From a090e868d55ea9b10f8193dcb2d1f23838a6def1 Mon Sep 17 00:00:00 2001 From: Markus Roberts Date: Mon, 11 Oct 2010 19:41:31 -0700 Subject: Fix for #4963 -- Use correct commands for password expiry on solaris This fixes the command / option issues of #4963 as suggested on the ticket; the setting-expiry when not needed aspects are deferred to #4975. --- lib/puppet/provider/user/user_role_add.rb | 6 +++--- spec/unit/provider/user/user_role_add_spec.rb | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/puppet/provider/user/user_role_add.rb b/lib/puppet/provider/user/user_role_add.rb index 7e7ad78e5..c8be75a8f 100644 --- a/lib/puppet/provider/user/user_role_add.rb +++ b/lib/puppet/provider/user/user_role_add.rb @@ -6,15 +6,15 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd, :source => defaultfor :operatingsystem => :solaris - commands :add => "useradd", :delete => "userdel", :modify => "usermod", :password => "chage", :role_add => "roleadd", :role_delete => "roledel", :role_modify => "rolemod" + commands :add => "useradd", :delete => "userdel", :modify => "usermod", :password => "passwd", :role_add => "roleadd", :role_delete => "roledel", :role_modify => "rolemod" options :home, :flag => "-d", :method => :dir options :comment, :method => :gecos options :groups, :flag => "-G" options :roles, :flag => "-R" options :auths, :flag => "-A" options :profiles, :flag => "-P" - options :password_min_age, :flag => "-m" - options :password_max_age, :flag => "-M" + options :password_min_age, :flag => "-n" + options :password_max_age, :flag => "-x" verify :gid, "GID must be an integer" do |value| value.is_a? Integer diff --git a/spec/unit/provider/user/user_role_add_spec.rb b/spec/unit/provider/user/user_role_add_spec.rb index b3244f19d..9cf649267 100644 --- a/spec/unit/provider/user/user_role_add_spec.rb +++ b/spec/unit/provider/user/user_role_add_spec.rb @@ -72,7 +72,7 @@ describe provider_class do @provider = provider_class.new(@resource) @provider.stubs(:user_attributes) @provider.stubs(:execute) - @provider.expects(:execute).with { |cmd, *args| args == ["-m", 5, "-M", 10, "myuser"] } + @provider.expects(:execute).with { |cmd, *args| args == ["-n", 5, "-x", 10, "myuser"] } @provider.create end end -- cgit From e232770baefc35abb71de6e2f28d053158e6dd45 Mon Sep 17 00:00:00 2001 From: Markus Roberts Date: Mon, 11 Oct 2010 21:07:29 -0700 Subject: Minimal fix for #4975 -- only call chage when managing password age rules This is intended to be a minimal fix, with tests, to prevent chage from running unless needed. --- lib/puppet/provider/nameservice.rb | 4 ++- lib/puppet/provider/user/user_role_add.rb | 4 ++- lib/puppet/provider/user/useradd.rb | 11 ++++---- spec/unit/provider/user/useradd_spec.rb | 42 +++++++++++++++++++++++++++++++ 4 files changed, 53 insertions(+), 8 deletions(-) diff --git a/lib/puppet/provider/nameservice.rb b/lib/puppet/provider/nameservice.rb index 9830fab54..d57052bd9 100644 --- a/lib/puppet/provider/nameservice.rb +++ b/lib/puppet/provider/nameservice.rb @@ -165,7 +165,9 @@ class Puppet::Provider::NameService < Puppet::Provider begin execute(self.addcmd) - execute(self.passcmd) if self.feature? :manages_password_age + if feature?(:manages_password_age) && (cmd = passcmd) + execute(cmd) + end rescue Puppet::ExecutionFailure => detail raise Puppet::Error, "Could not create #{@resource.class.name} #{@resource.name}: #{detail}" end diff --git a/lib/puppet/provider/user/user_role_add.rb b/lib/puppet/provider/user/user_role_add.rb index c8be75a8f..caca1ef88 100644 --- a/lib/puppet/provider/user/user_role_add.rb +++ b/lib/puppet/provider/user/user_role_add.rb @@ -81,7 +81,9 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd, :source => run(transition("normal"), "transition role to") else run(addcmd, "create") - run(passcmd, "change password policy for") + if cmd = passcmd + run(cmd, "change password policy for") + end end # added to handle case when password is specified self.password = @resource[:password] if @resource[:password] diff --git a/lib/puppet/provider/user/useradd.rb b/lib/puppet/provider/user/useradd.rb index 9a62db464..5a163f35a 100644 --- a/lib/puppet/provider/user/useradd.rb +++ b/lib/puppet/provider/user/useradd.rb @@ -70,13 +70,12 @@ Puppet::Type.type(:user).provide :useradd, :parent => Puppet::Provider::NameServ end def passcmd - cmd = [command(:password)] - [:password_min_age, :password_max_age].each do |property| - if value = @resource.should(property) - cmd << flag(property) << value - end + age_limits = [:password_min_age, :password_max_age].select { |property| @resource.should(property) } + if age_limits.empty? + nil + else + [command(:password),age_limits.collect { |property| [flag(property), @resource.should(property)]}, @resource[:name]].flatten end - cmd << @resource[:name] end def min_age diff --git a/spec/unit/provider/user/useradd_spec.rb b/spec/unit/provider/user/useradd_spec.rb index 26367c584..9ebba596c 100755 --- a/spec/unit/provider/user/useradd_spec.rb +++ b/spec/unit/provider/user/useradd_spec.rb @@ -131,4 +131,46 @@ describe provider_class do @provider.addcmd.must == ["useradd", "-G", "somegroup", "-o", "-m", "someuser"] end end + + describe "when calling passcmd" do + before do + @resource.stubs(:allowdupe?).returns true + @resource.stubs(:managehome?).returns true + end + + it "should call command with :pass" do + @provider.expects(:command).with(:password) + @provider.passcmd + end + + it "should return nil if neither min nor max is set" do + @resource.stubs(:should).with(:password_min_age).returns nil + @resource.stubs(:should).with(:password_max_age).returns nil + @provider.passcmd.must == nil + end + + it "should return a chage command array with -m and the user name if password_min_age is set" do + @provider.stubs(:command).with(:password).returns("chage") + @resource.stubs(:[]).with(:name).returns("someuser") + @resource.stubs(:should).with(:password_min_age).returns 123 + @resource.stubs(:should).with(:password_max_age).returns nil + @provider.passcmd.must == ['chage','-m',123,'someuser'] + end + + it "should return a chage command array with -M if password_max_age is set" do + @provider.stubs(:command).with(:password).returns("chage") + @resource.stubs(:[]).with(:name).returns("someuser") + @resource.stubs(:should).with(:password_min_age).returns nil + @resource.stubs(:should).with(:password_max_age).returns 999 + @provider.passcmd.must == ['chage','-M',999,'someuser'] + end + + it "should return a chage command array with -M -m if both password_min_age and password_max_age are set" do + @provider.stubs(:command).with(:password).returns("chage") + @resource.stubs(:[]).with(:name).returns("someuser") + @resource.stubs(:should).with(:password_min_age).returns 123 + @resource.stubs(:should).with(:password_max_age).returns 999 + @provider.passcmd.must == ['chage','-m',123,'-M',999,'someuser'] + end + end end -- cgit From 3c56705a95c945778674f9792a07b66b879cb48e Mon Sep 17 00:00:00 2001 From: Markus Roberts Date: Tue, 12 Oct 2010 16:38:59 -0700 Subject: Fix for #4832 -- Making PSON handle arbitrary binary data The PSON library needlessly assumed that the data to be transmitted was well- formed unicode. This made Latin-1 users (and anyone who needed to serialize arbitrary binary data) sad. This patch goes some of the way to resolving the issues, by passing through non-unicode data rather than just failing, adds tests, and cleans up a pernicious assumption about escape characters in ruby regular expressions not marked "n" (no-encoding). --- lib/puppet/external/pson/pure/generator.rb | 17 ++++--------- spec/unit/util/json_spec.rb | 21 ----------------- spec/unit/util/pson_spec.rb | 38 ++++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 33 deletions(-) delete mode 100755 spec/unit/util/json_spec.rb create mode 100755 spec/unit/util/pson_spec.rb diff --git a/lib/puppet/external/pson/pure/generator.rb b/lib/puppet/external/pson/pure/generator.rb index ef8b36d31..4180be57d 100644 --- a/lib/puppet/external/pson/pure/generator.rb +++ b/lib/puppet/external/pson/pure/generator.rb @@ -63,22 +63,15 @@ module PSON end else def utf8_to_pson(string) # :nodoc: - string = string.gsub(/["\\\x0-\x1f]/) { MAP[$MATCH] } - string.gsub!(/( - (?: + string. + gsub(/["\\\x0-\x1f]/n) { MAP[$MATCH] }. + gsub(/((?: [\xc2-\xdf][\x80-\xbf] | [\xe0-\xef][\x80-\xbf]{2} | [\xf0-\xf4][\x80-\xbf]{3} - )+ | - [\x80-\xc1\xf5-\xff] # invalid - )/nx) { |c| - c.size == 1 and raise GeneratorError, "invalid utf8 byte: '#{c}'" - s = PSON::UTF8toUTF16.iconv(c).unpack('H*')[0] - s.gsub!(/.{4}/n, '\\\\u\&') + )+)/nx) { |c| + PSON::UTF8toUTF16.iconv(c).unpack('H*')[0].gsub(/.{4}/n, '\\\\u\&') } - string - rescue Iconv::Failure => e - raise GeneratorError, "Caught #{e.class}: #{e}" end end module_function :utf8_to_pson diff --git a/spec/unit/util/json_spec.rb b/spec/unit/util/json_spec.rb deleted file mode 100755 index 4f6cea997..000000000 --- a/spec/unit/util/json_spec.rb +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/env ruby - -Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") } - -require 'puppet/util/pson' - -class PsonUtil - include Puppet::Util::Pson -end - -describe Puppet::Util::Pson do - it "should fail if no data is provided" do - lambda { PsonUtil.new.pson_create("type" => "foo") }.should raise_error(ArgumentError) - end - - it "should call 'from_pson' with the provided data" do - pson = PsonUtil.new - pson.expects(:from_pson).with("mydata") - pson.pson_create("type" => "foo", "data" => "mydata") - end -end diff --git a/spec/unit/util/pson_spec.rb b/spec/unit/util/pson_spec.rb new file mode 100755 index 000000000..d02d28517 --- /dev/null +++ b/spec/unit/util/pson_spec.rb @@ -0,0 +1,38 @@ +#!/usr/bin/env ruby + +Dir.chdir(File.dirname(__FILE__)) { (s = lambda { |f| File.exist?(f) ? require(f) : Dir.chdir("..") { s.call(f) } }).call("spec/spec_helper.rb") } + +require 'puppet/util/pson' + +class PsonUtil + include Puppet::Util::Pson +end + +describe Puppet::Util::Pson do + it "should fail if no data is provided" do + lambda { PsonUtil.new.pson_create("type" => "foo") }.should raise_error(ArgumentError) + end + + it "should call 'from_pson' with the provided data" do + pson = PsonUtil.new + pson.expects(:from_pson).with("mydata") + pson.pson_create("type" => "foo", "data" => "mydata") + end + + + { + 'foo' => '"foo"', + 1 => '1', + "\x80" => "\"\x80\"", + [] => '[]' + }.each { |str,pson| + it "should be able to encode #{str.inspect}" do + str.to_pson.should == pson + end + } + + it "should be able to handle arbitrary binary data" do + bin_string = (1..20000).collect { |i| ((17*i+13*i*i) % 255).chr }.join + PSON.parse(%Q{{ "type": "foo", "data": #{bin_string.to_pson} }})["data"].should == bin_string + end +end -- cgit From e3fc5b95d133aee1ae3dc188e6c47e88786dfc6e Mon Sep 17 00:00:00 2001 From: James Turnbull Date: Thu, 14 Oct 2010 14:26:24 +1100 Subject: Updated CHANGELOG and version for 2.6.3rc1 --- CHANGELOG | 7 +++++++ lib/puppet.rb | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index f0c596ee5..1a28fd8e6 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,12 @@ +2.6.3rc1 +======== +3c56705 Fix for #4832 -- Making PSON handle arbitrary binary data +e232770 Minimal fix for #4975 -- only call chage when managing password age rules +a090e86 Fix for #4963 -- Use correct commands for password expiry on solaris + 2.6.2 ===== +295c3be Updated CHANGELOG for 2.6.2 1d719be Fix for #4945 -- explicitly check os to supress man page installation 55417bc Reversion of 021d534482dd8edb863cb77d668ac3525362a0a6 a6e2bea Fixed #4919 - added parenths to fix error message: diff --git a/lib/puppet.rb b/lib/puppet.rb index 0a90cf50c..78fb5138b 100644 --- a/lib/puppet.rb +++ b/lib/puppet.rb @@ -24,7 +24,7 @@ require 'puppet/util/run_mode' # it's also a place to find top-level commands like 'debug' module Puppet - PUPPETVERSION = '2.6.2' + PUPPETVERSION = '2.6.3' def Puppet.version PUPPETVERSION -- cgit