Class: Chef::Provider::User::Dscl
Constant Summary
collapse
- NFS_HOME_DIRECTORY =
%r{^NFSHomeDirectory: (.*)$}
- AUTHENTICATION_AUTHORITY =
%r{^AuthenticationAuthority: (.*)$}
Instance Attribute Summary
#locked, #user_exists
#current_resource, #new_resource, #run_context
Instance Method Summary
collapse
#shell_out, #shell_out!
#action_create, #action_lock, #action_manage, #action_modify, #action_remove, #action_unlock, #compare_user, #convert_group_name, #initialize
#chdir_or_tmpdir, #handle_command_failures, #not_if, #only_if, #output_of_command, #run_command, #run_command_with_systems_locale
#popen4
#popen4
#action_nothing, build_from_file, #cookbook_name, #initialize, #node, #resource_collection
#convert_to_class_name, #convert_to_snake_case, #filename_to_qualified_string, #snake_case_basename
#method_missing
#data_bag, #data_bag_item, #platform?, #search, #value_for_platform
Instance Method Details
#check_lock ⇒ Object
224
225
226
|
# File 'lib/chef/provider/user/dscl.rb', line 224
def check_lock
return @locked = locked?
end
|
#create_user ⇒ Object
153
154
155
156
157
158
159
160
161
|
# File 'lib/chef/provider/user/dscl.rb', line 153
def create_user
dscl_create_user
set_uid
dscl_set_gid
modify_home
dscl_set_shell
modify_password
end
|
#current_home_exists? ⇒ Boolean
244
245
246
|
# File 'lib/chef/provider/user/dscl.rb', line 244
def current_home_exists?
::File.exist?("#{@current_resource.home}")
end
|
#ditto_home ⇒ Object
252
253
254
255
256
257
|
# File 'lib/chef/provider/user/dscl.rb', line 252
def ditto_home
skel = "/System/Library/User Template/English.lproj"
raise(Chef::Exceptions::User,"can't find skel at: #{skel}") unless ::File.exists?(skel)
shell_out! "ditto '#{skel}' '#{@new_resource.home}'"
::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
end
|
#diverged?(parameter) ⇒ Boolean
270
271
272
|
# File 'lib/chef/provider/user/dscl.rb', line 270
def diverged?(parameter)
parameter_updated?(parameter) && (not @new_resource.send(parameter).nil?)
end
|
#dscl(*args) ⇒ Object
32
33
34
|
# File 'lib/chef/provider/user/dscl.rb', line 32
def dscl(*args)
shell_out("dscl . -#{args.join(' ')}")
end
|
177
178
179
|
# File 'lib/chef/provider/user/dscl.rb', line 177
def
safe_dscl("create /Users/#{@new_resource.username} RealName '#{@new_resource.}'")
end
|
#dscl_create_user ⇒ Object
173
174
175
|
# File 'lib/chef/provider/user/dscl.rb', line 173
def dscl_create_user
safe_dscl("create /Users/#{@new_resource.username}")
end
|
#dscl_set_gid ⇒ Object
181
182
183
|
# File 'lib/chef/provider/user/dscl.rb', line 181
def dscl_set_gid
safe_dscl("create /Users/#{@new_resource.username} PrimaryGroupID '#{@new_resource.gid}'")
end
|
#dscl_set_shell ⇒ Object
185
186
187
188
189
190
191
|
# File 'lib/chef/provider/user/dscl.rb', line 185
def dscl_set_shell
if @new_resource.password || ::File.exists?("#{@new_resource.shell}")
safe_dscl("create /Users/#{@new_resource.username} UserShell '#{@new_resource.shell}'")
else
safe_dscl("create /Users/#{@new_resource.username} UserShell '/usr/bin/false'")
end
end
|
#get_free_uid(search_limit = 1000) ⇒ Object
get a free UID greater than 200
51
52
53
54
55
56
57
58
59
60
61
62
63
|
# File 'lib/chef/provider/user/dscl.rb', line 51
def get_free_uid(search_limit=1000)
uid = nil; next_uid_guess = 200
users_uids = safe_dscl("list /Users uid")
while(next_uid_guess < search_limit + 200)
if users_uids =~ Regexp.new("#{Regexp.escape(next_uid_guess.to_s)}\n")
next_uid_guess += 1
else
uid = next_uid_guess
break
end
end
return uid || raise("uid not found. Exhausted. Searched #{search_limit} times")
end
|
103
104
105
|
# File 'lib/chef/provider/user/dscl.rb', line 103
def guid
safe_dscl("read /Users/#{@new_resource.username} GeneratedUID").gsub(/GeneratedUID: /,"").strip
end
|
#load_current_resource ⇒ Object
148
149
150
151
|
# File 'lib/chef/provider/user/dscl.rb', line 148
def load_current_resource
super
raise Chef::Exceptions::User, "Could not find binary /usr/bin/dscl for #{@new_resource}" unless ::File.exists?("/usr/bin/dscl")
end
|
#lock_user ⇒ Object
228
229
230
|
# File 'lib/chef/provider/user/dscl.rb', line 228
def lock_user
safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';DisabledUser;'")
end
|
#locked? ⇒ Boolean
215
216
217
218
219
220
221
222
|
# File 'lib/chef/provider/user/dscl.rb', line 215
def locked?
user_info = safe_dscl("read /Users/#{@new_resource.username}")
if auth_authority_md = AUTHENTICATION_AUTHORITY.match(user_info)
!!(auth_authority_md[1] =~ /DisabledUser/ )
else
false
end
end
|
#manage_user ⇒ Object
163
164
165
166
167
168
169
170
171
|
# File 'lib/chef/provider/user/dscl.rb', line 163
def manage_user
dscl_create_user if diverged?(:username)
if diverged?(:comment)
set_uid if diverged?(:uid)
dscl_set_gid if diverged?(:uid)
modify_home if diverged?(:home)
dscl_set_shell if diverged?(:shell)
modify_password if diverged?(:password)
end
|
#modify_home ⇒ Object
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
# File 'lib/chef/provider/user/dscl.rb', line 79
def modify_home
return safe_dscl("delete /Users/#{@new_resource.username} NFSHomeDirectory") if (@new_resource.home.nil? || @new_resource.home.empty?)
if @new_resource.supports[:manage_home]
validate_home_dir_specification!
if (@current_resource.home == @new_resource.home) && !new_home_exists?
ditto_home
elsif !current_home_exists? && !new_home_exists?
ditto_home
elsif current_home_exists?
move_home
end
end
safe_dscl("create /Users/#{@new_resource.username} NFSHomeDirectory '#{@new_resource.home}'")
end
|
#modify_password ⇒ Object
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
# File 'lib/chef/provider/user/dscl.rb', line 116
def modify_password
if @new_resource.password
shadow_hash = nil
Chef::Log.debug("#{new_resource} updating password")
if osx_shadow_hash?(@new_resource.password)
shadow_hash = @new_resource.password.upcase
else
if osx_salted_sha1?(@new_resource.password)
salted_sha1 = @new_resource.password.upcase
else
hex_salt = ""
OpenSSL::Random.random_bytes(10).each_byte { |b| hex_salt << b.to_i.to_s(16) }
hex_salt = hex_salt.slice(0...8)
salt = [hex_salt].pack("H*")
sha1 = ::OpenSSL::Digest::SHA1.hexdigest(salt+@new_resource.password)
salted_sha1 = (hex_salt+sha1).upcase
end
shadow_hash = String.new("00000000"*155)
shadow_hash[168] = salted_sha1
end
::File.open("/var/db/shadow/hash/#{guid}",'w',0600) do |output|
output.puts shadow_hash
end
unless shadow_hash_set?
safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';ShadowHash;'")
end
end
end
|
#move_home ⇒ Object
259
260
261
262
263
264
265
266
267
268
|
# File 'lib/chef/provider/user/dscl.rb', line 259
def move_home
Chef::Log.debug("#{@new_resource} moving #{self} home from #{@current_resource.home} to #{@new_resource.home}")
src = @current_resource.home
FileUtils.mkdir_p(@new_resource.home)
files = ::Dir.glob("#{src}/*", ::File::FNM_DOTMATCH) - ["#{src}/.","#{src}/.."]
::FileUtils.mv(files,@new_resource.home, :force => true)
::FileUtils.rmdir(src)
::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
end
|
#new_home_exists? ⇒ Boolean
248
249
250
|
# File 'lib/chef/provider/user/dscl.rb', line 248
def new_home_exists?
::File.exist?("#{@new_resource.home}")
end
|
#osx_salted_sha1?(string) ⇒ Boolean
99
100
101
|
# File 'lib/chef/provider/user/dscl.rb', line 99
def osx_salted_sha1?(string)
return !! ( string =~ /^[[:xdigit:]]{48}$/ )
end
|
#osx_shadow_hash?(string) ⇒ Boolean
95
96
97
|
# File 'lib/chef/provider/user/dscl.rb', line 95
def osx_shadow_hash?(string)
return !! ( string =~ /^[[:xdigit:]]{1240}$/ )
end
|
#parameter_updated?(parameter) ⇒ Boolean
274
275
276
|
# File 'lib/chef/provider/user/dscl.rb', line 274
def parameter_updated?(parameter)
not (@new_resource.send(parameter) == @current_resource.send(parameter))
end
|
#remove_user ⇒ Object
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
|
# File 'lib/chef/provider/user/dscl.rb', line 193
def remove_user
if @new_resource.supports[:manage_home]
user_info = safe_dscl("read /Users/#{@new_resource.username}")
if nfs_home_match = user_info.match(NFS_HOME_DIRECTORY)
nfs_home = nfs_home_match[1]
FileUtils.rm_rf(nfs_home)
end
end
groups = []
Etc.group do |group|
groups << group.name if group.mem.include?(@new_resource.username)
end
groups.each do |group_name|
safe_dscl("delete /Groups/#{group_name} GroupMembership '#{@new_resource.username}'")
end
safe_dscl("delete /Users/#{@new_resource.username}")
end
|
#safe_dscl(*args) ⇒ Object
36
37
38
39
40
41
42
|
# File 'lib/chef/provider/user/dscl.rb', line 36
def safe_dscl(*args)
result = dscl(*args)
return "" if ( args.first =~ /^delete/ ) && ( result.exitstatus != 0 )
raise(Chef::Exceptions::DsclCommandFailed,"dscl error: #{result.inspect}") unless result.exitstatus == 0
raise(Chef::Exceptions::DsclCommandFailed,"dscl error: #{result.inspect}") if result.stdout =~ /No such key: /
return result.stdout
end
|
71
72
73
74
75
76
77
|
# File 'lib/chef/provider/user/dscl.rb', line 71
def set_uid
@new_resource.uid(get_free_uid) if (@new_resource.uid.nil? || @new_resource.uid == '')
if uid_used?(@new_resource.uid)
raise(Chef::Exceptions::RequestedUIDUnavailable, "uid #{@new_resource.uid} is already in use")
end
safe_dscl("create /Users/#{@new_resource.username} UniqueID #{@new_resource.uid}")
end
|
#shadow_hash_set? ⇒ Boolean
107
108
109
110
111
112
113
114
|
# File 'lib/chef/provider/user/dscl.rb', line 107
def shadow_hash_set?
user_data = safe_dscl("read /Users/#{@new_resource.username}")
if user_data =~ /AuthenticationAuthority: / && user_data =~ /ShadowHash/
true
else
false
end
end
|
#uid_used?(uid) ⇒ Boolean
65
66
67
68
69
|
# File 'lib/chef/provider/user/dscl.rb', line 65
def uid_used?(uid)
return false unless uid
users_uids = safe_dscl("list /Users uid")
!! ( users_uids =~ Regexp.new("#{Regexp.escape(uid.to_s)}\n") )
end
|
#unlock_user ⇒ Object
232
233
234
235
236
|
# File 'lib/chef/provider/user/dscl.rb', line 232
def unlock_user
auth_info = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
auth_string = auth_info.gsub(/AuthenticationAuthority: /,"").gsub(/;DisabledUser;/,"").strip safe_dscl("create /Users/#{@new_resource.username} AuthenticationAuthority '#{auth_string}'")
end
|
#validate_home_dir_specification! ⇒ Object
238
239
240
241
242
|
# File 'lib/chef/provider/user/dscl.rb', line 238
def validate_home_dir_specification!
unless @new_resource.home =~ /^\//
raise(Chef::Exceptions::InvalidHomeDirectory,"invalid path spec for User: '#{@new_resource.username}', home directory: '#{@new_resource.home}'")
end
end
|