# Plug-in type for handling k5keytab files# Derived from builtin .k5login type.

1. # Plug-in type for handling k5keytab files
2. # Derived from builtin .k5login type.
3. # Caveat: Needs running in interactive session, since kadmin will need password for admin/admin.
4.  
5. Puppet::Type.newtype(:k5keytab) do
6. @doc = "Manage the `k5keytab` file for a user. Specify the full path to
7. the `k5keytab` file as the name and the principals you want in the key."
8. ensurable
9.  
10. # Principals that should exist in the file
11. newproperty(:principals, :array_matching => :all) do
12. desc "The principals present in the `k5keytab` file."
13. end
14.  
15. # The path/name of the k5keytab file
16. newparam(:path) do
17. isnamevar
18. desc "The path to the file to manage. Must be fully qualified."
19.  
20. validate do |value|
21. unless value =~ /^#{File::SEPARATOR}/
22. raise Puppet::Error, "File paths must be fully qualified"
23. end
24. end
25. end
26.  
27. newparam(:enc) do
28. desc "The encoding-type of generated keys."
29. defaultto { "des3-hmac-sha1:normal" }
30. end
31.  
32. # To manage the mode of the file
33. newproperty(:mode) do
34. desc "Manage the k5keytab file's mode"
35. defaultto { "644" }
36. end
37.  
38. provide(:k5keytab) do
39. desc "The k5keytab provider is the only provider for the k5keytab type."
40.  
41. # Does this file exist?
42. def exists?
43. File.exists?(@resource[:name])
44. end
45.  
46. # create the file
47. def create
48. write(@resource.should(:principals))
49. should_mode = @resource.should(:mode)
50. unless self.mode == should_mode
51. self.mode = should_mode
52. end
53. end
54.  
55. # remove the file
56. def destroy
57. File.unlink(@resource[:name])
58. end
59.  
60. # Return the principals
61. def principals()
62. if File.exists?(@resource[:name])
63. IO.popen("klist -ek '#{@resource[:name]}'").collect { |line|
64. m = /^\s*(\d+)\s+(\S+)/.match(line)
65. m && m[2]
66. }.compact
67. else
68. :absent
69. end
70. end
71.  
72. # Write the principals out to the k5keytab file
73. def principals=(value)
74. write(value)
75. end
76.  
77. # Return the mode as an octal string, not as an integer
78. def mode
79. "%o" % (File.stat(@resource[:name]).mode & 007777)
80. end
81.  
82. # Set the file mode, converting from a string to an integer.
83. def mode=(value)
84. File.chmod(Integer("0#{value}"), @resource[:name])
85. end
86.  
87. private
88. def write(princs)
89. destroy if File.exists?(@resource[:name])
90. princs = princs.join(" ")
91. enc = @resource.value(:enc)
92. print "Generating krb-keys (#{enc}) for #{princs}. Type Kerberos Admin Passwd now.\n"
93. `kadmin -q 'ktadd -k "#{@resource[:name]}" -e #{enc} #{princs}'`
94. end
95. end
96. end