Class: Chef::Provider::User::Dscl
Constant Summary
collapse
- NFS_HOME_DIRECTORY =
%r{^NFSHomeDirectory: (.*)$}
- AUTHENTICATION_AUTHORITY =
%r{^AuthenticationAuthority: (.*)$}
Mixin::ShellOut::DEPRECATED_OPTIONS
Instance Attribute Summary
#locked, #user_exists
#action, #current_resource, #new_resource, #run_context
Instance Method Summary
collapse
#run_command_compatible_options, #shell_out, #shell_out!
#action_create, #action_lock, #action_manage, #action_modify, #action_remove, #action_unlock, #compare_user, #convert_group_name, #define_resource_requirements, #initialize, #whyrun_supported?
#chdir_or_tmpdir, #handle_command_failures, #output_of_command, #run_command, #run_command_with_systems_locale
#popen4
#popen4
#action_nothing, #cleanup_after_converge, #cookbook_name, #define_resource_requirements, #events, #initialize, #node, #process_resource_requirements, #requirements, #resource_collection, #run_action, #set_updated_status, #whyrun_mode?, #whyrun_supported?
#method_missing
#convert_to_class_name, #convert_to_snake_case, #filename_to_qualified_string, #snake_case_basename
Dynamic Method Handling
This class handles dynamic methods through the method_missing method
in the class Chef::DSL::Recipe
Instance Method Details
#check_lock ⇒ Object
232
233
234
|
# File 'lib/chef/provider/user/dscl.rb', line 232
def check_lock
return @locked = locked?
end
|
#create_user ⇒ Object
153
154
155
156
157
158
159
160
161
|
# File 'lib/chef/provider/user/dscl.rb', line 153
def create_user
dscl_create_user
set_uid
dscl_set_gid
modify_home
dscl_set_shell
modify_password
end
|
#current_home_exists? ⇒ Boolean
252
253
254
|
# File 'lib/chef/provider/user/dscl.rb', line 252
def current_home_exists?
::File.exist?("#{@current_resource.home}")
end
|
#ditto_home ⇒ Object
260
261
262
263
264
265
|
# File 'lib/chef/provider/user/dscl.rb', line 260
def ditto_home
skel = "/System/Library/User Template/English.lproj"
raise(Chef::Exceptions::User,"can't find skel at: #{skel}") unless ::File.exists?(skel)
shell_out! "ditto '#{skel}' '#{@new_resource.home}'"
::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
end
|
#diverged?(parameter) ⇒ Boolean
278
279
280
|
# File 'lib/chef/provider/user/dscl.rb', line 278
def diverged?(parameter)
parameter_updated?(parameter) && (not @new_resource.send(parameter).nil?)
end
|
#dscl(*args) ⇒ Object
32
33
34
|
# File 'lib/chef/provider/user/dscl.rb', line 32
def dscl(*args)
shell_out("dscl . -#{args.join(' ')}")
end
|
177
178
179
|
# File 'lib/chef/provider/user/dscl.rb', line 177
def
safe_dscl("create /Users/#{@new_resource.username} RealName '#{@new_resource.}'")
end
|
#dscl_create_user ⇒ Object
173
174
175
|
# File 'lib/chef/provider/user/dscl.rb', line 173
def dscl_create_user
safe_dscl("create /Users/#{@new_resource.username}")
end
|
#dscl_set_gid ⇒ Object
181
182
183
184
185
186
187
188
189
190
191
|
# File 'lib/chef/provider/user/dscl.rb', line 181
def dscl_set_gid
unless @new_resource.gid && @new_resource.gid.to_s.match(/^\d+$/)
begin
possible_gid = safe_dscl("read /Groups/#{@new_resource.gid} PrimaryGroupID").split(" ").last
rescue Chef::Exceptions::DsclCommandFailed => e
raise Chef::Exceptions::GroupIDNotFound.new("Group not found for #{@new_resource.gid} when creating user #{@new_resource.username}")
end
@new_resource.gid(possible_gid) if possible_gid && possible_gid.match(/^\d+$/)
end
safe_dscl("create /Users/#{@new_resource.username} PrimaryGroupID '#{@new_resource.gid}'")
end
|
#dscl_set_shell ⇒ Object
193
194
195
196
197
198
199
|
# File 'lib/chef/provider/user/dscl.rb', line 193
def dscl_set_shell
if @new_resource.password || ::File.exists?("#{@new_resource.shell}")
safe_dscl("create /Users/#{@new_resource.username} UserShell '#{@new_resource.shell}'")
else
safe_dscl("create /Users/#{@new_resource.username} UserShell '/usr/bin/false'")
end
end
|
#get_free_uid(search_limit = 1000) ⇒ Object
get a free UID greater than 200
51
52
53
54
55
56
57
58
59
60
61
62
63
|
# File 'lib/chef/provider/user/dscl.rb', line 51
def get_free_uid(search_limit=1000)
uid = nil; next_uid_guess = 200
users_uids = safe_dscl("list /Users uid")
while(next_uid_guess < search_limit + 200)
if users_uids =~ Regexp.new("#{Regexp.escape(next_uid_guess.to_s)}\n")
next_uid_guess += 1
else
uid = next_uid_guess
break
end
end
return uid || raise("uid not found. Exhausted. Searched #{search_limit} times")
end
|
103
104
105
|
# File 'lib/chef/provider/user/dscl.rb', line 103
def guid
safe_dscl("read /Users/#{@new_resource.username} GeneratedUID").gsub(/GeneratedUID: /,"").strip
end
|
#load_current_resource ⇒ Object
148
149
150
151
|
# File 'lib/chef/provider/user/dscl.rb', line 148
def load_current_resource
super
raise Chef::Exceptions::User, "Could not find binary /usr/bin/dscl for #{@new_resource}" unless ::File.exists?("/usr/bin/dscl")
end
|
#lock_user ⇒ Object
236
237
238
|
# File 'lib/chef/provider/user/dscl.rb', line 236
def lock_user
safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';DisabledUser;'")
end
|
#locked? ⇒ Boolean
223
224
225
226
227
228
229
230
|
# File 'lib/chef/provider/user/dscl.rb', line 223
def locked?
user_info = safe_dscl("read /Users/#{@new_resource.username}")
if auth_authority_md = AUTHENTICATION_AUTHORITY.match(user_info)
!!(auth_authority_md[1] =~ /DisabledUser/ )
else
false
end
end
|
#manage_user ⇒ Object
163
164
165
166
167
168
169
170
171
|
# File 'lib/chef/provider/user/dscl.rb', line 163
def manage_user
dscl_create_user if diverged?(:username)
if diverged?(:comment)
set_uid if diverged?(:uid)
dscl_set_gid if diverged?(:gid)
modify_home if diverged?(:home)
dscl_set_shell if diverged?(:shell)
modify_password if diverged?(:password)
end
|
#modify_home ⇒ Object
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
# File 'lib/chef/provider/user/dscl.rb', line 79
def modify_home
return safe_dscl("delete /Users/#{@new_resource.username} NFSHomeDirectory") if (@new_resource.home.nil? || @new_resource.home.empty?)
if @new_resource.supports[:manage_home]
validate_home_dir_specification!
if (@current_resource.home == @new_resource.home) && !new_home_exists?
ditto_home
elsif !current_home_exists? && !new_home_exists?
ditto_home
elsif current_home_exists?
move_home
end
end
safe_dscl("create /Users/#{@new_resource.username} NFSHomeDirectory '#{@new_resource.home}'")
end
|
#modify_password ⇒ Object
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
|
# File 'lib/chef/provider/user/dscl.rb', line 116
def modify_password
if @new_resource.password
shadow_hash = nil
Chef::Log.debug("#{new_resource} updating password")
if osx_shadow_hash?(@new_resource.password)
shadow_hash = @new_resource.password.upcase
else
if osx_salted_sha1?(@new_resource.password)
salted_sha1 = @new_resource.password.upcase
else
hex_salt = ""
OpenSSL::Random.random_bytes(10).each_byte { |b| hex_salt << b.to_i.to_s(16) }
hex_salt = hex_salt.slice(0...8)
salt = [hex_salt].pack("H*")
sha1 = ::OpenSSL::Digest::SHA1.hexdigest(salt+@new_resource.password)
salted_sha1 = (hex_salt+sha1).upcase
end
shadow_hash = String.new("00000000"*155)
shadow_hash[168] = salted_sha1
end
::File.open("/var/db/shadow/hash/#{guid}",'w',0600) do |output|
output.puts shadow_hash
end
unless shadow_hash_set?
safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';ShadowHash;'")
end
end
end
|
#move_home ⇒ Object
267
268
269
270
271
272
273
274
275
276
|
# File 'lib/chef/provider/user/dscl.rb', line 267
def move_home
Chef::Log.debug("#{@new_resource} moving #{self} home from #{@current_resource.home} to #{@new_resource.home}")
src = @current_resource.home
FileUtils.mkdir_p(@new_resource.home)
files = ::Dir.glob("#{src}/*", ::File::FNM_DOTMATCH) - ["#{src}/.","#{src}/.."]
::FileUtils.mv(files,@new_resource.home, :force => true)
::FileUtils.rmdir(src)
::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
end
|
#new_home_exists? ⇒ Boolean
256
257
258
|
# File 'lib/chef/provider/user/dscl.rb', line 256
def new_home_exists?
::File.exist?("#{@new_resource.home}")
end
|
#osx_salted_sha1?(string) ⇒ Boolean
99
100
101
|
# File 'lib/chef/provider/user/dscl.rb', line 99
def osx_salted_sha1?(string)
return !! ( string =~ /^[[:xdigit:]]{48}$/ )
end
|
#osx_shadow_hash?(string) ⇒ Boolean
95
96
97
|
# File 'lib/chef/provider/user/dscl.rb', line 95
def osx_shadow_hash?(string)
return !! ( string =~ /^[[:xdigit:]]{1240}$/ )
end
|
#parameter_updated?(parameter) ⇒ Boolean
282
283
284
|
# File 'lib/chef/provider/user/dscl.rb', line 282
def parameter_updated?(parameter)
not (@new_resource.send(parameter) == @current_resource.send(parameter))
end
|
#remove_user ⇒ Object
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
|
# File 'lib/chef/provider/user/dscl.rb', line 201
def remove_user
if @new_resource.supports[:manage_home]
user_info = safe_dscl("read /Users/#{@new_resource.username}")
if nfs_home_match = user_info.match(NFS_HOME_DIRECTORY)
nfs_home = nfs_home_match[1]
FileUtils.rm_rf(nfs_home)
end
end
groups = []
Etc.group do |group|
groups << group.name if group.mem.include?(@new_resource.username)
end
groups.each do |group_name|
safe_dscl("delete /Groups/#{group_name} GroupMembership '#{@new_resource.username}'")
end
safe_dscl("delete /Users/#{@new_resource.username}")
end
|
#safe_dscl(*args) ⇒ Object
36
37
38
39
40
41
42
|
# File 'lib/chef/provider/user/dscl.rb', line 36
def safe_dscl(*args)
result = dscl(*args)
return "" if ( args.first =~ /^delete/ ) && ( result.exitstatus != 0 )
raise(Chef::Exceptions::DsclCommandFailed,"dscl error: #{result.inspect}") unless result.exitstatus == 0
raise(Chef::Exceptions::DsclCommandFailed,"dscl error: #{result.inspect}") if result.stdout =~ /No such key: /
return result.stdout
end
|
71
72
73
74
75
76
77
|
# File 'lib/chef/provider/user/dscl.rb', line 71
def set_uid
@new_resource.uid(get_free_uid) if (@new_resource.uid.nil? || @new_resource.uid == '')
if uid_used?(@new_resource.uid)
raise(Chef::Exceptions::RequestedUIDUnavailable, "uid #{@new_resource.uid} is already in use")
end
safe_dscl("create /Users/#{@new_resource.username} UniqueID #{@new_resource.uid}")
end
|
#shadow_hash_set? ⇒ Boolean
107
108
109
110
111
112
113
114
|
# File 'lib/chef/provider/user/dscl.rb', line 107
def shadow_hash_set?
user_data = safe_dscl("read /Users/#{@new_resource.username}")
if user_data =~ /AuthenticationAuthority: / && user_data =~ /ShadowHash/
true
else
false
end
end
|
#uid_used?(uid) ⇒ Boolean
65
66
67
68
69
|
# File 'lib/chef/provider/user/dscl.rb', line 65
def uid_used?(uid)
return false unless uid
users_uids = safe_dscl("list /Users uid")
!! ( users_uids =~ Regexp.new("#{Regexp.escape(uid.to_s)}\n") )
end
|
#unlock_user ⇒ Object
240
241
242
243
244
|
# File 'lib/chef/provider/user/dscl.rb', line 240
def unlock_user
auth_info = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
auth_string = auth_info.gsub(/AuthenticationAuthority: /,"").gsub(/;DisabledUser;/,"").strip safe_dscl("create /Users/#{@new_resource.username} AuthenticationAuthority '#{auth_string}'")
end
|
#validate_home_dir_specification! ⇒ Object
246
247
248
249
250
|
# File 'lib/chef/provider/user/dscl.rb', line 246
def validate_home_dir_specification!
unless @new_resource.home =~ /^\//
raise(Chef::Exceptions::InvalidHomeDirectory,"invalid path spec for User: '#{@new_resource.username}', home directory: '#{@new_resource.home}'")
end
end
|