From 59059a200a27cd750794439544e3aa5a45b65f09 Mon Sep 17 00:00:00 2001 From: Dennis Camera Date: Sun, 31 May 2020 11:57:54 +0200 Subject: [PATCH] [type/__dma_auth] Use host as key --- .../__dma_auth/explorer/{logins => auth_conf} | 48 +++++++++-------- type/__dma_auth/explorer/authusers | 51 +++++++++++++++++++ type/__dma_auth/gencode-remote | 26 +++++----- type/__dma_auth/man.rst | 16 +++--- type/__dma_auth/parameter/optional | 2 +- type/__dma_auth/parameter/required | 2 +- 6 files changed, 102 insertions(+), 43 deletions(-) rename type/__dma_auth/explorer/{logins => auth_conf} (54%) mode change 100644 => 100755 create mode 100755 type/__dma_auth/explorer/authusers diff --git a/type/__dma_auth/explorer/logins b/type/__dma_auth/explorer/auth_conf old mode 100644 new mode 100755 similarity index 54% rename from type/__dma_auth/explorer/logins rename to type/__dma_auth/explorer/auth_conf index 0ed6bc1..cef0aca --- a/type/__dma_auth/explorer/logins +++ b/type/__dma_auth/explorer/auth_conf @@ -17,25 +17,33 @@ # You should have received a copy of the GNU General Public License # along with cdist. If not, see . # -# This explorer lines matching user + server in /etc/dma/auth.conf and reports -# their cksum. +# This explorer determines the path of dma's auth.conf file -test -r /etc/dma/auth.conf || exit 0 +# No dma.conf -> use default +test -f /etc/dma/dma.conf || { + echo /etc/dma/auth.conf + exit 0 +} +test -r /etc/dma/dma.conf || { + echo 'Cannot read /etc/dma/dma.conf' >&2 + exit 1 +} -if test -f "${__object}/parameter/login" -then - login=$(cat "${__object}/parameter/login") -else - login=$__object_id -fi -server=$(cat "${__object}/parameter/server") - -regex=$(printf '^%s|%s:' "$login" "$server") - -grep -e "${regex}" /etc/dma/auth.conf \ -| while read -r line - do - echo "${line}" \ - | cksum - \ - | cut -d ' ' -f 1 - done +# Get AUTHPATH from dma.conf +awk -F'[ \t]' ' +{ + sub(/#.*$/, "", $0) # remove comments + if (!$0) next # ignore empty lines +} +$1 == "AUTHPATH" { + # Store authpath. In dma conf parsing last wins. + if ($2) authpath = substr($0, index($0, " ") + 1) +} +END { + if (authpath) { + print authpath + exit 0 + } else exit 1 +} +' /etc/dma/dma.conf \ +|| echo /etc/dma/auth.conf # default diff --git a/type/__dma_auth/explorer/authusers b/type/__dma_auth/explorer/authusers new file mode 100755 index 0000000..5fc6b4e --- /dev/null +++ b/type/__dma_auth/explorer/authusers @@ -0,0 +1,51 @@ +#!/bin/sh -e +# +# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# This explorer looks for lines matching the server parameter in dma's auth.conf +# and reports the login and server fields (password is stripped off) + +auth_conf=$("${__type_explorer}/auth_conf") +test -r "${auth_conf}" || exit 0 + +if test -f "${__object}/parameter/server" +then + server=$(cat "${__object}/parameter/server") +else + server=$__object_id +fi + +awk -F'\n' -v server="${server}" ' +BEGIN { + DP = "[: \t]" # copied from dma/conf.c +} + +# skip comments and empty lines +/^#/ || /^$/ { next } + +{ + login = substr($0, 1, index($0, "|") - 1) + host = substr($0, length(login) + 2) + if (match(host, DP)) { + host = substr(host, 1, RSTART - 1) + endpos = length(login) + RSTART + } else endpos = length +} + +host == server { print substr($0, 0, endpos) } +' "${auth_conf}" diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote index 0951c16..989e176 100755 --- a/type/__dma_auth/gencode-remote +++ b/type/__dma_auth/gencode-remote @@ -18,24 +18,24 @@ # along with cdist. If not, see . # -logins=$(cat "${__object}/explorer/logins") +authusers=$(cat "${__object}/explorer/authusers") state_should=$(cat "${__object}/parameter/state") -if test -f "${__object}/parameter/login" +if test -f "${__object}/parameter/server" then - login=$(cat "${__object}/parameter/login") + server=$(cat "${__object}/parameter/server") else - login=$__object_id + server=$__object_id fi +login=$(cat "${__object}/parameter/login") password=$(cat "${__object}/parameter/password") -server=$(cat "${__object}/parameter/server") case $state_should in (present) conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}") cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1) - if echo "$logins" | grep -qxF "${cksum_should}" + if echo "$authusers" | grep -qxF "${cksum_should}" then # correct line already present -> nothing to do exit 0 @@ -44,11 +44,8 @@ in mode=1 ;; (absent) - if test -z "$logins" - then - # no logins present -> nothing to do - exit 0 - fi + # no logins present -> nothing to do + test -n "$authusers" || exit 0 # NOTE: password is not needed to delete conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "") @@ -66,11 +63,14 @@ read -r CONF_LINE <<'EOL' ${conf_line} EOL export CONF_LINE +export mode=${mode} +EOF -awk -F: -v print=$mode ' +cat <<'EOF' +awk -F: -v mode=$mode ' BEGIN { split(ENVIRON["CONF_LINE"], conf, ":") } $1 == conf[1] { - if (print && !found) { + if (mode && !found) { # remove duplicates print ENVIRON["CONF_LINE"] found = 1 diff --git a/type/__dma_auth/man.rst b/type/__dma_auth/man.rst index bd077d6..9c3ad7a 100644 --- a/type/__dma_auth/man.rst +++ b/type/__dma_auth/man.rst @@ -14,16 +14,16 @@ servers. REQUIRED PARAMETERS ------------------- +login + The user's LOGIN name on the SMTP server. password The user's password (in plain text.) -server - The SMTP server on which the login is valid. OPTIONAL PARAMETERS ------------------- -login - The user's LOGIN name on the SMTP server. Defaults to `__object_id`. +server + The SMTP server on which the login is valid. Defaults to `__object_id`. state Either `present` or `absent`. Defaults to `present`. @@ -38,13 +38,13 @@ EXAMPLES .. code-block:: sh # Set the password for smarthost - __dma_auth joe --server smarthost --password hunter2 + __dma_auth smarthost.example.com --login joe --password hunter2 # Set credentials for user at an external provider - __dma_auth paul@example.com --server mail.provider.com --password letmein + __dma_auth mail.provider.com --login paul@example.com --password letmein - # Delete credentials for example.com - __dma_auth paul --server example.com --state absent + # Delete credentials for example.com (for all users) + __dma_auth example.com --login '' --password '' --state absent SEE ALSO -------- diff --git a/type/__dma_auth/parameter/optional b/type/__dma_auth/parameter/optional index c35dbef..3e42ed3 100644 --- a/type/__dma_auth/parameter/optional +++ b/type/__dma_auth/parameter/optional @@ -1,2 +1,2 @@ -login +server state diff --git a/type/__dma_auth/parameter/required b/type/__dma_auth/parameter/required index 8f1a1c9..ae3c622 100644 --- a/type/__dma_auth/parameter/required +++ b/type/__dma_auth/parameter/required @@ -1,2 +1,2 @@ +login password -server