|
|
@ -2,6 +2,7 @@ |
|
|
|
# |
|
|
|
# |
|
|
|
# 2011 Steven Armstrong (steven-cdist at armstrong.cc) |
|
|
|
# 2011 Steven Armstrong (steven-cdist at armstrong.cc) |
|
|
|
# 2011 Nico Schottelius (nico-cdist at schottelius.org) |
|
|
|
# 2011 Nico Schottelius (nico-cdist at schottelius.org) |
|
|
|
|
|
|
|
# 2013 Daniel Heule (hda at sfs.biz) |
|
|
|
# |
|
|
|
# |
|
|
|
# This file is part of cdist. |
|
|
|
# This file is part of cdist. |
|
|
|
# |
|
|
|
# |
|
|
@ -21,11 +22,14 @@ |
|
|
|
# |
|
|
|
# |
|
|
|
# Manage users. |
|
|
|
# Manage users. |
|
|
|
# |
|
|
|
# |
|
|
|
|
|
|
|
#set -x |
|
|
|
|
|
|
|
|
|
|
|
name="$__object_id" |
|
|
|
name="$__object_id" |
|
|
|
|
|
|
|
|
|
|
|
os="$(cat "$__global/explorer/os")" |
|
|
|
os="$(cat "$__global/explorer/os")" |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
state=$(cat "$__object/parameter/state") |
|
|
|
|
|
|
|
|
|
|
|
# We need to shorten options for both usermod and useradd since on some |
|
|
|
# We need to shorten options for both usermod and useradd since on some |
|
|
|
# systems (such as *BSD, Darwin) those commands do not handle GNU style long |
|
|
|
# systems (such as *BSD, Darwin) those commands do not handle GNU style long |
|
|
|
# options. |
|
|
|
# options. |
|
|
@ -40,80 +44,97 @@ shorten_property() { |
|
|
|
shell) ret="-s";; |
|
|
|
shell) ret="-s";; |
|
|
|
uid) ret="-u";; |
|
|
|
uid) ret="-u";; |
|
|
|
create-home) ret="-m";; |
|
|
|
create-home) ret="-m";; |
|
|
|
|
|
|
|
system) ret="-r";; |
|
|
|
esac |
|
|
|
esac |
|
|
|
echo "$ret" |
|
|
|
echo "$ret" |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
cd "$__object/parameter" |
|
|
|
if [ "$state" = "present" ]; then |
|
|
|
if grep -q "^${name}:" "$__object/explorer/passwd"; then |
|
|
|
cd "$__object/parameter" |
|
|
|
for property in $(ls .); do |
|
|
|
if grep -q "^${name}:" "$__object/explorer/passwd"; then |
|
|
|
new_value="$(cat "$property")" |
|
|
|
for property in $(ls .); do |
|
|
|
unset current_value |
|
|
|
new_value="$(cat "$property")" |
|
|
|
|
|
|
|
unset current_value |
|
|
|
|
|
|
|
|
|
|
|
file="$__object/explorer/passwd" |
|
|
|
file="$__object/explorer/passwd" |
|
|
|
|
|
|
|
|
|
|
|
case "$property" in |
|
|
|
case "$property" in |
|
|
|
gid) |
|
|
|
gid) |
|
|
|
if $(echo "$new_value" | grep -q '^[0-9][0-9]*$'); then |
|
|
|
if $(echo "$new_value" | grep -q '^[0-9][0-9]*$'); then |
|
|
|
field=4 |
|
|
|
field=4 |
|
|
|
else |
|
|
|
else |
|
|
|
# We were passed a group name. Compare the gid in |
|
|
|
# We were passed a group name. Compare the gid in |
|
|
|
# the user's /etc/passwd entry with the gid of the |
|
|
|
# the user's /etc/passwd entry with the gid of the |
|
|
|
# group returned by the group explorer. |
|
|
|
# group returned by the group explorer. |
|
|
|
gid_from_group=$(awk -F: '{ print $3 }' "$__object/explorer/group") |
|
|
|
gid_from_group=$(awk -F: '{ print $3 }' "$__object/explorer/group") |
|
|
|
gid_from_passwd=$(awk -F: '{ print $4 }' "$file") |
|
|
|
gid_from_passwd=$(awk -F: '{ print $4 }' "$file") |
|
|
|
if [ "$gid_from_group" != "$gid_from_passwd" ]; then |
|
|
|
if [ "$gid_from_group" != "$gid_from_passwd" ]; then |
|
|
|
current_value="$gid_from_passwd" |
|
|
|
current_value="$gid_from_passwd" |
|
|
|
else |
|
|
|
else |
|
|
|
current_value="$new_value" |
|
|
|
current_value="$new_value" |
|
|
|
fi |
|
|
|
fi |
|
|
|
fi |
|
|
|
fi |
|
|
|
;; |
|
|
|
;; |
|
|
|
password) |
|
|
|
password) |
|
|
|
field=2 |
|
|
|
field=2 |
|
|
|
file="$__object/explorer/shadow" |
|
|
|
file="$__object/explorer/shadow" |
|
|
|
;; |
|
|
|
;; |
|
|
|
comment) field=5 ;; |
|
|
|
comment) field=5 ;; |
|
|
|
home) field=6 ;; |
|
|
|
home) field=6 ;; |
|
|
|
shell) field=7 ;; |
|
|
|
shell) field=7 ;; |
|
|
|
uid) field=3 ;; |
|
|
|
uid) field=3 ;; |
|
|
|
create-home) continue;; # Does not apply to user modification |
|
|
|
create-home) continue;; # Does not apply to user modification |
|
|
|
esac |
|
|
|
system) continue;; # Does not apply to user modification |
|
|
|
|
|
|
|
state) continue;; # Does not apply to user modification |
|
|
|
|
|
|
|
remove-home) continue;; # Does not apply to user modification |
|
|
|
|
|
|
|
esac |
|
|
|
|
|
|
|
|
|
|
|
# If we haven't already set $current_value above, pull it from the |
|
|
|
# If we haven't already set $current_value above, pull it from the |
|
|
|
# appropriate file/field. |
|
|
|
# appropriate file/field. |
|
|
|
if [ -z "$current_value" ]; then |
|
|
|
if [ -z "$current_value" ]; then |
|
|
|
export field |
|
|
|
export field |
|
|
|
current_value="$(awk -F: '{ print $ENVIRON["field"] }' < "$file")" |
|
|
|
current_value="$(awk -F: '{ print $ENVIRON["field"] }' < "$file")" |
|
|
|
fi |
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
if [ "$new_value" != "$current_value" ]; then |
|
|
|
if [ "$new_value" != "$current_value" ]; then |
|
|
|
set -- "$@" "$(shorten_property $property)" \'$new_value\' |
|
|
|
set -- "$@" "$(shorten_property $property)" \'$new_value\' |
|
|
|
fi |
|
|
|
fi |
|
|
|
done |
|
|
|
done |
|
|
|
|
|
|
|
|
|
|
|
if [ $# -gt 0 ]; then |
|
|
|
if [ $# -gt 0 ]; then |
|
|
|
if [ "$os" = "freebsd" ]; then |
|
|
|
if [ "$os" = "freebsd" ]; then |
|
|
|
echo pw usermod "$@" "$name" |
|
|
|
echo pw usermod "$@" "$name" |
|
|
|
else |
|
|
|
else |
|
|
|
echo usermod "$@" "$name" |
|
|
|
echo usermod "$@" "$name" |
|
|
|
fi |
|
|
|
fi |
|
|
|
else |
|
|
|
else |
|
|
|
true |
|
|
|
true |
|
|
|
fi |
|
|
|
fi |
|
|
|
else |
|
|
|
else |
|
|
|
for property in $(ls .); do |
|
|
|
for property in $(ls .); do |
|
|
|
new_value="$(cat "$property")" |
|
|
|
[ "$property" = "state" ] && continue |
|
|
|
if [ -z "$new_value" ];then # Boolean values have no value |
|
|
|
[ "$property" = "remove-home" ] && continue |
|
|
|
set -- "$@" "$(shorten_property $property)" |
|
|
|
new_value="$(cat "$property")" |
|
|
|
else |
|
|
|
if [ -z "$new_value" ];then # Boolean values have no value |
|
|
|
set -- "$@" "$(shorten_property $property)" \'$new_value\' |
|
|
|
set -- "$@" "$(shorten_property $property)" |
|
|
|
fi |
|
|
|
else |
|
|
|
done |
|
|
|
set -- "$@" "$(shorten_property $property)" \'$new_value\' |
|
|
|
|
|
|
|
fi |
|
|
|
|
|
|
|
done |
|
|
|
|
|
|
|
|
|
|
|
if [ "$os" = "freebsd" ]; then |
|
|
|
if [ "$os" = "freebsd" ]; then |
|
|
|
echo pw useradd "$@" "$name" |
|
|
|
echo pw useradd "$@" "$name" |
|
|
|
else |
|
|
|
else |
|
|
|
echo useradd "$@" "$name" |
|
|
|
echo useradd "$@" "$name" |
|
|
|
fi |
|
|
|
fi |
|
|
|
|
|
|
|
fi |
|
|
|
|
|
|
|
else |
|
|
|
|
|
|
|
if grep -q "^${name}:" "$__object/explorer/passwd"; then |
|
|
|
|
|
|
|
#user exists, but state != present, so delete it |
|
|
|
|
|
|
|
if [ -f "$__object/parameter/remove-home" ]; then |
|
|
|
|
|
|
|
echo userdel -r "${name}" |
|
|
|
|
|
|
|
else |
|
|
|
|
|
|
|
echo userdel "${name}" |
|
|
|
|
|
|
|
fi |
|
|
|
|
|
|
|
fi |
|
|
|
fi |
|
|
|
fi |
|
|
|