Class: Chef::Provider::User::Dscl

Inherits:
Chef::Provider::User show all
Includes:
Mixin::ShellOut
Defined in:
lib/chef/provider/user/dscl.rb

Constant Summary collapse

NFS_HOME_DIRECTORY =
%r{^NFSHomeDirectory: (.*)$}
AUTHENTICATION_AUTHORITY =
%r{^AuthenticationAuthority: (.*)$}

Constants included from Mixin::ShellOut

Mixin::ShellOut::DEPRECATED_OPTIONS

Instance Attribute Summary

Attributes inherited from Chef::Provider::User

#locked, #user_exists

Attributes inherited from Chef::Provider

#action, #current_resource, #new_resource, #run_context

Instance Method Summary collapse

Methods included from Mixin::ShellOut

#run_command_compatible_options, #shell_out, #shell_out!

Methods inherited from Chef::Provider::User

#action_create, #action_lock, #action_manage, #action_modify, #action_remove, #action_unlock, #compare_user, #convert_group_name, #define_resource_requirements, #initialize, #whyrun_supported?

Methods included from Mixin::Command

#chdir_or_tmpdir, #handle_command_failures, #output_of_command, #run_command, #run_command_with_systems_locale

Methods included from Mixin::Command::Windows

#popen4

Methods included from Mixin::Command::Unix

#popen4

Methods inherited from Chef::Provider

#action_nothing, build_from_file, #cleanup_after_converge, #converge, #cookbook_name, #define_resource_requirements, #events, #initialize, #node, #process_resource_requirements, #requirements, #resource_collection, #run_action, #whyrun_mode?, #whyrun_supported?

Methods included from Mixin::ConvertToClassName

#convert_to_class_name, #convert_to_snake_case, #filename_to_qualified_string, #snake_case_basename

Methods included from Mixin::EnforceOwnershipAndPermissions

#access_controls, #enforce_ownership_and_permissions

Methods included from Mixin::RecipeDefinitionDSLCore

#method_missing

Methods included from Mixin::Language

#data_bag, #data_bag_item, #platform?, #platform_family?, #search, #value_for_platform, #value_for_platform_family

Constructor Details

This class inherits a constructor from Chef::Provider::User

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class Chef::Mixin::RecipeDefinitionDSLCore

Instance Method Details

#check_lockObject



224
225
226
# File 'lib/chef/provider/user/dscl.rb', line 224

def check_lock
  return @locked = locked?
end

#create_userObject



153
154
155
156
157
158
159
160
161
# File 'lib/chef/provider/user/dscl.rb', line 153

def create_user
  dscl_create_user
  dscl_create_comment
  set_uid
  dscl_set_gid
  modify_home
  dscl_set_shell
  modify_password
end

#current_home_exists?Boolean

Returns:

  • (Boolean)


244
245
246
# File 'lib/chef/provider/user/dscl.rb', line 244

def current_home_exists?
  ::File.exist?("#{@current_resource.home}")
end

#ditto_homeObject



252
253
254
255
256
257
# File 'lib/chef/provider/user/dscl.rb', line 252

def ditto_home
  skel = "/System/Library/User Template/English.lproj"
  raise(Chef::Exceptions::User,"can't find skel at: #{skel}") unless ::File.exists?(skel)
  shell_out! "ditto '#{skel}' '#{@new_resource.home}'"
  ::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
end

#diverged?(parameter) ⇒ Boolean

Returns:

  • (Boolean)


270
271
272
# File 'lib/chef/provider/user/dscl.rb', line 270

def diverged?(parameter)
  parameter_updated?(parameter) && (not @new_resource.send(parameter).nil?)
end

#dscl(*args) ⇒ Object



32
33
34
# File 'lib/chef/provider/user/dscl.rb', line 32

def dscl(*args)
  shell_out("dscl . -#{args.join(' ')}")
end

#dscl_create_commentObject



177
178
179
# File 'lib/chef/provider/user/dscl.rb', line 177

def dscl_create_comment
  safe_dscl("create /Users/#{@new_resource.username} RealName '#{@new_resource.comment}'")
end

#dscl_create_userObject



173
174
175
# File 'lib/chef/provider/user/dscl.rb', line 173

def dscl_create_user
  safe_dscl("create /Users/#{@new_resource.username}")              
end

#dscl_set_gidObject



181
182
183
# File 'lib/chef/provider/user/dscl.rb', line 181

def dscl_set_gid
  safe_dscl("create /Users/#{@new_resource.username} PrimaryGroupID '#{@new_resource.gid}'")
end

#dscl_set_shellObject



185
186
187
188
189
190
191
# File 'lib/chef/provider/user/dscl.rb', line 185

def dscl_set_shell
  if @new_resource.password || ::File.exists?("#{@new_resource.shell}")
    safe_dscl("create /Users/#{@new_resource.username} UserShell '#{@new_resource.shell}'")
  else
    safe_dscl("create /Users/#{@new_resource.username} UserShell '/usr/bin/false'")
  end
end

#get_free_uid(search_limit = 1000) ⇒ Object

get a free UID greater than 200



51
52
53
54
55
56
57
58
59
60
61
62
63
# File 'lib/chef/provider/user/dscl.rb', line 51

def get_free_uid(search_limit=1000)
  uid = nil; next_uid_guess = 200
  users_uids = safe_dscl("list /Users uid")
  while(next_uid_guess < search_limit + 200)
    if users_uids =~ Regexp.new("#{Regexp.escape(next_uid_guess.to_s)}\n")
      next_uid_guess += 1
    else
      uid = next_uid_guess
      break
    end
  end
  return uid || raise("uid not found. Exhausted. Searched #{search_limit} times")
end

#guidObject



103
104
105
# File 'lib/chef/provider/user/dscl.rb', line 103

def guid
  safe_dscl("read /Users/#{@new_resource.username} GeneratedUID").gsub(/GeneratedUID: /,"").strip
end

#load_current_resourceObject



148
149
150
151
# File 'lib/chef/provider/user/dscl.rb', line 148

def load_current_resource
  super
  raise Chef::Exceptions::User, "Could not find binary /usr/bin/dscl for #{@new_resource}" unless ::File.exists?("/usr/bin/dscl")
end

#lock_userObject



228
229
230
# File 'lib/chef/provider/user/dscl.rb', line 228

def lock_user
  safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';DisabledUser;'")
end

#locked?Boolean

Returns:

  • (Boolean)


215
216
217
218
219
220
221
222
# File 'lib/chef/provider/user/dscl.rb', line 215

def locked?
   = safe_dscl("read /Users/#{@new_resource.username}")
  if auth_authority_md = AUTHENTICATION_AUTHORITY.match()
    !!(auth_authority_md[1] =~ /DisabledUser/ )
  else
    false
  end
end

#manage_userObject



163
164
165
166
167
168
169
170
171
# File 'lib/chef/provider/user/dscl.rb', line 163

def manage_user
  dscl_create_user    if diverged?(:username)
  dscl_create_comment if diverged?(:comment)
  set_uid             if diverged?(:uid)
  dscl_set_gid        if diverged?(:gid)
  modify_home         if diverged?(:home)
  dscl_set_shell      if diverged?(:shell)
  modify_password     if diverged?(:password)
end

#modify_homeObject



79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
# File 'lib/chef/provider/user/dscl.rb', line 79

def modify_home
  return safe_dscl("delete /Users/#{@new_resource.username} NFSHomeDirectory") if (@new_resource.home.nil? || @new_resource.home.empty?)
  if @new_resource.supports[:manage_home]
    validate_home_dir_specification!
    
    if (@current_resource.home == @new_resource.home) && !new_home_exists?
      ditto_home
    elsif !current_home_exists? && !new_home_exists?
      ditto_home
    elsif current_home_exists?
      move_home
    end
  end
  safe_dscl("create /Users/#{@new_resource.username} NFSHomeDirectory '#{@new_resource.home}'")
end

#modify_passwordObject



116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# File 'lib/chef/provider/user/dscl.rb', line 116

def modify_password
  if @new_resource.password
    shadow_hash = nil
    
    Chef::Log.debug("#{new_resource} updating password")
    if osx_shadow_hash?(@new_resource.password)
      shadow_hash = @new_resource.password.upcase
    else
      if osx_salted_sha1?(@new_resource.password)
        salted_sha1 = @new_resource.password.upcase
      else
        hex_salt = ""
        OpenSSL::Random.random_bytes(10).each_byte { |b| hex_salt << b.to_i.to_s(16) }
        hex_salt = hex_salt.slice(0...8)
        salt = [hex_salt].pack("H*")
        sha1 = ::OpenSSL::Digest::SHA1.hexdigest(salt+@new_resource.password)
        salted_sha1 = (hex_salt+sha1).upcase
      end
      shadow_hash = String.new("00000000"*155)
      shadow_hash[168] = salted_sha1
    end
    
    ::File.open("/var/db/shadow/hash/#{guid}",'w',0600) do |output|
      output.puts shadow_hash
    end
    
    unless shadow_hash_set?
      safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';ShadowHash;'")
    end
  end
end

#move_homeObject



259
260
261
262
263
264
265
266
267
268
# File 'lib/chef/provider/user/dscl.rb', line 259

def move_home
  Chef::Log.debug("#{@new_resource} moving #{self} home from #{@current_resource.home} to #{@new_resource.home}")
  
  src = @current_resource.home
  FileUtils.mkdir_p(@new_resource.home)
  files = ::Dir.glob("#{src}/*", ::File::FNM_DOTMATCH) - ["#{src}/.","#{src}/.."]
  ::FileUtils.mv(files,@new_resource.home, :force => true)
  ::FileUtils.rmdir(src)
  ::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
end

#new_home_exists?Boolean

Returns:

  • (Boolean)


248
249
250
# File 'lib/chef/provider/user/dscl.rb', line 248

def new_home_exists?
  ::File.exist?("#{@new_resource.home}")          
end

#osx_salted_sha1?(string) ⇒ Boolean

Returns:

  • (Boolean)


99
100
101
# File 'lib/chef/provider/user/dscl.rb', line 99

def osx_salted_sha1?(string)
  return !! ( string =~ /^[[:xdigit:]]{48}$/ )
end

#osx_shadow_hash?(string) ⇒ Boolean

Returns:

  • (Boolean)


95
96
97
# File 'lib/chef/provider/user/dscl.rb', line 95

def osx_shadow_hash?(string)
  return !! ( string =~ /^[[:xdigit:]]{1240}$/ )
end

#parameter_updated?(parameter) ⇒ Boolean

Returns:

  • (Boolean)


274
275
276
# File 'lib/chef/provider/user/dscl.rb', line 274

def parameter_updated?(parameter)
  not (@new_resource.send(parameter) == @current_resource.send(parameter))
end

#remove_userObject



193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
# File 'lib/chef/provider/user/dscl.rb', line 193

def remove_user
  if @new_resource.supports[:manage_home]
     = safe_dscl("read /Users/#{@new_resource.username}") 
    if nfs_home_match = .match(NFS_HOME_DIRECTORY)
      #nfs_home = safe_dscl("read /Users/#{@new_resource.username} NFSHomeDirectory")
      #nfs_home.gsub!(/NFSHomeDirectory: /,"").gsub!(/\n$/,"")
      nfs_home = nfs_home_match[1]
      FileUtils.rm_rf(nfs_home)
    end
  end
  # remove the user from its groups
  groups = []
  Etc.group do |group|
    groups << group.name if group.mem.include?(@new_resource.username)
  end
  groups.each do |group_name|
    safe_dscl("delete /Groups/#{group_name} GroupMembership '#{@new_resource.username}'")
  end
  # remove user account
  safe_dscl("delete /Users/#{@new_resource.username}")
end

#safe_dscl(*args) ⇒ Object



36
37
38
39
40
41
42
# File 'lib/chef/provider/user/dscl.rb', line 36

def safe_dscl(*args)
  result = dscl(*args)
  return "" if ( args.first =~ /^delete/ ) && ( result.exitstatus != 0 )
  raise(Chef::Exceptions::DsclCommandFailed,"dscl error: #{result.inspect}") unless result.exitstatus == 0
  raise(Chef::Exceptions::DsclCommandFailed,"dscl error: #{result.inspect}") if result.stdout =~ /No such key: /
  return result.stdout
end

#set_uidObject



71
72
73
74
75
76
77
# File 'lib/chef/provider/user/dscl.rb', line 71

def set_uid
  @new_resource.uid(get_free_uid) if (@new_resource.uid.nil? || @new_resource.uid == '')
  if uid_used?(@new_resource.uid)
    raise(Chef::Exceptions::RequestedUIDUnavailable, "uid #{@new_resource.uid} is already in use")
  end
  safe_dscl("create /Users/#{@new_resource.username} UniqueID #{@new_resource.uid}")
end

#shadow_hash_set?Boolean

Returns:

  • (Boolean)


107
108
109
110
111
112
113
114
# File 'lib/chef/provider/user/dscl.rb', line 107

def shadow_hash_set?
  user_data = safe_dscl("read /Users/#{@new_resource.username}") 
  if user_data =~ /AuthenticationAuthority: / && user_data =~ /ShadowHash/
    true
  else
    false
  end
end

#uid_used?(uid) ⇒ Boolean

Returns:

  • (Boolean)


65
66
67
68
69
# File 'lib/chef/provider/user/dscl.rb', line 65

def uid_used?(uid)
  return false unless uid
  users_uids = safe_dscl("list /Users uid")
  !! ( users_uids =~ Regexp.new("#{Regexp.escape(uid.to_s)}\n") )
end

#unlock_userObject



232
233
234
235
236
# File 'lib/chef/provider/user/dscl.rb', line 232

def unlock_user
  auth_info = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
  auth_string = auth_info.gsub(/AuthenticationAuthority: /,"").gsub(/;DisabledUser;/,"").strip#.gsub!(/[; ]*$/,"")
  safe_dscl("create /Users/#{@new_resource.username} AuthenticationAuthority '#{auth_string}'")
end

#validate_home_dir_specification!Object



238
239
240
241
242
# File 'lib/chef/provider/user/dscl.rb', line 238

def validate_home_dir_specification!
  unless @new_resource.home =~ /^\//
    raise(Chef::Exceptions::InvalidHomeDirectory,"invalid path spec for User: '#{@new_resource.username}', home directory: '#{@new_resource.home}'") 
  end
end