From a915baa73b1022f50c29996fcdaa32e033e7919c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Gr=C3=A9goire?= <pg@pgregoire.xyz>
Date: Sun, 20 Aug 2017 12:10:54 -0400
Subject: [PATCH 1/3] __user: explore with /etc files

getent(1) is a utility available where Name Service Switch (NSS)
is available. Many modern operating systems support it, but that
may not be the case of all (e.g. embedded systems).

This commit modifies the __user type explorers to check the
traditional files instead of relying solely on the availability
of getent(1).

- Makes the group explorer use /etc/group
- Makes the passwd explorer use /etc/passwd
- Makes the shadow explorer use /etc/shadow

Implementation note

"getent shadow" does not support querying an entry using a uid
since it does not store that information. Since the shadow explorer
uses __object_id, the passwd explorer does not check if __object_id
matches an entry by uid. This behavior ensures consistent, transparent
behavior of the type. The group explorer, on the other hand, handles
group names and uids; like always.
---
 cdist/conf/type/__user/explorer/group  | 6 +++++-
 cdist/conf/type/__user/explorer/passwd | 7 +++++--
 cdist/conf/type/__user/explorer/shadow | 7 +++++--
 3 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/cdist/conf/type/__user/explorer/group b/cdist/conf/type/__user/explorer/group
index 98ce39c6..b95f3d01 100755
--- a/cdist/conf/type/__user/explorer/group
+++ b/cdist/conf/type/__user/explorer/group
@@ -23,6 +23,10 @@
 
 if [ -f "$__object/parameter/gid" ]; then
    gid=$(cat "$__object/parameter/gid")
-   getent group "$gid" || true
+   if [ -x /usr/bin/getent ] || [ -x /bin/getent ]; then
+      getent group "$gid" || true
+   elif [ -f /etc/group ]; then
+      grep -E "^(${gid}|([^:]:){2}${gid}):" /etc/group || true
+   fi
 fi
 
diff --git a/cdist/conf/type/__user/explorer/passwd b/cdist/conf/type/__user/explorer/passwd
index fdbfb193..592d04c4 100755
--- a/cdist/conf/type/__user/explorer/passwd
+++ b/cdist/conf/type/__user/explorer/passwd
@@ -23,5 +23,8 @@
 
 name=$__object_id
 
-getent passwd "$name" || true
-
+if [ -x /usr/bin/getent ] || [ -x /bin/getent ]; then
+  getent passwd "$name" || true
+elif [ -f /etc/passwd ]; then
+  grep "^${name}:" /etc/passwd || true
+fi
diff --git a/cdist/conf/type/__user/explorer/shadow b/cdist/conf/type/__user/explorer/shadow
index 1a8fd809..b2d1d121 100755
--- a/cdist/conf/type/__user/explorer/shadow
+++ b/cdist/conf/type/__user/explorer/shadow
@@ -31,5 +31,8 @@ case "$os" in
 esac
   
 
-getent "$database" "$name" || true
-
+if [ -x /usr/bin/getent ] || [ -x /bin/getent ]; then
+  getent "$database" "$name" || true
+elif [ -f /etc/shadow ]; then
+  grep "^${name}:" /etc/shadow || true
+fi

From 997fdd8ac4e6066dbaa0926d58c3a33d2feeead9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Gr=C3=A9goire?= <pg@pgregoire.xyz>
Date: Sun, 20 Aug 2017 15:13:01 -0400
Subject: [PATCH 2/3] fix typo in group entry extraction

---
 cdist/conf/type/__user/explorer/group | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cdist/conf/type/__user/explorer/group b/cdist/conf/type/__user/explorer/group
index b95f3d01..5b9ab5c4 100755
--- a/cdist/conf/type/__user/explorer/group
+++ b/cdist/conf/type/__user/explorer/group
@@ -26,7 +26,7 @@ if [ -f "$__object/parameter/gid" ]; then
    if [ -x /usr/bin/getent ] || [ -x /bin/getent ]; then
       getent group "$gid" || true
    elif [ -f /etc/group ]; then
-      grep -E "^(${gid}|([^:]:){2}${gid}):" /etc/group || true
+      grep -E "^(${gid}|([^:]+:){2}${gid}):" /etc/group || true
    fi
 fi
 

From 31e5c97c551ac3a877163aea34d48182941fb212 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Gr=C3=A9goire?= <pg@pgregoire.xyz>
Date: Mon, 21 Aug 2017 10:51:48 -0400
Subject: [PATCH 3/3] use command(1) to get executable's path

---
 cdist/conf/type/__user/explorer/group  | 5 +++--
 cdist/conf/type/__user/explorer/passwd | 5 +++--
 cdist/conf/type/__user/explorer/shadow | 5 +++--
 3 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/cdist/conf/type/__user/explorer/group b/cdist/conf/type/__user/explorer/group
index 5b9ab5c4..2aae2973 100755
--- a/cdist/conf/type/__user/explorer/group
+++ b/cdist/conf/type/__user/explorer/group
@@ -23,8 +23,9 @@
 
 if [ -f "$__object/parameter/gid" ]; then
    gid=$(cat "$__object/parameter/gid")
-   if [ -x /usr/bin/getent ] || [ -x /bin/getent ]; then
-      getent group "$gid" || true
+   getent=$(command -v getent)
+   if [ X != X"${getent}" ]; then
+      "${getent}" group "$gid" || true
    elif [ -f /etc/group ]; then
       grep -E "^(${gid}|([^:]+:){2}${gid}):" /etc/group || true
    fi
diff --git a/cdist/conf/type/__user/explorer/passwd b/cdist/conf/type/__user/explorer/passwd
index 592d04c4..677e3ff0 100755
--- a/cdist/conf/type/__user/explorer/passwd
+++ b/cdist/conf/type/__user/explorer/passwd
@@ -23,8 +23,9 @@
 
 name=$__object_id
 
-if [ -x /usr/bin/getent ] || [ -x /bin/getent ]; then
-  getent passwd "$name" || true
+getent=$(command -v getent)
+if [ X != X"${getent}" ]; then
+  "${getent}" passwd "$name" || true
 elif [ -f /etc/passwd ]; then
   grep "^${name}:" /etc/passwd || true
 fi
diff --git a/cdist/conf/type/__user/explorer/shadow b/cdist/conf/type/__user/explorer/shadow
index b2d1d121..1e6658d4 100755
--- a/cdist/conf/type/__user/explorer/shadow
+++ b/cdist/conf/type/__user/explorer/shadow
@@ -31,8 +31,9 @@ case "$os" in
 esac
   
 
-if [ -x /usr/bin/getent ] || [ -x /bin/getent ]; then
-  getent "$database" "$name" || true
+getent=$(command -v getent)
+if [ X != X"${getent}" ]; then
+  "${getent}" "$database" "$name" || true
 elif [ -f /etc/shadow ]; then
   grep "^${name}:" /etc/shadow || true
 fi