mbailey-chef 0.9.12.1

data/lib/chef/provider/user/pw.rb

@@ -0,0 +1,113 @@
+#
+# Author:: Stephen Haynes (<sh@nomitor.com>)
+# Copyright:: Copyright (c) 2009 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/provider/user'
+
+class Chef
+  class Provider
+    class User
+      class Pw < Chef::Provider::User
+
+        def load_current_resource
+          super
+          raise Chef::Exceptions::User, "Could not find binary /usr/sbin/pw for #{@new_resource}" unless ::File.exists?("/usr/sbin/pw")
+        end
+
+        def create_user
+          command = "pw useradd"
+          command << set_options
+          run_command(:command => command)
+          modify_password
+        end
+        
+        def manage_user
+          command = "pw usermod"
+          command << set_options
+          run_command(:command => command)
+          modify_password
+        end
+        
+        def remove_user
+          command = "pw userdel #{@new_resource.username}"
+          command << " -r" if @new_resource.supports[:manage_home]
+          run_command(:command => command)
+        end
+        
+        def check_lock
+          case @current_resource.password
+          when /^\*LOCKED\*/
+            @locked = true
+          else
+            @locked = false
+          end
+          @locked
+        end
+        
+        def lock_user
+          run_command(:command => "pw lock #{@new_resource.username}")
+        end
+        
+        def unlock_user
+          run_command(:command => "pw unlock #{@new_resource.username}")
+        end
+        
+        def set_options
+          opts = " #{@new_resource.username}"
+          
+          field_list = {
+            'comment' => "-c",
+            'home' => "-d",
+            'gid' => "-g",
+            'uid' => "-u",
+            'shell' => "-s"
+          }
+          field_list.sort{ |a,b| a[0] <=> b[0] }.each do |field, option|
+            field_symbol = field.to_sym
+            if @current_resource.send(field_symbol) != @new_resource.send(field_symbol)
+              if @new_resource.send(field_symbol)
+                Chef::Log.debug("Setting #{@new_resource} #{field} to #{@new_resource.send(field_symbol)}")
+                opts << " #{option} '#{@new_resource.send(field_symbol)}'"
+              end
+            end
+          end
+          if @new_resource.supports[:manage_home]
+            Chef::Log.debug("Managing the home directory for #{@new_resource}")
+            opts << " -m"
+          end
+          opts
+        end
+      
+        def modify_password
+          if @current_resource.password != @new_resource.password
+            Chef::Log.debug("#{new_resource}: updating password")
+            command = "pw usermod #{@new_resource.username} -H 0"
+            status = popen4(command, :waitlast => true) do |pid, stdin, stdout, stderr|
+              stdin.puts "#{@new_resource.password}"
+            end
+            
+            unless status.exitstatus == 0
+              raise Chef::Exceptions::User, "pw failed - #{status.inspect}!"
+            end
+          else
+            Chef::Log.debug("#{new_resource}: no change needed to password")
+          end
+        end
+      end
+    end
+  end
+end

data/lib/chef/provider/user/useradd.rb

@@ -0,0 +1,137 @@
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Copyright:: Copyright (c) 2008 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/provider/user'
+
+class Chef
+  class Provider
+    class User 
+      class Useradd < Chef::Provider::User
+        UNIVERSAL_OPTIONS = [[:comment, "-c"], [:gid, "-g"], [:password, "-p"], [:shell, "-s"], [:uid, "-u"]]
+
+        def create_user
+          command = compile_command("useradd") do |useradd|
+            useradd << universal_options
+            useradd << useradd_options
+          end
+          run_command(:command => command)
+        end
+        
+        def manage_user
+          command = compile_command("usermod") { |u| u << universal_options }
+          run_command(:command => command)
+        end
+        
+        def remove_user
+          command = "userdel"
+          command << " -r" if managing_home_dir?
+          command << " #{@new_resource.username}"
+          run_command(:command => command)
+        end
+        
+        def check_lock
+          status = popen4("passwd -S #{@new_resource.username}") do |pid, stdin, stdout, stderr|
+            status_line = stdout.gets.split(' ')
+            case status_line[1]
+            when /^P/
+              @locked = false
+            when /^N/
+              @locked = false
+            when /^L/
+              @locked = true
+            end
+          end
+
+          unless status.exitstatus == 0
+            raise_lock_error = false
+            # we can get an exit code of 1 even when it's successful on rhel/centos (redhat bug 578534)
+            if status.exitstatus == 1 && ['redhat', 'centos'].include?(node[:platform])
+              passwd_version_status = popen4('rpm -q passwd') do |pid, stdin, stdout, stderr|
+                passwd_version = stdout.gets.chomp
+
+                unless passwd_version == 'passwd-0.73-1'
+                  raise_lock_error = true
+                end
+              end
+            else
+              raise_lock_error = true
+            end
+
+            raise Chef::Exceptions::User, "Cannot determine if #{@new_resource} is locked!" if raise_lock_error
+          end
+
+          @locked
+        end
+        
+        def lock_user
+          run_command(:command => "usermod -L #{@new_resource.username}")
+        end
+        
+        def unlock_user
+          run_command(:command => "usermod -U #{@new_resource.username}")
+        end
+
+        def compile_command(base_command)
+          yield base_command
+          base_command << " #{@new_resource.username}"
+          base_command
+        end
+        
+        def universal_options
+          opts = ''
+          
+          UNIVERSAL_OPTIONS.each do |field, option|
+            if @current_resource.send(field) != @new_resource.send(field)
+              if @new_resource.send(field)
+                Chef::Log.debug("Setting #{@new_resource} #{field} to #{@new_resource.send(field)}")
+                opts << " #{option} '#{@new_resource.send(field)}'"
+              end
+            end
+          end
+          if updating_home?
+            if managing_home_dir?
+              Chef::Log.debug("Managing the home directory for #{@new_resource}")
+              opts << " -d '#{@new_resource.home}'"
+            else
+              Chef::Log.debug("Setting #{@new_resource} home to #{@new_resource.home}")
+              opts << " -d '#{@new_resource.home}'"
+            end
+          end
+          opts << " -o" if @new_resource.non_unique || @new_resource.supports[:non_unique]
+          opts
+        end
+
+        def useradd_options
+          opts = ''
+          opts << " -m" if updating_home? && managing_home_dir?
+          opts << " -r" if @new_resource.system
+          opts
+        end
+
+        def updating_home?
+          @current_resource.home != @new_resource.home && @new_resource.home
+        end
+
+        def managing_home_dir?
+          @new_resource.manage_home || @new_resource.supports[:manage_home]
+        end
+
+      end
+    end
+  end
+end

data/lib/chef/provider/user/windows.rb

@@ -0,0 +1,124 @@
+#
+# Author:: Doug MacEachern (<dougm@vmware.com>)
+# Copyright:: Copyright (c) 2010 VMware, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/provider/user'
+if RUBY_PLATFORM =~ /mswin|mingw32|windows/
+  require 'chef/util/windows/net_user'
+end
+
+class Chef
+  class Provider
+    class User
+      class Windows < Chef::Provider::User
+
+        def initialize(new_resource,run_context)
+          super
+          @net_user = Chef::Util::Windows::NetUser.new(@new_resource.name)
+        end
+
+        def load_current_resource
+          @current_resource = Chef::Resource::User.new(@new_resource.name)
+          @current_resource.username(@new_resource.username)
+          user_info = nil
+          begin
+            user_info = @net_user.get_info
+          rescue
+            @user_exists = false
+            Chef::Log.debug("User #{@new_resource.username} does not exist")
+          end
+
+          if user_info
+            @current_resource.uid(user_info[:user_id])
+            @current_resource.gid(user_info[:primary_group_id])
+            @current_resource.comment(user_info[:full_name])
+            @current_resource.home(user_info[:home_dir])
+            @current_resource.shell(user_info[:script_path])
+          end
+
+          @current_resource
+        end
+
+        # Check to see if the user needs any changes
+        #
+        # === Returns
+        # <true>:: If a change is required
+        # <false>:: If the users are identical
+        def compare_user
+          unless @net_user.validate_credentials(@new_resource.password)
+            Chef::Log.debug("User #{@new_resource.username} password has changed")
+            return true
+          end
+          [ :uid, :gid, :comment, :home, :shell ].any? do |user_attrib|
+            !@new_resource.send(user_attrib).nil? && @new_resource.send(user_attrib) != @current_resource.send(user_attrib)
+          end
+        end
+
+        def create_user
+          @net_user.add(set_options)
+        end
+        
+        def manage_user
+          @net_user.update(set_options)
+        end
+        
+        def remove_user
+          @net_user.delete
+        end
+        
+        def check_lock
+          @net_user.check_enabled
+        end
+        
+        def lock_user
+          @net_user.disable_account
+        end
+        
+        def unlock_user
+          @net_user.enable_account
+        end
+
+        def set_options
+          opts = {:name => @new_resource.username}
+
+          field_list = {
+            'comment' => 'full_name',
+            'home' => 'home_dir',
+            'gid' => 'primary_group_id',
+            'uid' => 'user_id',
+            'shell' => 'script_path',
+            'password' => 'password'
+          }
+
+          field_list.sort{ |a,b| a[0] <=> b[0] }.each do |field, option|
+            field_symbol = field.to_sym
+            if @current_resource.send(field_symbol) != @new_resource.send(field_symbol)
+              if @new_resource.send(field_symbol)
+                unless field_symbol == :password
+                  Chef::Log.debug("Setting #{@new_resource} #{field} to #{@new_resource.send(field_symbol)}")
+                end
+                opts[option.to_sym] = @new_resource.send(field_symbol)
+              end
+            end
+          end
+          opts
+        end
+
+      end
+    end
+  end
+end

data/lib/chef/provider/user.rb

@@ -0,0 +1,187 @@
+#
+# Author:: Adam Jacob (<adam@opscode.com>)
+# Copyright:: Copyright (c) 2008 Opscode, Inc.
+# License:: Apache License, Version 2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+require 'chef/provider'
+require 'chef/mixin/command'
+require 'chef/resource/user'
+require 'etc'
+
+class Chef
+  class Provider
+    class User < Chef::Provider
+      
+      include Chef::Mixin::Command
+      
+      attr_accessor :user_exists, :locked
+      
+      def initialize(new_resource, run_context)
+        super
+        @user_exists = true
+        @locked = nil
+      end
+  
+      def convert_group_name
+        if @new_resource.gid.is_a? String
+          @new_resource.gid(Etc.getgrnam(@new_resource.gid).gid)
+        end
+      rescue ArgumentError => e
+        raise Chef::Exceptions::User, "Couldn't lookup integer GID for group name #{@new_resource.gid}"
+      end
+      
+      def load_current_resource
+        @current_resource = Chef::Resource::User.new(@new_resource.name)
+        @current_resource.username(@new_resource.username)
+      
+        begin
+          user_info = Etc.getpwnam(@new_resource.username)
+        rescue ArgumentError => e
+          @user_exists = false
+          Chef::Log.debug("User #{@new_resource.username} does not exist")
+          user_info = nil
+        end
+        
+        if user_info
+          @current_resource.uid(user_info.uid)
+          @current_resource.gid(user_info.gid)
+          @current_resource.comment(user_info.gecos)
+          @current_resource.home(user_info.dir)
+          @current_resource.shell(user_info.shell)
+          @current_resource.password(user_info.passwd)
+        
+          if @new_resource.password && @current_resource.password == 'x'
+            begin
+              require 'shadow'
+            rescue LoadError
+              Chef::Log.error("You must have ruby-shadow installed for password support!")
+              raise Chef::Exceptions::MissingLibrary, "You must have ruby-shadow installed for password support!"
+            else
+              shadow_info = Shadow::Passwd.getspnam(@new_resource.username)
+              @current_resource.password(shadow_info.sp_pwdp)
+            end
+          end
+          
+          if @new_resource.gid
+            convert_group_name
+          end
+        end
+        
+        @current_resource
+      end
+
+      # Check to see if the user needs any changes
+      #
+      # === Returns
+      # <true>:: If a change is required
+      # <false>:: If the users are identical
+      def compare_user
+        [ :uid, :gid, :comment, :home, :shell, :password ].any? do |user_attrib|
+          !@new_resource.send(user_attrib).nil? && @new_resource.send(user_attrib) != @current_resource.send(user_attrib)
+        end
+      end
+      
+      def action_create
+        if !@user_exists
+          create_user
+          Chef::Log.info("Created #{@new_resource}")
+          @new_resource.updated_by_last_action(true)
+        elsif compare_user
+          manage_user
+          Chef::Log.info("Altered #{@new_resource}")
+          @new_resource.updated_by_last_action(true)
+        end
+      end
+      
+      def action_remove
+        if @user_exists
+          remove_user
+          @new_resource.updated_by_last_action(true)
+          Chef::Log.info("Removed #{@new_resource}")
+        end
+      end
+
+      def remove_user
+        raise NotImplementedError
+      end
+
+      def action_manage
+        if @user_exists && compare_user
+          manage_user
+          @new_resource.updated_by_last_action(true)
+          Chef::Log.info("Managed #{@new_resource}")
+        end
+      end
+
+      def manage_user
+        raise NotImplementedError
+      end
+
+      def action_modify
+        if @user_exists
+          if compare_user
+            manage_user
+            @new_resource.updated_by_last_action(true)
+            Chef::Log.info("Modified #{@new_resource}")
+          end
+        else
+          raise Chef::Exceptions::User, "Cannot modify #{@new_resource} - user does not exist!"
+        end
+      end
+
+      def action_lock
+        if @user_exists
+          if check_lock() == false
+            lock_user
+            @new_resource.updated_by_last_action(true)
+            Chef::Log.info("Locked #{@new_resource}")
+          else
+            Chef::Log.debug("No need to lock #{@new_resource}")
+          end
+        else
+          raise Chef::Exceptions::User, "Cannot lock #{@new_resource} - user does not exist!"
+        end
+      end
+
+      def check_lock
+        raise NotImplementedError
+      end
+
+      def lock_user
+        raise NotImplementedError
+      end
+
+      def action_unlock
+        if @user_exists
+          if check_lock() == true
+            unlock_user
+            @new_resource.updated_by_last_action(true)
+            Chef::Log.info("Unlocked #{@new_resource}")
+          else
+            Chef::Log.debug("No need to unlock #{@new_resource}")
+          end
+        else
+          raise Chef::Exceptions::User, "Cannot unlock #{@new_resource} - user does not exist!"
+        end
+      end
+      
+      def unlock_user
+        raise NotImplementedError
+      end
+
+    end
+  end
+end