runa-chef 0.8.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/LICENSE +201 -0
- data/README.rdoc +136 -0
- data/bin/chef-client +26 -0
- data/bin/chef-solo +26 -0
- data/bin/knife +27 -0
- data/bin/shef +45 -0
- data/distro/README +2 -0
- data/distro/common/man/man1/chef-indexer.1 +42 -0
- data/distro/common/man/man1/chef-server.1 +108 -0
- data/distro/common/man/man8/chef-client.8 +61 -0
- data/distro/common/man/man8/chef-solo.8 +58 -0
- data/distro/common/man/man8/knife.8 +359 -0
- data/distro/debian/etc/init.d/chef-client +175 -0
- data/distro/debian/etc/init.d/chef-indexer +175 -0
- data/distro/debian/etc/init.d/chef-server +120 -0
- data/distro/redhat/etc/init.d/chef-client +78 -0
- data/distro/redhat/etc/init.d/chef-indexer +76 -0
- data/distro/redhat/etc/init.d/chef-server +78 -0
- data/distro/redhat/etc/sysconfig/chef-client +10 -0
- data/distro/redhat/etc/sysconfig/chef-indexer +8 -0
- data/distro/redhat/etc/sysconfig/chef-server +10 -0
- data/distro/suse/etc/init.d/chef-client +121 -0
- data/lib/chef.rb +49 -0
- data/lib/chef/api_client.rb +269 -0
- data/lib/chef/application.rb +98 -0
- data/lib/chef/application/agent.rb +18 -0
- data/lib/chef/application/client.rb +214 -0
- data/lib/chef/application/knife.rb +138 -0
- data/lib/chef/application/server.rb +19 -0
- data/lib/chef/application/solo.rb +214 -0
- data/lib/chef/cache.rb +61 -0
- data/lib/chef/cache/checksum.rb +70 -0
- data/lib/chef/certificate.rb +154 -0
- data/lib/chef/client.rb +323 -0
- data/lib/chef/compile.rb +158 -0
- data/lib/chef/config.rb +195 -0
- data/lib/chef/cookbook.rb +198 -0
- data/lib/chef/cookbook/metadata.rb +487 -0
- data/lib/chef/cookbook/metadata/version.rb +87 -0
- data/lib/chef/cookbook_loader.rb +180 -0
- data/lib/chef/couchdb.rb +273 -0
- data/lib/chef/daemon.rb +170 -0
- data/lib/chef/data_bag.rb +216 -0
- data/lib/chef/data_bag_item.rb +227 -0
- data/lib/chef/exceptions.rb +39 -0
- data/lib/chef/file_cache.rb +205 -0
- data/lib/chef/knife.rb +300 -0
- data/lib/chef/knife/client_bulk_delete.rb +41 -0
- data/lib/chef/knife/client_create.rb +55 -0
- data/lib/chef/knife/client_delete.rb +37 -0
- data/lib/chef/knife/client_edit.rb +37 -0
- data/lib/chef/knife/client_list.rb +40 -0
- data/lib/chef/knife/client_reregister.rb +48 -0
- data/lib/chef/knife/client_show.rb +42 -0
- data/lib/chef/knife/configure.rb +84 -0
- data/lib/chef/knife/cookbook_bulk_delete.rb +47 -0
- data/lib/chef/knife/cookbook_delete.rb +41 -0
- data/lib/chef/knife/cookbook_download.rb +57 -0
- data/lib/chef/knife/cookbook_list.rb +41 -0
- data/lib/chef/knife/cookbook_metadata.rb +87 -0
- data/lib/chef/knife/cookbook_show.rb +75 -0
- data/lib/chef/knife/cookbook_upload.rb +173 -0
- data/lib/chef/knife/data_bag_create.rb +43 -0
- data/lib/chef/knife/data_bag_delete.rb +43 -0
- data/lib/chef/knife/data_bag_edit.rb +49 -0
- data/lib/chef/knife/data_bag_list.rb +42 -0
- data/lib/chef/knife/data_bag_show.rb +40 -0
- data/lib/chef/knife/ec2_instance_data.rb +46 -0
- data/lib/chef/knife/node_bulk_delete.rb +44 -0
- data/lib/chef/knife/node_create.rb +39 -0
- data/lib/chef/knife/node_delete.rb +36 -0
- data/lib/chef/knife/node_edit.rb +36 -0
- data/lib/chef/knife/node_from_file.rb +42 -0
- data/lib/chef/knife/node_list.rb +41 -0
- data/lib/chef/knife/node_run_list_add.rb +64 -0
- data/lib/chef/knife/node_run_list_remove.rb +45 -0
- data/lib/chef/knife/node_show.rb +46 -0
- data/lib/chef/knife/role_bulk_delete.rb +45 -0
- data/lib/chef/knife/role_create.rb +44 -0
- data/lib/chef/knife/role_delete.rb +36 -0
- data/lib/chef/knife/role_edit.rb +37 -0
- data/lib/chef/knife/role_from_file.rb +46 -0
- data/lib/chef/knife/role_list.rb +40 -0
- data/lib/chef/knife/role_show.rb +43 -0
- data/lib/chef/knife/search.rb +94 -0
- data/lib/chef/log.rb +39 -0
- data/lib/chef/mixin/check_helper.rb +31 -0
- data/lib/chef/mixin/checksum.rb +32 -0
- data/lib/chef/mixin/command.rb +390 -0
- data/lib/chef/mixin/convert_to_class_name.rb +57 -0
- data/lib/chef/mixin/create_path.rb +56 -0
- data/lib/chef/mixin/deep_merge.rb +33 -0
- data/lib/chef/mixin/find_preferred_file.rb +92 -0
- data/lib/chef/mixin/from_file.rb +50 -0
- data/lib/chef/mixin/generate_url.rb +58 -0
- data/lib/chef/mixin/language.rb +107 -0
- data/lib/chef/mixin/language_include_attribute.rb +56 -0
- data/lib/chef/mixin/language_include_recipe.rb +53 -0
- data/lib/chef/mixin/params_validate.rb +197 -0
- data/lib/chef/mixin/recipe_definition_dsl_core.rb +79 -0
- data/lib/chef/mixin/template.rb +94 -0
- data/lib/chef/nanite.rb +100 -0
- data/lib/chef/node.rb +463 -0
- data/lib/chef/node/attribute.rb +412 -0
- data/lib/chef/openid_registration.rb +181 -0
- data/lib/chef/platform.rb +268 -0
- data/lib/chef/provider.rb +101 -0
- data/lib/chef/provider/breakpoint.rb +36 -0
- data/lib/chef/provider/cron.rb +184 -0
- data/lib/chef/provider/deploy.rb +314 -0
- data/lib/chef/provider/deploy/revision.rb +70 -0
- data/lib/chef/provider/deploy/timestamped.rb +33 -0
- data/lib/chef/provider/directory.rb +72 -0
- data/lib/chef/provider/erl_call.rb +72 -0
- data/lib/chef/provider/execute.rb +58 -0
- data/lib/chef/provider/file.rb +195 -0
- data/lib/chef/provider/git.rb +203 -0
- data/lib/chef/provider/group.rb +120 -0
- data/lib/chef/provider/group/dscl.rb +128 -0
- data/lib/chef/provider/group/gpasswd.rb +50 -0
- data/lib/chef/provider/group/groupadd.rb +78 -0
- data/lib/chef/provider/group/pw.rb +88 -0
- data/lib/chef/provider/group/usermod.rb +57 -0
- data/lib/chef/provider/http_request.rb +106 -0
- data/lib/chef/provider/ifconfig.rb +131 -0
- data/lib/chef/provider/link.rb +157 -0
- data/lib/chef/provider/mdadm.rb +88 -0
- data/lib/chef/provider/mount.rb +117 -0
- data/lib/chef/provider/mount/mount.rb +208 -0
- data/lib/chef/provider/package.rb +160 -0
- data/lib/chef/provider/package/apt.rb +110 -0
- data/lib/chef/provider/package/dpkg.rb +109 -0
- data/lib/chef/provider/package/easy_install.rb +106 -0
- data/lib/chef/provider/package/freebsd.rb +153 -0
- data/lib/chef/provider/package/macports.rb +105 -0
- data/lib/chef/provider/package/portage.rb +124 -0
- data/lib/chef/provider/package/rpm.rb +99 -0
- data/lib/chef/provider/package/rubygems.rb +136 -0
- data/lib/chef/provider/package/yum-dump.py +125 -0
- data/lib/chef/provider/package/yum.rb +175 -0
- data/lib/chef/provider/package/zypper.rb +132 -0
- data/lib/chef/provider/remote_directory.rb +126 -0
- data/lib/chef/provider/remote_file.rb +141 -0
- data/lib/chef/provider/route.rb +118 -0
- data/lib/chef/provider/ruby_block.rb +33 -0
- data/lib/chef/provider/script.rb +42 -0
- data/lib/chef/provider/service.rb +135 -0
- data/lib/chef/provider/service/debian.rb +64 -0
- data/lib/chef/provider/service/freebsd.rb +156 -0
- data/lib/chef/provider/service/gentoo.rb +54 -0
- data/lib/chef/provider/service/init.rb +71 -0
- data/lib/chef/provider/service/redhat.rb +62 -0
- data/lib/chef/provider/service/simple.rb +114 -0
- data/lib/chef/provider/subversion.rb +156 -0
- data/lib/chef/provider/template.rb +175 -0
- data/lib/chef/provider/user.rb +170 -0
- data/lib/chef/provider/user/dscl.rb +280 -0
- data/lib/chef/provider/user/pw.rb +113 -0
- data/lib/chef/provider/user/useradd.rb +108 -0
- data/lib/chef/recipe.rb +105 -0
- data/lib/chef/resource.rb +380 -0
- data/lib/chef/resource/apt_package.rb +34 -0
- data/lib/chef/resource/bash.rb +33 -0
- data/lib/chef/resource/breakpoint.rb +35 -0
- data/lib/chef/resource/cron.rb +179 -0
- data/lib/chef/resource/csh.rb +33 -0
- data/lib/chef/resource/deploy.rb +359 -0
- data/lib/chef/resource/deploy_revision.rb +35 -0
- data/lib/chef/resource/directory.rb +76 -0
- data/lib/chef/resource/dpkg_package.rb +34 -0
- data/lib/chef/resource/easy_install_package.rb +41 -0
- data/lib/chef/resource/erl_call.rb +83 -0
- data/lib/chef/resource/execute.rb +127 -0
- data/lib/chef/resource/file.rb +84 -0
- data/lib/chef/resource/gem_package.rb +41 -0
- data/lib/chef/resource/git.rb +36 -0
- data/lib/chef/resource/group.rb +70 -0
- data/lib/chef/resource/http_request.rb +52 -0
- data/lib/chef/resource/ifconfig.rb +134 -0
- data/lib/chef/resource/link.rb +78 -0
- data/lib/chef/resource/macports_package.rb +29 -0
- data/lib/chef/resource/mdadm.rb +82 -0
- data/lib/chef/resource/mount.rb +135 -0
- data/lib/chef/resource/package.rb +80 -0
- data/lib/chef/resource/perl.rb +33 -0
- data/lib/chef/resource/portage_package.rb +33 -0
- data/lib/chef/resource/python.rb +33 -0
- data/lib/chef/resource/remote_directory.rb +91 -0
- data/lib/chef/resource/remote_file.rb +60 -0
- data/lib/chef/resource/route.rb +135 -0
- data/lib/chef/resource/ruby.rb +33 -0
- data/lib/chef/resource/ruby_block.rb +39 -0
- data/lib/chef/resource/scm.rb +137 -0
- data/lib/chef/resource/script.rb +51 -0
- data/lib/chef/resource/service.rb +134 -0
- data/lib/chef/resource/subversion.rb +34 -0
- data/lib/chef/resource/template.rb +60 -0
- data/lib/chef/resource/timestamped_deploy.rb +31 -0
- data/lib/chef/resource/user.rb +101 -0
- data/lib/chef/resource_collection.rb +212 -0
- data/lib/chef/resource_collection/stepable_iterator.rb +124 -0
- data/lib/chef/resource_definition.rb +67 -0
- data/lib/chef/rest.rb +298 -0
- data/lib/chef/role.rb +301 -0
- data/lib/chef/run_list.rb +164 -0
- data/lib/chef/runner.rb +130 -0
- data/lib/chef/search/query.rb +71 -0
- data/lib/chef/shef.rb +220 -0
- data/lib/chef/shef/ext.rb +297 -0
- data/lib/chef/shef/shef_session.rb +175 -0
- data/lib/chef/streaming_cookbook_uploader.rb +185 -0
- data/lib/chef/tasks/chef_repo.rake +245 -0
- data/lib/chef/util/file_edit.rb +125 -0
- data/lib/chef/util/fileedit.rb +121 -0
- data/lib/chef/webui_user.rb +231 -0
- metadata +398 -0
@@ -0,0 +1,280 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Dreamcat4 (<dreamcat4@gmail.com>)
|
3
|
+
# Copyright:: Copyright (c) 2009 OpsCode, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'chef/provider/user'
|
20
|
+
require 'openssl'
|
21
|
+
|
22
|
+
class Chef
|
23
|
+
class Provider
|
24
|
+
class User
|
25
|
+
class Dscl < Chef::Provider::User
|
26
|
+
|
27
|
+
def dscl(*args)
|
28
|
+
host = "."
|
29
|
+
stdout_result = ""; stderr_result = ""; cmd = "dscl #{host} -#{args.join(' ')}"
|
30
|
+
status = popen4(cmd) do |pid, stdin, stdout, stderr|
|
31
|
+
stdout.each { |line| stdout_result << line }
|
32
|
+
stderr.each { |line| stderr_result << line }
|
33
|
+
end
|
34
|
+
return [cmd, status, stdout_result, stderr_result]
|
35
|
+
end
|
36
|
+
|
37
|
+
def safe_dscl(*args)
|
38
|
+
result = dscl(*args)
|
39
|
+
return "" if ( args.first =~ /^delete/ ) && ( result[1].exitstatus != 0 )
|
40
|
+
raise(Chef::Exceptions::User,"dscl error: #{result.inspect}") unless result[1].exitstatus == 0
|
41
|
+
raise(Chef::Exceptions::User,"dscl error: #{result.inspect}") if result[2] =~ /No such key: /
|
42
|
+
return result[2]
|
43
|
+
end
|
44
|
+
|
45
|
+
# This is handled in providers/group.rb by Etc.getgrnam()
|
46
|
+
# def user_exists?(user)
|
47
|
+
# users = safe_dscl("list /Users")
|
48
|
+
# !! ( users =~ Regexp.new("\n#{user}\n") )
|
49
|
+
# end
|
50
|
+
|
51
|
+
# get a free UID greater than 200
|
52
|
+
def get_free_uid(search_limit=1000)
|
53
|
+
uid = nil; next_uid_guess = 200
|
54
|
+
users_uids = safe_dscl("list /Users uid")
|
55
|
+
while(next_uid_guess < search_limit + 200)
|
56
|
+
if users_uids =~ Regexp.new("#{next_uid_guess}\n")
|
57
|
+
next_uid_guess += 1
|
58
|
+
else
|
59
|
+
uid = next_uid_guess
|
60
|
+
break
|
61
|
+
end
|
62
|
+
end
|
63
|
+
return uid || raise("uid not found. Exhausted. Searched #{search_limit} times")
|
64
|
+
end
|
65
|
+
|
66
|
+
def uid_used?(uid)
|
67
|
+
return false unless uid
|
68
|
+
users_uids = safe_dscl("list /Users uid")
|
69
|
+
!! ( users_uids =~ Regexp.new("#{uid}\n") )
|
70
|
+
end
|
71
|
+
|
72
|
+
def set_uid
|
73
|
+
@new_resource.uid(get_free_uid) if [nil,""].include? @new_resource.uid
|
74
|
+
raise(Chef::Exceptions::User,"uid is already in use") if uid_used?(@new_resource.uid)
|
75
|
+
safe_dscl("create /Users/#{@new_resource.username} UniqueID #{@new_resource.uid}")
|
76
|
+
end
|
77
|
+
|
78
|
+
def modify_home
|
79
|
+
if [nil,""].include?(@new_resource.home)
|
80
|
+
safe_dscl("delete /Users/#{@new_resource.username} NFSHomeDirectory")
|
81
|
+
else
|
82
|
+
if @new_resource.supports[:manage_home]
|
83
|
+
unless @new_resource.home =~ /^\//
|
84
|
+
raise(Chef::Exceptions::User,"invalid path spec for User: '#{@new_resource.username}', home directory: '#{@new_resource.home}'")
|
85
|
+
end
|
86
|
+
|
87
|
+
ch_eq_nh = ( @current_resource.home == @new_resource.home )
|
88
|
+
cur_home_exists = ::File.exists?("#{@current_resource.home}")
|
89
|
+
new_home_exists = ::File.exists?("#{@new_resource.home}")
|
90
|
+
ditto = false
|
91
|
+
move = false
|
92
|
+
|
93
|
+
if ch_eq_nh
|
94
|
+
if !new_home_exists
|
95
|
+
ditto = true
|
96
|
+
end
|
97
|
+
else
|
98
|
+
if !cur_home_exists
|
99
|
+
if !new_home_exists
|
100
|
+
ditto = true
|
101
|
+
end
|
102
|
+
elsif cur_home_exists
|
103
|
+
move = true
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
if ditto
|
108
|
+
skel = "/System/Library/User Template/English.lproj"
|
109
|
+
raise(Chef::Exceptions::User,"can't find skel at: #{skel}") unless ::File.exists?(skel)
|
110
|
+
run_command(:command => "ditto '#{skel}' '#{@new_resource.home}'")
|
111
|
+
::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
|
112
|
+
end
|
113
|
+
|
114
|
+
if move
|
115
|
+
src = @current_resource.home
|
116
|
+
FileUtils.mkdir_p(@new_resource.home)
|
117
|
+
files = ::Dir.glob("#{src}/*", ::File::FNM_DOTMATCH) - ["#{src}/.","#{src}/.."]
|
118
|
+
::FileUtils.mv(files,@new_resource.home, :force => true)
|
119
|
+
::FileUtils.rmdir(src)
|
120
|
+
::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
|
121
|
+
end
|
122
|
+
end
|
123
|
+
safe_dscl("create /Users/#{@new_resource.username} NFSHomeDirectory '#{@new_resource.home}'")
|
124
|
+
end
|
125
|
+
end
|
126
|
+
|
127
|
+
def osx_shadow_hash?(string)
|
128
|
+
return !! ( string =~ /^[[:xdigit:]]{1240}$/ )
|
129
|
+
end
|
130
|
+
|
131
|
+
def osx_salted_sha1?(string)
|
132
|
+
return !! ( string =~ /^[[:xdigit:]]{48}$/ )
|
133
|
+
end
|
134
|
+
|
135
|
+
def guid
|
136
|
+
safe_dscl("read /Users/#{@new_resource.username} GeneratedUID").gsub(/GeneratedUID: /,"").gsub!(/\n/,"")
|
137
|
+
end
|
138
|
+
|
139
|
+
def shadow_hash_set?
|
140
|
+
if safe_dscl("read /Users/#{@new_resource.username}") =~ /AuthenticationAuthority: /
|
141
|
+
auth_auth = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
|
142
|
+
return !! ( auth_auth =~ /ShadowHash/ )
|
143
|
+
end
|
144
|
+
return false
|
145
|
+
end
|
146
|
+
|
147
|
+
def modify_password
|
148
|
+
if @new_resource.password
|
149
|
+
shadow_hash = nil
|
150
|
+
|
151
|
+
Chef::Log.debug("#{new_resource}: updating password")
|
152
|
+
if osx_shadow_hash?(@new_resource.password)
|
153
|
+
shadow_hash = @new_resource.password.upcase
|
154
|
+
else
|
155
|
+
salted_sha1 = nil
|
156
|
+
if osx_salted_sha1?(@new_resource.password)
|
157
|
+
salted_sha1 = @new_resource.password.upcase
|
158
|
+
else
|
159
|
+
hex_salt = ""; chars = ("0".."9").to_a + ("a".."f").to_a
|
160
|
+
1.upto(8) { |i| hex_salt << chars[::Kernel.rand(chars.size-1)] }
|
161
|
+
salt = [hex_salt].pack("H*")
|
162
|
+
sha1 = ::OpenSSL::Digest::SHA1.hexdigest(salt+@new_resource.password)
|
163
|
+
salted_sha1 = (hex_salt+sha1).upcase
|
164
|
+
end
|
165
|
+
shadow_hash = String.new("00000000"*155)
|
166
|
+
shadow_hash[168] = salted_sha1
|
167
|
+
end
|
168
|
+
|
169
|
+
::File.open("/var/db/shadow/hash/#{guid}",'w',0600) do |output|
|
170
|
+
output.puts shadow_hash
|
171
|
+
end
|
172
|
+
|
173
|
+
unless shadow_hash_set?
|
174
|
+
safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';ShadowHash;'")
|
175
|
+
end
|
176
|
+
end
|
177
|
+
end
|
178
|
+
|
179
|
+
def load_current_resource
|
180
|
+
super
|
181
|
+
raise Chef::Exceptions::User, "Could not find binary /usr/bin/dscl for #{@new_resource}" unless ::File.exists?("/usr/bin/dscl")
|
182
|
+
end
|
183
|
+
|
184
|
+
def create_user
|
185
|
+
manage_user(false)
|
186
|
+
end
|
187
|
+
|
188
|
+
def manage_user(manage = true)
|
189
|
+
fields = []
|
190
|
+
if manage
|
191
|
+
[:username,:comment,:uid,:gid,:home,:shell,:password].each do |field|
|
192
|
+
if @current_resource.send(field) != @new_resource.send(field)
|
193
|
+
fields << field if @new_resource.send(field)
|
194
|
+
end
|
195
|
+
end
|
196
|
+
if @new_resource.send(:supports)[:manage_home]
|
197
|
+
fields << :home if @new_resource.send(:home)
|
198
|
+
end
|
199
|
+
fields << :shell if fields.include?(:password)
|
200
|
+
else
|
201
|
+
# create
|
202
|
+
fields = [:username,:comment,:uid,:gid,:home,:shell,:password]
|
203
|
+
end
|
204
|
+
fields.uniq!
|
205
|
+
fields.each do |field|
|
206
|
+
case field
|
207
|
+
when :username
|
208
|
+
safe_dscl("create /Users/#{@new_resource.username}")
|
209
|
+
|
210
|
+
when :comment
|
211
|
+
safe_dscl("create /Users/#{@new_resource.username} RealName '#{@new_resource.comment}'")
|
212
|
+
|
213
|
+
when :uid
|
214
|
+
set_uid
|
215
|
+
|
216
|
+
when :gid
|
217
|
+
safe_dscl("create /Users/#{@new_resource.username} PrimaryGroupID '#{@new_resource.gid}'")
|
218
|
+
|
219
|
+
when :home
|
220
|
+
modify_home
|
221
|
+
|
222
|
+
when :shell
|
223
|
+
if @new_resource.password || ::File.exists?("#{@new_resource.shell}")
|
224
|
+
safe_dscl("create /Users/#{@new_resource.username} UserShell '#{@new_resource.shell}'")
|
225
|
+
else
|
226
|
+
safe_dscl("create /Users/#{@new_resource.username} UserShell '/usr/bin/false'")
|
227
|
+
end
|
228
|
+
|
229
|
+
when :password
|
230
|
+
modify_password
|
231
|
+
end
|
232
|
+
end
|
233
|
+
end
|
234
|
+
|
235
|
+
def remove_user
|
236
|
+
if @new_resource.supports[:manage_home]
|
237
|
+
# remove home directory
|
238
|
+
if safe_dscl("read /Users/#{@new_resource.username}") =~ /NFSHomeDirectory/
|
239
|
+
nfs_home = safe_dscl("read /Users/#{@new_resource.username} NFSHomeDirectory")
|
240
|
+
nfs_home.gsub!(/NFSHomeDirectory: /,"").gsub!(/\n$/,"")
|
241
|
+
FileUtils.rm_rf(nfs_home)
|
242
|
+
end
|
243
|
+
end
|
244
|
+
# remove the user from its groups
|
245
|
+
groups = []
|
246
|
+
Etc.group do |group|
|
247
|
+
groups << group.name if group.mem.include?(@new_resource.username)
|
248
|
+
end
|
249
|
+
groups.each do |group_name|
|
250
|
+
safe_dscl("delete /Groups/#{group_name} GroupMembership '#{@new_resource.username}'")
|
251
|
+
end
|
252
|
+
# remove user account
|
253
|
+
safe_dscl("delete /Users/#{@new_resource.username}")
|
254
|
+
end
|
255
|
+
|
256
|
+
def locked?
|
257
|
+
if safe_dscl("read /Users/#{@new_resource.username}") =~ /AuthenticationAuthority: /
|
258
|
+
auth_auth = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
|
259
|
+
return !! ( auth_auth =~ /DisabledUser/ )
|
260
|
+
end
|
261
|
+
return false
|
262
|
+
end
|
263
|
+
|
264
|
+
def check_lock
|
265
|
+
return @locked = locked?
|
266
|
+
end
|
267
|
+
|
268
|
+
def lock_user
|
269
|
+
safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';DisabledUser;'")
|
270
|
+
end
|
271
|
+
|
272
|
+
def unlock_user
|
273
|
+
auth_auth = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
|
274
|
+
auth_auth.gsub!(/AuthenticationAuthority: /,"").gsub!(/DisabledUser/,"").gsub!(/[; ]*$/,"")
|
275
|
+
safe_dscl("create /Users/#{@new_resource.username} AuthenticationAuthority '#{auth_auth}'")
|
276
|
+
end
|
277
|
+
end
|
278
|
+
end
|
279
|
+
end
|
280
|
+
end
|
@@ -0,0 +1,113 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Stephen Haynes (<sh@nomitor.com>)
|
3
|
+
# Copyright:: Copyright (c) 2009 Opscode, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'chef/provider/user'
|
20
|
+
|
21
|
+
class Chef
|
22
|
+
class Provider
|
23
|
+
class User
|
24
|
+
class Pw < Chef::Provider::User
|
25
|
+
|
26
|
+
def load_current_resource
|
27
|
+
super
|
28
|
+
raise Chef::Exceptions::User, "Could not find binary /usr/sbin/pw for #{@new_resource}" unless ::File.exists?("/usr/sbin/pw")
|
29
|
+
end
|
30
|
+
|
31
|
+
def create_user
|
32
|
+
command = "pw useradd"
|
33
|
+
command << set_options
|
34
|
+
run_command(:command => command)
|
35
|
+
modify_password
|
36
|
+
end
|
37
|
+
|
38
|
+
def manage_user
|
39
|
+
command = "pw usermod"
|
40
|
+
command << set_options
|
41
|
+
run_command(:command => command)
|
42
|
+
modify_password
|
43
|
+
end
|
44
|
+
|
45
|
+
def remove_user
|
46
|
+
command = "pw userdel #{@new_resource.username}"
|
47
|
+
command << " -r" if @new_resource.supports[:manage_home]
|
48
|
+
run_command(:command => command)
|
49
|
+
end
|
50
|
+
|
51
|
+
def check_lock
|
52
|
+
case @current_resource.password
|
53
|
+
when /^\*LOCKED\*/
|
54
|
+
@locked = true
|
55
|
+
else
|
56
|
+
@locked = false
|
57
|
+
end
|
58
|
+
@locked
|
59
|
+
end
|
60
|
+
|
61
|
+
def lock_user
|
62
|
+
run_command(:command => "pw lock #{@new_resource.username}")
|
63
|
+
end
|
64
|
+
|
65
|
+
def unlock_user
|
66
|
+
run_command(:command => "pw unlock #{@new_resource.username}")
|
67
|
+
end
|
68
|
+
|
69
|
+
def set_options
|
70
|
+
opts = " #{@new_resource.username}"
|
71
|
+
|
72
|
+
field_list = {
|
73
|
+
'comment' => "-c",
|
74
|
+
'home' => "-d",
|
75
|
+
'gid' => "-g",
|
76
|
+
'uid' => "-u",
|
77
|
+
'shell' => "-s"
|
78
|
+
}
|
79
|
+
field_list.sort{ |a,b| a[0] <=> b[0] }.each do |field, option|
|
80
|
+
field_symbol = field.to_sym
|
81
|
+
if @current_resource.send(field_symbol) != @new_resource.send(field_symbol)
|
82
|
+
if @new_resource.send(field_symbol)
|
83
|
+
Chef::Log.debug("Setting #{@new_resource} #{field} to #{@new_resource.send(field_symbol)}")
|
84
|
+
opts << " #{option} '#{@new_resource.send(field_symbol)}'"
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
if @new_resource.supports[:manage_home]
|
89
|
+
Chef::Log.debug("Managing the home directory for #{@new_resource}")
|
90
|
+
opts << " -m"
|
91
|
+
end
|
92
|
+
opts
|
93
|
+
end
|
94
|
+
|
95
|
+
def modify_password
|
96
|
+
if @current_resource.password != @new_resource.password
|
97
|
+
Chef::Log.debug("#{new_resource}: updating password")
|
98
|
+
command = "pw usermod #{@new_resource.username} -H 0"
|
99
|
+
status = popen4(command, :waitlast => true) do |pid, stdin, stdout, stderr|
|
100
|
+
stdin.puts "#{@new_resource.password}"
|
101
|
+
end
|
102
|
+
|
103
|
+
unless status.exitstatus == 0
|
104
|
+
raise Chef::Exceptions::User, "pw failed - #{status.inspect}!"
|
105
|
+
end
|
106
|
+
else
|
107
|
+
Chef::Log.debug("#{new_resource}: no change needed to password")
|
108
|
+
end
|
109
|
+
end
|
110
|
+
end
|
111
|
+
end
|
112
|
+
end
|
113
|
+
end
|
@@ -0,0 +1,108 @@
|
|
1
|
+
#
|
2
|
+
# Author:: Adam Jacob (<adam@opscode.com>)
|
3
|
+
# Copyright:: Copyright (c) 2008 Opscode, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
#
|
18
|
+
|
19
|
+
require 'chef/provider/user'
|
20
|
+
|
21
|
+
class Chef
|
22
|
+
class Provider
|
23
|
+
class User
|
24
|
+
class Useradd < Chef::Provider::User
|
25
|
+
def create_user
|
26
|
+
command = "useradd"
|
27
|
+
command << set_options
|
28
|
+
run_command(:command => command)
|
29
|
+
end
|
30
|
+
|
31
|
+
def manage_user
|
32
|
+
command = "usermod"
|
33
|
+
command << set_options
|
34
|
+
run_command(:command => command)
|
35
|
+
end
|
36
|
+
|
37
|
+
def remove_user
|
38
|
+
command = "userdel"
|
39
|
+
command << " -r" if @new_resource.supports[:manage_home]
|
40
|
+
command << " #{@new_resource.username}"
|
41
|
+
run_command(:command => command)
|
42
|
+
end
|
43
|
+
|
44
|
+
def check_lock
|
45
|
+
status = popen4("passwd -S #{@new_resource.username}") do |pid, stdin, stdout, stderr|
|
46
|
+
status_line = stdout.gets.split(' ')
|
47
|
+
case status_line[1]
|
48
|
+
when /^P/
|
49
|
+
@locked = false
|
50
|
+
when /^N/
|
51
|
+
@locked = false
|
52
|
+
when /^L/
|
53
|
+
@locked = true
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
unless status.exitstatus == 0
|
58
|
+
raise Chef::Exceptions::User, "Cannot determine if #{@new_resource} is locked!"
|
59
|
+
end
|
60
|
+
|
61
|
+
@locked
|
62
|
+
end
|
63
|
+
|
64
|
+
def lock_user
|
65
|
+
run_command(:command => "usermod -L #{@new_resource.username}")
|
66
|
+
end
|
67
|
+
|
68
|
+
def unlock_user
|
69
|
+
run_command(:command => "usermod -U #{@new_resource.username}")
|
70
|
+
end
|
71
|
+
|
72
|
+
def set_options
|
73
|
+
opts = ''
|
74
|
+
|
75
|
+
field_list = {
|
76
|
+
'comment' => "-c",
|
77
|
+
'gid' => "-g",
|
78
|
+
'uid' => "-u",
|
79
|
+
'shell' => "-s",
|
80
|
+
'password' => "-p"
|
81
|
+
}
|
82
|
+
field_list.sort{ |a,b| a[0] <=> b[0] }.each do |field, option|
|
83
|
+
field_symbol = field.to_sym
|
84
|
+
if @current_resource.send(field_symbol) != @new_resource.send(field_symbol)
|
85
|
+
if @new_resource.send(field_symbol)
|
86
|
+
Chef::Log.debug("Setting #{@new_resource} #{field} to #{@new_resource.send(field_symbol)}")
|
87
|
+
opts << " #{option} '#{@new_resource.send(field_symbol)}'"
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
91
|
+
if @current_resource.home != @new_resource.home && @new_resource.home
|
92
|
+
if @new_resource.supports[:manage_home]
|
93
|
+
Chef::Log.debug("Managing the home directory for #{@new_resource}")
|
94
|
+
opts << " -d '#{@new_resource.home}' -m"
|
95
|
+
else
|
96
|
+
Chef::Log.debug("Setting #{@new_resource} home to #{@new_resource.home}")
|
97
|
+
opts << " -d '#{@new_resource.home}'"
|
98
|
+
end
|
99
|
+
end
|
100
|
+
opts << " -o" if @new_resource.supports[:non_unique]
|
101
|
+
opts << " #{@new_resource.username}"
|
102
|
+
opts
|
103
|
+
end
|
104
|
+
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
108
|
+
end
|