diff --git a/type/__dma_auth/explorer/authusers b/type/__dma_auth/explorer/authusers
index 5fc6b4e..db83482 100755
--- a/type/__dma_auth/explorer/authusers
+++ b/type/__dma_auth/explorer/authusers
@@ -18,7 +18,7 @@
# along with cdist. If not, see .
#
# This explorer looks for lines matching the server parameter in dma's auth.conf
-# and reports the login and server fields (password is stripped off)
+# and reports the login and server fields (password is cksummed)
auth_conf=$("${__type_explorer}/auth_conf")
test -r "${auth_conf}" || exit 0
@@ -47,5 +47,11 @@ BEGIN {
} else endpos = length
}
-host == server { print substr($0, 0, endpos) }
-' "${auth_conf}"
+host == server { print endpos, $0 }
+' "${auth_conf}" \
+| while read pos line
+ do
+ printf '%s:%s\n' \
+ "$(printf '%s' "$line" | cut -c $((-pos)))" \
+ "$(printf '%s' "$line" | cut -c $((pos+2))- | cksum | cut -d' ' -f1)"
+ done
diff --git a/type/__dma_auth/gencode-remote b/type/__dma_auth/gencode-remote
index 989e176..d75d611 100755
--- a/type/__dma_auth/gencode-remote
+++ b/type/__dma_auth/gencode-remote
@@ -18,7 +18,6 @@
# along with cdist. If not, see .
#
-authusers=$(cat "${__object}/explorer/authusers")
state_should=$(cat "${__object}/parameter/state")
if test -f "${__object}/parameter/server"
@@ -28,27 +27,26 @@ else
server=$__object_id
fi
login=$(cat "${__object}/parameter/login")
-password=$(cat "${__object}/parameter/password")
case $state_should
in
(present)
- conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}")
- cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1)
- if echo "$authusers" | grep -qxF "${cksum_should}"
+ line_should=$(printf '%s|%s:%s\n' \
+ "${login}" "${server}" \
+ "$(cksum "${__object}/parameter/password" | cut -d' ' -f1)")
+ if grep -qxF "${line_should}" "${__object}/explorer/authusers"
then
# correct line already present -> nothing to do
exit 0
fi
+ test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1 }
+
mode=1
;;
(absent)
- # no logins present -> nothing to do
- test -n "$authusers" || exit 0
-
- # NOTE: password is not needed to delete
- conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "")
+ # no matching logins present -> nothing to do
+ test -s "${__object}/explorer/authusers" || exit 0
mode=0
;;
@@ -58,25 +56,65 @@ in
;;
esac
+auth_conf=$(cat "${__object}/explorer/auth_conf")
+
+if test -z "${auth_conf}"
+then
+ echo 'Cannot determine path of dma auth.conf' >&2
+ exit 1
+fi
+
cat </etc/dma/auth.conf.tmp \
-&& mv /etc/dma/auth.conf.tmp /etc/dma/auth.conf
+
+BEGIN {
+ DP = "[: \t]" # copied from dma/conf.c
+}
+
+# skip comments and empty lines
+/^#/ || /^$/ { print; next }
+
+{
+ login = substr($0, 1, index($0, "|") - 1)
+ host = substr($0, length(login) + 2)
+ if (match(host, DP)) {
+ host = substr(host, 1, RSTART - 1)
+ endpos = length(login) + RSTART
+ } else endpos = length
+}
+
+host == ENVIRON["server"] {
+ if (mode) {
+ if (login == ENVIRON["login"] && !written) {
+ printf "%s%s\n", substr($0, 1, endpos+1), getpw()
+ written = 1
+ next
+ }
+ } else if (!ENVIRON["login"] || login == ENVIRON["login"]) next
+}
+
+{ print }
+
+END {
+ if (mode && !written) {
+ printf "%s|%s:%s\n", ENVIRON["login"], ENVIRON["server"], getpw()
+ }
+}
+' <"${auth_conf}" >"${auth_conf}.tmp" \
+ && mv "${auth_conf}.tmp" "${auth_conf}"
EOF