Class: Chef::Provider::User::Dscl
Instance Attribute Summary
#locked, #user_exists
#current_resource, #new_resource, #node
Instance Method Summary
collapse
#action_create, #action_lock, #action_manage, #action_modify, #action_remove, #action_unlock, #compare_user, #convert_group_name, #initialize
handle_command_failures, not_if, only_if, output_of_command, popen4, run_command, run_command_with_systems_locale
#action_nothing, build_from_file, #initialize
#convert_to_class_name, #convert_to_snake_case, #filename_to_qualified_string
#method_missing
#data_bag, #data_bag_item, #platform?, #search, #value_for_platform
Instance Method Details
#check_lock ⇒ Object
264
265
266
|
# File 'lib/chef/provider/user/dscl.rb', line 264
def check_lock
return @locked = locked?
end
|
#create_user ⇒ Object
184
185
186
|
# File 'lib/chef/provider/user/dscl.rb', line 184
def create_user
manage_user(false)
end
|
#dscl(*args) ⇒ Object
27
28
29
30
31
32
33
34
35
|
# File 'lib/chef/provider/user/dscl.rb', line 27
def dscl(*args)
host = "."
stdout_result = ""; stderr_result = ""; cmd = "dscl #{host} -#{args.join(' ')}"
status = popen4(cmd) do |pid, stdin, stdout, stderr|
stdout.each { |line| stdout_result << line }
stderr.each { |line| stderr_result << line }
end
return [cmd, status, stdout_result, stderr_result]
end
|
#get_free_uid(search_limit = 1000) ⇒ Object
get a free UID greater than 200
52
53
54
55
56
57
58
59
60
61
62
63
64
|
# File 'lib/chef/provider/user/dscl.rb', line 52
def get_free_uid(search_limit=1000)
uid = nil; next_uid_guess = 200
users_uids = safe_dscl("list /Users uid")
while(next_uid_guess < search_limit + 200)
if users_uids =~ Regexp.new("#{next_uid_guess}\n")
next_uid_guess += 1
else
uid = next_uid_guess
break
end
end
return uid || raise("uid not found. Exhausted. Searched #{search_limit} times")
end
|
135
136
137
|
# File 'lib/chef/provider/user/dscl.rb', line 135
def guid
safe_dscl("read /Users/#{@new_resource.username} GeneratedUID").gsub(/GeneratedUID: /,"").gsub!(/\n/,"")
end
|
#load_current_resource ⇒ Object
179
180
181
182
|
# File 'lib/chef/provider/user/dscl.rb', line 179
def load_current_resource
super
raise Chef::Exceptions::User, "Could not find binary /usr/bin/dscl for #{@new_resource}" unless ::File.exists?("/usr/bin/dscl")
end
|
#lock_user ⇒ Object
268
269
270
|
# File 'lib/chef/provider/user/dscl.rb', line 268
def lock_user
safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';DisabledUser;'")
end
|
#locked? ⇒ Boolean
256
257
258
259
260
261
262
|
# File 'lib/chef/provider/user/dscl.rb', line 256
def locked?
if safe_dscl("read /Users/#{@new_resource.username}") =~ /AuthenticationAuthority: /
auth_auth = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
return !! ( auth_auth =~ /DisabledUser/ )
end
return false
end
|
#manage_user(manage = true) ⇒ Object
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
|
# File 'lib/chef/provider/user/dscl.rb', line 188
def manage_user(manage = true)
fields = []
if manage
[:username,:comment,:uid,:gid,:home,:shell,:password].each do |field|
if @current_resource.send(field) != @new_resource.send(field)
fields << field if @new_resource.send(field)
end
end
if @new_resource.send(:supports)[:manage_home]
fields << :home if @new_resource.send(:home)
end
fields << :shell if fields.include?(:password)
else
fields = [:username,:comment,:uid,:gid,:home,:shell,:password]
end
fields.uniq!
fields.each do |field|
case field
when :username
safe_dscl("create /Users/#{@new_resource.username}")
when :comment
safe_dscl("create /Users/#{@new_resource.username} RealName '#{@new_resource.}'")
when :uid
set_uid
when :gid
safe_dscl("create /Users/#{@new_resource.username} PrimaryGroupID '#{@new_resource.gid}'")
when :home
modify_home
when :shell
if @new_resource.password || ::File.exists?("#{@new_resource.shell}")
safe_dscl("create /Users/#{@new_resource.username} UserShell '#{@new_resource.shell}'")
else
safe_dscl("create /Users/#{@new_resource.username} UserShell '/usr/bin/false'")
end
when :password
modify_password
end
end
end
|
#modify_home ⇒ Object
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
# File 'lib/chef/provider/user/dscl.rb', line 78
def modify_home
if [nil,""].include?(@new_resource.home)
safe_dscl("delete /Users/#{@new_resource.username} NFSHomeDirectory")
else
if @new_resource.supports[:manage_home]
unless @new_resource.home =~ /^\//
raise(Chef::Exceptions::User,"invalid path spec for User: '#{@new_resource.username}', home directory: '#{@new_resource.home}'")
end
ch_eq_nh = ( @current_resource.home == @new_resource.home )
cur_home_exists = ::File.exists?("#{@current_resource.home}")
new_home_exists = ::File.exists?("#{@new_resource.home}")
ditto = false
move = false
if ch_eq_nh
if !new_home_exists
ditto = true
end
else
if !cur_home_exists
if !new_home_exists
ditto = true
end
elsif cur_home_exists
move = true
end
end
if ditto
skel = "/System/Library/User Template/English.lproj"
raise(Chef::Exceptions::User,"can't find skel at: #{skel}") unless ::File.exists?(skel)
run_command(:command => "ditto '#{skel}' '#{@new_resource.home}'")
::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
end
if move
src = @current_resource.home
FileUtils.mkdir_p(@new_resource.home)
files = ::Dir.glob("#{src}/*", ::File::FNM_DOTMATCH) - ["#{src}/.","#{src}/.."]
::FileUtils.mv(files,@new_resource.home, :force => true)
::FileUtils.rmdir(src)
::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
end
end
safe_dscl("create /Users/#{@new_resource.username} NFSHomeDirectory '#{@new_resource.home}'")
end
end
|
#modify_password ⇒ Object
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
# File 'lib/chef/provider/user/dscl.rb', line 147
def modify_password
if @new_resource.password
shadow_hash = nil
Chef::Log.debug("#{new_resource}: updating password")
if osx_shadow_hash?(@new_resource.password)
shadow_hash = @new_resource.password.upcase
else
salted_sha1 = nil
if osx_salted_sha1?(@new_resource.password)
salted_sha1 = @new_resource.password.upcase
else
hex_salt = ""; chars = ("0".."9").to_a + ("a".."f").to_a
1.upto(8) { |i| hex_salt << chars[::Kernel.rand(chars.size-1)] }
salt = [hex_salt].pack("H*")
sha1 = ::OpenSSL::Digest::SHA1.hexdigest(salt+@new_resource.password)
salted_sha1 = (hex_salt+sha1).upcase
end
shadow_hash = String.new("00000000"*155)
shadow_hash[168] = salted_sha1
end
::File.open("/var/db/shadow/hash/#{guid}",'w',0600) do |output|
output.puts shadow_hash
end
unless shadow_hash_set?
safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';ShadowHash;'")
end
end
end
|
#osx_salted_sha1?(string) ⇒ Boolean
131
132
133
|
# File 'lib/chef/provider/user/dscl.rb', line 131
def osx_salted_sha1?(string)
return !! ( string =~ /^[[:xdigit:]]{48}$/ )
end
|
#osx_shadow_hash?(string) ⇒ Boolean
127
128
129
|
# File 'lib/chef/provider/user/dscl.rb', line 127
def osx_shadow_hash?(string)
return !! ( string =~ /^[[:xdigit:]]{1240}$/ )
end
|
#remove_user ⇒ Object
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
|
# File 'lib/chef/provider/user/dscl.rb', line 235
def remove_user
if @new_resource.supports[:manage_home]
if safe_dscl("read /Users/#{@new_resource.username}") =~ /NFSHomeDirectory/
nfs_home = safe_dscl("read /Users/#{@new_resource.username} NFSHomeDirectory")
nfs_home.gsub!(/NFSHomeDirectory: /,"").gsub!(/\n$/,"")
FileUtils.rm_rf(nfs_home)
end
end
groups = []
Etc.group do |group|
groups << group.name if group.mem.include?(@new_resource.username)
end
groups.each do |group_name|
safe_dscl("delete /Groups/#{group_name} GroupMembership '#{@new_resource.username}'")
end
safe_dscl("delete /Users/#{@new_resource.username}")
end
|
#safe_dscl(*args) ⇒ Object
37
38
39
40
41
42
43
|
# File 'lib/chef/provider/user/dscl.rb', line 37
def safe_dscl(*args)
result = dscl(*args)
return "" if ( args.first =~ /^delete/ ) && ( result[1].exitstatus != 0 )
raise(Chef::Exceptions::User,"dscl error: #{result.inspect}") unless result[1].exitstatus == 0
raise(Chef::Exceptions::User,"dscl error: #{result.inspect}") if result[2] =~ /No such key: /
return result[2]
end
|
72
73
74
75
76
|
# File 'lib/chef/provider/user/dscl.rb', line 72
def set_uid
@new_resource.uid(get_free_uid) if [nil,""].include? @new_resource.uid
raise(Chef::Exceptions::User,"uid is already in use") if uid_used?(@new_resource.uid)
safe_dscl("create /Users/#{@new_resource.username} UniqueID #{@new_resource.uid}")
end
|
#shadow_hash_set? ⇒ Boolean
139
140
141
142
143
144
145
|
# File 'lib/chef/provider/user/dscl.rb', line 139
def shadow_hash_set?
if safe_dscl("read /Users/#{@new_resource.username}") =~ /AuthenticationAuthority: /
auth_auth = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
return !! ( auth_auth =~ /ShadowHash/ )
end
return false
end
|
#uid_used?(uid) ⇒ Boolean
66
67
68
69
70
|
# File 'lib/chef/provider/user/dscl.rb', line 66
def uid_used?(uid)
return false unless uid
users_uids = safe_dscl("list /Users uid")
!! ( users_uids =~ Regexp.new("#{uid}\n") )
end
|
#unlock_user ⇒ Object
272
273
274
275
276
|
# File 'lib/chef/provider/user/dscl.rb', line 272
def unlock_user
auth_auth = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
auth_auth.gsub!(/AuthenticationAuthority: /,"").gsub!(/DisabledUser/,"").gsub!(/[; ]*$/,"")
safe_dscl("create /Users/#{@new_resource.username} AuthenticationAuthority '#{auth_auth}'")
end
|