[type/__dma_auth] Use host as key

This commit is contained in:
Dennis Camera 2020-05-31 11:57:54 +02:00
parent 988f277ad6
commit 59059a200a
6 changed files with 102 additions and 43 deletions

View file

@ -17,25 +17,33 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
# This explorer lines matching user + server in /etc/dma/auth.conf and reports # This explorer determines the path of dma's auth.conf file
# their cksum.
test -r /etc/dma/auth.conf || exit 0 # No dma.conf -> use default
test -f /etc/dma/dma.conf || {
echo /etc/dma/auth.conf
exit 0
}
test -r /etc/dma/dma.conf || {
echo 'Cannot read /etc/dma/dma.conf' >&2
exit 1
}
if test -f "${__object}/parameter/login" # Get AUTHPATH from dma.conf
then awk -F'[ \t]' '
login=$(cat "${__object}/parameter/login") {
else sub(/#.*$/, "", $0) # remove comments
login=$__object_id if (!$0) next # ignore empty lines
fi }
server=$(cat "${__object}/parameter/server") $1 == "AUTHPATH" {
# Store authpath. In dma conf parsing last wins.
regex=$(printf '^%s|%s:' "$login" "$server") if ($2) authpath = substr($0, index($0, " ") + 1)
}
grep -e "${regex}" /etc/dma/auth.conf \ END {
| while read -r line if (authpath) {
do print authpath
echo "${line}" \ exit 0
| cksum - \ } else exit 1
| cut -d ' ' -f 1 }
done ' /etc/dma/dma.conf \
|| echo /etc/dma/auth.conf # default

View file

@ -0,0 +1,51 @@
#!/bin/sh -e
#
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
#
# This file is part of cdist.
#
# cdist is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# cdist is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
#
# This explorer looks for lines matching the server parameter in dma's auth.conf
# and reports the login and server fields (password is stripped off)
auth_conf=$("${__type_explorer}/auth_conf")
test -r "${auth_conf}" || exit 0
if test -f "${__object}/parameter/server"
then
server=$(cat "${__object}/parameter/server")
else
server=$__object_id
fi
awk -F'\n' -v server="${server}" '
BEGIN {
DP = "[: \t]" # copied from dma/conf.c
}
# skip comments and empty lines
/^#/ || /^$/ { next }
{
login = substr($0, 1, index($0, "|") - 1)
host = substr($0, length(login) + 2)
if (match(host, DP)) {
host = substr(host, 1, RSTART - 1)
endpos = length(login) + RSTART
} else endpos = length
}
host == server { print substr($0, 0, endpos) }
' "${auth_conf}"

View file

@ -18,24 +18,24 @@
# along with cdist. If not, see <http://www.gnu.org/licenses/>. # along with cdist. If not, see <http://www.gnu.org/licenses/>.
# #
logins=$(cat "${__object}/explorer/logins") authusers=$(cat "${__object}/explorer/authusers")
state_should=$(cat "${__object}/parameter/state") state_should=$(cat "${__object}/parameter/state")
if test -f "${__object}/parameter/login" if test -f "${__object}/parameter/server"
then then
login=$(cat "${__object}/parameter/login") server=$(cat "${__object}/parameter/server")
else else
login=$__object_id server=$__object_id
fi fi
login=$(cat "${__object}/parameter/login")
password=$(cat "${__object}/parameter/password") password=$(cat "${__object}/parameter/password")
server=$(cat "${__object}/parameter/server")
case $state_should case $state_should
in in
(present) (present)
conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}") conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}")
cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1) cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1)
if echo "$logins" | grep -qxF "${cksum_should}" if echo "$authusers" | grep -qxF "${cksum_should}"
then then
# correct line already present -> nothing to do # correct line already present -> nothing to do
exit 0 exit 0
@ -44,11 +44,8 @@ in
mode=1 mode=1
;; ;;
(absent) (absent)
if test -z "$logins"
then
# no logins present -> nothing to do # no logins present -> nothing to do
exit 0 test -n "$authusers" || exit 0
fi
# NOTE: password is not needed to delete # NOTE: password is not needed to delete
conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "") conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "")
@ -66,11 +63,14 @@ read -r CONF_LINE <<'EOL'
${conf_line} ${conf_line}
EOL EOL
export CONF_LINE export CONF_LINE
export mode=${mode}
EOF
awk -F: -v print=$mode ' cat <<'EOF'
awk -F: -v mode=$mode '
BEGIN { split(ENVIRON["CONF_LINE"], conf, ":") } BEGIN { split(ENVIRON["CONF_LINE"], conf, ":") }
$1 == conf[1] { $1 == conf[1] {
if (print && !found) { if (mode && !found) {
# remove duplicates # remove duplicates
print ENVIRON["CONF_LINE"] print ENVIRON["CONF_LINE"]
found = 1 found = 1

View file

@ -14,16 +14,16 @@ servers.
REQUIRED PARAMETERS REQUIRED PARAMETERS
------------------- -------------------
login
The user's LOGIN name on the SMTP server.
password password
The user's password (in plain text.) The user's password (in plain text.)
server
The SMTP server on which the login is valid.
OPTIONAL PARAMETERS OPTIONAL PARAMETERS
------------------- -------------------
login server
The user's LOGIN name on the SMTP server. Defaults to `__object_id`. The SMTP server on which the login is valid. Defaults to `__object_id`.
state state
Either `present` or `absent`. Defaults to `present`. Either `present` or `absent`. Defaults to `present`.
@ -38,13 +38,13 @@ EXAMPLES
.. code-block:: sh .. code-block:: sh
# Set the password for smarthost # Set the password for smarthost
__dma_auth joe --server smarthost --password hunter2 __dma_auth smarthost.example.com --login joe --password hunter2
# Set credentials for user at an external provider # Set credentials for user at an external provider
__dma_auth paul@example.com --server mail.provider.com --password letmein __dma_auth mail.provider.com --login paul@example.com --password letmein
# Delete credentials for example.com # Delete credentials for example.com (for all users)
__dma_auth paul --server example.com --state absent __dma_auth example.com --login '' --password '' --state absent
SEE ALSO SEE ALSO
-------- --------

View file

@ -1,2 +1,2 @@
login server
state state

View file

@ -1,2 +1,2 @@
login
password password
server