summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornimisha <nimisha.sharad@msystechnologies.com>2017-02-22 17:05:14 +0530
committerBryan McLellan <btm@loftninjas.org>2017-09-05 20:09:30 -0400
commit16ebc075e6214da2ad482bf9ffa74a4d5ae80b12 (patch)
tree5b5707883fd524e8db68b01a6b469693631e8710
parentbb6c40702ab26f2093fc72138724d43c6b972654 (diff)
downloadchef-16ebc075e6214da2ad482bf9ffa74a4d5ae80b12.tar.gz
Alternate user local logon authentication
Signed-off-by: nimisha <nimisha.sharad@msystechnologies.com>
-rw-r--r--lib/chef/mixin/user_context.rb16
-rw-r--r--lib/chef/mixin/user_identity.rb81
-rw-r--r--lib/chef/provider/remote_file/network_file.rb6
-rw-r--r--lib/chef/resource/remote_file.rb84
4 files changed, 64 insertions, 123 deletions
diff --git a/lib/chef/mixin/user_context.rb b/lib/chef/mixin/user_context.rb
index 4cd1ad015f..dfce6649bb 100644
--- a/lib/chef/mixin/user_context.rb
+++ b/lib/chef/mixin/user_context.rb
@@ -17,30 +17,16 @@
#
require "chef/util/windows/logon_session" if Chef::Platform.windows?
-require "chef/mixin/user_identity"
class Chef
module Mixin
module UserContext
- include Chef::Mixin::UserIdentity
-
- def with_user_context(specified_user, password, specified_domain = nil, &block)
- if ! Chef::Platform.windows?
- raise Exceptions::UnsupportedPlatform, "User context impersonation is supported only on the Windows platform"
- end
-
+ def with_user_context(user, password, domain = nil, &block)
if ! block_given?
raise ArgumentError, "You must supply a block to `with_user_context`"
end
- validate_identity(specified_user, password, specified_domain)
-
- identity = qualify_user(specified_user, specified_domain)
-
- user = identity[:user]
- domain = identity[:domain]
-
login_session = nil
begin
diff --git a/lib/chef/mixin/user_identity.rb b/lib/chef/mixin/user_identity.rb
deleted file mode 100644
index c037adb441..0000000000
--- a/lib/chef/mixin/user_identity.rb
+++ /dev/null
@@ -1,81 +0,0 @@
-#
-# Author:: Adam Edwards (<adamed@chef.io>)
-# Copyright:: Copyright (c) 2015 Chef Software, Inc.
-# License:: Apache License, Version 2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-class Chef
- module Mixin
- module UserIdentity
-
- def validate_identity(specified_user, password = nil, specified_domain = nil)
- validate_identity_platform(specified_user, password, specified_domain)
- validate_identity_syntax(specified_user, password, specified_domain)
- end
-
- def validate_identity_platform(specified_user, password = nil, specified_domain = nil)
- if ! Chef::Platform.windows?
- if password || specified_domain
- raise Exceptions::UnsupportedPlatform, "Values for `domain` and `password` are only supported on the Windows platform"
- end
- else
- if specified_user && password.nil?
- raise ArgumentError, "A value for `password` must be specified when a value for `user` is specified on the Windows platform"
- end
- end
- end
-
- def validate_identity_syntax(specified_user, password = nil, specified_domain = nil)
- identity = qualify_user(specified_user, specified_domain)
-
- if ( password || identity[:domain] ) && identity[:user].nil?
- raise ArgumentError, "A value for `password` or `domain` was specified without specification of a value for `user`"
- end
- end
-
- def qualify_user(specified_user, specified_domain = nil)
- domain = specified_domain
- user = specified_user
-
- if specified_user.nil? && ! specified_domain.nil?
- raise ArgumentError, "The domain `#{specified_domain}` was specified, but no user name was given"
- end
-
- if ! specified_user.nil? && specified_domain.nil?
- domain_and_user = user.split('\\')
-
- if domain_and_user.length == 1
- domain_and_user = user.split("@")
- end
-
- if domain_and_user.length == 2
- domain = domain_and_user[0]
- user = domain_and_user[1]
- elsif domain_and_user.length != 1
- raise ArgumentError, "The specified user name `#{user}` is not a syntactically valid user name"
- end
- end
-
- { domain: domain, user: user }
- end
-
- protected(:validate_identity)
- protected(:validate_identity_platform)
- protected(:validate_identity_syntax)
- protected(:qualify_user)
-
- end
- end
-end
diff --git a/lib/chef/provider/remote_file/network_file.rb b/lib/chef/provider/remote_file/network_file.rb
index 2bfcf38dbd..a08bfd2453 100644
--- a/lib/chef/provider/remote_file/network_file.rb
+++ b/lib/chef/provider/remote_file/network_file.rb
@@ -19,15 +19,12 @@
require "uri"
require "tempfile"
require "chef/provider/remote_file"
-require "chef/mixin/user_identity"
require "chef/mixin/user_context"
class Chef
class Provider
class RemoteFile
class NetworkFile
-
- include Chef::Mixin::UserIdentity
include Chef::Mixin::UserContext
attr_reader :new_resource
@@ -42,12 +39,11 @@ class Chef
# Fetches the file on a network share, returning a Tempfile-like File handle
# windows only
def fetch
- validate_identity(new_resource.remote_user, new_resource.remote_user_password, new_resource.remote_user_domain)
begin
tempfile = Chef::FileContentManagement::Tempfile.new(new_resource).tempfile
Chef::Log.debug("#{new_resource} staging #{@source} to #{tempfile.path}")
- with_user_context(new_resource.remote_user, new_resource.remote_user_password, new_resource.remote_user_domain) do
+ with_user_context(new_resource.remote_user, new_resource.remote_password, new_resource.remote_domain) do
::File.open(@source, "rb") do |remote_file|
while data = remote_file.read(TRANSFER_CHUNK_SIZE)
tempfile.write(data)
diff --git a/lib/chef/resource/remote_file.rb b/lib/chef/resource/remote_file.rb
index f631b4e579..190428938d 100644
--- a/lib/chef/resource/remote_file.rb
+++ b/lib/chef/resource/remote_file.rb
@@ -131,38 +131,78 @@ class Chef
)
end
- def remote_user(args = nil)
- set_or_return(
- :remote_user,
- args,
- :kind_of => String
- )
- end
+ property :remote_user, String
- def remote_user_domain(args = nil)
- set_or_return(
- :remote_user_domain,
- args,
- :kind_of => String
- )
- end
+ property :remote_domain, String
- def remote_user_password(args = nil)
- set_or_return(
- :remote_user_password,
- args,
- :kind_of => String
- )
- end
+ property :remote_password, String, sensitive: true
def sensitive(args = nil)
- if ! remote_user_password.nil?
+ if remote_password
true
else
super
end
end
+ def after_created
+ validate_identity_platform(remote_user, remote_password, remote_domain)
+ identity = qualify_user(remote_user, remote_password, remote_domain)
+ remote_domain(identity[:domain])
+ remote_user(identity[:user])
+ end
+
+ def validate_identity_platform(specified_user, password = nil, specified_domain = nil)
+ if node[:platform_family] == "windows"
+ if specified_user && password.nil?
+ raise ArgumentError, "A value for `password` must be specified when a value for `user` is specified on the Windows platform"
+ end
+ else
+ if password || specified_domain
+ raise Exceptions::UnsupportedPlatform, "Values for `domain` and `password` are only supported on the Windows platform"
+ end
+ end
+ end
+
+ def qualify_user(specified_user, password = nil, specified_domain = nil)
+ domain = specified_domain
+ user = specified_user
+
+ if specified_user.nil? && ! specified_domain.nil?
+ raise ArgumentError, "The domain `#{specified_domain}` was specified, but no user name was given"
+ end
+
+ # if domain is provided in both username and domain
+ if specified_user && ((specified_user.include? '\\') || (specified_user.include? "@")) && specified_domain
+ raise ArgumentError, "The domain is provided twice. Username: `#{specified_user}`, Domain: `#{specified_domain}`. Please specify domain only once."
+ end
+
+ if ! specified_user.nil? && specified_domain.nil?
+ # Splitting username of format: Domain\Username
+ domain_and_user = user.split('\\')
+
+ if domain_and_user.length == 2
+ domain = domain_and_user[0]
+ user = domain_and_user[1]
+ elsif domain_and_user.length == 1
+ # Splitting username of format: Username@Domain
+ domain_and_user = user.split("@")
+ if domain_and_user.length == 2
+ domain = domain_and_user[1]
+ user = domain_and_user[0]
+ elsif domain_and_user.length != 1
+ raise ArgumentError, "The specified user name `#{user}` is not a syntactically valid user name"
+ end
+ end
+ end
+
+ if ( password || domain ) && user.nil?
+ raise ArgumentError, "A value for `password` or `domain` was specified without specification of a value for `user`"
+ end
+
+ { domain: domain, user: user }
+ end
+
private
include Chef::Mixin::Uris