ActiveSambaLdap 0.0.7

data/lib/active_samba_ldap/dc.rb

@@ -0,0 +1,19 @@
+require 'active_samba_ldap/base'
+
+module ActiveSambaLdap
+  class Dc < Base
+    include Reloadable
+
+    class << self
+      def ldap_mapping(options={})
+        default_options = {
+          :dn_attribute => "dc",
+          :prefix => "",
+          :classes => ["top", "dcObject", "organization"],
+        }
+        options = default_options.merge(options)
+        super(options)
+      end
+    end
+  end
+end

data/lib/active_samba_ldap/entry.rb

@@ -0,0 +1,81 @@
+module ActiveSambaLdap
+  module Entry
+    def self.included(base)
+      super
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      def create(attributes=nil)
+        pool = nil
+        number_key = nil
+        attributes ||= {}
+        attributes = attributes.stringify_keys
+        ensure_ou(attributes[dn_attribute])
+        entry = super do |entry|
+          options, pool, number_key = prepare_create_options(entry, attributes)
+          entry.fill_default_values(options)
+          yield entry if block_given?
+        end
+        if entry.errors.empty? and pool
+          pool[number_key] = Integer(entry[number_key]).succ
+          unless pool.save
+            pool.each do |key, value|
+              entry.add("pool: #{key}", value)
+            end
+          end
+        end
+        entry
+      end
+
+      private
+      def ensure_ou(dn)
+        return if dn.nil?
+        dn_value, ou = dn.split(/,/, 2)
+        return if ou.nil?
+        prefixes = [prefix]
+        ou.split(/\s*,\s*/).reverse_each do |entry|
+          name, value = entry.split(/\s*=\s*/, 2).collect {|x| x.strip}
+          raise ArgumentError, _("%s must be only ou") % ou if name != "ou"
+          ou_class = Class.new(ActiveSambaLdap::Ou)
+          ou_class.ldap_mapping :prefix => prefixes.join(',')
+          prefixes.unshift(entry)
+          next if ou_class.exists?(value)
+          ou = ou_class.new(value)
+          ou.save!
+        end
+      end
+
+      def prepare_create_options_for_number(key, entry, options)
+        options = {key => entry[key]}.merge(options)
+        number, pool = ensure_number(key, options)
+        [options.merge(key => number), pool, key]
+      end
+
+      def ensure_number(key, options)
+        number = options[key]
+        pool = nil
+        unless number
+          pool = ensure_pool(options)
+          number = pool.send("find_available_#{key}", self)
+        end
+        [number, pool]
+      end
+
+      def ensure_pool(options)
+        pool = options[:pool]
+        unless pool
+          pool_class = options[:pool_class]
+          unless pool_class
+            pool_class = Class.new(UnixIdPool)
+            pool_class.ldap_mapping
+          end
+          samba_domain = options[:samba_domain]
+          samba_domain ||= pool_class.configuration[:samba_domain]
+          pool = options[:pool] = pool_class.find(samba_domain)
+        end
+        pool
+      end
+    end
+  end
+end

data/lib/active_samba_ldap/get_text_support.rb

@@ -0,0 +1,12 @@
+module ActiveSambaLdap
+  module GetTextSupport
+    class << self
+      def included(base)
+        base.class_eval do
+          include(ActiveLdap::GetText)
+          bindtextdomain("active-samba-ldap")
+        end
+      end
+    end
+  end
+end

data/lib/active_samba_ldap/group.rb

@@ -0,0 +1,17 @@
+require 'active_samba_ldap/base'
+require 'active_samba_ldap/entry'
+require 'active_samba_ldap/samba_entry'
+require 'active_samba_ldap/group_entry'
+require 'active_samba_ldap/samba_group_entry'
+
+module ActiveSambaLdap
+  class Group < Base
+    include Reloadable
+
+    include Entry
+    include SambaEntry
+
+    include GroupEntry
+    include SambaGroupEntry
+  end
+end

data/lib/active_samba_ldap/group_entry.rb

@@ -0,0 +1,187 @@
+require 'English'
+
+require 'active_samba_ldap/entry'
+
+module ActiveSambaLdap
+  module GroupEntry
+    def self.included(base)
+      super
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      def ldap_mapping(options={})
+        options = default_options.merge(options)
+        super(extract_ldap_mapping_options(options))
+        init_associations(options)
+      end
+
+      def find_by_name_or_gid_number(key)
+        group = nil
+        begin
+          gid_number = Integer(key)
+          group = find_by_gid_number(gid_number)
+          raise GidNumberDoesNotExist.new(gid_number) if group.nil?
+        rescue ArgumentError
+          raise GroupDoesNotExist.new(key) unless exists?(key)
+          group = find(key)
+        end
+        group
+      end
+
+      def find_by_gid_number(number)
+        find(:first, :filter => ["gidNumber", Integer(number)])
+      end
+
+      private
+      def default_options
+        {
+          :dn_attribute => "cn",
+          :prefix => configuration[:groups_suffix],
+          :classes => default_classes,
+          :recommended_classes => default_recommended_classes,
+
+          :members_wrap => "memberUid",
+          :users_class => default_user_class,
+          :computers_class => default_computer_class,
+
+          :primary_members_foreign_key => "gidNumber",
+          :primary_members_primary_key => "gidNumber",
+          :primary_users_class => default_user_class,
+          :primary_computers_class => default_computer_class,
+        }
+      end
+
+      def default_classes
+        ["top", "posixGroup"]
+      end
+
+      def default_recommended_classes
+        []
+      end
+
+      def default_user_class
+        "User"
+      end
+
+      def default_computer_class
+        "Computer"
+      end
+
+      def init_associations(options)
+        association_options = {}
+        options.each do |key, value|
+          case key.to_s
+          when /^((?:primary_)?(?:(?:user|computer|member)s))_/
+            association_options[$1] ||= {}
+            association_options[$1][$POSTMATCH.to_sym] = value
+          end
+        end
+
+        members_opts = association_options["members"] || {}
+        user_members_opts = association_options["users"] || {}
+        computer_members_opts = association_options["computers"] || {}
+        has_many :users, members_opts.merge(user_members_opts)
+        has_many :computers, members_opts.merge(computer_members_opts)
+
+        primary_members_opts = association_options["primary_members"] || {}
+        primary_user_members_opts =
+          association_options["primary_users"] || {}
+        primary_computer_members_opts =
+          association_options["primary_computers"] || {}
+        has_many :primary_users,
+                 primary_members_opts.merge(primary_user_members_opts)
+        has_many :primary_computers,
+                 primary_members_opts.merge(primary_computer_members_opts)
+      end
+
+      def prepare_create_options(group, options)
+        prepare_create_options_for_number("gid_number", group, options)
+      end
+    end
+
+    def fill_default_values(options={})
+      options = options.stringify_keys
+      gid_number = options["gid_number"]
+      change_gid_number(gid_number) if gid_number
+      self.description ||= options["description"] || cn
+    end
+
+    def members
+      users.to_ary + computers.to_ary
+    end
+
+    def reload_members
+      users.reload
+      computers.reload
+    end
+
+    def primary_members
+      primary_users.to_ary + primary_computers.to_ary
+    end
+
+    def reload_primary_members
+      primary_users.reload
+      primary_computers.reload
+    end
+
+    def change_gid_number(gid, allow_non_unique=false)
+      check_unique_gid_number(gid) unless allow_non_unique
+      self.gid_number = gid
+    end
+
+    def destroy(options={})
+      if options[:remove_members]
+        if options[:force_change_primary_members]
+          change_primary_members(options)
+        end
+        reload_primary_members
+        unless primary_members.empty?
+          not_destroyed_members = primary_members.collect {|x| x.uid}
+          raise PrimaryGroupCanNotBeDestroyed.new(cn, not_destroyed_members)
+        end
+        self.users = []
+        self.computers = []
+      end
+      super()
+    end
+
+    private
+    def ensure_uid(member_or_uid)
+      if member_or_uid.is_a?(String)
+        member_or_uid
+      else
+        member_or_uid.uid
+      end
+    end
+
+    def check_unique_gid_number(gid_number)
+      ActiveSambaLdap::Base.restart_nscd do
+        if self.class.find_by_gid_number(gid_number)
+          raise GidNumberAlreadyExists.new(gid_number)
+        end
+      end
+    end
+
+    def change_primary_members(options={})
+      name = cn
+
+      pr_members = primary_members
+      cannot_removed_members = []
+      pr_members.each do |member|
+        if (member.groups.collect {|group| group.cn} - [name]).empty?
+          cannot_removed_members << member.uid
+        end
+      end
+      unless cannot_removed_members.empty?
+        raise CanNotChangePrimaryGroup.new(name, cannot_removed_members)
+      end
+
+      pr_members.each do |member|
+        new_group = member.groups.find {|gr| gr.cn != name}
+        member.primary_group = new_group
+        member.save!
+      end
+    end
+  end
+end

data/lib/active_samba_ldap/idmap.rb

@@ -0,0 +1,19 @@
+require 'active_samba_ldap/base'
+
+module ActiveSambaLdap
+  class Idmap < Base
+    include Reloadable
+
+    class << self
+      def ldap_mapping(options={})
+        default_options = {
+          :dn_attribute => "sambaSID",
+          :prefix => configuration[:idmap_suffix],
+          :classes => ["top", "sambaIdmapEntry"],
+        }
+        options = default_options.merge(options)
+        super options
+      end
+    end
+  end
+end

data/lib/active_samba_ldap/ou.rb

@@ -0,0 +1,20 @@
+require 'active_samba_ldap/base'
+
+module ActiveSambaLdap
+  class Ou < Base
+    include Reloadable
+
+    class << self
+      def ldap_mapping(options={})
+        default_options = {
+          :dn_attribute => "ou",
+          :prefix => "",
+          :classes => ["top", "organizationalUnit"],
+          :scope => :sub,
+        }
+        options = default_options.merge(options)
+        super(options)
+      end
+    end
+  end
+end

data/lib/active_samba_ldap/populate.rb

@@ -0,0 +1,257 @@
+module ActiveSambaLdap
+  module Populate
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      def populate(options={})
+        Private.new(self, options).populate
+      end
+
+      def purge(options={})
+        self.delete_all(nil, {:scope => :sub}.merge(options))
+      end
+
+      class Private
+        def initialize(base, options)
+          @base = base
+          @options = options.dup
+        end
+
+        def populate
+          init_classes
+          init_options
+
+          entries = []
+          entries.concat(ensure_base)
+          entries.concat(ensure_group_base)
+          entries.concat(ensure_user_base)
+          entries.concat(ensure_computer_base)
+          entries.concat(ensure_idmap_base)
+          entries.concat(make_groups)
+          entries.concat(make_users)
+          entries.concat(make_pool)
+
+          [entries, @options]
+        end
+
+        def init_classes
+          @options[:user_class] = user_class = Class.new(User)
+          @options[:group_class] = group_class = Class.new(Group)
+          @options[:computer_class] = computer_class = Class.new(Computer)
+          @options[:idmap_class] = idmap_class = Class.new(Idmap)
+          @options[:unix_id_pool_class] = id_pool_class = Class.new(UnixIdPool)
+
+          user_class.ldap_mapping
+          group_class.ldap_mapping
+          computer_class.ldap_mapping
+          idmap_class.ldap_mapping
+          id_pool_class.ldap_mapping
+
+          user_class.set_associated_class(:primary_group, group_class)
+          computer_class.set_associated_class(:primary_group, group_class)
+          user_class.set_associated_class(:groups, group_class)
+          computer_class.set_associated_class(:groups, group_class)
+
+          group_class.set_associated_class(:users, user_class)
+          group_class.set_associated_class(:computers, computer_class)
+          group_class.set_associated_class(:primary_users, user_class)
+          group_class.set_associated_class(:primary_computers, computer_class)
+        end
+
+        def user_class
+          @options[:user_class]
+        end
+
+        def group_class
+          @options[:group_class]
+        end
+
+        def computer_class
+          @options[:computer_class]
+        end
+
+        def idmap_class
+          @options[:idmap_class]
+        end
+
+        def init_options
+          config = @base.configuration
+          @options[:start_uid] ||= Integer(config[:start_uid])
+          @options[:start_gid] ||= Integer(config[:start_gid])
+          @options[:administrator] ||= user_class::DOMAIN_ADMIN_NAME
+          @options[:administrator_uid] ||=
+            user_class.rid2uid(user_class::DOMAIN_ADMIN_RID)
+          @options[:administrator_gid] ||=
+            group_class.rid2gid(group_class::DOMAIN_ADMINS_RID)
+          @options[:guest] ||= user_class::DOMAIN_GUEST_NAME
+          @options[:guest_uid] ||=
+            user_class.rid2uid(user_class::DOMAIN_GUEST_RID)
+          @options[:guest_gid] ||=
+            group_class.rid2gid(group_class::DOMAIN_GUESTS_RID)
+          @options[:default_user_gid] ||= config[:default_user_gid]
+          @options[:default_computer_gid] ||= config[:default_computer_gid]
+        end
+
+        def ensure_container_base(dn, target_name, klass, ignore_base=false)
+          entries = []
+          suffixes = []
+          dn.split(/,/).reverse_each do |suffix|
+            name, value = suffix.split(/=/, 2)
+            next unless name == target_name
+            container_class = Class.new(klass)
+            prefix = suffixes.reverse.join(",")
+            suffixes << suffix
+            if ignore_base
+              container_class.ldap_mapping :prefix => "", :scope => :base
+              container_class.base = prefix
+            else
+              container_class.ldap_mapping :prefix => prefix, :scope => :base
+            end
+            next if container_class.exists?(value, :prefix => suffix)
+            container = container_class.new(value)
+            yield(container) if block_given?
+            begin
+              container.save!
+            rescue ActiveLdap::OperationNotPermitted
+            end
+            entries << container
+          end
+          entries
+        end
+
+        def ensure_base
+          ensure_container_base(@base.base, "dc", Dc, true) do |dc|
+            dc.o = dc.dc
+          end
+        end
+
+        def ensure_ou_base(dn)
+          ensure_container_base(dn, "ou", Ou)
+        end
+
+        def ensure_user_base
+          ensure_ou_base(user_class.prefix)
+        end
+
+        def ensure_group_base
+          ensure_ou_base(group_class.prefix)
+        end
+
+        def ensure_computer_base
+          ensure_ou_base(computer_class.prefix)
+        end
+
+        def ensure_idmap_base
+          ensure_ou_base(idmap_class.prefix)
+        end
+
+        def make_user(user_class, name, uid, group)
+          if user_class.exists?(name)
+            user = user_class.find(name)
+            group = nil
+          else
+            user = user_class.new(name)
+            user.fill_default_values("uid_number" => uid, "group" => group)
+            user.save!
+            group.users << user
+          end
+          [user, group]
+        end
+
+        def make_users
+          user_class = @options[:user_class]
+          group_class = @options[:group_class]
+          entries = []
+          [
+           [@options[:administrator], @options[:administrator_uid],
+            @options[:administrator_gid]],
+           [@options[:guest], @options[:guest_uid], @options[:guest_gid]],
+          ].each do |name, uid, gid|
+            user, group = make_user(user_class, name, uid,
+                                    group_class.find_by_gid_number(gid))
+            entries << user
+            if group
+              old_group = entries.find do |entry|
+                entry.is_a?(group_class) and entry.cn == group.cn
+              end
+              index = entries.index(old_group)
+              if index
+                entries[index] = group
+              else
+                entries << group
+              end
+            end
+          end
+          entries
+        end
+
+        def make_group(group_class, name, gid, description=nil, type=nil)
+          if group_class.exists?(name)
+            group = group_class.find(name)
+          else
+            group = group_class.new(name)
+            group.change_type(type || "domain")
+            group.display_name = name
+            group.description = name || description
+            group.change_gid_number(gid)
+
+            group.save!
+          end
+          group
+        end
+
+        def make_groups
+          entries = []
+          [
+           ["Domain Admins", @options[:administrator_gid],
+            "Netbios Domain Administrators"],
+           ["Domain Users", @options[:default_user_gid],
+            "Netbios Domain Users"],
+           ["Domain Guests", @options[:guest_gid],
+            "Netbios Domain Guest Users"],
+           ["Domain Computers", @options[:default_computer_gid],
+            "Netbios Domain Computers"],
+           ["Administrators", nil, nil, "builtin",
+            group_class::LOCAL_ADMINS_RID],
+           ["Users", nil, nil, "builtin", group_class::LOCAL_USERS_RID],
+           ["Guests", nil, nil, "builtin", group_class::LOCAL_GUESTS_RID],
+           ["Power Users", nil, nil, "builtin",
+            group_class::LOCAL_POWER_USERS_RID],
+           ["Account Operators", nil, nil, "builtin",
+            group_class::LOCAL_ACCOUNT_OPERATORS_RID],
+           ["System Operators", nil, nil, "builtin",
+            group_class::LOCAL_SYSTEM_OPERATORS_RID],
+           ["Print Operators", nil, nil, "builtin",
+            group_class::LOCAL_PRINT_OPERATORS_RID],
+           ["Backup Operators", nil, nil, "builtin",
+            group_class::LOCAL_BACKUP_OPERATORS_RID],
+           ["Replicators", nil, nil, "builtin",
+            group_class::LOCAL_REPLICATORS_RID],
+          ].each do |name, gid, description, type, rid|
+            gid ||= group_class.rid2gid(rid)
+            entries << make_group(group_class, name, gid, description, type)
+          end
+          entries
+        end
+
+        def make_pool
+          config = @base.configuration
+          klass = @options[:unix_id_pool_class]
+          name = config[:samba_domain]
+          if klass.exists?(name)
+            pool = klass.find(name)
+          else
+            pool = klass.new(name)
+            pool.samba_sid = config[:sid]
+            pool.uid_number = @options[:start_uid]
+            pool.gid_number = @options[:start_gid]
+            pool.save!
+          end
+          [pool]
+        end
+      end
+    end
+  end
+end