:manages_passwords for ruby-puppet

Florian Obser Tue, 27 Mar 2012 07:54:58 -0700

Hi,

this adds password managment to the user resource for openbsd.


This has consequences for existing puppet installations. If you have
user resources with password hashs (for e.g. linux) puppet said
something along the lines of "info: Provider useradd does not support
features manages_password; not managing attribute password". Now
it will happily update the password hashes with potentially 
non-openbsd password hashes. Hilarity ensues.

Index: sysutils/ruby-puppet/Makefile
===================================================================
RCS file: /cvs/ports/sysutils/ruby-puppet/Makefile,v
retrieving revision 1.39
diff -u -r1.39 Makefile
--- sysutils/ruby-puppet/Makefile       24 Feb 2012 08:08:35 -0000      1.39
+++ sysutils/ruby-puppet/Makefile       27 Mar 2012 14:17:44 -0000
@@ -5,6 +5,7 @@
 VERSION=       2.7.11
 DISTNAME=      puppet-${VERSION}
 PKGNAME=       ruby-${DISTNAME}
+REVISION=      1
 CATEGORIES=    sysutils net
 
 HOMEPAGE=      http://reductivelabs.com/projects/puppet/
Index: sysutils/ruby-puppet/patches/patch-lib_puppet_provider_user_useradd_rb
===================================================================
RCS file: 
/cvs/ports/sysutils/ruby-puppet/patches/patch-lib_puppet_provider_user_useradd_rb,v
retrieving revision 1.1
diff -u -r1.1 patch-lib_puppet_provider_user_useradd_rb
--- sysutils/ruby-puppet/patches/patch-lib_puppet_provider_user_useradd_rb      
4 Nov 2010 07:20:57 -0000       1.1
+++ sysutils/ruby-puppet/patches/patch-lib_puppet_provider_user_useradd_rb      
27 Mar 2012 14:17:44 -0000
@@ -1,12 +1,35 @@
 $OpenBSD: patch-lib_puppet_provider_user_useradd_rb,v 1.1 2010/11/04 07:20:57 
robert Exp $
---- lib/puppet/provider/user/useradd.rb.orig   Wed Nov  3 18:21:13 2010
-+++ lib/puppet/provider/user/useradd.rb        Wed Nov  3 18:21:18 2010
-@@ -3,7 +3,7 @@ require 'puppet/provider/nameservice/objectadd'
- Puppet::Type.type(:user).provide :useradd, :parent => 
Puppet::Provider::NameService::ObjectAdd do
-   desc "User management via `useradd` and its ilk.  Note that you will need 
to install the `Shadow Password` Ruby library often known as ruby-libshadow to 
manage user passwords."
+--- lib/puppet/provider/user/useradd.rb.orig   Tue Mar 27 15:29:58 2012
++++ lib/puppet/provider/user/useradd.rb        Tue Mar 27 15:28:59 2012
+@@ -5,7 +5,7 @@ Puppet::Type.type(:user).provide :useradd, :parent => 
+     install Ruby's shadow password library (often known as `ruby-libshadow`)
+     if you wish to manage user passwords."
  
 -  commands :add => "useradd", :delete => "userdel", :modify => "usermod", 
:password => "chage"
 +  commands :add => "useradd", :delete => "userdel", :modify => "usermod", 
:password => "passwd"
  
    options :home, :flag => "-d", :method => :dir
    options :comment, :method => :gecos
+@@ -25,6 +25,8 @@ Puppet::Type.type(:user).provide :useradd, :parent => 
+ 
+   has_features :manages_passwords, :manages_password_age if 
Puppet.features.libshadow?
+ 
++  has_features :manages_passwords if Facter.value("operatingsystem") == 
"OpenBSD"
++
+   def check_allow_dup
+     @resource.allowdupe? ? ["-o"] : []
+   end
+@@ -109,6 +111,13 @@ Puppet::Type.type(:user).provide :useradd, :parent => 
+       if ent = Shadow::Passwd.getspnam(@resource.name)
+         return ent.sp_pwdp
+       end
++    elsif Facter.value("operatingsystem") == "OpenBSD"
++      IO.foreach("/etc/master.passwd") { |line|
++        arr = line.split(':');
++        if arr[0][email protected]
++          return arr[1]
++        end
++      }
+     end
+     :absent
+   end

In case I fscked-up the cvs diff I'm trying to apply this git commit:

commit 04d3e6c7fc3d1e01a1c81858a947eebd78e1b238
Author: Florian Obser <[email protected]>
Date:   Sun Mar 25 20:15:17 2012 +0200

    :manages_passwords for OpenBSD.

diff --git a/lib/puppet/provider/user/useradd.rb 
b/lib/puppet/provider/user/useradd.rb
index e374905..dca13ce 100644
--- a/lib/puppet/provider/user/useradd.rb
+++ b/lib/puppet/provider/user/useradd.rb
@@ -25,6 +25,8 @@ Puppet::Type.type(:user).provide :useradd, :parent => 
Puppet::Provider::NameServ
 
   has_features :manages_passwords, :manages_password_age if 
Puppet.features.libshadow?
 
+  has_features :manages_passwords if Facter.value("operatingsystem") == 
"OpenBSD"
+
   def check_allow_dup
     @resource.allowdupe? ? ["-o"] : []
   end
@@ -109,6 +111,13 @@ Puppet::Type.type(:user).provide :useradd, :parent => 
Puppet::Provider::NameServ
       if ent = Shadow::Passwd.getspnam(@resource.name)
         return ent.sp_pwdp
       end
+    elsif Facter.value("operatingsystem") == "OpenBSD"
+      IO.foreach("/etc/master.passwd") { |line|
+        arr = line.split(':');
+        if arr[0][email protected]
+          return arr[1]
+        end
+      }
     end
     :absent
   end

Thanks,
Florian

-- 
Intuition is no proof. What concrete evidence do you have that you
exist?

:manages_passwords for ruby-puppet

Reply via email to