[type/__dma_auth] Finish code to rewrite auth.conf
This commit is contained in:
parent
59059a200a
commit
b848fca929
2 changed files with 73 additions and 29 deletions
|
@ -18,7 +18,7 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
# This explorer looks for lines matching the server parameter in dma's auth.conf
|
# This explorer looks for lines matching the server parameter in dma's auth.conf
|
||||||
# and reports the login and server fields (password is stripped off)
|
# and reports the login and server fields (password is cksummed)
|
||||||
|
|
||||||
auth_conf=$("${__type_explorer}/auth_conf")
|
auth_conf=$("${__type_explorer}/auth_conf")
|
||||||
test -r "${auth_conf}" || exit 0
|
test -r "${auth_conf}" || exit 0
|
||||||
|
@ -47,5 +47,11 @@ BEGIN {
|
||||||
} else endpos = length
|
} else endpos = length
|
||||||
}
|
}
|
||||||
|
|
||||||
host == server { print substr($0, 0, endpos) }
|
host == server { print endpos, $0 }
|
||||||
' "${auth_conf}"
|
' "${auth_conf}" \
|
||||||
|
| while read pos line
|
||||||
|
do
|
||||||
|
printf '%s:%s\n' \
|
||||||
|
"$(printf '%s' "$line" | cut -c $((-pos)))" \
|
||||||
|
"$(printf '%s' "$line" | cut -c $((pos+2))- | cksum | cut -d' ' -f1)"
|
||||||
|
done
|
||||||
|
|
|
@ -18,7 +18,6 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
|
||||||
authusers=$(cat "${__object}/explorer/authusers")
|
|
||||||
state_should=$(cat "${__object}/parameter/state")
|
state_should=$(cat "${__object}/parameter/state")
|
||||||
|
|
||||||
if test -f "${__object}/parameter/server"
|
if test -f "${__object}/parameter/server"
|
||||||
|
@ -28,27 +27,26 @@ else
|
||||||
server=$__object_id
|
server=$__object_id
|
||||||
fi
|
fi
|
||||||
login=$(cat "${__object}/parameter/login")
|
login=$(cat "${__object}/parameter/login")
|
||||||
password=$(cat "${__object}/parameter/password")
|
|
||||||
|
|
||||||
case $state_should
|
case $state_should
|
||||||
in
|
in
|
||||||
(present)
|
(present)
|
||||||
conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}")
|
line_should=$(printf '%s|%s:%s\n' \
|
||||||
cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1)
|
"${login}" "${server}" \
|
||||||
if echo "$authusers" | grep -qxF "${cksum_should}"
|
"$(cksum "${__object}/parameter/password" | cut -d' ' -f1)")
|
||||||
|
if grep -qxF "${line_should}" "${__object}/explorer/authusers"
|
||||||
then
|
then
|
||||||
# correct line already present -> nothing to do
|
# correct line already present -> nothing to do
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1 }
|
||||||
|
|
||||||
mode=1
|
mode=1
|
||||||
;;
|
;;
|
||||||
(absent)
|
(absent)
|
||||||
# no logins present -> nothing to do
|
# no matching logins present -> nothing to do
|
||||||
test -n "$authusers" || exit 0
|
test -s "${__object}/explorer/authusers" || exit 0
|
||||||
|
|
||||||
# NOTE: password is not needed to delete
|
|
||||||
conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "")
|
|
||||||
|
|
||||||
mode=0
|
mode=0
|
||||||
;;
|
;;
|
||||||
|
@ -58,25 +56,65 @@ in
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
|
auth_conf=$(cat "${__object}/explorer/auth_conf")
|
||||||
|
|
||||||
|
if test -z "${auth_conf}"
|
||||||
|
then
|
||||||
|
echo 'Cannot determine path of dma auth.conf' >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
read -r CONF_LINE <<'EOL'
|
export auth_conf='${auth_conf}'
|
||||||
${conf_line}
|
export login='${login}'
|
||||||
EOL
|
export server='${server}'
|
||||||
export CONF_LINE
|
mode=${mode}
|
||||||
export mode=${mode}
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat <<'EOF'
|
cat <<'EOF'
|
||||||
awk -F: -v mode=$mode '
|
test -f "${auth_conf}" || touch "${auth_conf}"
|
||||||
BEGIN { split(ENVIRON["CONF_LINE"], conf, ":") }
|
|
||||||
$1 == conf[1] {
|
awk -F '\n' -v mode=$mode '
|
||||||
if (mode && !found) {
|
function getpw( line, path) {
|
||||||
# remove duplicates
|
path = (ENVIRON["__object"] "/parameter/password")
|
||||||
print ENVIRON["CONF_LINE"]
|
getline line < path
|
||||||
found = 1
|
close(path)
|
||||||
|
return line
|
||||||
}
|
}
|
||||||
|
|
||||||
|
BEGIN {
|
||||||
|
DP = "[: \t]" # copied from dma/conf.c
|
||||||
|
}
|
||||||
|
|
||||||
|
# skip comments and empty lines
|
||||||
|
/^#/ || /^$/ { print; next }
|
||||||
|
|
||||||
|
{
|
||||||
|
login = substr($0, 1, index($0, "|") - 1)
|
||||||
|
host = substr($0, length(login) + 2)
|
||||||
|
if (match(host, DP)) {
|
||||||
|
host = substr(host, 1, RSTART - 1)
|
||||||
|
endpos = length(login) + RSTART
|
||||||
|
} else endpos = length
|
||||||
|
}
|
||||||
|
|
||||||
|
host == ENVIRON["server"] {
|
||||||
|
if (mode) {
|
||||||
|
if (login == ENVIRON["login"] && !written) {
|
||||||
|
printf "%s%s\n", substr($0, 1, endpos+1), getpw()
|
||||||
|
written = 1
|
||||||
next
|
next
|
||||||
}
|
}
|
||||||
1' </etc/dma/auth.conf >/etc/dma/auth.conf.tmp \
|
} else if (!ENVIRON["login"] || login == ENVIRON["login"]) next
|
||||||
&& mv /etc/dma/auth.conf.tmp /etc/dma/auth.conf
|
}
|
||||||
|
|
||||||
|
{ print }
|
||||||
|
|
||||||
|
END {
|
||||||
|
if (mode && !written) {
|
||||||
|
printf "%s|%s:%s\n", ENVIRON["login"], ENVIRON["server"], getpw()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
' <"${auth_conf}" >"${auth_conf}.tmp" \
|
||||||
|
&& mv "${auth_conf}.tmp" "${auth_conf}"
|
||||||
EOF
|
EOF
|
||||||
|
|
Loading…
Reference in a new issue