diff options
author | Serdar Sutay <serdar@opscode.com> | 2014-08-12 10:24:49 -0700 |
---|---|---|
committer | Serdar Sutay <serdar@opscode.com> | 2014-08-12 16:18:18 -0700 |
commit | de00321eb72952f87494d90677e1ada1638d0bcd (patch) | |
tree | 575cc621e6d439f6de103dd9bc9bc9fde73d7b01 | |
parent | ebe9a7f262f23ff7bd9f94afa9b0c1a07cbd2a73 (diff) | |
download | chef-de00321eb72952f87494d90677e1ada1638d0bcd.tar.gz |
Updates based on PR comments.
-rw-r--r-- | lib/chef/exceptions.rb | 2 | ||||
-rw-r--r-- | lib/chef/provider/user/dscl.rb | 58 | ||||
-rw-r--r-- | spec/unit/provider/user/dscl_spec.rb | 3 |
3 files changed, 38 insertions, 25 deletions
diff --git a/lib/chef/exceptions.rb b/lib/chef/exceptions.rb index 0d86b08558..f6db5dbe56 100644 --- a/lib/chef/exceptions.rb +++ b/lib/chef/exceptions.rb @@ -83,7 +83,7 @@ class Chef class RequestedUIDUnavailable < RuntimeError; end class InvalidHomeDirectory < ArgumentError; end class DsclCommandFailed < RuntimeError; end - class PlutilCommandFailed < RuntimeError; end + class PlistUtilCommandFailed < RuntimeError; end class UserIDNotFound < ArgumentError; end class GroupIDNotFound < ArgumentError; end class ConflictingMembersInGroup < ArgumentError; end diff --git a/lib/chef/provider/user/dscl.rb b/lib/chef/provider/user/dscl.rb index 0c4ac27377..8f56859fe4 100644 --- a/lib/chef/provider/user/dscl.rb +++ b/lib/chef/provider/user/dscl.rb @@ -62,31 +62,47 @@ class Chef end requirements.assert(:create, :modify, :manage) do |a| - # Password Requirements a.assertion do - if @new_resource.password - if mac_osx_version_greater_than_10_7? - if salted_sha512?(@new_resource.password) - # SALTED-SHA512 password shadow hashes are not supported - false - elsif salted_sha512_pbkdf2?(@new_resource.password) - # salt and iterations should be specified when - # SALTED-SHA512-PBKDF2 password shadow hash is given - @new_resource.salt && @new_resource.iterations - else - true - end - else - # On 10.7 SALTED-SHA512-PBKDF2 is not supported - !salted_sha512_pbkdf2?(@new_resource.password) - end + if @new_resource.password && mac_osx_version_greater_than_10_7? + # SALTED-SHA512 password shadow hashes are not supported on 10.8 and above. + !salted_sha512?(@new_resource.password) else true end end - a.failure_message(Chef::Exceptions::User, "Requirements for password is not achieved. Check \ - http://docs.getchef.com/resource_user.html#attributes for more information!") + a.failure_message(Chef::Exceptions::User, "SALTED-SHA512 passwords are not supported on Mac 10.8 and above. \ +If you want to set the user password using shadow info make sure you specify a SALTED-SHA512-PBKDF2 shadow hash \ +in 'password', with the associated 'salt' and 'iterations'.") end + + requirements.assert(:create, :modify, :manage) do |a| + a.assertion do + if @new_resource.password && mac_osx_version_greater_than_10_7? && salted_sha512_pbkdf2?(@new_resource.password) + # salt and iterations should be specified when + # SALTED-SHA512-PBKDF2 password shadow hash is given + !@new_resource.salt.nil? && !@new_resource.iterations.nil? + else + true + end + end + a.failure_message(Chef::Exceptions::User, "SALTED-SHA512-PBKDF2 shadow hash is given without associated \ +'salt' and 'iterations'. Please specify 'salt' and 'iterations' in order to set the user password using shadow hash.") + end + + requirements.assert(:create, :modify, :manage) do |a| + a.assertion do + if @new_resource.password && !mac_osx_version_greater_than_10_7? + # On 10.7 SALTED-SHA512-PBKDF2 is not supported + !salted_sha512_pbkdf2?(@new_resource.password) + else + true + end + end + a.failure_message(Chef::Exceptions::User, "SALTED-SHA512-PBKDF2 shadow hashes are not supported on \ +Mac OS X version 10.7. Please specify a SALTED-SHA512 shadow hash in 'password' attribute to set the \ +user password using shadow hash.") + end + end def load_current_resource @@ -542,7 +558,7 @@ class Chef user_plist_file = "#{USER_PLIST_DIRECTORY}/#{@new_resource.username}.plist" user_plist_info = run_plutil("convert xml1 -o - #{user_plist_file}") user_info = Plist::parse_xml(user_plist_info) - rescue Chef::Exceptions::PlutilCommandFailed + rescue Chef::Exceptions::PlistUtilCommandFailed end user_info @@ -613,7 +629,7 @@ class Chef def run_plutil(*args) result = shell_out("plutil -#{args.join(' ')}") - raise(Chef::Exceptions::PlutilCommandFailed,"plutil error: #{result.inspect}") unless result.exitstatus == 0 + raise(Chef::Exceptions::PlistUtilCommandFailed,"plutil error: #{result.inspect}") unless result.exitstatus == 0 result.stdout end diff --git a/spec/unit/provider/user/dscl_spec.rb b/spec/unit/provider/user/dscl_spec.rb index 0ff5a26ea6..3cb18f1979 100644 --- a/spec/unit/provider/user/dscl_spec.rb +++ b/spec/unit/provider/user/dscl_spec.rb @@ -430,7 +430,6 @@ ea18e18b720e358e7fbe3cfbeaa561456f6ba008937a30" it "diverged_password? should report false" do provider.load_current_resource - pending provider.diverged_password?.should be_false end end @@ -440,7 +439,6 @@ ea18e18b720e358e7fbe3cfbeaa561456f6ba008937a30" it "diverged_password? should report true" do provider.load_current_resource - pending provider.diverged_password?.should be_true end end @@ -644,7 +642,6 @@ ea18e18b720e358e7fbe3cfbeaa561456f6ba008937a30") let(:password) { "vagrant" } it "password_shadow_info should have salted-sha-512 format" do - pending shadow_info = provider.prepare_password_shadow_info shadow_info.should have_key("SALTED-SHA512") info = shadow_info["SALTED-SHA512"].string.unpack('H*').first |