author | saurabh.vyas@oracle.com |
Thu, 09 Mar 2017 10:47:46 -0800 | |
branch | s11u3-sru |
changeset 7764 | be0c0ee57436 |
permissions | -rw-r--r-- |
7764
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
1 |
This bug is fixed upstream as : |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
2 |
https://tickets.puppetlabs.com/browse/PUP-229 |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
3 |
|
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
4 |
---- |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
5 |
From 6940de68efcc97a0af946f62ebfbfe53ad410d5d Mon Sep 17 00:00:00 2001 |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
6 |
From: Rahul Gopinath <[email protected]> |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
7 |
Date: Thu, 14 Aug 2014 18:38:19 -0700 |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
8 |
Subject: [PATCH] (PUP 229) Fix /etc/shadow parsing so that max/min_age is |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
9 |
reported correctly |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
10 |
|
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
11 |
Before this patch, parsing /etc/shadow, when empty trailing fields were |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
12 |
present, they were discarded, and inturn a nil check was used to ensure that |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
13 |
the fields did not exist. However, this ran into trouble when a value was |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
14 |
appended to the end, causing all the empty fields to be returned as empty |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
15 |
strings instead, failing the nil checks. |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
16 |
|
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
17 |
This patch ensures that all empty fields are returned as empty strings, and |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
18 |
a check for empty string is used to check whether the field exists or not. |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
19 |
--- |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
20 |
|
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
21 |
--- puppet-3.6.2/lib/puppet/provider/user/user_role_add.rb.orig |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
22 |
+++ puppet-3.6.2/lib/puppet/provider/user/user_role_add.rb |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
23 |
@@ -177,7 +177,8 @@ |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
24 |
return @shadow_entry if defined? @shadow_entry |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
25 |
@shadow_entry = File.readlines(target_file_path). |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
26 |
reject { |r| r =~ /^[^\w]/ }. |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
27 |
- collect { |l| l.chomp.split(':') }. |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
28 |
+ # PUP-229 dont suppress the empty fields |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
29 |
+ collect { |l| l.chomp.split(':', -1) }. |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
30 |
find { |user, _| user == @resource[:name] } |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
31 |
end |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
32 |
|
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
33 |
@@ -186,12 +187,12 @@ |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
34 |
end |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
35 |
|
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
36 |
def password_min_age |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
37 |
- shadow_entry ? shadow_entry[3] : :absent |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
38 |
+ shadow_entry[3].empty? ? -1 : shadow_entry[3] |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
39 |
end |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
40 |
|
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
41 |
def password_max_age |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
42 |
return :absent unless shadow_entry |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
43 |
- shadow_entry[4] || -1 |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
44 |
+ shadow_entry[4].empty? ? -1 : shadow_entry[4] |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
45 |
end |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
46 |
|
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
47 |
# Read in /etc/shadow, find the line for our used and rewrite it with the |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
48 |
|
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
49 |
--- puppet-3.6.2/spec/unit/provider/user/user_role_add_spec.rb.orig |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
50 |
+++ puppet-3.6.2/spec/unit/provider/user/user_role_add_spec.rb |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
51 |
@@ -317,7 +317,7 @@ def write_fixture(content) |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
52 |
describe "#shadow_entry" do |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
53 |
it "should return the line for the right user" do |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
54 |
File.stubs(:readlines).returns(["someuser:!:10:5:20:7:1::\n", "fakeval:*:20:10:30:7:2::\n", "testuser:*:30:15:40:7:3::\n"]) |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
55 |
- provider.shadow_entry.should == ["fakeval", "*", "20", "10", "30", "7", "2"] |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
56 |
+ provider.shadow_entry.should == ["fakeval", "*", "20", "10", "30", "7", "2", "", ""] |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
57 |
end |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
58 |
end |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
59 |
|
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
60 |
@@ -331,5 +331,27 @@ def write_fixture(content) |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
61 |
File.stubs(:readlines).returns(["fakeval:NP:12345::::::\n"]) |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
62 |
provider.password_max_age.should == -1 |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
63 |
end |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
64 |
+ |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
65 |
+ it "should return -1 for no maximum when failed attempts are present" do |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
66 |
+ File.stubs(:readlines).returns(["fakeval:NP:12345::::::3\n"]) |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
67 |
+ provider.password_max_age.should == -1 |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
68 |
+ end |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
69 |
+ end |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
70 |
+ |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
71 |
+ describe "#password_min_age" do |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
72 |
+ it "should return a minimum age number" do |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
73 |
+ File.stubs(:readlines).returns(["fakeval:NP:12345:10:50::::\n"]) |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
74 |
+ provider.password_min_age.should == "10" |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
75 |
+ end |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
76 |
+ |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
77 |
+ it "should return -1 for no minimum" do |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
78 |
+ File.stubs(:readlines).returns(["fakeval:NP:12345::::::\n"]) |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
79 |
+ provider.password_min_age.should == -1 |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
80 |
+ end |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
81 |
+ |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
82 |
+ it "should return -1 for no minimum when failed attempts are present" do |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
83 |
+ File.stubs(:readlines).returns(["fakeval:NP:12345::::::3\n"]) |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
84 |
+ provider.password_min_age.should == -1 |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
85 |
+ end |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
86 |
end |
be0c0ee57436
24929333 puppet: user resource's "password_max_age" parameter doesn't understand -1
saurabh.vyas@oracle.com
parents:
diff
changeset
|
87 |
end |