Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Plug-in type for handling k5keytab files
- # Derived from builtin .k5login type.
- # Caveat: Needs running in interactive session, since kadmin will need password for admin/admin.
- Puppet::Type.newtype(:k5keytab) do
- @doc = "Manage the `k5keytab` file for a user. Specify the full path to
- the `k5keytab` file as the name and the principals you want in the key."
- ensurable
- # Principals that should exist in the file
- newproperty(:principals, :array_matching => :all) do
- desc "The principals present in the `k5keytab` file."
- end
- # The path/name of the k5keytab file
- newparam(:path) do
- isnamevar
- desc "The path to the file to manage. Must be fully qualified."
- validate do |value|
- unless value =~ /^#{File::SEPARATOR}/
- raise Puppet::Error, "File paths must be fully qualified"
- end
- end
- end
- newparam(:enc) do
- desc "The encoding-type of generated keys."
- defaultto { "des3-hmac-sha1:normal" }
- end
- # To manage the mode of the file
- newproperty(:mode) do
- desc "Manage the k5keytab file's mode"
- defaultto { "644" }
- end
- provide(:k5keytab) do
- desc "The k5keytab provider is the only provider for the k5keytab type."
- # Does this file exist?
- def exists?
- File.exists?(@resource[:name])
- end
- # create the file
- def create
- write(@resource.should(:principals))
- should_mode = @resource.should(:mode)
- unless self.mode == should_mode
- self.mode = should_mode
- end
- end
- # remove the file
- def destroy
- File.unlink(@resource[:name])
- end
- # Return the principals
- def principals()
- if File.exists?(@resource[:name])
- IO.popen("klist -ek '#{@resource[:name]}'").collect { |line|
- m = /^\s*(\d+)\s+(\S+)/.match(line)
- m && m[2]
- }.compact
- else
- :absent
- end
- end
- # Write the principals out to the k5keytab file
- def principals=(value)
- write(value)
- end
- # Return the mode as an octal string, not as an integer
- def mode
- "%o" % (File.stat(@resource[:name]).mode & 007777)
- end
- # Set the file mode, converting from a string to an integer.
- def mode=(value)
- File.chmod(Integer("0#{value}"), @resource[:name])
- end
- private
- def write(princs)
- destroy if File.exists?(@resource[:name])
- princs = princs.join(" ")
- enc = @resource.value(:enc)
- print "Generating krb-keys (#{enc}) for #{princs}. Type Kerberos Admin Passwd now.\n"
- `kadmin -q 'ktadd -k "#{@resource[:name]}" -e #{enc} #{princs}'`
- end
- end
- end
Add Comment
Please, Sign In to add comment