Solaris doesn't have a native tool to set hashed passwords

Added support for passwords by directly editing /etc/shadow (I tried to make it work with libshadow, but considering it is not packaged for Solaris and adds little benefit, I decided against it) password and password= are now defined on the default Solaris provider
2008-11-27 01:22:36 -07:00 · 2008-11-27 01:22:36 -07:00 · a219c88866
--- a/lib/puppet/provider/user/user_role_add.rb
+++ b/lib/puppet/provider/user/user_role_add.rb
@ -22,11 +22,7 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd do
        value !~ /\s/
    end

-    has_features :manages_homedir, :allows_duplicates, :manages_solaris_rbac
-
-    if Puppet.features.libshadow?
-        has_feature :manages_passwords
-    end
+    has_features :manages_homedir, :allows_duplicates, :manages_solaris_rbac, :manages_passwords

    #must override this to hand the keyvalue pairs
    def add_properties
@ -152,5 +148,34 @@ Puppet::Type.type(:user).provide :user_role_add, :parent => :useradd do
    def keys=(keys_hash)
        run([command(:modify)] + build_keys_cmd(keys_hash) << @resource[:name], "modify attribute key pairs")
    end
+
+    #Read in /etc/shadow, find the line for this user (skipping comments, because who knows) and return the hashed pw (the second entry)
+    #No abstraction, all esoteric knowledge of file formats, yay
+    def password
+        #got perl?
+        if ary = File.readlines("/etc/shadow").reject { |r| r =~ /^[^\w]/}.collect { |l| l.split(':')[0..1] }.find { |user, passwd| user == @resource[:name] }
+            pass = ary[1]
+        end
+        pass
+    end
+
+    #Read in /etc/shadow, find the line for our used and rewrite it with the new pw
+    #Smooth like 80 grit
+    def password=(cryptopw)
+        File.open("/etc/shadow", "r") do |shadow|
+            File.open("/etc/shadow_tmp", "w", 0600) do |shadow_tmp|
+                while line = shadow.gets do
+                    line_arr = line.split(':')
+                    if line_arr[0] = @resource[:name]
+                        line_arr[1] = cryptopw
+                        line = line_arr.join(':')
+                    end
+                    shadow_tmp.print line
+                end
+            end
+        end
+
+        File.rename("/etc/shadow_tmp", "/etc/shadow")
+    end
 end

--- a/spec/unit/provider/user/user_role_add.rb
+++ b/spec/unit/provider/user/user_role_add.rb
@ -188,4 +188,57 @@ describe provider_class do
            @provider.keys=({})
        end
    end
+
+    describe "when getting the hashed password" do
+        before do
+            @array = mock "array"
+        end
+
+        it "should readlines of /etc/shadow" do
+            File.expects(:readlines).with("/etc/shadow").returns([])
+            @provider.password
+        end
+
+        it "should reject anything that doesn't start with alpha numerics" do
+            @array.expects(:reject).returns([])
+            File.stubs(:readlines).with("/etc/shadow").returns(@array)
+            @provider.password
+        end
+
+        it "should collect splitting on ':'" do
+            @array.stubs(:reject).returns(@array)
+            @array.expects(:collect).returns([])
+            File.stubs(:readlines).with("/etc/shadow").returns(@array)
+            @provider.password
+        end
+
+        it "should find the matching user" do
+            @resource.stubs(:[]).with(:name).returns("username")
+            @array.stubs(:reject).returns(@array)
+            @array.stubs(:collect).returns([["username", "hashedpassword"], ["someoneelse", "theirpassword"]])
+            File.stubs(:readlines).with("/etc/shadow").returns(@array)
+            @provider.password.must == "hashedpassword"
+        end
+
+        it "should get the right password" do
+            @resource.stubs(:[]).with(:name).returns("username")
+            File.stubs(:readlines).with("/etc/shadow").returns(["#comment", "   nonsense", "  ", "username:hashedpassword:stuff:foo:bar:::", "other:pword:yay:::"])
+            @provider.password.must == "hashedpassword"
+        end
+    end
+
+    describe "when setting the password" do
+        #how can you mock these blocks up?
+        it "should open /etc/shadow for reading and /etc/shadow_tmp for writing" do
+            File.expects(:open).with("/etc/shadow", "r")
+            File.stubs(:rename)
+            @provider.password=("hashedpassword")
+        end
+        
+        it "should rename the /etc/shadow_tmp to /etc/shadow" do
+            File.stubs(:open).with("/etc/shadow", "r")
+            File.expects(:rename).with("/etc/shadow_tmp", "/etc/shadow")
+            @provider.password=("hashedpassword")
+        end
+    end
 end