Issue #5620 has been updated by Jacob Helwig.
Assignee deleted (Paul Berry)
Derek,
I replied on the mailing list, but I'll stick it here, too:
The best way that I can think off off hand actually involves further
refactoring of user_role_add.rb.
I'd probably move the usage of `/etc/shadow` to a method (and build
`/etc/shadow_tmp` based on that method) that could be overridden in the
tests. This way you can have the resource operate on a real file that
you could then examine to make sure it was updated properly.
Probably something like:
def shadow_file
'/etc/shadow'
end
def password=(cryptopw)
shadow_tmp_name = "#{shadow_file}_tmp"
begin
File.open(shadow_file, "r") do |shadow|
File.open(shadow_tmp_name, "w", 0600) do |shadow_tmp|
while line = shadow.gets
line_arr = line.split(':')
if line_arr[0] == @resource[:name]
line_arr[1] = cryptopw
line_arr[2] = Time.now.to_i / 86400
line = line_arr.join(':')
end
shadow_tmp.print line
end
end
end
File.rename(shadow_tmp_name, shadow_file)
rescue => detail
fail "Could not write temporary shadow file: #{detail}"
ensure
# Make sure this *always* gets deleted
File.unlink(shadow_tmp_name) if File.exist?(shadow_tmp_name)
end
end
Then you could do something like this in the spec:
include PuppetSpec::Files
it "should update the lastchg field" do
shadow_file = tmpfile('shadow')
Time.stubs(:now).returns(3628800) # 86499 * 42
@provider.stubs(:shadow_file).returns(shadow_file)
@resource.stubs(:[]).with(:name).returns("username")
File.stubs(:readlines).with("/etc/shadow").returns(["#comment",
" nonsense", " ", "username:hashedpassword:6445:::::",
"other:pword:yay:::"])
@provider.password = 'differenthashedpassword'
# Check to make sure that the lastchg field was updated in
# shadow_file
end
----------------------------------------
Bug #5620: user password age not updating "lastchg" field in shadow file on
solaris
https://projects.puppetlabs.com/issues/5620
Author: derek olsen
Status: Tests Insufficient
Priority: Normal
Assignee:
Category: user
Target version: 2.6.x
Affected Puppet version:
Keywords: solaris lastchg password age
Branch:
Hello.
env is puppet 2.6.4, facter 1.5.8, ruby 1.8.7p302, solaris 10 x86
We are excited to get away from our super exec hacks to manage user password
expiry. As part of our migration to 2.6 we are testing the new password age
management. While the min and max password age get's adjusted correctly the
all important "lastchg" field in the solaris shadow file does not get updated
when the password changes. I consider this a bug because because if the
"lastchg" field does not get updated then the min and max ages don't provide
the functionality they had been intended to provide.
This example illustrates what I'm seeing.
<pre>
grep liluser /etc/shadow (note the date string "14364" that's when the
password was last changed)
liluser:$2a$04$qJzZqI2839382jdCbXhJ8eJUhng48J/PCUuOG6jk422J/pWZDjASW:14364:7:90::::
cat pass-age.pp (i've changed the crypt to force a password update)
user { 'liluser':
uid => '516',
gid => '10',
password_min_age => "7",
password_max_age => "90",
password => '$2a$04$qJzZqI2839382jdCbXhJ8eJUhng48J/PCU283l3h3l22J/pWZDj
ASW',
comment => 'pass age test',
shell => '/bin/bash',
ensure => 'present',
}
puppet apply --debug pass-age.pp
[stuff removed here]
notice: /Stage[main]//User[liluser]/password: changed password
debug: Finishing transaction 76130560
debug: Storing state
debug: Stored state in 0.04 seconds
grep liluser /etc/shadow (lastchg field unchanged)
liluser:$2a$04$qJzZqI2839382jdCbXhJ8eJUhng48J/PCUuOG6jk48kJ/pWZDjASW:14364:7:90::::
</pre>
Thanks. Derek.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
