Commit c05d0854 authored by Alex Tayts's avatar Alex Tayts
Browse files

check keytab contents only if it is really a keytab

parent ab40a971
......@@ -21,27 +21,29 @@ Puppet::Type.type(:wallet).provide(:wallet) do
return true if @resource[:ensure] == :absent
# if file is a keytab, read what's in it
begin
if @resource[:hiemdal] == :true
# Heimdal Kerberos is installed
princs = ktutil("-k", @resource[:path], "list").split("/n")
else
# MIT Kerberos is installed
princs = klist("-k", @resource[:path]).split("/n")
end
if @resource[:type].to_s == "keytab"
begin
if @resource[:hiemdal] == :true
# Heimdal Kerberos is installed
princs = ktutil("-k", @resource[:path], "list").split("/n")
else
# MIT Kerberos is installed
princs = klist("-k", @resource[:path]).split("/n")
end
# Check if a principal we need is present. If absent,
# we do not need further verification
return (princs.any? { |s| s.include?(@resource[:name]) })
rescue
# Keytab is damaged, get it out of the way
# and require a refresh from wallet.
Puppet.notice("#{@resource.instance_variable_get(:@path)}: keytab '#{@resource[:path]}' is damaged. Renaming to '#{@resource[:path]}.bad'")
File.rename(@resource[:path], "#{@resource[:path]}.bad")
return false
# Check if a principal we need is present. If absent,
# we do not need further verification
return (princs.any? { |s| s.include?(@resource[:name]) })
rescue
# Keytab is damaged, get it out of the way
# and require a refresh from wallet.
Puppet.notice("#{@resource.instance_variable_get(:@path)}: keytab '#{@resource[:path]}' is damaged. Renaming to '#{@resource[:path]}.bad'")
File.rename(@resource[:path], "#{@resource[:path]}.bad")
return false
end
end
if (@resource[:verify] == :true)
if @resource[:verify] == :true
if @resource[:type].to_s == "keytab"
begin
# try to get a ticket with the keytab
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment