diff options
author | Lamont Granquist <lamont@scriptkiddie.org> | 2016-08-23 18:10:25 -0700 |
---|---|---|
committer | Lamont Granquist <lamont@scriptkiddie.org> | 2016-08-23 18:10:25 -0700 |
commit | 3f840999e60ea8974d2875d9a653241a49b655c8 (patch) | |
tree | b86877dfa7c177fbbc1f856fc510663442aea309 /lib/chef/provider/user/linux.rb | |
parent | b1913dd1cc18448a2cbda81ef40886708b1ca6d0 (diff) | |
download | chef-3f840999e60ea8974d2875d9a653241a49b655c8.tar.gz |
clean up everything
Signed-off-by: Lamont Granquist <lamont@scriptkiddie.org>
Diffstat (limited to 'lib/chef/provider/user/linux.rb')
-rw-r--r-- | lib/chef/provider/user/linux.rb | 114 |
1 files changed, 109 insertions, 5 deletions
diff --git a/lib/chef/provider/user/linux.rb b/lib/chef/provider/user/linux.rb index ca331311f1..792e05e729 100644 --- a/lib/chef/provider/user/linux.rb +++ b/lib/chef/provider/user/linux.rb @@ -14,18 +14,122 @@ # See the License for the specific language governing permissions and # limitations under the License. -require "chef/provider/user/useradd" +require "chef/provider/user" class Chef class Provider class User - class Linux < Chef::Provider::User::Useradd - # MAJOR XXX: the implementation of "linux" is the base class and all needs to be moved here + class Linux < Chef::Provider::User provides :linux_user provides :user, os: "linux" - def managing_home_dir? - new_resource.manage_home # linux always 'supports' manage_home + def create_user + shell_out!(*clean_array("useradd", universal_options, useradd_options, new_resource.username)) + end + + def manage_user + shell_out!(*clean_array("usermod", universal_options, new_resource.username)) + end + + def remove_user + shell_out!(*clean_array("userdel", userdel_options, new_resource.username)) + end + + def lock_user + shell_out!(*clean_array("usermod", "-L", new_resource.username)) + end + + def unlock_user + shell_out!(*clean_array("usermod", "-U", new_resource.username)) + end + + # common to usermod and useradd + def universal_options + opts = [] + opts << "-c" << new_resource.comment if should_set?(:comment) + opts << "-g" << new_resource.gid if should_set?(:gid) + opts << "-p" << new_resource.password if should_set?(:password) + opts << "-s" << new_resource.shell if should_set?(:shell) + opts << "-u" << new_resource.uid if should_set?(:uid) + if updating_home? + opts << "-d" << new_resource.home + if new_resource.manage_home + opts << "-m" + else + opts << "-M" + end + end + opts << "-o" if new_resource.non_unique + opts + end + + def useradd_options + opts = [] + opts << "-r" if new_resource.system + if new_resource.manage_home + opts << "-m" + else + opts << "-M" + end + opts + end + + def userdel_options + opts = [] + opts << "-r" if new_resource.manage_home + opts << "-f" if new_resource.force + opts + end + + def should_set?(sym) + current_resource.send(sym).to_s != new_resource.send(sym).to_s && new_resource.send(sym) + end + + def updating_home? + return false unless new_resource.home + return true unless current_resource.home + new_resource.home && Pathname.new(current_resource.home).cleanpath != Pathname.new(new_resource.home).cleanpath + end + + # FIXME: see if we can clean this up + def check_lock + # we can get an exit code of 1 even when it's successful on + # rhel/centos (redhat bug 578534). See additional error checks below. + passwd_s = shell_out!("passwd", "-S", new_resource.username, :returns => [0, 1]) + if whyrun_mode? && passwd_s.stdout.empty? && passwd_s.stderr.match(/does not exist/) + # if we're in whyrun mode and the user is not yet created we assume it would be + return false + end + + raise Chef::Exceptions::User, "Cannot determine if #{@new_resource} is locked!" if passwd_s.stdout.empty? + + status_line = passwd_s.stdout.split(" ") + case status_line[1] + when /^P/ + @locked = false + when /^N/ + @locked = false + when /^L/ + @locked = true + end + + unless passwd_s.exitstatus == 0 + raise_lock_error = false + if %w{redhat centos}.include?(node[:platform]) + passwd_version_check = shell_out!("rpm -q passwd") + passwd_version = passwd_version_check.stdout.chomp + + unless passwd_version == "passwd-0.73-1" + raise_lock_error = true + end + else + raise_lock_error = true + end + + raise Chef::Exceptions::User, "Cannot determine if #{new_resource} is locked!" if raise_lock_error + end + + @locked end end end |