From a915baa73b1022f50c29996fcdaa32e033e7919c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Gr=C3=A9goire?= Date: Sun, 20 Aug 2017 12:10:54 -0400 Subject: [PATCH] __user: explore with /etc files getent(1) is a utility available where Name Service Switch (NSS) is available. Many modern operating systems support it, but that may not be the case of all (e.g. embedded systems). This commit modifies the __user type explorers to check the traditional files instead of relying solely on the availability of getent(1). - Makes the group explorer use /etc/group - Makes the passwd explorer use /etc/passwd - Makes the shadow explorer use /etc/shadow Implementation note "getent shadow" does not support querying an entry using a uid since it does not store that information. Since the shadow explorer uses __object_id, the passwd explorer does not check if __object_id matches an entry by uid. This behavior ensures consistent, transparent behavior of the type. The group explorer, on the other hand, handles group names and uids; like always. --- cdist/conf/type/__user/explorer/group | 6 +++++- cdist/conf/type/__user/explorer/passwd | 7 +++++-- cdist/conf/type/__user/explorer/shadow | 7 +++++-- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/cdist/conf/type/__user/explorer/group b/cdist/conf/type/__user/explorer/group index 98ce39c6..b95f3d01 100755 --- a/cdist/conf/type/__user/explorer/group +++ b/cdist/conf/type/__user/explorer/group @@ -23,6 +23,10 @@ if [ -f "$__object/parameter/gid" ]; then gid=$(cat "$__object/parameter/gid") - getent group "$gid" || true + if [ -x /usr/bin/getent ] || [ -x /bin/getent ]; then + getent group "$gid" || true + elif [ -f /etc/group ]; then + grep -E "^(${gid}|([^:]:){2}${gid}):" /etc/group || true + fi fi diff --git a/cdist/conf/type/__user/explorer/passwd b/cdist/conf/type/__user/explorer/passwd index fdbfb193..592d04c4 100755 --- a/cdist/conf/type/__user/explorer/passwd +++ b/cdist/conf/type/__user/explorer/passwd @@ -23,5 +23,8 @@ name=$__object_id -getent passwd "$name" || true - +if [ -x /usr/bin/getent ] || [ -x /bin/getent ]; then + getent passwd "$name" || true +elif [ -f /etc/passwd ]; then + grep "^${name}:" /etc/passwd || true +fi diff --git a/cdist/conf/type/__user/explorer/shadow b/cdist/conf/type/__user/explorer/shadow index 1a8fd809..b2d1d121 100755 --- a/cdist/conf/type/__user/explorer/shadow +++ b/cdist/conf/type/__user/explorer/shadow @@ -31,5 +31,8 @@ case "$os" in esac -getent "$database" "$name" || true - +if [ -x /usr/bin/getent ] || [ -x /bin/getent ]; then + getent "$database" "$name" || true +elif [ -f /etc/shadow ]; then + grep "^${name}:" /etc/shadow || true +fi