Class: Chef::Provider::User::Dscl

Inherits:
Chef::Provider::User show all
Defined in:
lib/chef/provider/user/dscl.rb

Instance Attribute Summary

Attributes inherited from Chef::Provider::User

#locked, #user_exists

Attributes inherited from Chef::Provider

#current_resource, #new_resource, #node

Instance Method Summary collapse

Methods inherited from Chef::Provider::User

#action_create, #action_lock, #action_manage, #action_modify, #action_remove, #action_unlock, #compare_user, #convert_group_name, #initialize

Methods included from Mixin::Command

handle_command_failures, not_if, only_if, output_of_command, popen4, run_command, run_command_with_systems_locale

Methods inherited from Chef::Provider

#action_nothing, build_from_file, #initialize

Methods included from Mixin::ConvertToClassName

#convert_to_class_name, #convert_to_snake_case, #filename_to_qualified_string

Methods included from Mixin::RecipeDefinitionDSLCore

#method_missing

Methods included from Mixin::Language

#data_bag, #data_bag_item, #platform?, #search, #value_for_platform

Constructor Details

This class inherits a constructor from Chef::Provider::User

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class Chef::Mixin::RecipeDefinitionDSLCore

Instance Method Details

#check_lockObject



264
265
266
# File 'lib/chef/provider/user/dscl.rb', line 264

def check_lock
  return @locked = locked?
end

#create_userObject



184
185
186
# File 'lib/chef/provider/user/dscl.rb', line 184

def create_user
  manage_user(false)
end

#dscl(*args) ⇒ Object



27
28
29
30
31
32
33
34
35
# File 'lib/chef/provider/user/dscl.rb', line 27

def dscl(*args)
  host = "."
  stdout_result = ""; stderr_result = ""; cmd = "dscl #{host} -#{args.join(' ')}"
  status = popen4(cmd) do |pid, stdin, stdout, stderr|
    stdout.each { |line| stdout_result << line }
    stderr.each { |line| stderr_result << line }
  end
  return [cmd, status, stdout_result, stderr_result]
end

#get_free_uid(search_limit = 1000) ⇒ Object

get a free UID greater than 200



52
53
54
55
56
57
58
59
60
61
62
63
64
# File 'lib/chef/provider/user/dscl.rb', line 52

def get_free_uid(search_limit=1000)
  uid = nil; next_uid_guess = 200
  users_uids = safe_dscl("list /Users uid")
  while(next_uid_guess < search_limit + 200)
    if users_uids =~ Regexp.new("#{next_uid_guess}\n")
      next_uid_guess += 1
    else
      uid = next_uid_guess
      break
    end
  end
  return uid || raise("uid not found. Exhausted. Searched #{search_limit} times")
end

#guidObject



135
136
137
# File 'lib/chef/provider/user/dscl.rb', line 135

def guid
  safe_dscl("read /Users/#{@new_resource.username} GeneratedUID").gsub(/GeneratedUID: /,"").gsub!(/\n/,"")
end

#load_current_resourceObject



179
180
181
182
# File 'lib/chef/provider/user/dscl.rb', line 179

def load_current_resource
  super
  raise Chef::Exceptions::User, "Could not find binary /usr/bin/dscl for #{@new_resource}" unless ::File.exists?("/usr/bin/dscl")
end

#lock_userObject



268
269
270
# File 'lib/chef/provider/user/dscl.rb', line 268

def lock_user
  safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';DisabledUser;'")
end

#locked?Boolean

Returns:

  • (Boolean)


256
257
258
259
260
261
262
# File 'lib/chef/provider/user/dscl.rb', line 256

def locked?
  if safe_dscl("read /Users/#{@new_resource.username}") =~ /AuthenticationAuthority: /
    auth_auth = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
    return !! ( auth_auth =~ /DisabledUser/ )
  end
  return false
end

#manage_user(manage = true) ⇒ Object



188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
# File 'lib/chef/provider/user/dscl.rb', line 188

def manage_user(manage = true)
  fields = []
  if manage
    [:username,:comment,:uid,:gid,:home,:shell,:password].each do |field|
      if @current_resource.send(field) != @new_resource.send(field)
        fields << field if @new_resource.send(field)
      end
    end
    if @new_resource.send(:supports)[:manage_home]
      fields << :home if @new_resource.send(:home)
    end
    fields << :shell if fields.include?(:password)
  else
    # create
    fields = [:username,:comment,:uid,:gid,:home,:shell,:password]
  end
  fields.uniq!
  fields.each do |field|
    case field
    when :username
      safe_dscl("create /Users/#{@new_resource.username}")              
      
    when :comment
      safe_dscl("create /Users/#{@new_resource.username} RealName '#{@new_resource.comment}'")

    when :uid
      set_uid
      
    when :gid
      safe_dscl("create /Users/#{@new_resource.username} PrimaryGroupID '#{@new_resource.gid}'")

    when :home
      modify_home

    when :shell
      if @new_resource.password || ::File.exists?("#{@new_resource.shell}")
        safe_dscl("create /Users/#{@new_resource.username} UserShell '#{@new_resource.shell}'")
      else
        safe_dscl("create /Users/#{@new_resource.username} UserShell '/usr/bin/false'")
      end

    when :password
      modify_password
    end
  end
end

#modify_homeObject



78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# File 'lib/chef/provider/user/dscl.rb', line 78

def modify_home
  if [nil,""].include?(@new_resource.home)
    safe_dscl("delete /Users/#{@new_resource.username} NFSHomeDirectory")
  else
    if @new_resource.supports[:manage_home]
      unless @new_resource.home =~ /^\//
        raise(Chef::Exceptions::User,"invalid path spec for User: '#{@new_resource.username}', home directory: '#{@new_resource.home}'") 
      end

      ch_eq_nh = ( @current_resource.home ==  @new_resource.home )
      cur_home_exists = ::File.exists?("#{@current_resource.home}")
      new_home_exists = ::File.exists?("#{@new_resource.home}")
      ditto = false
      move = false
      
      if ch_eq_nh
        if !new_home_exists
          ditto = true
        end
      else
        if !cur_home_exists
          if !new_home_exists
            ditto = true
          end
        elsif cur_home_exists
          move = true
        end
      end

      if ditto
        skel = "/System/Library/User Template/English.lproj"
        raise(Chef::Exceptions::User,"can't find skel at: #{skel}") unless ::File.exists?(skel)
        run_command(:command => "ditto '#{skel}' '#{@new_resource.home}'")
        ::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
      end

      if move
        src = @current_resource.home
        FileUtils.mkdir_p(@new_resource.home)
        files = ::Dir.glob("#{src}/*", ::File::FNM_DOTMATCH) - ["#{src}/.","#{src}/.."]
        ::FileUtils.mv(files,@new_resource.home, :force => true)
        ::FileUtils.rmdir(src)
        ::FileUtils.chown_R(@new_resource.username,@new_resource.gid.to_s,@new_resource.home)
      end
    end
    safe_dscl("create /Users/#{@new_resource.username} NFSHomeDirectory '#{@new_resource.home}'")
  end
end

#modify_passwordObject



147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
# File 'lib/chef/provider/user/dscl.rb', line 147

def modify_password
  if @new_resource.password
    shadow_hash = nil
    
    Chef::Log.debug("#{new_resource}: updating password")
    if osx_shadow_hash?(@new_resource.password)
      shadow_hash = @new_resource.password.upcase
    else
      salted_sha1 = nil
      if osx_salted_sha1?(@new_resource.password)
        salted_sha1 = @new_resource.password.upcase
      else
        hex_salt = ""; chars = ("0".."9").to_a + ("a".."f").to_a
        1.upto(8) { |i| hex_salt << chars[::Kernel.rand(chars.size-1)] }
        salt = [hex_salt].pack("H*")
        sha1 = ::OpenSSL::Digest::SHA1.hexdigest(salt+@new_resource.password)
        salted_sha1 = (hex_salt+sha1).upcase
      end
      shadow_hash = String.new("00000000"*155)
      shadow_hash[168] = salted_sha1
    end
    
    ::File.open("/var/db/shadow/hash/#{guid}",'w',0600) do |output|
      output.puts shadow_hash
    end
    
    unless shadow_hash_set?
      safe_dscl("append /Users/#{@new_resource.username} AuthenticationAuthority ';ShadowHash;'")
    end
  end
end

#osx_salted_sha1?(string) ⇒ Boolean

Returns:

  • (Boolean)


131
132
133
# File 'lib/chef/provider/user/dscl.rb', line 131

def osx_salted_sha1?(string)
  return !! ( string =~ /^[[:xdigit:]]{48}$/ )
end

#osx_shadow_hash?(string) ⇒ Boolean

Returns:

  • (Boolean)


127
128
129
# File 'lib/chef/provider/user/dscl.rb', line 127

def osx_shadow_hash?(string)
  return !! ( string =~ /^[[:xdigit:]]{1240}$/ )
end

#remove_userObject



235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
# File 'lib/chef/provider/user/dscl.rb', line 235

def remove_user
  if @new_resource.supports[:manage_home]
    # remove home directory
    if safe_dscl("read /Users/#{@new_resource.username}") =~ /NFSHomeDirectory/
      nfs_home = safe_dscl("read /Users/#{@new_resource.username} NFSHomeDirectory")
      nfs_home.gsub!(/NFSHomeDirectory: /,"").gsub!(/\n$/,"")
      FileUtils.rm_rf(nfs_home)
    end
  end
  # remove the user from its groups
  groups = []
  Etc.group do |group|
    groups << group.name if group.mem.include?(@new_resource.username)
  end
  groups.each do |group_name|
    safe_dscl("delete /Groups/#{group_name} GroupMembership '#{@new_resource.username}'")
  end
  # remove user account
  safe_dscl("delete /Users/#{@new_resource.username}")
end

#safe_dscl(*args) ⇒ Object



37
38
39
40
41
42
43
# File 'lib/chef/provider/user/dscl.rb', line 37

def safe_dscl(*args)
  result = dscl(*args)
  return "" if ( args.first =~ /^delete/ ) && ( result[1].exitstatus != 0 )
  raise(Chef::Exceptions::User,"dscl error: #{result.inspect}") unless result[1].exitstatus == 0
  raise(Chef::Exceptions::User,"dscl error: #{result.inspect}") if result[2] =~ /No such key: /
  return result[2]
end

#set_uidObject



72
73
74
75
76
# File 'lib/chef/provider/user/dscl.rb', line 72

def set_uid
  @new_resource.uid(get_free_uid) if [nil,""].include? @new_resource.uid
  raise(Chef::Exceptions::User,"uid is already in use") if uid_used?(@new_resource.uid)
  safe_dscl("create /Users/#{@new_resource.username} UniqueID #{@new_resource.uid}")
end

#shadow_hash_set?Boolean

Returns:

  • (Boolean)


139
140
141
142
143
144
145
# File 'lib/chef/provider/user/dscl.rb', line 139

def shadow_hash_set?
  if safe_dscl("read /Users/#{@new_resource.username}") =~ /AuthenticationAuthority: /
    auth_auth = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
    return !! ( auth_auth =~ /ShadowHash/ )
  end
  return false
end

#uid_used?(uid) ⇒ Boolean

Returns:

  • (Boolean)


66
67
68
69
70
# File 'lib/chef/provider/user/dscl.rb', line 66

def uid_used?(uid)
  return false unless uid
  users_uids = safe_dscl("list /Users uid")
  !! ( users_uids =~ Regexp.new("#{uid}\n") )
end

#unlock_userObject



272
273
274
275
276
# File 'lib/chef/provider/user/dscl.rb', line 272

def unlock_user
  auth_auth = safe_dscl("read /Users/#{@new_resource.username} AuthenticationAuthority")
  auth_auth.gsub!(/AuthenticationAuthority: /,"").gsub!(/DisabledUser/,"").gsub!(/[; ]*$/,"")
  safe_dscl("create /Users/#{@new_resource.username} AuthenticationAuthority '#{auth_auth}'")
end