ActiveSambaLdap 0.0.7

data/lib/active_samba_ldap/reloadable.rb

@@ -0,0 +1,15 @@
+module ActiveSambaLdap
+  module Reloadable
+    def self.included(base)
+      super
+      return unless Object.const_defined?(:Reloadable)
+      base.class_eval do
+        if ::Reloadable.const_defined?(:Deprecated)
+          include ::Reloadable::Deprecated
+        else
+          include ::Reloadable::Subclasses
+        end
+      end
+    end
+  end
+end

data/lib/active_samba_ldap/samba_account_entry.rb

@@ -0,0 +1,225 @@
+module ActiveSambaLdap
+  module SambaAccountEntry
+    def self.included(base)
+      super
+      base.extend(ClassMethods)
+    end
+
+    # from source/include/rpc_misc.c in Samba
+    DOMAIN_ADMIN_RID = 0x000001F4
+    DOMAIN_GUEST_RID = 0x000001F5
+
+    # from source/rpc_server/srv_util.c in Samba
+    DOMAIN_ADMIN_NAME = "Administrator"
+    DOMAIN_GUEST_NAME = "Guest"
+
+    WELL_KNOWN_RIDS = []
+    WELL_KNOWN_NAMES = []
+    constants.each do |name|
+      case name
+      when /_RID$/
+        WELL_KNOWN_RIDS << const_get(name)
+      when /_NAME$/
+        WELL_KNOWN_NAMES << const_get(name)
+      end
+    end
+
+    # FAR_FUTURE_TIME = Time.parse("2050/01/01").to_i.to_s
+    FAR_FUTURE_TIME = Time.parse("2038/01/18").to_i.to_s
+    ACCOUNT_FLAGS_RE = /\A\[([NDHTUMWSLXI ]+)\]\z/
+
+    module ClassMethods
+      def samba_object_class
+        "sambaSamAccount"
+      end
+
+      def uid2rid(uid)
+        uid = Integer(uid)
+        if WELL_KNOWN_RIDS.include?(uid)
+          uid
+        else
+          2 * uid + 1000
+        end
+      end
+
+      def rid2uid(rid)
+        rid = Integer(rid)
+        if WELL_KNOWN_RIDS.include?(rid)
+          rid
+        else
+          (Integer(rid) - 1000) / 2
+        end
+      end
+
+      def start_rid
+        uid2rid(start_uid)
+      end
+
+      private
+      def default_recommended_classes
+        super + [samba_object_class]
+      end
+
+      def primary_group_options(options)
+        super.merge(:extend => PrimaryGroupProxy)
+      end
+
+      module PrimaryGroupProxy
+        def replace(entry)
+          result = super
+          return result unless @owner.samba_available?
+
+          if @target and @target.samba_available?
+            if @target.samba_sid.to_s.empty?
+              raise GroupDoesNotHaveSambaSID.new(@target.gid_number)
+            end
+            @owner.samba_primary_group_sid = @target.samba_sid
+          else
+            @owner.samba_primary_group_sid = nil
+          end
+
+          result
+        end
+      end
+    end
+
+    def fill_default_values(options={})
+      result = super
+      return result unless samba_available?
+
+      self.samba_logon_time ||= "0"
+      self.samba_logoff_time ||= FAR_FUTURE_TIME
+      self.samba_kickoff_time ||= nil
+
+      password = options["password"]
+      change_samba_password(password) if password
+      self.samba_lm_password ||= "XXX"
+      self.samba_nt_password ||= "XXX"
+      self.samba_pwd_last_set ||= "0"
+
+      account_flags_is_not_set = samba_acct_flags.nil?
+      self.samba_acct_flags ||= default_account_flags
+
+      can_change_password = options["can_change_password"]
+      if can_change_password
+        self.enable_password_change
+      elsif account_flags_is_not_set or can_change_password == false
+        self.disable_password_change
+      end
+
+      must_change_password = options["must_change_password"]
+      if must_change_password
+        self.enable_forcing_password_change
+      elsif account_flags_is_not_set or must_change_password == false
+        self.disable_forcing_password_change
+      end
+
+      enable_account = options["enable"]
+      if enable_account
+        self.enable
+      elsif account_flags_is_not_set or enable_account == false
+        self.disable
+      end
+
+      self
+    end
+
+    def change_uid_number(uid, allow_non_unique=false)
+      result = super
+      return result unless samba_available?
+
+      rid = self.class.uid2rid(uid_number.to_s)
+      change_sid(rid, allow_non_unique)
+    end
+
+    def change_uid_number_by_rid(rid, allow_non_unique=false)
+      assert_samba_available
+      change_uid_number(self.class.rid2uid(rid), allow_non_unique)
+    end
+
+    def change_sid(rid, allow_non_unique=false)
+      assert_samba_available
+      sid = "#{self.class.configuration[:sid]}-#{rid}"
+      # check_unique_sid_number(sid) unless allow_non_unique
+      self.samba_sid = sid
+    end
+
+    def rid
+      assert_samba_available
+      Integer(samba_sid.split(/-/).last)
+    end
+
+    def change_samba_password(password)
+      assert_samba_available
+      self.samba_lm_password = Samba::Encrypt.lm_hash(password)
+      self.samba_nt_password = Samba::Encrypt.ntlm_hash(password)
+      self.samba_pwd_last_set = Time.now.to_i.to_s
+    end
+
+    def enable_password_change
+      assert_samba_available
+      self.samba_pwd_can_change = "0"
+    end
+
+    def disable_password_change
+      assert_samba_available
+      self.samba_pwd_can_change = FAR_FUTURE_TIME
+    end
+
+    def can_change_password?
+      assert_samba_available
+      samba_pwd_can_change.nil? or
+        Time.at(samba_pwd_can_change.to_i) <= Time.now
+    end
+
+    def enable_forcing_password_change
+      assert_samba_available
+      self.samba_pwd_must_change = "0"
+      if /X/ =~ samba_acct_flags.to_s
+        self.samba_acct_flags = samba_acct_flags.sub(/X/, '')
+      end
+      if samba_pwd_last_set.to_i.zero?
+        self.samba_pwd_last_set = FAR_FUTURE_TIME
+      end
+    end
+
+    def disable_forcing_password_change
+      assert_samba_available
+      self.samba_pwd_must_change = FAR_FUTURE_TIME
+    end
+
+    def must_change_password?
+      assert_samba_available
+      !(/X/ =~ samba_acct_flags.to_s or
+        samba_pwd_must_change.nil? or
+        Time.at(samba_pwd_must_change.to_i) > Time.now)
+    end
+
+    def enable
+      assert_samba_available
+      if /D/ =~ samba_acct_flags.to_s
+        self.samba_acct_flags = samba_acct_flags.gsub(/D/, '')
+      end
+    end
+
+    def disable
+      assert_samba_available
+      flags = ""
+      if ACCOUNT_FLAGS_RE =~ samba_acct_flags.to_s
+        flags = $1
+        return if /D/ =~ flags
+      end
+      self.samba_acct_flags = "[D#{flags}]"
+    end
+
+    def enabled?
+      assert_samba_available
+      !disabled?
+    end
+
+    def disabled?
+      assert_samba_available
+      (/D/ =~ samba_acct_flags.to_s) ? true : false
+    end
+  end
+end

data/lib/active_samba_ldap/samba_entry.rb

@@ -0,0 +1,26 @@
+module ActiveSambaLdap
+  module SambaEntry
+    def samba_available?
+      classes.include?(samba_object_class)
+    end
+
+    def remove_samba_availability
+      remove_class(samba_object_class)
+    end
+
+    def ensure_samba_available
+      add_class(samba_object_class)
+    end
+
+    def samba_object_class
+      self.class.samba_object_class
+    end
+
+    private
+    def assert_samba_available
+      unless samba_available?
+        raise NotSambaAavialableError.new(self)
+      end
+    end
+  end
+end

data/lib/active_samba_ldap/samba_group_entry.rb

@@ -0,0 +1,143 @@
+require 'active_samba_ldap/samba_entry'
+
+module ActiveSambaLdap
+  module SambaGroupEntry
+    include SambaEntry
+
+    def self.included(base)
+      super
+      base.extend(ClassMethods)
+    end
+
+    # from librpc/ndr/security.h in Samba
+    SID_BUILTIN = "S-1-5-32"
+
+    # from source/include/rpc_misc.c in Samba
+    DOMAIN_ADMINS_RID = 0x00000200
+    DOMAIN_USERS_RID = 0x00000201
+    DOMAIN_GUESTS_RID = 0x00000202
+    DOMAIN_COMPUTERS_RID = 0x00000203
+
+    LOCAL_ADMINS_RID = 0x00000220
+    LOCAL_USERS_RID = 0x00000221
+    LOCAL_GUESTS_RID = 0x00000222
+    LOCAL_POWER_USERS_RID = 0x00000223
+
+    LOCAL_ACCOUNT_OPERATORS_RID = 0x00000224
+    LOCAL_SYSTEM_OPERATORS_RID = 0x00000225
+    LOCAL_PRINT_OPERATORS_RID = 0x00000226
+    LOCAL_BACKUP_OPERATORS_RID = 0x00000227
+
+    LOCAL_REPLICATORS_RID = 0x00000228
+
+
+    # from source/rpc_server/srv_util.c in Samba
+    DOMAIN_ADMINS_NAME = "Domain Administrators"
+    DOMAIN_USERS_NAME = "Domain Users"
+    DOMAIN_GUESTS_NAME = "Domain Guests"
+    DOMAIN_COMPUTERS_NAME = "Domain Computers"
+
+
+    WELL_KNOWN_RIDS = []
+    WELL_KNOWN_NAMES = []
+    constants.each do |name|
+      case name
+      when /_RID$/
+        WELL_KNOWN_RIDS << const_get(name)
+      when /_NAME$/
+        WELL_KNOWN_NAMES << const_get(name)
+      end
+    end
+
+
+    # from source/librpc/idl/lsa.idl in Samba
+    TYPES = {
+      "domain" => 2,
+      "local" => 4,
+      "builtin" => 5,
+    }
+
+    module ClassMethods
+      def samba_object_class
+        "sambaGroupMapping"
+      end
+
+      def gid2rid(gid)
+        gid = Integer(gid)
+        if WELL_KNOWN_RIDS.include?(gid)
+          gid
+        else
+          2 * gid + 1001
+        end
+      end
+
+      def rid2gid(rid)
+        rid = Integer(rid)
+        if WELL_KNOWN_RIDS.include?(rid)
+          rid
+        else
+          (rid - 1001) / 2
+        end
+      end
+
+      def start_rid
+        gid2rid(start_gid)
+      end
+
+      private
+      def default_recommended_classes
+        super + [samba_object_class]
+      end
+    end
+
+    def fill_default_values(options={})
+      if samba_available?
+        options = options.stringify_keys
+        change_type(options["group_type"] || "domain") unless samba_group_type
+        self.display_name ||= options["display_name"] || cn
+      end
+      super
+    end
+
+    def change_gid_number(gid, allow_non_unique=false)
+      result = super
+      return result unless samba_available?
+      rid = self.class.gid2rid(gid_number)
+      change_sid(rid, allow_non_unique)
+    end
+
+    def change_gid_number_by_rid(rid, allow_non_unique=false)
+      assert_samba_available
+      change_gid_number(self.class.rid2gid(rid), allow_non_unique)
+    end
+
+    def change_sid(rid, allow_non_unique=false)
+      assert_samba_available
+      if (LOCAL_ADMINS_RID..LOCAL_REPLICATORS_RID).include?(rid.to_i)
+        sid = "#{SID_BUILTIN}-#{rid}"
+      else
+        sid = "#{self.class.configuration[:sid]}-#{rid}"
+      end
+      # check_unique_sid_number(sid) unless allow_non_unique
+      self.samba_sid = sid
+    end
+
+    def rid
+      assert_samba_available
+      Integer(samba_sid.split(/-/).last)
+    end
+
+    def change_type(type)
+      assert_samba_available
+      normalized_type = type.to_s.downcase
+      if TYPES.has_key?(normalized_type)
+        type = TYPES[normalized_type]
+      elsif TYPES.values.include?(type.to_i)
+        # pass
+      else
+        raise ArgumentError, _("invalid type: %s") % type
+      end
+      self.samba_group_type = type.to_s
+    end
+  end
+end

data/lib/active_samba_ldap/unix_id_pool.rb

@@ -0,0 +1,43 @@
+require 'active_samba_ldap/base'
+
+module ActiveSambaLdap
+  class UnixIdPool < Base
+    include Reloadable
+
+    class << self
+      def ldap_mapping(options={})
+        default_options = {
+          :dn_attribute => "sambaDomainName",
+          :prefix => "",
+          :classes => ["top", "sambaDomain", "sambaUnixIdPool"],
+        }
+        options = default_options.merge(options)
+        super options
+      end
+    end
+
+    def find_available_uid_number(account_class)
+      find_available_number(account_class, "uidNumber", uid_number) do
+        account_class.configuration[:start_uid]
+      end
+    end
+
+    def find_available_gid_number(group_class)
+      find_available_number(group_class, "gidNumber", gid_number) do
+        group_class.configuration[:start_gid]
+      end
+    end
+
+    private
+    def find_available_number(klass, key, start_value)
+      number = Integer(start_value || yield)
+
+      100.times do |i|
+        return number if klass.search(:filter => "(#{key}=#{number})").empty?
+        number += 1
+      end
+
+      nil
+    end
+  end
+end