diff options
| author | Andrew Shafer <andrew@reductivelabs.com> | 2008-11-27 01:22:36 -0700 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2008-12-01 18:27:00 +1100 |
| commit | a219c88866d8f91672b1830cc519da68a0d9b2c7 (patch) | |
| tree | f1c87c80d8a55b2d3e146312d3e757bcfffe52b9 /lib/puppet | |
| parent | 9329c95d6fbb2df5e8b754620427645f6eae69b9 (diff) | |
| download | puppet-a219c88866d8f91672b1830cc519da68a0d9b2c7.tar.gz puppet-a219c88866d8f91672b1830cc519da68a0d9b2c7.tar.xz puppet-a219c88866d8f91672b1830cc519da68a0d9b2c7.zip | |
Solaris doesn't have a native tool to set hashed passwords
Added support for passwords by directly editing /etc/shadow
(I tried to make it work with libshadow, but considering it is not packaged for Solaris and adds little benefit, I decided against it)
password and password= are now defined on the default Solaris provider
Diffstat (limited to 'lib/puppet')
| -rw-r--r-- | lib/puppet/provider/user/user_role_add.rb | 35 |
1 files changed, 30 insertions, 5 deletions
diff --git a/lib/puppet/provider/user/user_role_add.rb b/lib/puppet/provider/user/user_role_add.rb index 00fc24b3a..1be3fa6f1 100644 --- a/lib/puppet/provider/user/user_role_add.rb +++ b/lib/puppet/provider/user/user_role_add.rb @@ -22,11 +22,7 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd do value !~ /\s/ end - has_features :manages_homedir, :allows_duplicates, :manages_solaris_rbac - - if Puppet.features.libshadow? - has_feature :manages_passwords - end + has_features :manages_homedir, :allows_duplicates, :manages_solaris_rbac, :manages_passwords #must override this to hand the keyvalue pairs def add_properties @@ -152,5 +148,34 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd do def keys=(keys_hash) run([command(:modify)] + build_keys_cmd(keys_hash) << @resource[:name], "modify attribute key pairs") end + + #Read in /etc/shadow, find the line for this user (skipping comments, because who knows) and return the hashed pw (the second entry) + #No abstraction, all esoteric knowledge of file formats, yay + def password + #got perl? + if ary = File.readlines("/etc/shadow").reject { |r| r =~ /^[^\w]/}.collect { |l| l.split(':')[0..1] }.find { |user, passwd| user == @resource[:name] } + pass = ary[1] + end + pass + end + + #Read in /etc/shadow, find the line for our used and rewrite it with the new pw + #Smooth like 80 grit + def password=(cryptopw) + File.open("/etc/shadow", "r") do |shadow| + File.open("/etc/shadow_tmp", "w", 0600) do |shadow_tmp| + while line = shadow.gets do + line_arr = line.split(':') + if line_arr[0] = @resource[:name] + line_arr[1] = cryptopw + line = line_arr.join(':') + end + shadow_tmp.print line + end + end + end + + File.rename("/etc/shadow_tmp", "/etc/shadow") + end end |