[Puppet - Bug #13686] (Unreviewed) directoryservices provider can't handle missing ShadowHashData item

Mon, 09 Apr 2012 09:47:26 -0700 

Issue #13686 has been reported by Clay Caviness.

----------------------------------------
Bug #13686: directoryservices provider can't handle missing ShadowHashData item
https://projects.puppetlabs.com/issues/13686

Author: Clay Caviness
Status: Unreviewed
Priority: Normal
Assignee: Gary Larizza
Category: Darwin
Target version: 
Affected Puppet version: 2.7.12
Keywords: 
Branch: 


If a user plist ends up in a state with no ShadowHashData entry, 
directoryservices provider is unable to fix, failing with an error:

`err: /Stage[main]/Security::Local_users/User[testuser]/password: change from 
[old password hash redacted] to [new password hash redacted] failed: The 
directoryservice provider can not handle attribute password at [...]users.pp:40`

Inspecting the testuser.plist file in /var/db/dslocal/Default/users/, I found 
it was _missing_ the ShadowHashData item entirely. (I suspect this happened 
during a puppet run as we upgraded from 2.7.6 to 2.7.12, but I can't seem to 
recreate it reliably.)

I tweaked directoryservice.rb at line 324 to create it if it was missing:
<pre>
        if users_plist['ShadowHashData']
          # users_plist['ShadowHashData'][0].string is actually a binary plist
          # that's nested INSIDE the user's plist (which itself is a binary
          # plist).
          password_hash_plist = users_plist['ShadowHashData'][0].string
          converted_hash_plist = convert_binary_to_xml(password_hash_plist)
        else
          users_plist['ShadowHashData'] = [StringIO.new]
          converted_hash_plist = {'SALTED-SHA512'=>StringIO.new}
        end
</pre>

... and this seems to fix thing, though I'm not sure if this is the best method.


-- 
You have received this notification because you have either subscribed to it, 
or are involved in it.
To change your notification preferences, please click here: 
http://projects.puppetlabs.com/my/account

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/puppet-bugs?hl=en.

Reply via email to