1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
#
# Author:: Stephen Nelson-Smith (<sns@opscode.com>)
# Author:: Jon Ramsey (<jonathon.ramsey@gmail.com>)
# Author:: Dave Eddy (<dave@daveeddy.com>)
# Copyright:: Copyright (c) 2012 Opscode, Inc.
# Copyright:: Copyright 2015, Dave Eddy
# License:: Apache License, Version 2.0
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require "chef/provider/user/useradd"
class Chef
class Provider
class User
class Solaris < Chef::Provider::User::Useradd
provides :user, platform: %w{omnios solaris2}
UNIVERSAL_OPTIONS = [[:comment, "-c"], [:gid, "-g"], [:shell, "-s"], [:uid, "-u"]]
attr_writer :password_file
def initialize(new_resource, run_context)
@password_file = "/etc/shadow"
super
end
def create_user
super
manage_password
end
def manage_user
manage_password
super
end
def check_lock
shadow_line = shell_out!("getent", "shadow", new_resource.username).stdout.strip rescue nil
# if the command fails we return nil, this can happen if the user
# in question doesn't exist
return nil if shadow_line.nil?
# convert "dave:NP:16507::::::\n" to "NP"
fields = shadow_line.split(":")
# '*LK*...' and 'LK' are both considered locked,
# so look for LK at the beginning of the shadow entry
# optionally surrounded by '*'
@locked = !!fields[1].match(/^\*?LK\*?/)
@locked
end
def lock_user
shell_out!("passwd", "-l", new_resource.username)
end
def unlock_user
shell_out!("passwd", "-u", new_resource.username)
end
private
def manage_password
if @current_resource.password != @new_resource.password && @new_resource.password
Chef::Log.debug("#{@new_resource} setting password to #{@new_resource.password}")
write_shadow_file
end
end
def write_shadow_file
buffer = Tempfile.new("shadow", "/etc")
::File.open(@password_file) do |shadow_file|
shadow_file.each do |entry|
user = entry.split(":").first
if user == @new_resource.username
buffer.write(updated_password(entry))
else
buffer.write(entry)
end
end
end
buffer.close
# FIXME: mostly duplicates code with file provider deploying a file
s = ::File.stat(@password_file)
mode = s.mode & 07777
uid = s.uid
gid = s.gid
FileUtils.chown uid, gid, buffer.path
FileUtils.chmod mode, buffer.path
FileUtils.mv buffer.path, @password_file
end
def updated_password(entry)
fields = entry.split(":")
fields[1] = @new_resource.password
fields[2] = days_since_epoch
fields.join(":")
end
def days_since_epoch
(Time.now.to_i / 86400).floor
end
end
end
end
end
|
