Issue #2256 has been updated by Clay Caviness.
Testing verifies that the authorization framework doesn't handle booleans that are strings - using the incorrect authenticate-session-owner-via-password-or-kerb rule in system.login.screensaver, for example, causes the screensaver to be unable to be unlocked. ---------------------------------------- Bug #2256: macauthorization provider write all values as strings instead of their native type http://projects.reductivelabs.com/issues/2256 Author: Clay Caviness Status: Unreviewed Priority: Normal Assigned to: Nigel Kersten Category: Target version: Complexity: Unknown Affected version: 0.24.8 Keywords: When creating or modifying macauthorization instances, the provider changes booleans and integers to strings. This instance: <pre> macauthorization { "authenticate-session-owner-via-password-or-kerb": name => "authenticate-session-owner-via-password-or-kerb", allow_root => false, auth_type => "rule", auth_class => "user", comment => "Authenticate as the owner via password or kerberos.", mechanisms => [ "builtin:authenticate", "builtin:krb5authnoverify,privileged" ], session_owner => true, shared => false, } </pre> ... should create this output in /etc/authorization: <pre> <key>authenticate-session-owner-via-password-or-kerb</key> <dict> <key>allow-root</key> <false/> <key>class</key> <string>user</string> <key>comment</key> <string>Authenticate as the owner via password or kerberos.</string> <key>mechanisms</key> <array> <string>builtin:authenticate</string> <string>builtin:krb5authnoverify,privileged</string> </array> <key>session-owner</key> <true/> <key>shared</key> <false/> </dict> </pre> .. but actually produces: <pre> <key>authenticate-session-owner-via-password-or-kerb</key> <dict> <key>allow-root</key> <string>false</string> <key>class</key> <string>user</string> <key>comment</key> <string>Authenticate as the owner via password or kerberos.</string> <key>mechanisms</key> <array> <string>builtin:authenticate</string> <string>builtin:krb5authnoverify,privileged</string> </array> <key>session-owner</key> <string>true</string> <key>shared</key> <string>false</string> </dict> </pre> The key difference being "<string>false</string>" instead of "<false/>". The same thing happens with integer values - the provider gives "<string>1</string>" instead of "<integer>1</integer>". -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en -~----------~----~----~----~------~----~------~--~---
