Issue #12833 has been updated by Nate Walck.
I recently started testing Puppet 2.7.19/Facter 1.6.11 on a OS X 10.8.1 Server
VM. While getting a very basic setup going, I ran into the following issues:
* When running 'puppetmasterd --mkusers' I got the following error:
`sh-3.2# puppetmasterd --mkusers`
`Could not prepare for execution: Got 1 failure(s) while initializing: Could
not evaluate: undefined method 'string' for nil:NilClass`
* When running puppet for the first time on a master (running on 10.8.1 Server)
using this command:
`puppet master --no-daemonize --onetime --verbose --debug`
It yielded the following errors:
sh-3.2# puppet master --no-daemonize --onetime --verbose --debug
debug: Failed to load library 'shadow' for feature 'libshadow'
debug: Puppet::Type::User::ProviderUser_role_add: file roleadd does not
exist
debug: Puppet::Type::User::ProviderLdap: true value when expecting false
debug: Puppet::Type::User::ProviderUseradd: file chage does not exist
debug: Puppet::Type::User::ProviderPw: file pw does not exist
debug: Puppet::Type::User::ProviderDirectoryservice: Executing
'/usr/bin/dscl -plist . -list /Users'
debug: Puppet::Type::User::ProviderDirectoryservice: Executing
'/usr/bin/dscl -plist . -read /Users/puppet'
debug: Puppet::Type::User::ProviderDirectoryservice: Executing
'/usr/bin/plutil -convert xml1 -o /dev/stdout
/var/db/dslocal/nodes/Default/users/puppet.plist'
debug: Converting binary plist to XML
debug: Executing: 'plutil -convert xml1 -o - -'
debug: Converting XML values to a hash.
err: Could not create resources for managing Puppet's files and directories
in sections [:main, :master, :ssl, :metrics]: undefined method `string' for
nil:NilClass
debug: Puppet::Type::User::ProviderDirectoryservice: Executing
'/usr/bin/dscl -plist . -list /Users'
debug: Puppet::Type::User::ProviderDirectoryservice: Executing
'/usr/bin/dscl -plist . -read /Users/puppet'
debug: Puppet::Type::User::ProviderDirectoryservice: Executing
'/usr/bin/plutil -convert xml1 -o /dev/stdout
/var/db/dslocal/nodes/Default/users/puppet.plist'
debug: Converting binary plist to XML
debug: Executing: 'plutil -convert xml1 -o - -'
debug: Converting XML values to a hash.
err: Could not create resources for managing Puppet's files and directories
in sections [:ca]: undefined method `string' for nil:NilClass
debug: Puppet::Type::User::ProviderDirectoryservice: Executing
'/usr/bin/dscl -plist . -list /Users'
debug: Puppet::Type::User::ProviderDirectoryservice: Executing
'/usr/bin/dscl -plist . -read /Users/puppet'
debug: Puppet::Type::User::ProviderDirectoryservice: Executing
'/usr/bin/plutil -convert xml1 -o /dev/stdout
/var/db/dslocal/nodes/Default/users/puppet.plist'
debug: Converting binary plist to XML
debug: Executing: 'plutil -convert xml1 -o - -'
debug: Converting XML values to a hash.
err: Could not create resources for managing Puppet's files and directories
in sections [:main, :ssl, :ca]: undefined method `string' for nil:NilClass
debug: Puppet::Type::User::ProviderDirectoryservice: Executing
'/usr/bin/dscl -plist . -list /Users'
debug: Puppet::Type::User::ProviderDirectoryservice: Executing
'/usr/bin/dscl -plist . -read /Users/puppet'
debug: Puppet::Type::User::ProviderDirectoryservice: Executing
'/usr/bin/plutil -convert xml1 -o /dev/stdout
/var/db/dslocal/nodes/Default/users/puppet.plist'
debug: Converting binary plist to XML
debug: Executing: 'plutil -convert xml1 -o - -'
debug: Converting XML values to a hash.
err: Could not create resources for managing Puppet's files and directories
in sections [:main, :ssl]: undefined method `string' for nil:NilClass
info: Creating a new SSL key for ca
debug: Puppet::Type::User::ProviderDirectoryservice: Executing
'/usr/bin/dscl -plist . -list /Users'
debug: Puppet::Type::User::ProviderDirectoryservice: Executing
'/usr/bin/dscl -plist . -read /Users/puppet'
debug: Puppet::Type::User::ProviderDirectoryservice: Executing
'/usr/bin/plutil -convert xml1 -o /dev/stdout
/var/db/dslocal/nodes/Default/users/puppet.plist'
debug: Converting binary plist to XML
debug: Executing: 'plutil -convert xml1 -o - -'
debug: Converting XML values to a hash.
/Library/Ruby/Site/1.8/puppet/provider/nameservice/directoryservice.rb:385:in
`get_password': undefined method `string' for nil:NilClass (NoMethodError)
from
/Library/Ruby/Site/1.8/puppet/provider/nameservice/directoryservice.rb:199:in
`generate_attribute_hash'
from
/Library/Ruby/Site/1.8/puppet/provider/nameservice/directoryservice.rb:235:in
`single_report'
from
/Library/Ruby/Site/1.8/puppet/provider/nameservice/directoryservice.rb:643:in
`getinfo'
from /Library/Ruby/Site/1.8/puppet/provider/nameservice.rb:200:in `exists?'
from /Library/Ruby/Site/1.8/puppet/type/user.rb:355:in `exists?'
from /Library/Ruby/Site/1.8/puppet/util/settings.rb:451:in
`service_user_available?'
from /Library/Ruby/Site/1.8/puppet/util/settings/file_setting.rb:45:in
`use_service_user?'
from /Library/Ruby/Site/1.8/puppet/util/settings/file_setting.rb:40:in
`owner'
from /Library/Ruby/Site/1.8/puppet/util/settings.rb:709:in `writesub'
from /Library/Ruby/Site/1.8/puppet/util/settings.rb:700:in `write'
from /Library/Ruby/Site/1.8/puppet/indirector/ssl_file.rb:160:in `write'
from /Library/Ruby/Site/1.8/puppet/indirector/ssl_file.rb:102:in `save'
from /Library/Ruby/Site/1.8/puppet/indirector/key/file.rb:34:in `save'
from /Library/Ruby/Site/1.8/puppet/indirector/indirection.rb:271:in `save'
from /Library/Ruby/Site/1.8/puppet/ssl/host.rb:147:in `generate_key'
from /Library/Ruby/Site/1.8/puppet/ssl/host.rb:195:in `certificate'
from /Library/Ruby/Site/1.8/puppet/ssl/certificate_authority.rb:245:in
`setup'
from /Library/Ruby/Site/1.8/puppet/ssl/certificate_authority.rb:169:in
`initialize'
from /Library/Ruby/Site/1.8/puppet/ssl/certificate_authority.rb:41:in `new'
from /Library/Ruby/Site/1.8/puppet/ssl/certificate_authority.rb:41:in
`singleton_instance'
from
/System/Library/Frameworks/Ruby.framework/Versions/1.8/usr/lib/ruby/1.8/monitor.rb:242:in
`synchronize'
from /Library/Ruby/Site/1.8/puppet/ssl/certificate_authority.rb:40:in
`singleton_instance'
from /Library/Ruby/Site/1.8/puppet/ssl/certificate_authority.rb:64:in
`instance'
from /Library/Ruby/Site/1.8/puppet/application/master.rb:244:in `setup_ssl'
from /Library/Ruby/Site/1.8/puppet/application/master.rb:261:in `setup'
from /Library/Ruby/Site/1.8/puppet/application.rb:307:in `run'
from /Library/Ruby/Site/1.8/puppet/application.rb:416:in `hook'
from /Library/Ruby/Site/1.8/puppet/application.rb:307:in `run'
from /Library/Ruby/Site/1.8/puppet/application.rb:407:in `exit_on_fail'
from /Library/Ruby/Site/1.8/puppet/application.rb:307:in `run'
from /Library/Ruby/Site/1.8/puppet/util/command_line.rb:69:in `execute'
from /usr/bin/puppet:4
I swapped in the directoryservice.rb provided by Gary ( see
[[https://github.com/glarizza/puppet-1/blob/feature/osx_dscl_providers/optimization/lib/puppet/provider/user/directoryservice.rb]]
) and both errors went away. The respective commands seemed to work properly.
----------------------------------------
Bug #12833: Password property for User type is broke in OS X 10.8
https://projects.puppetlabs.com/issues/12833#change-70409
Author: Gary Larizza
Status: In Topic Branch Pending Review
Priority: Normal
Assignee: Gary Larizza
Category: OSX
Target version: 3.x
Affected Puppet version: 3.0.0rc3
Keywords: password user mac mountain lion os x
Branch:
https://github.com/glarizza/puppet-1/tree/bug/master/12833_OSX_PBKDF2_UPDATE
Setting users passwords is broke in 10.8 due to the fact that Apple moved to
PBKDF2 passwords in 10.8:
<pre>
Garys-Mac:~ glarizza$ sudo puppet resource user glarizza
Password:
/Library/Ruby/Site/1.8/puppet/provider/nameservice/directoryservice.rb:379:in
`get_password': undefined method `string' for nil:NilClass (NoMethodError)
from
/Library/Ruby/Site/1.8/puppet/provider/nameservice/directoryservice.rb:199:in
`generate_attribute_hash'
from
/Library/Ruby/Site/1.8/puppet/provider/nameservice/directoryservice.rb:235:in
`single_report'
from
/Library/Ruby/Site/1.8/puppet/provider/nameservice/directoryservice.rb:76:in
`instances'
from
/Library/Ruby/Site/1.8/puppet/provider/nameservice/directoryservice.rb:75:in
`collect'
from
/Library/Ruby/Site/1.8/puppet/provider/nameservice/directoryservice.rb:75:in
`instances'
from /Library/Ruby/Site/1.8/puppet/type.rb:889:in `instances'
from /Library/Ruby/Site/1.8/puppet/type.rb:882:in `collect'
from /Library/Ruby/Site/1.8/puppet/type.rb:882:in `instances'
from /Library/Ruby/Site/1.8/puppet/indirector/resource/ral.rb:4:in
`find'
from /Library/Ruby/Site/1.8/puppet/indirector/indirection.rb:196:in
`find'
from /Library/Ruby/Site/1.8/puppet/application/resource.rb:222:in
`find_or_save_resources'
from /Library/Ruby/Site/1.8/puppet/application/resource.rb:144:in `main'
from /Library/Ruby/Site/1.8/puppet/application.rb:317:in `run_command'
from /Library/Ruby/Site/1.8/puppet/application.rb:309:in `run'
from /Library/Ruby/Site/1.8/puppet/application.rb:413:in `hook'
from /Library/Ruby/Site/1.8/puppet/application.rb:309:in `run'
from /Library/Ruby/Site/1.8/puppet/application.rb:404:in `exit_on_fail'
from /Library/Ruby/Site/1.8/puppet/application.rb:309:in `run'
from /Library/Ruby/Site/1.8/puppet/util/command_line.rb:69:in `execute'
from /usr/bin/puppet:4
</pre>
It's from this code (line 379 in
lib/puppet/provider/nameservice/directoryservice.rb):
<pre>
password_hash =
converted_hash_plist['SALTED-SHA512'].string.unpack("H*")[0]
</pre>
So, I'm trying to update Puppet to be able to handle/change the user's password
in 10.8 and I notice that the methodology I need to access/generate/change it
has changed from 10.7 to 10.8. Since our product uses Ruby, I'll be displaying
the steps in Ruby. In 10.7 I used this methodology to access the password:
<pre>
require 'facter/util/plist'
users_plist = Plist::parse_xml(`plutil -convert xml1 -o /dev/stdout
/var/db/dslocal/nodes/Default/users/brit_xml.plist`)
password_hash_plist = users_plist['ShadowHashData'][0].string
IO.popen('plutil -convert xml1 -o - -', mode='r+') do |io|
io.write password_hash_plist
io.close_write
@converted_plist = io.read
end
converted_hash_plist = Plist::parse_xml(@converted_plist)
password_hash = converted_hash_plist['SALTED-SHA512'].string.unpack("H*")[0]
puts password_hash
</pre>
This is all well and good since the value of
converted_hash_plist['SALTED-SHA512'] was a StringIO object containing the
binary version of the salted sha512 password. In 10.8, all of the steps are
the same up to a point - it seems the value of converted_hash_plist is
different:
<pre>
>> pp converted_hash_plist
{"SALTED-SHA512-PBKDF2"=>
{"salt"=>#<StringIO:0x10f31e498>,
"entropy"=>#<StringIO:0x10f31e998>,
"iterations"=>15174}}
=> nil
</pre>
Indeed, this looks like a 128 byte PBKDF2 password (since the value of
converted_hash_plist['SALTED-SHA512-PBKDF2']['entropy'].string.unpack('H*').first
is 256 characters). This makes sense since it looks like Apple has dabbled in
PBKDF2 before http://people.cis.ksu.edu/~sakthi/src/data/filevault_sakthi.pdf.
Ruby does have a PBKDF2 gem (https://github.com/emerose/pbkdf2-ruby), but of
course there's no built-in method to handle passwords in this fashion.
Basically, the format has changed.
--
You have received this notification because you have either subscribed to it,
or are involved in it.
To change your notification preferences, please click here:
http://projects.puppetlabs.com/my/account
--
You received this message because you are subscribed to the Google Groups
"Puppet Bugs" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-bugs?hl=en.
