower }}}_{{{ MODULE|lower|replace('.so', '') }}}_{{{ arg['variable']|lower }}}" />
    <ind:state state_ref="state_pam_{{{ TYPE|lower }}}_{{{ MODULE|lower|replace('.so', '') }}}_{{{ arg['variable']|lower }}}" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_object id="object_pam_{{{ TYPE|lower }}}_{{{ MODULE|lower|replace('.so', '') }}}_{{{ arg['variable']|lower }}}" comment="Check {{{ arg['variable'] }}} configuration of PAM {{{ MODULE }}} module" version="1">
    <ind:filepath>{{{ PATH }}}</ind:filepath>
    <ind:pattern operation="pattern match">^\s*{{{ TYPE }}}\s+{{{ MATCH_CONTROL_FLAG }}}\s+{{{ MODULE }}}.*\s{{{ arg['variable'] }}}=(-?\d+)(?:\s+.*)?</ind:pattern>
    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
  </ind:textfilecontent54_object>

  <ind:textfilecontent54_state id="state_pam_{{{ TYPE|lower }}}_{{{ MODULE|lower|replace('.so', '') }}}_{{{ arg['variable']|lower }}}" version="3">
    <ind:subexpression datatype="int" operation="{{{ arg['operation'] }}}" var_ref="var_password_pam_{{{ arg['variable'] }}}" />
  </ind:textfilecontent54_state>

  <external_variable comment="PAM external variable var_password_pam_{{{ arg['variable'] }}}" datatype="int" id="var_password_pam_{{{ arg['variable'] }}}" version="1" />
{{% else %}}
  <ind:textfilecontent54_test id="test_pam_{{{ TYPE|lower }}}_{{{ MODULE|lower|replace('.so', '') }}}_{{{ arg['argument']|lower }}}"
  check="all" check_existence={{% if arg['remove_argument']|length %}}"none_exist"{{% else %}}"all_exist"{{% endif %}}
  comment="Verify {{{ arg['argument'] }}} configuation of {{{ MODULE }}}" version="1">
    <ind:object object_ref="object_pam_{{{ TYPE|lower }}}_{{{ MODULE|lower|replace('.so', '') }}}_{{{ arg['argument']|lower }}}" />
  </ind:textfilecontent54_test>

  <ind:textfilecontent54_object id="object_pam_{{{ TYPE|lower }}}_{{{ MODULE|lower|replace('.so', '') }}}_{{{ arg['argument']|lower }}}" comment="Check {{{ arg['argument'] }}} configuration of PAM {{{ MODULE }}} module" version="1">
    <ind:filepath>{{{ PATH }}}</ind:filepath>
{{% if arg['argument_match']|length %}}
    <ind:pattern operation="pattern match">^\s*{{{ TYPE }}}(?:(?!\n)\s)+{{{ MATCH_CONTROL_FLAG }}}(?:(?!\n)\s)+{{{ MODULE }}}((?!\n)\s[^\n]+)?(?!\n)\s+{{{ arg['argument'] }}}={{{ arg['argument_match'] }}}((\s+\S+)*\s*\\*\s*)$</ind:pattern>
{{% else %}}
    <ind:pattern operation="pattern match">^\s*{{{ TYPE }}}(?:(?!\n)\s)+{{{ MATCH_CONTROL_FLAG }}}(?:(?!\n)\s)+{{{ MODULE }}}((?!\n)\s[^\n]+)?(?!\n)\s+{{{ arg['argument'] }}}((\s+\S+)*\s*\\*\s*)$</ind:pattern>
{{% endif %}}
    <ind:instance datatype="int">1</ind:instance>
  </ind:textfilecontent54_object>
{{% endif %}}
{{% endfor %}}
</def-group>