diff options
author | Lamont Granquist <lamont@scriptkiddie.org> | 2018-05-21 09:21:51 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-21 09:21:51 -0700 |
commit | ffbfdc336fbb18e08eed958fcb300e69164b01e2 (patch) | |
tree | 16be148618e6f70668ed9c8b65f8e1279868b0da /lib/chef/provider/user | |
parent | d2cd93486f8183a96d83024d8c2e9d8b0b5088b6 (diff) | |
parent | b3a1cc9165904e6be09b8a62065e9289a905bfb4 (diff) | |
download | chef-ffbfdc336fbb18e08eed958fcb300e69164b01e2.tar.gz |
Merge pull request #7249 from chef/lcg/cleanup-user
Cleanup AIX and Solaris user resources.
Diffstat (limited to 'lib/chef/provider/user')
-rw-r--r-- | lib/chef/provider/user/aix.rb | 48 | ||||
-rw-r--r-- | lib/chef/provider/user/dscl.rb | 10 | ||||
-rw-r--r-- | lib/chef/provider/user/linux.rb | 12 | ||||
-rw-r--r-- | lib/chef/provider/user/solaris.rb | 83 | ||||
-rw-r--r-- | lib/chef/provider/user/useradd.rb | 5 |
5 files changed, 105 insertions, 53 deletions
diff --git a/lib/chef/provider/user/aix.rb b/lib/chef/provider/user/aix.rb index 64a088dd5c..be6ff9d750 100644 --- a/lib/chef/provider/user/aix.rb +++ b/lib/chef/provider/user/aix.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2012-2016, Chef Software Inc. +# Copyright:: Copyright 2012-2018, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,35 +14,57 @@ # See the License for the specific language governing permissions and # limitations under the License. -require "chef/provider/user/useradd" +require "chef/provider/user" class Chef class Provider class User - class Aix < Chef::Provider::User::Useradd + class Aix < Chef::Provider::User provides :user, os: "aix" provides :aix_user - UNIVERSAL_OPTIONS = [[:comment, "-c"], [:gid, "-g"], [:shell, "-s"], [:uid, "-u"]].freeze - def create_user - super + shell_out_compact!("useradd", universal_options, useradd_options, new_resource.username) add_password end def manage_user add_password manage_home - super + return if universal_options.empty? && usermod_options.empty? + shell_out_compact!("usermod", universal_options, usermod_options, new_resource.username) + end + + def remove_user + shell_out_compact!("userdel", userdel_options, new_resource.username) end # Aix does not support -r like other unix, sytem account is created by adding to 'system' group def useradd_options opts = [] opts << "-g" << "system" if new_resource.system + if updating_home? + if new_resource.manage_home + logger.trace("#{new_resource} managing the users home directory") + opts << "-m" + else + logger.trace("#{new_resource} setting home to #{new_resource.home}") + end + end + opts + end + + def userdel_options + opts = [] + opts << "-r" if new_resource.manage_home + opts << "-f" if new_resource.force opts end + def usermod_options + [] + end + def check_lock lock_info = shell_out_compact!("lsuser", "-a", "account_locked", new_resource.username) if whyrun_mode? && passwd_s.stdout.empty? && lock_info.stderr.match(/does not exist/) @@ -70,6 +92,17 @@ class Chef shell_out_compact!("chuser", "account_locked=false", new_resource.username) end + def universal_options + opts = [] + opts << "-c" << new_resource.comment if should_set?(:comment) + opts << "-g" << new_resource.gid if should_set?(:gid) + opts << "-s" << new_resource.shell if should_set?(:shell) + opts << "-u" << new_resource.uid if should_set?(:uid) + opts << "-d" << new_resource.home if updating_home? + opts << "-o" if new_resource.non_unique + opts + end + private def add_password @@ -83,7 +116,6 @@ class Chef def manage_home return unless updating_home? && new_resource.manage_home # -m option does not work on aix, so move dir. - universal_options.delete("-m") if ::File.directory?(current_resource.home) logger.trace("Changing users home directory from #{current_resource.home} to #{new_resource.home}") FileUtils.mv current_resource.home, new_resource.home diff --git a/lib/chef/provider/user/dscl.rb b/lib/chef/provider/user/dscl.rb index 79a2c73339..67fe8f3762 100644 --- a/lib/chef/provider/user/dscl.rb +++ b/lib/chef/provider/user/dscl.rb @@ -1,6 +1,6 @@ # # Author:: Dreamcat4 (<dreamcat4@gmail.com>) -# Copyright:: Copyright 2009-2017, Chef Software Inc. +# Copyright:: Copyright 2009-2018, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -654,9 +654,7 @@ user password using shadow hash.") end def run_dscl(*args) - argdup = args.dup - cmd = argdup.shift - result = shell_out_compact("dscl", ".", "-#{cmd}", argdup) + result = shell_out_compact("dscl", ".", "-#{args[0]}", args[1..-1]) return "" if ( args.first =~ /^delete/ ) && ( result.exitstatus != 0 ) raise(Chef::Exceptions::DsclCommandFailed, "dscl error: #{result.inspect}") unless result.exitstatus == 0 raise(Chef::Exceptions::DsclCommandFailed, "dscl error: #{result.inspect}") if result.stdout =~ /No such key: / @@ -664,9 +662,7 @@ user password using shadow hash.") end def run_plutil(*args) - argdup = args.dup - cmd = argdup.shift - result = shell_out_compact("plutil", "-#{cmd}", argdup) + result = shell_out_compact("plutil", "-#{args[0]}", args[1..-1]) raise(Chef::Exceptions::PlistUtilCommandFailed, "plutil error: #{result.inspect}") unless result.exitstatus == 0 if result.stdout.encoding == Encoding::ASCII_8BIT result.stdout.encode("utf-8", "binary", undef: :replace, invalid: :replace, replace: "?") diff --git a/lib/chef/provider/user/linux.rb b/lib/chef/provider/user/linux.rb index 2db6c218bd..a846d2657a 100644 --- a/lib/chef/provider/user/linux.rb +++ b/lib/chef/provider/user/linux.rb @@ -1,5 +1,5 @@ # -# Copyright:: Copyright 2016-2017, Chef Software Inc. +# Copyright:: Copyright 2016-2018, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -85,16 +85,6 @@ class Chef opts end - def should_set?(sym) - current_resource.send(sym).to_s != new_resource.send(sym).to_s && new_resource.send(sym) - end - - def updating_home? - return false unless new_resource.home - return true unless current_resource.home - new_resource.home && Pathname.new(current_resource.home).cleanpath != Pathname.new(new_resource.home).cleanpath - end - def check_lock # there's an old bug in rhel (https://bugzilla.redhat.com/show_bug.cgi?id=578534) # which means that both 0 and 1 can be success. diff --git a/lib/chef/provider/user/solaris.rb b/lib/chef/provider/user/solaris.rb index 59074d5ba8..1abe660cfd 100644 --- a/lib/chef/provider/user/solaris.rb +++ b/lib/chef/provider/user/solaris.rb @@ -2,7 +2,7 @@ # Author:: Stephen Nelson-Smith (<sns@chef.io>) # Author:: Jon Ramsey (<jonathon.ramsey@gmail.com>) # Author:: Dave Eddy (<dave@daveeddy.com>) -# Copyright:: Copyright 2012-2017, Chef Software Inc. +# Copyright:: Copyright 2012-2018, Chef Software Inc. # Copyright:: Copyright 2015-2016, Dave Eddy # License:: Apache License, Version 2.0 # @@ -18,35 +18,34 @@ # See the License for the specific language governing permissions and # limitations under the License. -require "chef/provider/user/useradd" +require "chef/provider/user" class Chef class Provider class User - class Solaris < Chef::Provider::User::Useradd + class Solaris < Chef::Provider::User provides :solaris_user - provides :user, os: %w{omnios solaris2} - UNIVERSAL_OPTIONS = [[:comment, "-c"], [:gid, "-g"], [:shell, "-s"], [:uid, "-u"]].freeze + provides :user, os: %w{openindiana opensolaris illumos omnios solaris2 smartos} - attr_writer :password_file - - def initialize(new_resource, run_context) - @password_file = "/etc/shadow" - super - end + PASSWORD_FILE = "/etc/shadow" def create_user - super + shell_out_compact!("useradd", universal_options, useradd_options, new_resource.username) manage_password end def manage_user manage_password - super + return if universal_options.empty? && usermod_options.empty? + shell_out_compact!("usermod", universal_options, usermod_options, new_resource.username) + end + + def remove_user + shell_out_compact!("userdel", userdel_options, new_resource.username) end def check_lock - user = IO.read(@password_file).match(/^#{Regexp.escape(new_resource.username)}:([^:]*):/) + user = IO.read(PASSWORD_FILE).match(/^#{Regexp.escape(new_resource.username)}:([^:]*):/) # If we're in whyrun mode, and the user is not created, we assume it will be return false if whyrun_mode? && user.nil? @@ -66,15 +65,45 @@ class Chef private - # Override the version from {#Useradd} because Solaris doesn't support - # system users and therefore has no `-r` option. This also inverts the - # logic for manage_home as Solaris defaults to no-manage-home and only - # offers `-m`. - # - # @since 12.15 - # @api private - # @see Useradd#useradd_options - # @return [Array<String>] + def universal_options + opts = [] + opts << "-c" << new_resource.comment if should_set?(:comment) + opts << "-g" << new_resource.gid if should_set?(:gid) + opts << "-s" << new_resource.shell if should_set?(:shell) + opts << "-u" << new_resource.uid if should_set?(:uid) + opts << "-d" << new_resource.home if updating_home? + opts << "-o" if new_resource.non_unique + if updating_home? + if new_resource.manage_home + logger.trace("#{new_resource} managing the users home directory") + opts << "-m" + else + logger.trace("#{new_resource} setting home to #{new_resource.home}") + end + end + opts + end + + def usermod_options + opts = [] + opts += [ "-u", new_resource.uid ] if new_resource.non_unique + if updating_home? + if new_resource.manage_home + opts << "-m" + end + end + opts + end + + def userdel_options + opts = [] + opts << "-r" if new_resource.manage_home + opts << "-f" if new_resource.force + opts + end + + # Solaris does not support system users and has no '-r' option, solaris also + # lacks '-M' and defaults to no-manage-home. def useradd_options opts = [] opts << "-m" if new_resource.manage_home @@ -87,9 +116,11 @@ class Chef write_shadow_file end + # XXX: this was straight copypasta'd back in 2013 and I don't think we've ever evaluted using + # a pipe to passwd(1) or evaluating modern ruby-shadow. See https://github.com/chef/chef/pull/721 def write_shadow_file buffer = Tempfile.new("shadow", "/etc") - ::File.open(@password_file) do |shadow_file| + ::File.open(PASSWORD_FILE) do |shadow_file| shadow_file.each do |entry| user = entry.split(":").first if user == new_resource.username @@ -102,7 +133,7 @@ class Chef buffer.close # FIXME: mostly duplicates code with file provider deploying a file - s = ::File.stat(@password_file) + s = ::File.stat(PASSWORD_FILE) mode = s.mode & 0o7777 uid = s.uid gid = s.gid @@ -110,7 +141,7 @@ class Chef FileUtils.chown uid, gid, buffer.path FileUtils.chmod mode, buffer.path - FileUtils.mv buffer.path, @password_file + FileUtils.mv buffer.path, PASSWORD_FILE end def updated_password(entry) diff --git a/lib/chef/provider/user/useradd.rb b/lib/chef/provider/user/useradd.rb index 47c0ece101..c09cc0d3a5 100644 --- a/lib/chef/provider/user/useradd.rb +++ b/lib/chef/provider/user/useradd.rb @@ -1,6 +1,6 @@ # # Author:: Adam Jacob (<adam@chef.io>) -# Copyright:: Copyright 2008-2017, Chef Software Inc. +# Copyright:: Copyright 2008-2018, Chef Software Inc. # License:: Apache License, Version 2.0 # # Licensed under the Apache License, Version 2.0 (the "License"); @@ -23,6 +23,9 @@ class Chef class Provider class User class Useradd < Chef::Provider::User + + Chef::Log.warn("the Chef::Provider::User::Useradd provider is deprecated, please subclass Chef::Provider::User directly") + # the linux version of this has been forked off, this is the base class now of solaris and AIX and should be abandoned # and those provider should be rewritten like the linux version. |