Class: Chef::Provider::User::Dscl
Instance Attribute Summary
#locked, #user_exists
#current_resource, #new_resource, #node
Instance Method Summary
collapse
#action_create, #action_lock, #action_manage, #action_modify, #action_remove, #action_unlock, #compare_user, #convert_group_name, #initialize
chdir_or_tmpdir, handle_command_failures, not_if, only_if, output_of_command, popen4, run_command, run_command_with_systems_locale
#action_nothing, build_from_file, #initialize
#convert_to_class_name, #convert_to_snake_case, #filename_to_qualified_string, #snake_case_basename
#method_missing
#data_bag, #data_bag_item, #platform?, #search, #value_for_platform
Instance Method Details
#check_lock ⇒ Object
261
262
263
|
# File 'lib/chef/provider/user/dscl.rb', line 261
def check_lock
return @locked = locked?
end
|
#create_user ⇒ Object
181
182
183
|
# File 'lib/chef/provider/user/dscl.rb', line 181
def create_user
manage_user(false)
end
|
#dscl(*args) ⇒ Object
27
28
29
30
31
32
33
34
35
|
# File 'lib/chef/provider/user/dscl.rb', line 27
def dscl(*args)
host = "."
stdout_result = ""; stderr_result = ""; cmd = "dscl #{host} -#{args.join(' ')}"
status = popen4(cmd) do |pid, stdin, stdout, stderr|
stdout.each { |line| stdout_result << line }
stderr.each { |line| stderr_result << line }
end
return [cmd, status, stdout_result, stderr_result]
end
|
#get_free_uid(search_limit = 1000) ⇒ Object
get a free UID greater than 200
52
53
54
55
56
57
58
59
60
61
62
63
64
|
# File 'lib/chef/provider/user/dscl.rb', line 52
def get_free_uid(search_limit=1000)
uid = nil; next_uid_guess = 200
users_uids = safe_dscl("list /Users uid")
while(next_uid_guess < search_limit + 200)
if users_uids =~ Regexp.new("#{next_uid_guess}\n")
next_uid_guess += 1
else
uid = next_uid_guess
break
end
end
return uid || raise("uid not found. Exhausted. Searched #{search_limit} times")
end
|
132
133
134
|
# File 'lib/chef/provider/user/dscl.rb', line 132
def guid
safe_dscl("read /Users/#{@new_resource.username} GeneratedUID").gsub(/GeneratedUID: /,"").gsub!(/\n/,"")
end
|
#load_current_resource ⇒ Object
176
177
178
179
|
# File 'lib/chef/provider/user/dscl.rb', line 176
def load_current_resource
super
raise Chef::Exceptions::User, "Could not find binary /usr/bin/dscl for #{@new_resource}" unless ::File.exists?("/usr/bin/dscl")
end
|
#lock_user ⇒ Object
265
266
267
|
# File 'lib/chef/provider/user/dscl.rb', line 265
def lock_user
safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';DisabledUser;'")
end
|
#locked? ⇒ Boolean
253
254
255
256
257
258
259
|
# File 'lib/chef/provider/user/dscl.rb', line 253
def locked?
if safe_dscl("read /Users/#{@new_resource.username}") =~ /AuthenticationAuthority: /
auth_auth = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
return !! ( auth_auth =~ /DisabledUser/ )
end
return false
end
|
#manage_user(manage = true) ⇒ Object
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
|
# File 'lib/chef/provider/user/dscl.rb', line 185
def manage_user(manage = true)
fields = []
if manage
[:username,:comment,:uid,:gid,:home,:shell,:password].each do |field|
if @current_resource.send(field) != @new_resource.send(field)
fields << field if @new_resource.send(field)
end
end
if @new_resource.send(:supports)[:manage_home]
fields << :home if @new_resource.send(:home)
end
fields << :shell if fields.include?(:password)
else
fields = [:username,:comment,:uid,:gid,:home,:shell,:password]
end
fields.uniq!
fields.each do |field|
case field
when :username
safe_dscl("create /Users/#{@new_resource.username}")
when :comment
safe_dscl("create /Users/#{@new_resource.username} RealName '#{@new_resource.}'")
when :uid
set_uid
when :gid
safe_dscl("create /Users/#{@new_resource.username} PrimaryGroupID '#{@new_resource.gid}'")
when :home
modify_home
when :shell
if @new_resource.password || ::File.exists?("#{@new_resource.shell}")
safe_dscl("create /Users/#{@new_resource.username} UserShell '#{@new_resource.shell}'")
else
safe_dscl("create /Users/#{@new_resource.username} UserShell '/usr/bin/false'")
end
when :password
modify_password
end
end
end
|
#modify_home ⇒ Object
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
# File 'lib/chef/provider/user/dscl.rb', line 78
def modify_home
return safe_dscl("delete /Users/#{@new_resource.username} NFSHomeDirectory") if (@new_resource.home.nil? || @new_resource.home.empty?)
if @new_resource.supports[:manage_home]
unless @new_resource.home =~ /^\//
raise(Chef::Exceptions::User,"invalid path spec for User: '#{@new_resource.username}', home directory: '#{@new_resource.home}'")
end
ch_eq_nh = ( @current_resource.home == @new_resource.home )
cur_home_exists = ::File.exists?("#{@current_resource.home}")
new_home_exists = ::File.exists?("#{@new_resource.home}")
ditto = false
move = false
if ch_eq_nh
if !new_home_exists
ditto = true
end
else
if !cur_home_exists
if !new_home_exists
ditto = true
end
elsif cur_home_exists
move = true
end
end
if ditto
skel = "/System/Library/User Template/English.lproj"
raise(Chef::Exceptions::User,"can't find skel at: #{skel}") unless ::File.exists?(skel)
run_command(:command => "ditto '#{skel}' '#{@new_resource.home}'")
::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
end
if move
src = @current_resource.home
FileUtils.mkdir_p(@new_resource.home)
files = ::Dir.glob("#{src}/*", ::File::FNM_DOTMATCH) - ["#{src}/.","#{src}/.."]
::FileUtils.mv(files,@new_resource.home, :force => true)
::FileUtils.rmdir(src)
::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
end
end
safe_dscl("create /Users/#{@new_resource.username} NFSHomeDirectory '#{@new_resource.home}'")
end
|
#modify_password ⇒ Object
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
# File 'lib/chef/provider/user/dscl.rb', line 144
def modify_password
if @new_resource.password
shadow_hash = nil
Chef::Log.debug("#{new_resource}: updating password")
if osx_shadow_hash?(@new_resource.password)
shadow_hash = @new_resource.password.upcase
else
salted_sha1 = nil
if osx_salted_sha1?(@new_resource.password)
salted_sha1 = @new_resource.password.upcase
else
hex_salt = ""; chars = ("0".."9").to_a + ("a".."f").to_a
1.upto(8) { |i| hex_salt << chars[::Kernel.rand(chars.size-1)] }
salt = [hex_salt].pack("H*")
sha1 = ::OpenSSL::Digest::SHA1.hexdigest(salt+@new_resource.password)
salted_sha1 = (hex_salt+sha1).upcase
end
shadow_hash = String.new("00000000"*155)
shadow_hash[168] = salted_sha1
end
::File.open("/var/db/shadow/hash/#{guid}",'w',0600) do |output|
output.puts shadow_hash
end
unless shadow_hash_set?
safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';ShadowHash;'")
end
end
end
|
#osx_salted_sha1?(string) ⇒ Boolean
128
129
130
|
# File 'lib/chef/provider/user/dscl.rb', line 128
def osx_salted_sha1?(string)
return !! ( string =~ /^[[:xdigit:]]{48}$/ )
end
|
#osx_shadow_hash?(string) ⇒ Boolean
124
125
126
|
# File 'lib/chef/provider/user/dscl.rb', line 124
def osx_shadow_hash?(string)
return !! ( string =~ /^[[:xdigit:]]{1240}$/ )
end
|
#remove_user ⇒ Object
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
|
# File 'lib/chef/provider/user/dscl.rb', line 232
def remove_user
if @new_resource.supports[:manage_home]
if safe_dscl("read /Users/#{@new_resource.username}") =~ /NFSHomeDirectory/
nfs_home = safe_dscl("read /Users/#{@new_resource.username} NFSHomeDirectory")
nfs_home.gsub!(/NFSHomeDirectory: /,"").gsub!(/\n$/,"")
FileUtils.rm_rf(nfs_home)
end
end
groups = []
Etc.group do |group|
groups << group.name if group.mem.include?(@new_resource.username)
end
groups.each do |group_name|
safe_dscl("delete /Groups/#{group_name} GroupMembership '#{@new_resource.username}'")
end
safe_dscl("delete /Users/#{@new_resource.username}")
end
|
#safe_dscl(*args) ⇒ Object
37
38
39
40
41
42
43
|
# File 'lib/chef/provider/user/dscl.rb', line 37
def safe_dscl(*args)
result = dscl(*args)
return "" if ( args.first =~ /^delete/ ) && ( result[1].exitstatus != 0 )
raise(Chef::Exceptions::User,"dscl error: #{result.inspect}") unless result[1].exitstatus == 0
raise(Chef::Exceptions::User,"dscl error: #{result.inspect}") if result[2] =~ /No such key: /
return result[2]
end
|
72
73
74
75
76
|
# File 'lib/chef/provider/user/dscl.rb', line 72
def set_uid
@new_resource.uid(get_free_uid) if [nil,""].include? @new_resource.uid
raise(Chef::Exceptions::User,"uid is already in use") if uid_used?(@new_resource.uid)
safe_dscl("create /Users/#{@new_resource.username} UniqueID #{@new_resource.uid}")
end
|
#shadow_hash_set? ⇒ Boolean
136
137
138
139
140
141
142
|
# File 'lib/chef/provider/user/dscl.rb', line 136
def shadow_hash_set?
if safe_dscl("read /Users/#{@new_resource.username}") =~ /AuthenticationAuthority: /
auth_auth = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
return !! ( auth_auth =~ /ShadowHash/ )
end
return false
end
|
#uid_used?(uid) ⇒ Boolean
66
67
68
69
70
|
# File 'lib/chef/provider/user/dscl.rb', line 66
def uid_used?(uid)
return false unless uid
users_uids = safe_dscl("list /Users uid")
!! ( users_uids =~ Regexp.new("#{uid}\n") )
end
|
#unlock_user ⇒ Object
269
270
271
272
273
|
# File 'lib/chef/provider/user/dscl.rb', line 269
def unlock_user
auth_auth = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
auth_auth.gsub!(/AuthenticationAuthority: /,"").gsub!(/DisabledUser/,"").gsub!(/[; ]*$/,"")
safe_dscl("create /Users/#{@new_resource.username} AuthenticationAuthority '#{auth_auth}'")
end
|