diff options
| author | Claire McQuin <mcquin@users.noreply.github.com> | 2014-06-12 13:58:11 -0700 |
|---|---|---|
| committer | Claire McQuin <mcquin@users.noreply.github.com> | 2014-06-12 13:58:11 -0700 |
| commit | 690dc96357aba79ef4d4aef4cb26fe48e57a89d2 (patch) | |
| tree | 1ca8ce7bf94bdbc769d77f8cc4bfcd0340b9b24b | |
| parent | 5c4b6bb2cb7b6d6638d07e53014b539c406a204f (diff) | |
| parent | 9c03546f033a4b9720b84911525ed4ab869c830a (diff) | |
| download | chef-690dc96357aba79ef4d4aef4cb26fe48e57a89d2.tar.gz | |
Merge pull request #1423 from opscode/btm/CHEF-5247
CHEF-5247: Fix Useradd#manage_user backdoor
| -rw-r--r-- | lib/chef/provider/user/useradd.rb | 2 | ||||
| -rw-r--r-- | spec/unit/provider/user/useradd_spec.rb | 10 |
2 files changed, 11 insertions, 1 deletions
diff --git a/lib/chef/provider/user/useradd.rb b/lib/chef/provider/user/useradd.rb index 409da10e53..201bcbe542 100644 --- a/lib/chef/provider/user/useradd.rb +++ b/lib/chef/provider/user/useradd.rb @@ -38,7 +38,7 @@ class Chef end def manage_user - if universal_options != "" + unless universal_options.empty? command = compile_command("usermod") do |u| u.concat(universal_options) end diff --git a/spec/unit/provider/user/useradd_spec.rb b/spec/unit/provider/user/useradd_spec.rb index 5862ee3716..64734c499f 100644 --- a/spec/unit/provider/user/useradd_spec.rb +++ b/spec/unit/provider/user/useradd_spec.rb @@ -37,4 +37,14 @@ describe Chef::Provider::User::Useradd do } include_examples "a useradd-based user provider", supported_useradd_options + + describe "manage_user" do + # CHEF-5247: Chef::Provider::User::Solaris subclasses Chef::Provider::User::Useradd, but does not use usermod to change passwords. + # Thus, a call to Solaris#manage_user calls Solaris#manage_password and Useradd#manage_user, but the latter should be a no-op. + it "should not run the command if universal_options is an empty array" do + provider.stub(:universal_options).and_return([]) + expect(provider).not_to receive(:shell_out!) + provider.manage_user + end + end end |