1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
|
require 'puppet/util/filetype'
class Puppet::Provider::Cron
# This class defines the crontab filetypes
class FileType < Puppet::Util::FileType
class << self
define_method(:base_newfiletype, instance_method(:newfiletype))
# Puppet::Util::FileType.newfiletype will raise an exception if
# an already-defined filetype is re-defined. Unfortunately, there's
# a chance that this file could be loaded multiple times by Puppet's
# autoloader meaning that, without this wrapper, the crontab filetypes
# would be re-defined, causing Puppet to raise an exception.
def newfiletype(name, &block)
return if @filetypes&.key?(name)
base_newfiletype(name, &block)
end
end
# Handle Linux-style cron tabs.
#
# TODO: We can possibly eliminate the "-u <username>" option in cmdbase
# by just running crontab under <username>'s uid (like we do for suntab
# and aixtab). It may be worth investigating this alternative
# implementation in the future. This way, we can refactor all three of
# our cron file types into a common crontab file type.
newfiletype(:crontab) do
def initialize(user) # rubocop:disable Lint/MissingSuper
self.path = user
end
def path=(user)
begin
@uid = Puppet::Util.uid(user)
rescue Puppet::Error => detail
raise FileReadError, _('Could not retrieve user %{user}: %{detail}') % { user: user, detail: detail }, detail.backtrace
end
# XXX We have to have the user name, not the uid, because some
# systems *cough*linux*cough* require it that way
@path = user
end
# Read a specific @path's cron tab.
def read
unless Puppet::Util.uid(@path)
Puppet.debug _('The %{path} user does not exist. Treating their crontab file as empty in case Puppet creates them in the middle of the run.') % { path: @path }
return ''
end
Puppet::Util::Execution.execute("#{cmdbase} -l", failonfail: true, combine: true)
rescue => detail
case detail.to_s
when %r{no crontab for}
''
when %r{are not allowed to}
Puppet.debug _('The %{path} user is not authorized to use cron. Their crontab file is treated as empty in case Puppet authorizes them in the middle of the run (by, for example, modifying the cron.deny or cron.allow files).') % { path: @path }
''
else
raise FileReadError, _('Could not read crontab for %{path}: %{detail}') % { path: @path, detail: detail }, detail.backtrace
end
end
# Remove a specific @path's cron tab.
def remove
cmd = "#{cmdbase} -r"
if ['Darwin', 'FreeBSD', 'DragonFly'].include?(Facter.value('operatingsystem'))
cmd = "/bin/echo yes | #{cmd}"
end
Puppet::Util::Execution.execute(cmd, failonfail: true, combine: true)
end
# Overwrite a specific @path's cron tab; must be passed the @path name
# and the text with which to create the cron tab.
#
# TODO: We should refactor this at some point to make it identical to the
# :aixtab and :suntab's write methods so that, at the very least, the pipe
# is not created and the crontab command's errors are not swallowed.
def write(text)
unless Puppet::Util.uid(@path)
raise Puppet::Error, _("Cannot write the %{path} user's crontab: The user does not exist") % { path: @path }
end
# this file is managed by the OS and should be using system encoding
IO.popen("#{cmdbase} -", 'w', encoding: Encoding.default_external) do |p|
p.print text
end
end
private
# Only add the -u flag when the @path is different. Fedora apparently
# does not think I should be allowed to set the @path to my own user name
def cmdbase
return 'crontab' if @uid == Puppet::Util::SUIDManager.uid || Facter.value(:operatingsystem) == 'HP-UX'
"crontab -u #{@path}"
end
end
# SunOS has completely different cron commands; this class implements
# its versions.
newfiletype(:suntab) do
# Read a specific @path's cron tab.
def read
unless Puppet::Util.uid(@path)
Puppet.debug _('The %{path} user does not exist. Treating their crontab file as empty in case Puppet creates them in the middle of the run.') % { path: @path }
return ''
end
Puppet::Util::Execution.execute(['crontab', '-l'], cronargs)
rescue => detail
case detail.to_s
when %r{can't open your crontab}
''
when %r{you are not authorized to use cron}
Puppet.debug _('The %{path} user is not authorized to use cron. Their crontab file is treated as empty in case Puppet authorizes them in the middle of the run (by, for example, modifying the cron.deny or cron.allow files).') % { path: @path }
''
else
raise FileReadError, _('Could not read crontab for %{path}: %{detail}') % { path: @path, detail: detail }, detail.backtrace
end
end
# Remove a specific @path's cron tab.
def remove
Puppet::Util::Execution.execute(['crontab', '-r'], cronargs)
rescue => detail
raise FileReadError, _('Could not remove crontab for %{path}: %{detail}') % { path: @path, detail: detail }, detail.backtrace
end
# Overwrite a specific @path's cron tab; must be passed the @path name
# and the text with which to create the cron tab.
def write(text)
# this file is managed by the OS and should be using system encoding
output_file = Tempfile.new('puppet_suntab', encoding: Encoding.default_external)
begin
output_file.print text
output_file.close
# We have to chown the stupid file to the user.
File.chown(Puppet::Util.uid(@path), nil, output_file.path)
Puppet::Util::Execution.execute(['crontab', output_file.path], cronargs)
rescue => detail
raise FileReadError, _('Could not write crontab for %{path}: %{detail}') % { path: @path, detail: detail }, detail.backtrace
ensure
output_file.close
output_file.unlink
end
end
end
# Support for AIX crontab with output different than suntab's crontab command.
newfiletype(:aixtab) do
# Read a specific @path's cron tab.
def read
unless Puppet::Util.uid(@path)
Puppet.debug _('The %{path} user does not exist. Treating their crontab file as empty in case Puppet creates them in the middle of the run.') % { path: @path }
return ''
end
Puppet::Util::Execution.execute(['crontab', '-l'], cronargs)
rescue => detail
case detail.to_s
when %r{open.*in.*directory}
''
when %r{not.*authorized.*cron}
Puppet.debug _('The %{path} user is not authorized to use cron. Their crontab file is treated as empty in case Puppet authorizes them in the middle of the run (by, for example, modifying the cron.deny or cron.allow files).') % { path: @path }
''
else
raise FileReadError, _('Could not read crontab for %{path}: %{detail}') % { path: @path, detail: detail }, detail.backtrace
end
end
# Remove a specific @path's cron tab.
def remove
Puppet::Util::Execution.execute(['crontab', '-r'], cronargs)
rescue => detail
raise FileReadError, _('Could not remove crontab for %{path}: %{detail}') % { path: @path, detail: detail }, detail.backtrace
end
# Overwrite a specific @path's cron tab; must be passed the @path name
# and the text with which to create the cron tab.
def write(text)
# this file is managed by the OS and should be using system encoding
output_file = Tempfile.new('puppet_aixtab', encoding: Encoding.default_external)
begin
output_file.print text
output_file.close
# We have to chown the stupid file to the user.
File.chown(Puppet::Util.uid(@path), nil, output_file.path)
Puppet::Util::Execution.execute(['crontab', output_file.path], cronargs)
rescue => detail
raise FileReadError, _('Could not write crontab for %{path}: %{detail}') % { path: @path, detail: detail }, detail.backtrace
ensure
output_file.close
output_file.unlink
end
end
end
end
end
|
