[type/__dma_auth] Finish code to rewrite auth.conf

This commit is contained in:
Dennis Camera 2020-05-31 15:01:40 +02:00
parent 59059a200a
commit b848fca929
2 changed files with 73 additions and 29 deletions

View file

@ -18,7 +18,7 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
# This explorer looks for lines matching the server parameter in dma's auth.conf # This explorer looks for lines matching the server parameter in dma's auth.conf
# and reports the login and server fields (password is stripped off) # and reports the login and server fields (password is cksummed)
auth_conf=$("${__type_explorer}/auth_conf") auth_conf=$("${__type_explorer}/auth_conf")
test -r "${auth_conf}" || exit 0 test -r "${auth_conf}" || exit 0
@ -47,5 +47,11 @@ BEGIN {
} else endpos = length } else endpos = length
} }
host == server { print substr($0, 0, endpos) } host == server { print endpos, $0 }
' "${auth_conf}" ' "${auth_conf}" \
| while read pos line
do
printf '%s:%s\n' \
"$(printf '%s' "$line" | cut -c $((-pos)))" \
"$(printf '%s' "$line" | cut -c $((pos+2))- | cksum | cut -d' ' -f1)"
done

View file

@ -18,7 +18,6 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
authusers=$(cat "${__object}/explorer/authusers")
state_should=$(cat "${__object}/parameter/state") state_should=$(cat "${__object}/parameter/state")
if test -f "${__object}/parameter/server" if test -f "${__object}/parameter/server"
@ -28,27 +27,26 @@ else
server=$__object_id server=$__object_id
fi fi
login=$(cat "${__object}/parameter/login") login=$(cat "${__object}/parameter/login")
password=$(cat "${__object}/parameter/password")
case $state_should case $state_should
in in
(present) (present)
conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}") line_should=$(printf '%s|%s:%s\n' \
cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1) "${login}" "${server}" \
if echo "$authusers" | grep -qxF "${cksum_should}" "$(cksum "${__object}/parameter/password" | cut -d' ' -f1)")
if grep -qxF "${line_should}" "${__object}/explorer/authusers"
then then
# correct line already present -> nothing to do # correct line already present -> nothing to do
exit 0 exit 0
fi fi
test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1 }
mode=1 mode=1
;; ;;
(absent) (absent)
# no logins present -> nothing to do # no matching logins present -> nothing to do
test -n "$authusers" || exit 0 test -s "${__object}/explorer/authusers" || exit 0
# NOTE: password is not needed to delete
conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "")
mode=0 mode=0
;; ;;
@ -58,25 +56,65 @@ in
;; ;;
esac esac
auth_conf=$(cat "${__object}/explorer/auth_conf")
if test -z "${auth_conf}"
then
echo 'Cannot determine path of dma auth.conf' >&2
exit 1
fi
cat <<EOF cat <<EOF
read -r CONF_LINE <<'EOL' export auth_conf='${auth_conf}'
${conf_line} export login='${login}'
EOL export server='${server}'
export CONF_LINE mode=${mode}
export mode=${mode}
EOF EOF
cat <<'EOF' cat <<'EOF'
awk -F: -v mode=$mode ' test -f "${auth_conf}" || touch "${auth_conf}"
BEGIN { split(ENVIRON["CONF_LINE"], conf, ":") }
$1 == conf[1] { awk -F '\n' -v mode=$mode '
if (mode && !found) { function getpw( line, path) {
# remove duplicates path = (ENVIRON["__object"] "/parameter/password")
print ENVIRON["CONF_LINE"] getline line < path
found = 1 close(path)
return line
} }
BEGIN {
DP = "[: \t]" # copied from dma/conf.c
}
# skip comments and empty lines
/^#/ || /^$/ { print; next }
{
login = substr($0, 1, index($0, "|") - 1)
host = substr($0, length(login) + 2)
if (match(host, DP)) {
host = substr(host, 1, RSTART - 1)
endpos = length(login) + RSTART
} else endpos = length
}
host == ENVIRON["server"] {
if (mode) {
if (login == ENVIRON["login"] && !written) {
printf "%s%s\n", substr($0, 1, endpos+1), getpw()
written = 1
next next
} }
1' </etc/dma/auth.conf >/etc/dma/auth.conf.tmp \ } else if (!ENVIRON["login"] || login == ENVIRON["login"]) next
&& mv /etc/dma/auth.conf.tmp /etc/dma/auth.conf }
{ print }
END {
if (mode && !written) {
printf "%s|%s:%s\n", ENVIRON["login"], ENVIRON["server"], getpw()
}
}
' <"${auth_conf}" >"${auth_conf}.tmp" \
&& mv "${auth_conf}.tmp" "${auth_conf}"
EOF EOF