Puppet::Util::secure_open("/tmp/daemonout", "w") { |f|

      Puppet::Util::replace_file("/tmp/daemonout", 0644) do |f|

      }

      end

      Puppet::Util.secure_open("/tmp/daemonout", "w") { |f|

      Puppet::Util.replace_file("/tmp/daemonout", 0644) { |f|

    @shadow_entry = File.readlines("/etc/shadow").reject { |r| r =~ /^[^\w]/ }.collect { |l| l.chomp.split(':') }.find { |user, _| user == @resource[:name] }

    @shadow_entry = File.readlines(target_file_path).

      reject { |r| r =~ /^[^\w]/ }.

      collect { |l| l.chomp.split(':') }.

      find { |user, _| user == @resource[:name] }

  #Read in /etc/shadow, find the line for our used and rewrite it with the new pw

  # Read in /etc/shadow, find the line for our used and rewrite it with the

  #Smooth like 80 grit

  # new pw.  Smooth like 80 grit sandpaper.

  #

  # Now uses the `replace_file` mechanism to minimize the chance that we lose

  # data, but it is still terrible.  We still skip platform locking, so a

  # concurrent `vipw -s` session will have no idea we risk data loss.

      File.open("/etc/shadow", "r") do |shadow|

      shadow = File.read(target_file_path)

        File.open("/etc/shadow_tmp", "w", 0600) do |shadow_tmp|

          while line = shadow.gets

      # Go Mifune loves the race here where we can lose data because

            line_arr = line.split(':')

      # /etc/shadow changed between reading it and writing it.

            if line_arr[0] == @resource[:name]

      # --daniel 2012-02-05

              line_arr[1] = cryptopw

      Puppet::Util.replace_file(target_file_path, 0640) do |fh|

              line = line_arr.join(':')

        shadow.each_line do |line|

            end

          line_arr = line.split(':')

            shadow_tmp.print line

          if line_arr[0] == @resource[:name]

            line_arr[1] = cryptopw

            line = line_arr.join(':')

      fail "Could not write temporary shadow file: #{detail}"

      fail "Could not write replace #{target_file_path}: #{detail}"

    ensure

      # Make sure this *always* gets deleted

      File.unlink("/etc/shadow_tmp") if File.exist?("/etc/shadow_tmp")

    Puppet::Util.secure_open(file, "w") { |f| f.print YAML.dump(data) }

    Puppet::Util.replace_file(file, 0644) { |f| f.print YAML.dump(data) }

      Puppet::Util.secure_open(@resource[:name], "w") do |f|

      Puppet::Util.replace_file(@resource[:name], 0644) do |f|

        f.puts value.join("\n")

        f.puts value

          Puppet::Util::SUIDManager.change_group(arguments[:gid], true) if arguments[:gid]

          Puppet::Util::SUIDManager.change_privileges(arguments[:uid], arguments[:gid], true)

          Puppet::Util::SUIDManager.change_user(arguments[:uid], true) if arguments[:uid]

  def secure_open(file,must_be_w,&block)

  # Replace a file, securely.  This takes a block, and passes it the file

    raise Puppet::DevError,"secure_open only works with mode 'w'" unless must_be_w == 'w'

  # handle of a file open for writing.  Write the replacement content inside

    raise Puppet::DevError,"secure_open only requires a block"    unless block_given?

  # the block and it will safely replace the target file.

    Puppet.warning "#{file} was a symlink to #{File.readlink(file)}" if File.symlink?(file)

  #

    if File.exists?(file) or File.symlink?(file)

  # This method will make no changes to the target file until the content is

      wait = File.symlink?(file) ? 5.0 : 0.1

  # successfully written and the block returns without raising an error.

      File.delete(file)

  #

      sleep wait # give it a chance to reappear, just in case someone is actively trying something.

  # As far as possible the state of the existing file, such as mode, is

  # preserved.  This works hard to avoid loss of any metadata, but will result

  # in an inode change for the file.

  #

  # Arguments: `filename`, `default_mode`

  #

  # The filename is the file we are going to replace.

  #

  # The default_mode is the mode to use when the target file doesn't already

  # exist; if the file is present we copy the existing mode/owner/group values

  # across.

  def replace_file(file, default_mode, &block)

    raise Puppet::DevError, "replace_file requires a block" unless block_given?

    file     = Pathname(file)

    tempfile = Tempfile.new(file.basename.to_s, file.dirname.to_s)

    file_exists = file.exist?

    # If the file exists, use its current mode/owner/group. If it doesn't, use

    # the supplied mode, and default to current user/group.

    if file_exists

      stat = file.lstat

      # We only care about the four lowest-order octets. Higher octets are

      # filesystem-specific.

      mode = stat.mode & 07777

      uid = stat.uid

      gid = stat.gid

    else

      mode = default_mode

      uid = Process.euid

      gid = Process.egid

      File.open(file,File::CREAT|File::EXCL|File::TRUNC|File::WRONLY,&block)

      tempfile.fsync

    rescue Errno::EEXIST

    rescue NotImplementedError

      desc = File.symlink?(file) ? "symlink to #{File.readlink(file)}" : File.stat(file).ftype

      # fsync may not be implemented by Ruby on all platforms, but

      puts "Warning: #{file} was apparently created by another process (as"

      # there is absolutely no recovery path if we detect that.  So, we just

      puts "a #{desc}) as soon as it was deleted by this process.  Someone may be trying"

      # ignore the return code.

      puts "to do something objectionable (such as tricking you into overwriting system"

      #

      puts "files if you are running as root)."

      # However, don't be fooled: that is accepting that we are running in

      raise

      # an unsafe fashion.  If you are porting to a new platform don't stub

      # that out.

  module_function :secure_open

  module_function :replace_file

    Puppet::Util.secure_open("/tmp/puppetdoc.txt", "w") do |f|

    rst2latex = which('rst2latex') || which('rst2latex.py') ||

      f.puts text

      raise("Could not find rst2latex")

    end

    rst2latex = which('rst2latex') || which('rst2latex.py') || raise("Could not find rst2latex")

    Puppet::Util.secure_open("/tmp/puppetdoc.tex","w") do |f|

    Puppet::Util.replace_file("/tmp/puppetdoc.txt") {|f| f.puts text }

      # If we get here without an error, /tmp/puppetdoc.tex isn't a tricky cracker's symlink

    # There used to be an attempt to use secure_open / replace_file to secure

    end

    # the target, too, but that did nothing: the race was still here.  We can

    # get exactly the same benefit from running this effort:

    File.unlink('/tmp/puppetdoc.tex') rescue nil

  # Runs block setting uid and gid if provided then restoring original ids

  # Methods to handle changing uid/gid of the running process. In general,

  # these will noop or fail on Windows, and require root to change to anything

  # but the current uid/gid (which is a noop).

  # Runs block setting euid and egid if provided then restoring original ids.

  # If running on Windows or without root, the block will be run with the

  # current euid/egid.

    return yield if Puppet.features.microsoft_windows? or !root?

    return yield if Puppet.features.microsoft_windows?

    return yield unless root?

    return yield unless new_uid or new_gid

      change_group(new_gid) if new_gid

      change_privileges(new_uid, new_gid, false)

      change_user(new_uid) if new_uid

      change_group(old_egid)

      change_privileges(new_uid ? old_euid : nil, old_egid, false)

      change_user(old_euid)

      begin

      Process::GID.change_privilege(gid)

        Process::GID.change_privilege(gid)

      rescue NotImplementedError

        Process.egid = gid

        Process.gid  = gid

      end

      begin

      # If changing uid, we must be root. So initgroups first here.

        Process::UID.change_privilege(uid)

      initgroups(uid)

      rescue NotImplementedError

        # If changing uid, we must be root. So initgroups first here.

      Process::UID.change_privilege(uid)

        initgroups(uid)

        Process.euid = uid

        Process.uid  = uid

      end

      # If we're already root, initgroups before changing euid. If we're not,

      # We must be root to initgroups, so initgroups before dropping euid if

      # we're root, otherwise elevate euid before initgroups.

  # Initialize supplementary groups

  # Initialize primary and supplemental groups to those of the target user.  We

  def initgroups(user)

  # take the UID and manually look up their details in the system database,

    require 'etc'

  # including username and primary group. This method will fail on Windows, or

    Process.initgroups(Etc.getpwuid(user).name, Process.gid)

  # if used without root to initgroups of another user.

  def initgroups(uid)

    pwent = Etc.getpwuid(uid)

    Process.initgroups(pwent.name, pwent.gid)

    #how can you mock these blocks up?

    let(:path) { tmpfile('etc-shadow') }

    it "should open /etc/shadow for reading and /etc/shadow_tmp for writing" do

      File.expects(:open).with("/etc/shadow", "r")

    before :each do

      File.stubs(:rename)

      @provider.stubs(:target_file_path).returns(path)

      @provider.password=("hashedpassword")

    end

    end

    def write_fixture(content)

    it "should rename the /etc/shadow_tmp to /etc/shadow" do

      File.open(path, 'w') { |f| f.print(content) }

      File.stubs(:open).with("/etc/shadow", "r")

    end

      File.expects(:rename).with("/etc/shadow_tmp", "/etc/shadow")

      @provider.password=("hashedpassword")

    it "should update the target user" do

      write_fixture <<FIXTURE

fakeval:seriously:15315:0:99999:7:::

FIXTURE

      @provider.password = "totally"

      File.read(path).should =~ /^fakeval:totally:/

    end

    it "should only update the target user" do

      write_fixture <<FIXTURE

before:seriously:15315:0:99999:7:::

fakeval:seriously:15315:0:99999:7:::

fakevalish:seriously:15315:0:99999:7:::

after:seriously:15315:0:99999:7:::

FIXTURE

      @provider.password = "totally"

      File.read(path).should == <<EOT

before:seriously:15315:0:99999:7:::

fakeval:totally:15315:0:99999:7:::

fakevalish:seriously:15315:0:99999:7:::

after:seriously:15315:0:99999:7:::

EOT

    end

    # This preserves the current semantics, but is it right? --daniel 2012-02-05

    it "should do nothing if the target user is missing" do

      fixture = <<FIXTURE

before:seriously:15315:0:99999:7:::

fakevalish:seriously:15315:0:99999:7:::

after:seriously:15315:0:99999:7:::

FIXTURE

      write_fixture fixture

      @provider.password = "totally"

      File.read(path).should == fixture

    Puppet::Util::SUIDManager.stubs(:initgroups)

    pwent = stub('pwent', :name => 'fred', :uid => 42, :gid => 42)

    Etc.stubs(:getpwuid).with(42).returns(pwent)

      Process.stubs("#{id}=").with {|value| xids[id] = value}

      Process.stubs("#{id}=").with {|value| xids[id] = value }

    end

  end

  describe "#initgroups" do

    it "should use the primary group of the user as the 'basegid'" do

      Process.expects(:initgroups).with('fred', 42)

      described_class.initgroups(42)

    it "should set euid/egid when root" do

    it "should not get or set euid/egid when not root" do

      Process.stubs(:uid).returns(0)

      Process.stubs(:uid).returns(1)

      Puppet::Util::SUIDManager.stubs(:convert_xid).with(:gid, 51).returns(51)

      Puppet::Util::SUIDManager.asuser(user[:uid], user[:gid]) {}

      Puppet::Util::SUIDManager.stubs(:convert_xid).with(:uid, 50).returns(50)

      xids.should be_empty

    end

      yielded = false

    context "when root and not windows" do

      Puppet::Util::SUIDManager.asuser(user[:uid], user[:gid]) do

      before :each do

        xids[:egid].should == user[:gid]

        Process.stubs(:uid).returns(0)

        xids[:euid].should == user[:uid]

        Puppet.features.stubs(:microsoft_windows?).returns(false)

        yielded = true

      xids[:egid].should == 51

      it "should set euid/egid when root" do

      xids[:euid].should == 50

        Process.stubs(:uid).returns(0)

      # It's possible asuser could simply not yield, so the assertions in the

        Process.stubs(:egid).returns(51)

      # block wouldn't fail. So verify those actually got checked.

        Process.stubs(:euid).returns(50)

      yielded.should be_true

    end

    it "should not get or set euid/egid when not root" do

        Puppet::Util::SUIDManager.stubs(:convert_xid).with(:gid, 51).returns(51)

      Process.stubs(:uid).returns(1)

        Puppet::Util::SUIDManager.stubs(:convert_xid).with(:uid, 50).returns(50)

        Puppet::Util::SUIDManager.stubs(:initgroups).returns([])

      Process.stubs(:egid).returns(51)

        yielded = false

      Process.stubs(:euid).returns(50)

        Puppet::Util::SUIDManager.asuser(user[:uid], user[:gid]) do

          xids[:egid].should == user[:gid]

          xids[:euid].should == user[:uid]

          yielded = true

        end

      Puppet::Util::SUIDManager.asuser(user[:uid], user[:gid]) {}

        xids[:egid].should == 51

        xids[:euid].should == 50

      xids.should be_empty

        # It's possible asuser could simply not yield, so the assertions in the

        # block wouldn't fail. So verify those actually got checked.

        yielded.should be_true

      end

      it "should just yield if user and group are nil" do

        yielded = false

        Puppet::Util::SUIDManager.asuser(nil, nil) { yielded = true }

        yielded.should be_true

        xids.should == {}

      end

      it "should just change group if only group is given" do

        yielded = false

        Puppet::Util::SUIDManager.asuser(nil, 42) { yielded = true }

        yielded.should be_true

        xids.should == { :egid => 42 }

      end

      it "should change gid to the primary group of uid by default" do

        Process.stubs(:initgroups)

        yielded = false

        Puppet::Util::SUIDManager.asuser(42) { yielded = true }

        yielded.should be_true

        xids.should == { :euid => 42, :egid => 42 }

      end

      it "should change both uid and gid if given" do

        # I don't like the sequence, but it is the only way to assert on the

        # internal behaviour in a reliable fashion, given we need multiple

        # sequenced calls to the same methods. --daniel 2012-02-05

        horror = sequence('of user and group changes')

        Puppet::Util::SUIDManager.expects(:change_group).with(43, false).in_sequence(horror)

        Puppet::Util::SUIDManager.expects(:change_user).with(42, false).in_sequence(horror)

        Puppet::Util::SUIDManager.expects(:change_group).

          with(Puppet::Util::SUIDManager.egid, false).in_sequence(horror)

        Puppet::Util::SUIDManager.expects(:change_user).

          with(Puppet::Util::SUIDManager.euid, false).in_sequence(horror)

        yielded = false

        Puppet::Util::SUIDManager.asuser(42, 43) { yielded = true }

        yielded.should be_true

      end

      it "should try to change_privilege if it is supported" do

      it "should change_privilege" do

      it "should try to change_privilege if it is supported" do

      it "should change_privilege" do

- 

#!/usr/bin/env rspec

require 'spec_helper'

describe Puppet::Util do

  subject { Puppet::Util }

  include PuppetSpec::Files

  context "#replace_file" do

    it { should respond_to :replace_file }

    let :target do

      target = Tempfile.new("puppet-util-replace-file")

      target.puts("hello, world")

      target.flush              # make sure content is on disk.

      target.fsync rescue nil

      target.close

      target

    end

    it "should fail if no block is given" do

      expect { subject.replace_file(target.path, 0600) }.to raise_error /block/

    end

    it "should replace a file when invoked" do

      # Check that our file has the expected content.

      File.read(target.path).should == "hello, world\n"

      # Replace the file.

      subject.replace_file(target.path, 0600) do |fh|

        fh.puts "I am the passenger..."

      end

      # ...and check the replacement was complete.

      File.read(target.path).should == "I am the passenger...\n"

    end

    [0555, 0600, 0660, 0700, 0770].each do |mode|

      it "should copy 0#{mode.to_s(8)} permissions from the target file by default" do

        File.chmod(mode, target.path)

        (File.stat(target.path).mode & 07777).should == mode

        subject.replace_file(target.path, 0000) {|fh| fh.puts "bazam" }

        (File.stat(target.path).mode & 07777).should == mode

        File.read(target.path).should == "bazam\n"

      end

    end

    it "should copy the permissions of the source file before yielding" do

      File.chmod(0555, target.path)

      inode = File.stat(target.path).ino

      yielded = false

      subject.replace_file(target.path, 0600) do |fh|

        (File.stat(fh.path).mode & 07777).should == 0555

        yielded = true

      end

      yielded.should be_true

      # We can't check inode on Windows

      File.stat(target.path).ino.should_not == inode

      (File.stat(target.path).mode & 07777).should == 0555

    end

    it "should use the default permissions if the source file doesn't exist" do

      new_target = target.path + '.foo'

      File.should_not be_exist(new_target)

      begin

        subject.replace_file(new_target, 0555) {|fh| fh.puts "foo" }

        (File.stat(new_target).mode & 07777).should == 0555

      ensure

        File.unlink(new_target) if File.exists?(new_target)

      end

    end

    it "should not replace the file if an exception is thrown in the block" do

      yielded = false

      threw   = false

      begin

        subject.replace_file(target.path, 0600) do |fh|

          yielded = true

          fh.puts "different content written, then..."

          raise "...throw some random failure"

        end

      rescue Exception => e

        if e.to_s =~ /some random failure/

          threw = true

        else

          raise

        end

      end

      yielded.should be_true

      threw.should be_true

      # ...and check the replacement was complete.

      File.read(target.path).should == "hello, world\n"

    end

  end

end