From 2bb211ed109a530619e5d91c1f9c289a15a3a6a5 Mon Sep 17 00:00:00 2001
From: Eduardo Barretto <eduardo.barretto@canonical.com>
Date: Tue, 6 Jul 2021 11:38:45 +0200
Subject: [PATCH] Add template lineinfile to verify_use_mappers

---
 .../verify_use_mappers/rule.yml                | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/verify_use_mappers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/verify_use_mappers/rule.yml
index 9d55bdba304..3529687a5ff 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/verify_use_mappers/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/verify_use_mappers/rule.yml
@@ -26,3 +26,21 @@ references:
     disa: CCI-000187
     srg: SRG-OS-000068-GPOS-00036
     stigid@ubuntu2004: UBTU-20-010006
+
+ocil_clause: 'use_mappers is not uncommented or configured correctly'
+
+ocil: |-
+    Verify that <tt>use_mappers</tt> is set to <tt>pwent</tt> in
+    <tt>/etc/pam_pkcs11/pam_pkcs11.conf</tt> file with the following command:
+
+    <pre>$ grep ^use_mappers /etc/pam_pkcs11/pam_pkcs11.conf
+
+    use_mappers = pwent</pre>
+
+template:
+    name: lineinfile
+    vars:
+        text: "use_mappers = pwent"
+        path: /etc/pam_pkcs11/pam_pkcs11.conf
+        oval_extended_definitions:
+            smartcard_configure_cert_checking