[type/__dma_auth] Finish code to rewrite auth.conf

type/__dma_auth/explorer/authusers

@@ -18,7 +18,7 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 # This explorer looks for lines matching the server parameter in dma's auth.conf
-# and reports the login and server fields (password is stripped off)
+# and reports the login and server fields (password is cksummed)
 
 auth_conf=$("${__type_explorer}/auth_conf")
 test -r "${auth_conf}" || exit 0
@@ -47,5 +47,11 @@ BEGIN {
 	} else endpos = length
 }
 
-host == server { print substr($0, 0, endpos) }
+host == server { print endpos, $0 }
-' "${auth_conf}"
+' "${auth_conf}" \
+| while read pos line
+  do
+	  printf '%s:%s\n' \
+		  "$(printf '%s' "$line" | cut -c $((-pos)))" \
+		  "$(printf '%s' "$line" | cut -c $((pos+2))- | cksum | cut -d' ' -f1)"
+  done

type/__dma_auth/gencode-remote

@@ -18,7 +18,6 @@
 # along with cdist. If not, see <http://www.gnu.org/licenses/>.
 #
 
-authusers=$(cat "${__object}/explorer/authusers")
 state_should=$(cat "${__object}/parameter/state")
 
 if test -f "${__object}/parameter/server"
@@ -28,27 +27,26 @@ else
 	server=$__object_id
 fi
 login=$(cat "${__object}/parameter/login")
-password=$(cat "${__object}/parameter/password")
 
 case $state_should
 in
 	(present)
-		conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "${password}")
+		line_should=$(printf '%s|%s:%s\n' \
-		cksum_should=$(echo "${conf_line}" | cksum - | cut -d ' ' -f 1)
+			"${login}" "${server}" \
-		if echo "$authusers" | grep -qxF "${cksum_should}"
+			"$(cksum "${__object}/parameter/password" | cut -d' ' -f1)")
+		if grep -qxF "${line_should}" "${__object}/explorer/authusers"
 		then
 			# correct line already present -> nothing to do
 			exit 0
 		fi
 
+		test -n "${login}" || { echo '--login must be non-empty' >&2; exit 1 }
+
 		mode=1
 	;;
 	(absent)
-		# no logins present -> nothing to do
+		# no matching logins present -> nothing to do
-		test -n "$authusers" || exit 0
+		test -s "${__object}/explorer/authusers" || exit 0
-
-		# NOTE: password is not needed to delete
-		conf_line=$(printf '%s|%s:%s\n' "${login}" "${server}" "")
 
 		mode=0
 		;;
@@ -58,25 +56,65 @@ in
 		;;
 esac
 
+auth_conf=$(cat "${__object}/explorer/auth_conf")
+
+if test -z "${auth_conf}"
+then
+	echo 'Cannot determine path of dma auth.conf' >&2
+	exit 1
+fi
+
 cat <<EOF
-read -r CONF_LINE <<'EOL'
+export auth_conf='${auth_conf}'
-${conf_line}
+export login='${login}'
-EOL
+export server='${server}'
-export CONF_LINE
+mode=${mode}
-export mode=${mode}
 EOF
 
 cat <<'EOF'
-awk -F: -v mode=$mode '
+test -f "${auth_conf}" || touch "${auth_conf}"
-BEGIN { split(ENVIRON["CONF_LINE"], conf, ":") }
+
-$1 == conf[1] {
+awk -F '\n' -v mode=$mode '
-    if (mode && !found) {
+function getpw(    line, path) {
-        # remove duplicates
+	path = (ENVIRON["__object"] "/parameter/password")
-        print ENVIRON["CONF_LINE"]
+	getline line < path
-        found = 1
+	close(path)
-    }
+	return line
-    next
 }
-1' </etc/dma/auth.conf >/etc/dma/auth.conf.tmp \
+
-&& mv /etc/dma/auth.conf.tmp /etc/dma/auth.conf
+BEGIN {
+	DP = "[: \t]"  # copied from dma/conf.c
+}
+
+# skip comments and empty lines
+/^#/ || /^$/ { print; next }
+
+{
+	login = substr($0, 1, index($0, "|") - 1)
+	host = substr($0, length(login) + 2)
+	if (match(host, DP)) {
+		host = substr(host, 1, RSTART - 1)
+		endpos = length(login) + RSTART
+	} else endpos = length
+}
+
+host == ENVIRON["server"] {
+	if (mode) {
+		if (login == ENVIRON["login"] && !written) {
+			printf "%s%s\n", substr($0, 1, endpos+1), getpw()
+			written = 1
+			next
+		}
+	} else if (!ENVIRON["login"] || login == ENVIRON["login"]) next
+}
+
+{ print }
+
+END {
+	if (mode && !written) {
+		printf "%s|%s:%s\n", ENVIRON["login"], ENVIRON["server"], getpw()
+	}
+}
+' <"${auth_conf}" >"${auth_conf}.tmp" \
+ && mv "${auth_conf}.tmp" "${auth_conf}"
 EOF