[type/__dma_auth] Use host as key
This commit is contained in:
parent
988f277ad6
commit
59059a200a
6 changed files with 102 additions and 43 deletions
48
type/__dma_auth/explorer/logins → type/__dma_auth/explorer/auth_conf
Normal file → Executable file
48
type/__dma_auth/explorer/logins → type/__dma_auth/explorer/auth_conf
Normal file → Executable file
|
@ -17,25 +17,33 @@
|
||||||
# You should have received a copy of the GNU General Public License
|
# You should have received a copy of the GNU General Public License
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
# This explorer lines matching user + server in /etc/dma/auth.conf and reports
|
# This explorer determines the path of dma's auth.conf file
|
||||||
# their cksum.
|
|
||||||
|
|
||||||
test -r /etc/dma/auth.conf || exit 0
|
# No dma.conf -> use default
|
||||||
|
test -f /etc/dma/dma.conf || {
|
||||||
|
echo /etc/dma/auth.conf
|
||||||
|
exit 0
|
||||||
|
}
|
||||||
|
test -r /etc/dma/dma.conf || {
|
||||||
|
echo 'Cannot read /etc/dma/dma.conf' >&2
|
||||||
|
exit 1
|
||||||
|
}
|
||||||
|
|
||||||
if test -f "${__object}/parameter/login"
|
# Get AUTHPATH from dma.conf
|
||||||
then
|
awk -F'[ \t]' '
|
||||||
login=$(cat "${__object}/parameter/login")
|
{
|
||||||
else
|
sub(/#.*$/, "", $0) # remove comments
|
||||||
login=$__object_id
|
if (!$0) next # ignore empty lines
|
||||||
fi
|
}
|
||||||
server=$(cat "${__object}/parameter/server")
|
$1 == "AUTHPATH" {
|
||||||
|
# Store authpath. In dma conf parsing last wins.
|
||||||
regex=$(printf '^%s|%s:' "$login" "$server")
|
if ($2) authpath = substr($0, index($0, " ") + 1)
|
||||||
|
}
|
||||||
grep -e "${regex}" /etc/dma/auth.conf \
|
END {
|
||||||
| while read -r line
|
if (authpath) {
|
||||||
do
|
print authpath
|
||||||
echo "${line}" \
|
exit 0
|
||||||
| cksum - \
|
} else exit 1
|
||||||
| cut -d ' ' -f 1
|
}
|
||||||
done
|
' /etc/dma/dma.conf \
|
||||||
|
|| echo /etc/dma/auth.conf # default
|
51
type/__dma_auth/explorer/authusers
Executable file
51
type/__dma_auth/explorer/authusers
Executable file
|
@ -0,0 +1,51 @@
|
||||||
|
#!/bin/sh -e
|
||||||
|
#
|
||||||
|
# 2020 Dennis Camera (dennis.camera at ssrq-sds-fds.ch)
|
||||||
|
#
|
||||||
|
# This file is part of cdist.
|
||||||
|
#
|
||||||
|
# cdist is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 3 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# cdist is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
# This explorer looks for lines matching the server parameter in dma's auth.conf
|
||||||
|
# and reports the login and server fields (password is stripped off)
|
||||||
|
|
||||||
|
auth_conf=$("${__type_explorer}/auth_conf")
|
||||||
|
test -r "${auth_conf}" || exit 0
|
||||||
|
|
||||||
|
if test -f "${__object}/parameter/server"
|
||||||
|
then
|
||||||
|
server=$(cat "${__object}/parameter/server")
|
||||||
|
else
|
||||||
|
server=$__object_id
|
||||||
|
fi
|
||||||
|
|
||||||
|
awk -F'\n' -v server="${server}" '
|
||||||
|
BEGIN {
|
||||||
|
DP = "[: \t]" # copied from dma/conf.c
|
||||||
|
}
|
||||||
|
|
||||||
|
# skip comments and empty lines
|
||||||
|
/^#/ || /^$/ { next }
|
||||||
|
|
||||||
|
{
|
||||||
|
login = substr($0, 1, index($0, "|") - 1)
|
||||||
|
host = substr($0, length(login) + 2)
|
||||||
|
if (match(host, DP)) {
|
||||||
|
host = substr(host, 1, RSTART - 1)
|
||||||
|
endpos = length(login) + RSTART
|
||||||
|
} else endpos = length
|
||||||
|
}
|
||||||
|
|
||||||
|
host == server { print substr($0, 0, endpos) }
|
||||||
|
' "${auth_conf}"
|
|
@ -18,24 +18,24 @@
|
||||||
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#
|
#
|
||||||
|
|
||||||
logins=$(cat "${__object}/explorer/logins")
|
authusers=$(cat "${__object}/explorer/authusers")
|
||||||
state_should=$(cat "${__object}/parameter/state")
|
state_should=$(cat "${__object}/parameter/state")
|
||||||
|
|
||||||
if test -f "${__object}/parameter/login"
|
if test -f "${__object}/parameter/server"
|
||||||
then
|
then
|
||||||
login=$(cat "${__object}/parameter/login")
|
server=$(cat "${__object}/parameter/server")
|
||||||
else
|
else
|
||||||
login=$__object_id
|
server=$__object_id
|
||||||
fi
|
fi
|
||||||
|
login=$(cat "${__object}/parameter/login")
|
||||||
password=$(cat "${__object}/parameter/password")
|
password=$(cat "${__object}/parameter/password")
|
||||||
server=$(cat "${__object}/parameter/server")
|
|
||||||
|
|
||||||
case $state_should
|
case $state_should
|
||||||
in
|
in
|
||||||
(present)
|
(present)
|
||||||
conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}")
|
conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}")
|
||||||
cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1)
|
cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1)
|
||||||
if echo "$logins" | grep -qxF "${cksum_should}"
|
if echo "$authusers" | grep -qxF "${cksum_should}"
|
||||||
then
|
then
|
||||||
# correct line already present -> nothing to do
|
# correct line already present -> nothing to do
|
||||||
exit 0
|
exit 0
|
||||||
|
@ -44,11 +44,8 @@ in
|
||||||
mode=1
|
mode=1
|
||||||
;;
|
;;
|
||||||
(absent)
|
(absent)
|
||||||
if test -z "$logins"
|
|
||||||
then
|
|
||||||
# no logins present -> nothing to do
|
# no logins present -> nothing to do
|
||||||
exit 0
|
test -n "$authusers" || exit 0
|
||||||
fi
|
|
||||||
|
|
||||||
# NOTE: password is not needed to delete
|
# NOTE: password is not needed to delete
|
||||||
conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "")
|
conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "")
|
||||||
|
@ -66,11 +63,14 @@ read -r CONF_LINE <<'EOL'
|
||||||
${conf_line}
|
${conf_line}
|
||||||
EOL
|
EOL
|
||||||
export CONF_LINE
|
export CONF_LINE
|
||||||
|
export mode=${mode}
|
||||||
|
EOF
|
||||||
|
|
||||||
awk -F: -v print=$mode '
|
cat <<'EOF'
|
||||||
|
awk -F: -v mode=$mode '
|
||||||
BEGIN { split(ENVIRON["CONF_LINE"], conf, ":") }
|
BEGIN { split(ENVIRON["CONF_LINE"], conf, ":") }
|
||||||
$1 == conf[1] {
|
$1 == conf[1] {
|
||||||
if (print && !found) {
|
if (mode && !found) {
|
||||||
# remove duplicates
|
# remove duplicates
|
||||||
print ENVIRON["CONF_LINE"]
|
print ENVIRON["CONF_LINE"]
|
||||||
found = 1
|
found = 1
|
||||||
|
|
|
@ -14,16 +14,16 @@ servers.
|
||||||
|
|
||||||
REQUIRED PARAMETERS
|
REQUIRED PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
|
login
|
||||||
|
The user's LOGIN name on the SMTP server.
|
||||||
password
|
password
|
||||||
The user's password (in plain text.)
|
The user's password (in plain text.)
|
||||||
server
|
|
||||||
The SMTP server on which the login is valid.
|
|
||||||
|
|
||||||
|
|
||||||
OPTIONAL PARAMETERS
|
OPTIONAL PARAMETERS
|
||||||
-------------------
|
-------------------
|
||||||
login
|
server
|
||||||
The user's LOGIN name on the SMTP server. Defaults to `__object_id`.
|
The SMTP server on which the login is valid. Defaults to `__object_id`.
|
||||||
state
|
state
|
||||||
Either `present` or `absent`. Defaults to `present`.
|
Either `present` or `absent`. Defaults to `present`.
|
||||||
|
|
||||||
|
@ -38,13 +38,13 @@ EXAMPLES
|
||||||
.. code-block:: sh
|
.. code-block:: sh
|
||||||
|
|
||||||
# Set the password for smarthost
|
# Set the password for smarthost
|
||||||
__dma_auth joe --server smarthost --password hunter2
|
__dma_auth smarthost.example.com --login joe --password hunter2
|
||||||
|
|
||||||
# Set credentials for user at an external provider
|
# Set credentials for user at an external provider
|
||||||
__dma_auth paul@example.com --server mail.provider.com --password letmein
|
__dma_auth mail.provider.com --login paul@example.com --password letmein
|
||||||
|
|
||||||
# Delete credentials for example.com
|
# Delete credentials for example.com (for all users)
|
||||||
__dma_auth paul --server example.com --state absent
|
__dma_auth example.com --login '' --password '' --state absent
|
||||||
|
|
||||||
SEE ALSO
|
SEE ALSO
|
||||||
--------
|
--------
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
login
|
server
|
||||||
state
|
state
|
||||||
|
|
|
@ -1,2 +1,2 @@
|
||||||
|
login
|
||||||
password
|
password
|
||||||
server
|
|
||||||
|
|
Loading…
Reference in a new issue