__user: explore with /etc files

getent(1) is a utility available where Name Service Switch (NSS)
is available. Many modern operating systems support it, but that
may not be the case of all (e.g. embedded systems).

This commit modifies the __user type explorers to check the
traditional files instead of relying solely on the availability
of getent(1).

- Makes the group explorer use /etc/group
- Makes the passwd explorer use /etc/passwd
- Makes the shadow explorer use /etc/shadow

Implementation note

"getent shadow" does not support querying an entry using a uid
since it does not store that information. Since the shadow explorer
uses __object_id, the passwd explorer does not check if __object_id
matches an entry by uid. This behavior ensures consistent, transparent
behavior of the type. The group explorer, on the other hand, handles
group names and uids; like always.
This commit is contained in:
Philippe Grégoire 2017-08-20 12:10:54 -04:00
parent ceb97fd0ee
commit a915baa73b
No known key found for this signature in database
GPG key ID: A14AA6DA679C2177
3 changed files with 15 additions and 5 deletions
cdist/conf/type/__user/explorer

View file

@ -23,6 +23,10 @@
if [ -f "$__object/parameter/gid" ]; then
gid=$(cat "$__object/parameter/gid")
getent group "$gid" || true
if [ -x /usr/bin/getent ] || [ -x /bin/getent ]; then
getent group "$gid" || true
elif [ -f /etc/group ]; then
grep -E "^(${gid}|([^:]:){2}${gid}):" /etc/group || true
fi
fi

View file

@ -23,5 +23,8 @@
name=$__object_id
getent passwd "$name" || true
if [ -x /usr/bin/getent ] || [ -x /bin/getent ]; then
getent passwd "$name" || true
elif [ -f /etc/passwd ]; then
grep "^${name}:" /etc/passwd || true
fi

View file

@ -31,5 +31,8 @@ case "$os" in
esac
getent "$database" "$name" || true
if [ -x /usr/bin/getent ] || [ -x /bin/getent ]; then
getent "$database" "$name" || true
elif [ -f /etc/shadow ]; then
grep "^${name}:" /etc/shadow || true
fi