From acb4644f1ed6941d81d98c0323c936c3c4ae6e16 Mon Sep 17 00:00:00 2001
From: Matt Coddington <coddington@gmail.com>
Date: Mon, 6 Feb 2012 16:21:51 -0500
Subject: [PATCH 1/2] redhat groupmod doesn't support --gid option redhat
 groupmod doesn't support password chages redhat doesn't support getent
 gshadow

---
 conf/type/__group/explorer/gshadow | 10 +++++++++-
 conf/type/__group/gencode-remote   | 15 ++++++++++++++-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/conf/type/__group/explorer/gshadow b/conf/type/__group/explorer/gshadow
index 51d502a1..2c0c0e8c 100755
--- a/conf/type/__group/explorer/gshadow
+++ b/conf/type/__group/explorer/gshadow
@@ -22,6 +22,14 @@
 #
 
 name=$__object_id
+os="$($__explorer/os)"
 
-getent gshadow "$name" || true
+case "$os" in
+   centos|fedora|redhat)
+      grep "^${name}:" /etc/gshadow || true
+   ;;
+   *)
+      getent gshadow "$name" || true
+   ;;
+esac
 
diff --git a/conf/type/__group/gencode-remote b/conf/type/__group/gencode-remote
index cf26a437..9a283207 100755
--- a/conf/type/__group/gencode-remote
+++ b/conf/type/__group/gencode-remote
@@ -23,23 +23,36 @@
 #
 
 name="$__object_id"
+os="$(cat "$__global/explorer/os")"
 
 cd "$__object/parameter"
 if grep -q "^${name}:" "$__object/explorer/group"; then
    for property in $(ls .); do
       new_value="$(cat "$property")"
+      # argument to pass the groupmod command for this property (os-specific
+      # exceptions are listed in the case statement below)
+      proparg="--$property"
 
       case "$property" in
          password)
             current_value="$(awk -F: '{ print $2 }' < "$__object/explorer/gshadow")"
+            case "$os" in
+               centos|fedora|redhat)
+                  echo "group/$name: $os groupmod does not support password modification" >&2
+                  continue
+               ;;
+            esac
          ;;
          gid)
             current_value="$(awk -F: '{ print $3 }' < "$__object/explorer/group")"
+            case "$os" in
+               centos|fedora|redhat) proparg="-g" ;;
+            esac
          ;;
       esac
 
       if [ "$new_value" != "$current_value" ]; then
-         set -- "$@" "--$property" \"$new_value\"
+         set -- "$@" "$proparg" \"$new_value\"
       fi
    done
 

From 1f8693a7226108b1d25bbee6cb6f08b154e8c269 Mon Sep 17 00:00:00 2001
From: Matt Coddington <coddington@gmail.com>
Date: Tue, 7 Feb 2012 17:29:55 -0500
Subject: [PATCH 2/2] case-based exceptions only on OS's where we know they are
 needed always use -g instead of --gid when passing arg to groupmod

---
 conf/type/__group/explorer/gshadow |  9 +++++----
 conf/type/__group/gencode-remote   | 20 ++++++++++----------
 2 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/conf/type/__group/explorer/gshadow b/conf/type/__group/explorer/gshadow
index 2c0c0e8c..e3c2dd6c 100755
--- a/conf/type/__group/explorer/gshadow
+++ b/conf/type/__group/explorer/gshadow
@@ -22,11 +22,12 @@
 #
 
 name=$__object_id
-os="$($__explorer/os)"
+os_version="$($__explorer/os_version)"
 
-case "$os" in
-   centos|fedora|redhat)
-      grep "^${name}:" /etc/gshadow || true
+case "$os_version" in
+   "Red Hat Enterprise Linux Server release "[45]*|"CentOS release "[45]*)
+      # TODO: find a way to get this information
+      echo "$os_version does not have getent gshadow"
    ;;
    *)
       getent gshadow "$name" || true
diff --git a/conf/type/__group/gencode-remote b/conf/type/__group/gencode-remote
index 9a283207..2b4774ab 100755
--- a/conf/type/__group/gencode-remote
+++ b/conf/type/__group/gencode-remote
@@ -23,31 +23,31 @@
 #
 
 name="$__object_id"
-os="$(cat "$__global/explorer/os")"
+os_version="$(cat "$__global/explorer/os_version")"
 
 cd "$__object/parameter"
 if grep -q "^${name}:" "$__object/explorer/group"; then
    for property in $(ls .); do
       new_value="$(cat "$property")"
-      # argument to pass the groupmod command for this property (os-specific
-      # exceptions are listed in the case statement below)
+      # argument to pass the groupmod command for this property (exceptions
+      # are made in the case statement below)
       proparg="--$property"
 
       case "$property" in
          password)
             current_value="$(awk -F: '{ print $2 }' < "$__object/explorer/gshadow")"
-            case "$os" in
-               centos|fedora|redhat)
-                  echo "group/$name: $os groupmod does not support password modification" >&2
-                  continue
+            case "$os_version" in
+               "Red Hat Enterprise Linux Server release "[45]*|"CentOS release "[45]*)
+                  # TODO: Use gpasswd?  Need to fix gshadow explorer first.
+                  echo "group/$name: '$os_version' groupmod does not support password modification" >&2
+                  exit 1
                ;;
             esac
          ;;
          gid)
+            # set to -g to support older redhat/centos
+            proparg="-g"
             current_value="$(awk -F: '{ print $3 }' < "$__object/explorer/group")"
-            case "$os" in
-               centos|fedora|redhat) proparg="-g" ;;
-            esac
          ;;
       esac