[type/__dma_auth] Use host as key

This commit is contained in:
Dennis Camera 2020-05-31 11:57:54 +02:00
parent 988f277ad6
commit 59059a200a
6 changed files with 102 additions and 43 deletions

View file

@ -17,25 +17,33 @@
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer lines matching user + server in /etc/dma/auth.conf and reports
# their cksum.
# This explorer determines the path of dma's auth.conf file
test -r /etc/dma/auth.conf || exit 0
# No dma.conf -> use default
test -f /etc/dma/dma.conf || {
echo /etc/dma/auth.conf
exit 0
}
test -r /etc/dma/dma.conf || {
echo 'Cannot read /etc/dma/dma.conf' >&2
exit 1
}
if test -f "${__object}/parameter/login"
then
login=$(cat "${__object}/parameter/login")
else
login=$__object_id
fi
server=$(cat "${__object}/parameter/server")
regex=$(printf '^%s|%s:' "$login" "$server")
grep -e "${regex}" /etc/dma/auth.conf \
| while read -r line
do
echo "${line}" \
| cksum - \
| cut -d ' ' -f 1
done
# Get AUTHPATH from dma.conf
awk -F'[ \t]' '
{
sub(/#.*$/, "", $0) # remove comments
if (!$0) next # ignore empty lines
}
$1 == "AUTHPATH" {
# Store authpath. In dma conf parsing last wins.
if ($2) authpath = substr($0, index($0, " ") + 1)
}
END {
if (authpath) {
print authpath
exit 0
} else exit 1
}
' /etc/dma/dma.conf \
|| echo /etc/dma/auth.conf # default

View file

@ -0,0 +1,51 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer looks for lines matching the server parameter in dma's auth.conf
# and reports the login and server fields (password is stripped off)
auth_conf=$("${__type_explorer}/auth_conf")
test -r "${auth_conf}" || exit 0
if test -f "${__object}/parameter/server"
then
server=$(cat "${__object}/parameter/server")
else
server=$__object_id
fi
awk -F'\n' -v server="${server}" '
BEGIN {
DP = "[: \t]" # copied from dma/conf.c
}
# skip comments and empty lines
/^#/ || /^$/ { next }
{
login = substr($0, 1, index($0, "|") - 1)
host = substr($0, length(login) + 2)
if (match(host, DP)) {
host = substr(host, 1, RSTART - 1)
endpos = length(login) + RSTART
} else endpos = length
}
host == server { print substr($0, 0, endpos) }
' "${auth_conf}"

View file

@ -18,24 +18,24 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
logins=$(cat "${__object}/explorer/logins")
authusers=$(cat "${__object}/explorer/authusers")
state_should=$(cat "${__object}/parameter/state")
if test -f "${__object}/parameter/login"
if test -f "${__object}/parameter/server"
then
login=$(cat "${__object}/parameter/login")
server=$(cat "${__object}/parameter/server")
else
login=$__object_id
server=$__object_id
fi
login=$(cat "${__object}/parameter/login")
password=$(cat "${__object}/parameter/password")
server=$(cat "${__object}/parameter/server")
case $state_should
in
(present)
conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}")
cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1)
if echo "$logins" | grep -qxF "${cksum_should}"
if echo "$authusers" | grep -qxF "${cksum_should}"
then
# correct line already present -> nothing to do
exit 0
@ -44,11 +44,8 @@ in
mode=1
;;
(absent)
if test -z "$logins"
then
# no logins present -> nothing to do
exit 0
fi
# no logins present -> nothing to do
test -n "$authusers" || exit 0
# NOTE: password is not needed to delete
conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "")
@ -66,11 +63,14 @@ read -r CONF_LINE <<'EOL'
${conf_line}
EOL
export CONF_LINE
export mode=${mode}
EOF
awk -F: -v print=$mode '
cat <<'EOF'
awk -F: -v mode=$mode '
BEGIN { split(ENVIRON["CONF_LINE"], conf, ":") }
$1 == conf[1] {
if (print && !found) {
if (mode && !found) {
# remove duplicates
print ENVIRON["CONF_LINE"]
found = 1

View file

@ -14,16 +14,16 @@ servers.
REQUIRED PARAMETERS
-------------------
login
The user's LOGIN name on the SMTP server.
password
The user's password (in plain text.)
server
The SMTP server on which the login is valid.
OPTIONAL PARAMETERS
-------------------
login
The user's LOGIN name on the SMTP server. Defaults to `__object_id`.
server
The SMTP server on which the login is valid. Defaults to `__object_id`.
state
Either `present` or `absent`. Defaults to `present`.
@ -38,13 +38,13 @@ EXAMPLES
.. code-block:: sh
# Set the password for smarthost
__dma_auth joe --server smarthost --password hunter2
__dma_auth smarthost.example.com --login joe --password hunter2
# Set credentials for user at an external provider
__dma_auth paul@example.com --server mail.provider.com --password letmein
__dma_auth mail.provider.com --login paul@example.com --password letmein
# Delete credentials for example.com
__dma_auth paul --server example.com --state absent
# Delete credentials for example.com (for all users)
__dma_auth example.com --login '' --password '' --state absent
SEE ALSO
--------

View file

@ -1,2 +1,2 @@
login
server
state

View file

@ -1,2 +1,2 @@
login
password
server