Please review pull request #644: [#13686] Fix Directoryservice bug around non-existant ShadowHashData key opened by (glarizza)
Description:
Previously, Puppet wouldn't set a password if the ShadowHashData key was
missing from the User's plist. This change will handle this situation,
create the key itself, and proceed with setting the password.
- Opened: Mon Apr 09 18:54:37 UTC 2012
- Based on: puppetlabs:2.7.x (8ceaaf002a5562b6bd78541a25762e1e7740f933)
- Requested merge: glarizza:bug/2.7.x/13686_DS_Fix (a26ff1648b48f9aaa7e4a312d5e8f9acbf4e767a)
Diff follows:
diff --git a/lib/puppet/provider/nameservice/directoryservice.rb b/lib/puppet/provider/nameservice/directoryservice.rb
index 76c79f6..c4f385a 100644
--- a/lib/puppet/provider/nameservice/directoryservice.rb
+++ b/lib/puppet/provider/nameservice/directoryservice.rb
@@ -323,9 +323,15 @@ def self.set_password(resource_name, guid, password_hash)
# users_plist['ShadowHashData'][0].string is actually a binary plist
# that's nested INSIDE the user's plist (which itself is a binary
- # plist).
- password_hash_plist = users_plist['ShadowHashData'][0].string
- converted_hash_plist = convert_binary_to_xml(password_hash_plist)
+ # plist). If we encounter a user plist that DOESN'T have a
+ # ShadowHashData field, create one.
+ if users_plist['ShadowHashData']
+ password_hash_plist = users_plist['ShadowHashData'][0].string
+ converted_hash_plist = convert_binary_to_xml(password_hash_plist)
+ else
+ users_plist['ShadowHashData'] = [StringIO.new]
+ converted_hash_plist = {'SALTED-SHA512' => StringIO.new}
+ end
# converted_hash_plist['SALTED-SHA512'].string expects a Base64 encoded
# string. The password_hash provided as a resource attribute is a
@@ -348,7 +354,7 @@ def self.set_password(resource_name, guid, password_hash)
def self.get_password(guid, username)
# Use Puppet::Util::Package.versioncmp() to catch the scenario where a
# version '10.10' would be < '10.7' with simple string comparison. This
- # if-statement only executes if the current version is less-than 10.7
+ # if-statement only executes if the current version is less-than 10.7
if (Puppet::Util::Package.versioncmp(get_macosx_version_major, '10.7') == -1)
password_hash = nil
password_hash_file = "#{@@password_hash_dir}/#{guid}"
diff --git a/spec/unit/provider/nameservice/directoryservice_spec.rb b/spec/unit/provider/nameservice/directoryservice_spec.rb
index c585b62..c11388a 100755
--- a/spec/unit/provider/nameservice/directoryservice_spec.rb
+++ b/spec/unit/provider/nameservice/directoryservice_spec.rb
@@ -155,6 +155,16 @@
Plist::Emit.expects(:save_plist).with(shadow_hash_data, plist_path)
subject.set_password('jeff', 'uid', sha512_hash)
end
+
+ it '[#13686] should handle an empty ShadowHashData field in the users plist' do
+ subject.expects(:convert_xml_to_binary).returns(binary_plist)
+ File.expects(:exists?).with(plist_path).once.returns(true)
+ Plist.expects(:parse_xml).returns({'ShadowHashData' => nil})
+ subject.expects(:plutil).with('-convert', 'xml1', '-o', '/dev/stdout', plist_path)
+ subject.expects(:plutil).with('-convert', 'binary1', plist_path)
+ Plist::Emit.expects(:save_plist)
+ subject.set_password('jeff', 'uid', sha512_hash)
+ end
end
describe '(#4855) directoryservice group resource failure' do
-- You received this message because you are subscribed to the Google Groups "Puppet Developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to [email protected].
For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
