[Pkg-puppet-devel] [SCM] Puppet packaging for Debian branch, master, updated. debian/0.24.6-1-356-g5718585

James Turnbull james at lovedthanlost.net
Fri Jan 23 14:21:49 UTC 2009


The following commit has been merged in the master branch:
commit a219c88866d8f91672b1830cc519da68a0d9b2c7
Author: Andrew Shafer <andrew at reductivelabs.com>
Date:   Thu Nov 27 01:22:36 2008 -0700

    Solaris doesn't have a native tool to set hashed passwords
    
    Added support for passwords by directly editing /etc/shadow
    (I tried to make it work with libshadow, but considering it is not packaged for Solaris and adds little benefit, I decided against it)
    
    password and password= are now defined on the default Solaris provider

diff --git a/lib/puppet/provider/user/user_role_add.rb b/lib/puppet/provider/user/user_role_add.rb
index 00fc24b..1be3fa6 100644
--- a/lib/puppet/provider/user/user_role_add.rb
+++ b/lib/puppet/provider/user/user_role_add.rb
@@ -22,11 +22,7 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd do
         value !~ /\s/
     end
 
-    has_features :manages_homedir, :allows_duplicates, :manages_solaris_rbac
-
-    if Puppet.features.libshadow?
-        has_feature :manages_passwords
-    end
+    has_features :manages_homedir, :allows_duplicates, :manages_solaris_rbac, :manages_passwords
 
     #must override this to hand the keyvalue pairs
     def add_properties
@@ -152,5 +148,34 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd do
     def keys=(keys_hash)
         run([command(:modify)] + build_keys_cmd(keys_hash) << @resource[:name], "modify attribute key pairs")
     end
+
+    #Read in /etc/shadow, find the line for this user (skipping comments, because who knows) and return the hashed pw (the second entry)
+    #No abstraction, all esoteric knowledge of file formats, yay
+    def password
+        #got perl?
+        if ary = File.readlines("/etc/shadow").reject { |r| r =~ /^[^\w]/}.collect { |l| l.split(':')[0..1] }.find { |user, passwd| user == @resource[:name] }
+            pass = ary[1]
+        end
+        pass
+    end
+
+    #Read in /etc/shadow, find the line for our used and rewrite it with the new pw
+    #Smooth like 80 grit
+    def password=(cryptopw)
+        File.open("/etc/shadow", "r") do |shadow|
+            File.open("/etc/shadow_tmp", "w", 0600) do |shadow_tmp|
+                while line = shadow.gets do
+                    line_arr = line.split(':')
+                    if line_arr[0] = @resource[:name]
+                        line_arr[1] = cryptopw
+                        line = line_arr.join(':')
+                    end
+                    shadow_tmp.print line
+                end
+            end
+        end
+
+        File.rename("/etc/shadow_tmp", "/etc/shadow")
+    end
 end
 
diff --git a/spec/unit/provider/user/user_role_add.rb b/spec/unit/provider/user/user_role_add.rb
index fc2074d..ccbda1f 100644
--- a/spec/unit/provider/user/user_role_add.rb
+++ b/spec/unit/provider/user/user_role_add.rb
@@ -188,4 +188,57 @@ describe provider_class do
             @provider.keys=({})
         end
     end
+
+    describe "when getting the hashed password" do
+        before do
+            @array = mock "array"
+        end
+
+        it "should readlines of /etc/shadow" do
+            File.expects(:readlines).with("/etc/shadow").returns([])
+            @provider.password
+        end
+
+        it "should reject anything that doesn't start with alpha numerics" do
+            @array.expects(:reject).returns([])
+            File.stubs(:readlines).with("/etc/shadow").returns(@array)
+            @provider.password
+        end
+
+        it "should collect splitting on ':'" do
+            @array.stubs(:reject).returns(@array)
+            @array.expects(:collect).returns([])
+            File.stubs(:readlines).with("/etc/shadow").returns(@array)
+            @provider.password
+        end
+
+        it "should find the matching user" do
+            @resource.stubs(:[]).with(:name).returns("username")
+            @array.stubs(:reject).returns(@array)
+            @array.stubs(:collect).returns([["username", "hashedpassword"], ["someoneelse", "theirpassword"]])
+            File.stubs(:readlines).with("/etc/shadow").returns(@array)
+            @provider.password.must == "hashedpassword"
+        end
+
+        it "should get the right password" do
+            @resource.stubs(:[]).with(:name).returns("username")
+            File.stubs(:readlines).with("/etc/shadow").returns(["#comment", "   nonsense", "  ", "username:hashedpassword:stuff:foo:bar:::", "other:pword:yay:::"])
+            @provider.password.must == "hashedpassword"
+        end
+    end
+
+    describe "when setting the password" do
+        #how can you mock these blocks up?
+        it "should open /etc/shadow for reading and /etc/shadow_tmp for writing" do
+            File.expects(:open).with("/etc/shadow", "r")
+            File.stubs(:rename)
+            @provider.password=("hashedpassword")
+        end
+        
+        it "should rename the /etc/shadow_tmp to /etc/shadow" do
+            File.stubs(:open).with("/etc/shadow", "r")
+            File.expects(:rename).with("/etc/shadow_tmp", "/etc/shadow")
+            @provider.password=("hashedpassword")
+        end
+    end
 end

-- 
Puppet packaging for Debian



More information about the Pkg-puppet-devel mailing list