Commit Graph

11 Commits (4caef8413e4c2cc93fdc3958fbfd6476436afd48)

Author SHA1 Message Date
Christopher Gadd 3267b204da [stable-2.6] make password locking in user module idempotent (#43671)
* Simplify logic and add FreeBSD & NetBSD

* Remove incorrect flag for lock and unlock on FreeBSD

* Add tests and changelog

Co-authored-by: Chris Gadd <gaddman@email.com>
(cherry picked from commit f75a84e382)

Co-authored-by: Christopher Gadd <gaddman@email.com>
6 years ago
Martin Krizek f50cc0b8cb 2.6: user: do not pass ssh_key_passphrase on cmdline (#47487)
* user: do not pass ssh_key_passphrase on cmdline

* user: do not pass ssh_key_passphrase on cmdline

CVE-2018-16837

Co-authored-by: Toshio Kuratomi <a.badger@gmail.com>
(cherry picked from commit a0aa53d1a1)

* Ignore user module use of subprocess.

(cherry picked from commit 8d00afc013)

* Fix python3 problem in user module cve fix

(cherry picked from commit 9088671c4e)

* Fix changelog entry for user module CVE fix

(cherry picked from commit 210a43ebeb)
(cherry picked from commit b618339c32)

* Remove E210
6 years ago
Sam Doran 5a26560cca Properly un expire account on creation (#44174)
When creating a new account, check to see if the expiration parameter is negative and pass in the appropriate parameter. Since the negative integer passed into expires is converted to time.struct_time which in turn gets converted to a formatted time string when passed to the underlying command, a -1 or large negative number would result in passing a date before 1970-01-01 to the underlying command.

This had the opposite effect of creating an account with no expiration account resulting in a newly created account that was already expired, or just throwing an error on certain systems.

(cherry picked from commit df335d91b0)
6 years ago
Sam Doran 2267ba2f05 Only report change when home directory is different on FreeBSD (#42865)
* Only report change when home directory is different

Add tests with home: parameter

Have to skip macOS for now since there is a bug when specifying the home directory path for an existing user that results in a module failure. That needs to be fixed in a separate PR.

(cherry picked from commit 0ca61e9d87)
6 years ago
Brian Coca 677fe1076d
User unexpire (#39758)
* Allow negative values to expires to unexpire a user

Fixes #20096

(cherry picked from commit 34f8080a19)
(cherry picked from commit 54619f70f4)
(cherry picked from commit 8c2fae27d6)
(cherry picked from commit db1a32f8ca)

* tweaked and normalized

 - also added tests, made checking resilient
7 years ago
Sam Doran 5a6bdef76b Only change expiration date if it is different (#38885)
* Only change expiration date if it is different

Modify user_info() method to also return the password expiration.
Compare current and desired expiration times and only change if they are different.

* Improve formatting on user tests

* Add integration test for expiration

* Add changelog fragment

* Improve integration test

Skip macOS and use getent module for validating expiration date.

* Fix expiration change for FreeBSD

* Don't use datetime since the total_seconds method isn't available on CentOS 6

* Use better name for expiration index field

Use separate tasks for verifying expiration date on BSD

* Use calendar.timegm() rather than time.mktime()

calendar.timegm() is the inverse of time.gmtime() and returns a timestamp in UTC not localtime
Add tests that change the system timezone away from UTC

* Mark tests as destructive and use test for change status

* Fix account expiration for FreeBSD

Use DATE_FORMAT when setting expiration date on FreeBSD. Previously the argument passed to -e was an integer of days since epoch when the account will expire which was inserted directly into master.passwd. This value is interpreted as seconds since epoch by the system, meaning the account expiration was actually set to a few hours past epoch.

Greatly simply comparing desired  and current expiration time by using the first three values of the struct_time tuple rather than doing a whole bunch of manipulations of the seconds since epoch.
7 years ago
Matt Clay 9599630976
Fixes for dnf and user integration tests. (#34603)
* Fix user test.
* Use `dnf` instead of `yum` in dnf test.
* Install correct version of rpmfluff for tests.
7 years ago
Matt Martz 4fe08441be Deprecate tests used as filters (#32361)
* Warn on tests used as filters

* Update docs, add aliases for tests that fit more gramatically with test syntax

* Fix rst formatting

* Add successful filter, alias of success

* Remove renamed_deprecation, it was overkill

* Make directory alias for is_dir

* Update tests to use proper jinja test syntax

* Update additional documentation, living outside of YAML files, to reflect proper jinja test syntax

* Add conversion script, porting guide updates, and changelog updates

* Update newly added uses of tests as filters

* No underscore variable

* Convert recent tests as filter changes to win_stat

* Fix some changes related to rebasing a few integration tests

* Make tests_as_filters_warning explicitly accept the name of the test, instead of inferring the name

* Add test for tests_as_filters_warning

* Update tests as filters in newly added/modified tests

* Address recent changes to several integration tests

* Address recent changes in cs_vpc
7 years ago
Reid Wahl 5f90169d73 modules/system/user.py: Change createhome to create_home (#30179) 7 years ago
Martin Krizek 32d6b1d0e0 user: fix default non-system user's shell on macOS 7 years ago
jctanner e9c2546ffe Add integration test targets for core supported modules (#24217)
A preliminary set of test targets for "core" supported module that had no independent tests. These will also help us ensure python3 compatibility for those modules and prevent future regressions.
8 years ago