diff options
author | nimisha <nimisha.sharad@msystechnologies.com> | 2017-02-22 17:05:14 +0530 |
---|---|---|
committer | Bryan McLellan <btm@loftninjas.org> | 2017-09-05 20:09:30 -0400 |
commit | 16ebc075e6214da2ad482bf9ffa74a4d5ae80b12 (patch) | |
tree | 5b5707883fd524e8db68b01a6b469693631e8710 | |
parent | bb6c40702ab26f2093fc72138724d43c6b972654 (diff) | |
download | chef-16ebc075e6214da2ad482bf9ffa74a4d5ae80b12.tar.gz |
Alternate user local logon authentication
Signed-off-by: nimisha <nimisha.sharad@msystechnologies.com>
-rw-r--r-- | lib/chef/mixin/user_context.rb | 16 | ||||
-rw-r--r-- | lib/chef/mixin/user_identity.rb | 81 | ||||
-rw-r--r-- | lib/chef/provider/remote_file/network_file.rb | 6 | ||||
-rw-r--r-- | lib/chef/resource/remote_file.rb | 84 |
4 files changed, 64 insertions, 123 deletions
diff --git a/lib/chef/mixin/user_context.rb b/lib/chef/mixin/user_context.rb index 4cd1ad015f..dfce6649bb 100644 --- a/lib/chef/mixin/user_context.rb +++ b/lib/chef/mixin/user_context.rb @@ -17,30 +17,16 @@ # require "chef/util/windows/logon_session" if Chef::Platform.windows? -require "chef/mixin/user_identity" class Chef module Mixin module UserContext - include Chef::Mixin::UserIdentity - - def with_user_context(specified_user, password, specified_domain = nil, &block) - if ! Chef::Platform.windows? - raise Exceptions::UnsupportedPlatform, "User context impersonation is supported only on the Windows platform" - end - + def with_user_context(user, password, domain = nil, &block) if ! block_given? raise ArgumentError, "You must supply a block to `with_user_context`" end - validate_identity(specified_user, password, specified_domain) - - identity = qualify_user(specified_user, specified_domain) - - user = identity[:user] - domain = identity[:domain] - login_session = nil begin diff --git a/lib/chef/mixin/user_identity.rb b/lib/chef/mixin/user_identity.rb deleted file mode 100644 index c037adb441..0000000000 --- a/lib/chef/mixin/user_identity.rb +++ /dev/null @@ -1,81 +0,0 @@ -# -# Author:: Adam Edwards (<adamed@chef.io>) -# Copyright:: Copyright (c) 2015 Chef Software, Inc. -# License:: Apache License, Version 2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# - -class Chef - module Mixin - module UserIdentity - - def validate_identity(specified_user, password = nil, specified_domain = nil) - validate_identity_platform(specified_user, password, specified_domain) - validate_identity_syntax(specified_user, password, specified_domain) - end - - def validate_identity_platform(specified_user, password = nil, specified_domain = nil) - if ! Chef::Platform.windows? - if password || specified_domain - raise Exceptions::UnsupportedPlatform, "Values for `domain` and `password` are only supported on the Windows platform" - end - else - if specified_user && password.nil? - raise ArgumentError, "A value for `password` must be specified when a value for `user` is specified on the Windows platform" - end - end - end - - def validate_identity_syntax(specified_user, password = nil, specified_domain = nil) - identity = qualify_user(specified_user, specified_domain) - - if ( password || identity[:domain] ) && identity[:user].nil? - raise ArgumentError, "A value for `password` or `domain` was specified without specification of a value for `user`" - end - end - - def qualify_user(specified_user, specified_domain = nil) - domain = specified_domain - user = specified_user - - if specified_user.nil? && ! specified_domain.nil? - raise ArgumentError, "The domain `#{specified_domain}` was specified, but no user name was given" - end - - if ! specified_user.nil? && specified_domain.nil? - domain_and_user = user.split('\\') - - if domain_and_user.length == 1 - domain_and_user = user.split("@") - end - - if domain_and_user.length == 2 - domain = domain_and_user[0] - user = domain_and_user[1] - elsif domain_and_user.length != 1 - raise ArgumentError, "The specified user name `#{user}` is not a syntactically valid user name" - end - end - - { domain: domain, user: user } - end - - protected(:validate_identity) - protected(:validate_identity_platform) - protected(:validate_identity_syntax) - protected(:qualify_user) - - end - end -end diff --git a/lib/chef/provider/remote_file/network_file.rb b/lib/chef/provider/remote_file/network_file.rb index 2bfcf38dbd..a08bfd2453 100644 --- a/lib/chef/provider/remote_file/network_file.rb +++ b/lib/chef/provider/remote_file/network_file.rb @@ -19,15 +19,12 @@ require "uri" require "tempfile" require "chef/provider/remote_file" -require "chef/mixin/user_identity" require "chef/mixin/user_context" class Chef class Provider class RemoteFile class NetworkFile - - include Chef::Mixin::UserIdentity include Chef::Mixin::UserContext attr_reader :new_resource @@ -42,12 +39,11 @@ class Chef # Fetches the file on a network share, returning a Tempfile-like File handle # windows only def fetch - validate_identity(new_resource.remote_user, new_resource.remote_user_password, new_resource.remote_user_domain) begin tempfile = Chef::FileContentManagement::Tempfile.new(new_resource).tempfile Chef::Log.debug("#{new_resource} staging #{@source} to #{tempfile.path}") - with_user_context(new_resource.remote_user, new_resource.remote_user_password, new_resource.remote_user_domain) do + with_user_context(new_resource.remote_user, new_resource.remote_password, new_resource.remote_domain) do ::File.open(@source, "rb") do |remote_file| while data = remote_file.read(TRANSFER_CHUNK_SIZE) tempfile.write(data) diff --git a/lib/chef/resource/remote_file.rb b/lib/chef/resource/remote_file.rb index f631b4e579..190428938d 100644 --- a/lib/chef/resource/remote_file.rb +++ b/lib/chef/resource/remote_file.rb @@ -131,38 +131,78 @@ class Chef ) end - def remote_user(args = nil) - set_or_return( - :remote_user, - args, - :kind_of => String - ) - end + property :remote_user, String - def remote_user_domain(args = nil) - set_or_return( - :remote_user_domain, - args, - :kind_of => String - ) - end + property :remote_domain, String - def remote_user_password(args = nil) - set_or_return( - :remote_user_password, - args, - :kind_of => String - ) - end + property :remote_password, String, sensitive: true def sensitive(args = nil) - if ! remote_user_password.nil? + if remote_password true else super end end + def after_created + validate_identity_platform(remote_user, remote_password, remote_domain) + identity = qualify_user(remote_user, remote_password, remote_domain) + remote_domain(identity[:domain]) + remote_user(identity[:user]) + end + + def validate_identity_platform(specified_user, password = nil, specified_domain = nil) + if node[:platform_family] == "windows" + if specified_user && password.nil? + raise ArgumentError, "A value for `password` must be specified when a value for `user` is specified on the Windows platform" + end + else + if password || specified_domain + raise Exceptions::UnsupportedPlatform, "Values for `domain` and `password` are only supported on the Windows platform" + end + end + end + + def qualify_user(specified_user, password = nil, specified_domain = nil) + domain = specified_domain + user = specified_user + + if specified_user.nil? && ! specified_domain.nil? + raise ArgumentError, "The domain `#{specified_domain}` was specified, but no user name was given" + end + + # if domain is provided in both username and domain + if specified_user && ((specified_user.include? '\\') || (specified_user.include? "@")) && specified_domain + raise ArgumentError, "The domain is provided twice. Username: `#{specified_user}`, Domain: `#{specified_domain}`. Please specify domain only once." + end + + if ! specified_user.nil? && specified_domain.nil? + # Splitting username of format: Domain\Username + domain_and_user = user.split('\\') + + if domain_and_user.length == 2 + domain = domain_and_user[0] + user = domain_and_user[1] + elsif domain_and_user.length == 1 + # Splitting username of format: Username@Domain + domain_and_user = user.split("@") + if domain_and_user.length == 2 + domain = domain_and_user[1] + user = domain_and_user[0] + elsif domain_and_user.length != 1 + raise ArgumentError, "The specified user name `#{user}` is not a syntactically valid user name" + end + end + end + + if ( password || domain ) && user.nil? + raise ArgumentError, "A value for `password` or `domain` was specified without specification of a value for `user`" + end + + { domain: domain, user: user } + end + private include Chef::Mixin::Uris |