activesambaldap 0.0.1

data/Rakefile

@@ -0,0 +1,95 @@
+# -*- ruby -*-
+
+require 'find'
+require 'fileutils'
+
+base_dir = File.expand_path(File.dirname(__FILE__))
+truncate_base_dir = Proc.new do |x|
+  x.gsub(/^#{Regexp.escape(base_dir + File::SEPARATOR)}/, '')
+end
+
+_binding = binding
+eval(File.read("#{base_dir}/lib/active_samba_ldap.rb"), _binding)
+eval('require_gem_if_need.call("hoe")', _binding)
+
+manifest = File.join(base_dir, "Manifest.txt")
+manifest_contents = []
+base_dir_included_components = %w(README.ja README.en NEWS.ja NEWS.en setup.rb
+                                  Rakefile)
+excluded_components = %w(.svn .test-result .config Manifest.txt config.yml doc
+                         pkg setup.rb post-setup.rb html config.yaml)
+excluded_suffixes = %w(.help)
+Find.find(base_dir) do |target|
+  target = truncate_base_dir[target]
+  components = target.split(File::SEPARATOR)
+  if components.size == 1 and !File.directory?(target)
+    next unless base_dir_included_components.include?(components[0])
+  end
+  Find.prune if (excluded_components - components) != excluded_components
+  next if excluded_suffixes.include?(File.extname(target))
+  manifest_contents << target if File.file?(target)
+end
+
+File.open(manifest, "w") do |f|
+  f.puts manifest_contents.sort.join("\n")
+end
+at_exit do
+  FileUtils.rm_f(manifest)
+end
+
+def cleanup_white_space(entry)
+  entry.gsub(/(\A\n+|\n+\z)/, '') + "\n"
+end
+
+class Hoe
+  attr_accessor :full_name
+
+  alias_method :announcement_original, :announcement
+  def announcement
+    name_orig = name
+    self.name = full_name
+    announcement_original
+  ensure
+    self_name = name_orig
+  end
+end
+
+ENV["VERSION"] = ActiveSambaLdap::VERSION
+project = Hoe.new("activesambaldap", ActiveSambaLdap::VERSION) do |p|
+  p.rubyforge_name = "asl"
+  p.name = p.rubyforge_name if ARGV.include?("public_docs")
+  p.full_name = "ActiveSambaLdap"
+  p.summary = "Samba+LDAP administration tools"
+  p.extra_deps << ["activeldap", ">= 0.8.0"]
+  p.email = "kou@cozmixng.org"
+  p.author = "Kouhei Sutou"
+  p.url = "http://asl.rubyforge.org/"
+  p.rdoc_pattern = /^(lib|bin)|txt$|\.(en|ja)$/
+
+  news_of_current_release = File.read("NEWS.en").split(/^==\s.*$/)[1]
+  p.changes = cleanup_white_space(news_of_current_release)
+
+  entries = File.read("README.en").split(/^==\s(.*)$/)
+  whats_this = cleanup_white_space(entries[entries.index("What\'s this?") + 1])
+  p.summary, p.description, = whats_this.split(/\n\n+/, 3)
+end
+
+rdoc_task = nil
+if ObjectSpace.each_object(Rake::RDocTask) {|rdoc_task|} != 1
+  puts "hoe may be changed"
+end
+rdoc_task.main = "README.en"
+rdoc_task.options << "--charset=UTF-8"
+rdoc_task.template = "kilmer"
+rdoc_task.rdoc_files -= project.bin_files
+rdoc_task.rdoc_files += project.bin_files.collect {|x| "#{x}.help"}
+
+project.bin_files.each do |bin|
+  bin_help = "#{bin}.help"
+  File.open(bin_help, "w") do |f|
+    f.puts(`#{RUBY} -I #{File.join(base_dir, 'lib')} #{bin} --help`)
+  end
+  at_exit do
+    FileUtils.rm_f(bin_help)
+  end
+end

data/bin/asl-groupadd

@@ -0,0 +1,70 @@
+#!/usr/bin/env ruby
+
+require 'active_samba_ldap'
+require 'active_samba_ldap/command'
+
+argv, opts, options = ActiveSambaLdap::Command.parse_options do |opts, options|
+  options.gid = nil
+  options.group_type = "domain"
+  options.print_gid_number = false
+
+  opts.banner += " GROUP_NAME"
+
+  opts.on("-g", "--gid=GID", Integer, "GID number") {|options.gid|}
+  opts.on("-t", "--type=TYPE",
+          "group type (#{options.group_type})") {|options.group_type|}
+  opts.on("-p", "--[no-]print-gid-number",
+          "print the gid number to stdout",
+          "(#{options.print_gid_number})") {|options.print_gid_number|}
+end
+
+name = nil
+if argv.size == 1
+  name = argv.first
+else
+  $stderr.puts opts
+  exit 1
+end
+
+unless Process.uid.zero?
+  $stderr.puts "need root authority."
+  exit 1
+end
+
+ActiveSambaLdap::Base.establish_connection("update")
+
+class Group < ActiveSambaLdap::SambaGroup
+  ldap_mapping
+end
+
+class UnixIdPool < ActiveSambaLdap::UnixIdPool
+  ldap_mapping
+end
+
+if Group.exists?(name)
+  $stderr.puts "group '#{name}' already exists."
+  exit 1
+end
+
+create_options = {
+  :cn => name,
+  :gid_number => options.gid,
+  :pool_class => UnixIdPool,
+  :group_type => options.group_type,
+}
+group = Group.create(create_options)
+
+unless group.errors.empty?
+  group.errors.each_full do |message|
+    $stderr.puts(message)
+  end
+  exit 1
+end
+
+if options.print_gid_number
+  puts group.gid_number
+end
+
+ActiveSambaLdap::Base.restart_nscd
+
+ActiveSambaLdap::Base.clear_active_connections!

data/bin/asl-groupdel

@@ -0,0 +1,58 @@
+#!/usr/bin/env ruby
+
+require 'active_samba_ldap'
+require 'active_samba_ldap/command'
+
+argv, opts, options = ActiveSambaLdap::Command.parse_options do |opts, options|
+  options.force = false
+
+  opts.banner += " GROUP_NAME"
+
+  opts.on("-f", "--[no-]force",
+          "force delete group (#{options.force})") {|options.force|}
+end
+
+name = nil
+if argv.size == 1
+  name = argv.first
+else
+  $stderr.puts opts
+  exit 1
+end
+
+unless Process.uid.zero?
+  $stderr.puts "need root authority."
+  exit 1
+end
+
+ActiveSambaLdap::Base.establish_connection("update")
+
+class Group < ActiveSambaLdap::SambaGroup
+  ldap_mapping
+end
+
+class User < ActiveSambaLdap::SambaUser
+  ldap_mapping
+end
+
+class Computer < ActiveSambaLdap::SambaComputer
+  ldap_mapping
+end
+
+unless Group.exists?(name)
+  $stderr.puts "group '#{name}' doesn't exist."
+  exit 1
+end
+group = Group.find(name)
+
+begin
+  group.destroy(:remove_members => true,
+                :force_change_primary_members => options.force)
+rescue ActiveSambaLdap::Error
+  $stderr.puts $!
+  exit 1
+end
+
+ActiveSambaLdap::Base.restart_nscd
+
+ActiveSambaLdap::Base.clear_active_connections!

data/bin/asl-groupmod

@@ -0,0 +1,133 @@
+#!/usr/bin/env ruby
+
+require 'active_samba_ldap'
+require 'active_samba_ldap/command'
+
+argv, opts, options = ActiveSambaLdap::Command.parse_options do |opts, options|
+  options.gid = nil
+  options.allow_non_unique_gid_number = false
+  options.new_group_name = nil
+  options.members_to_add = nil
+  options.members_to_delete = nil
+
+  opts.banner += " GROUP_NAME"
+
+  opts.on("-g", "--gid=GID", "gid") {|options.gid|}
+  opts.on("--[no-]allow-non-unique-gid",
+          "gid can be non unique " +
+          "(#{options.allow_non_unique_gid_number})") do |bool|
+    options.allow_non_unique_gid_number = bool
+  end
+  opts.on("-r", "--rename=NEW_NAME",
+          "new group name") {|options.new_group_name|}
+  opts.on("-a", "--add-members=MEMBER1,MEMBER2,MEBMER3", Array,
+          "add members (comma delimited)") {|options.members_to_add|}
+  opts.on("-d", "--delete-members=MEMBER1,MEMBER2,MEBMER3", Array,
+          "delete members (comma delimited)") {|options.members_to_delete|}
+end
+
+name = nil
+if argv.size == 1
+  name = argv.first
+else
+  $stderr.puts opts
+  exit 1
+end
+
+unless Process.uid.zero?
+  $stderr.puts "need root authority."
+  exit 1
+end
+
+ActiveSambaLdap::Base.establish_connection("update")
+
+class Group < ActiveSambaLdap::SambaGroup
+  ldap_mapping
+end
+
+class User < ActiveSambaLdap::SambaUser
+  ldap_mapping
+end
+
+class Computer < ActiveSambaLdap::SambaComputer
+  ldap_mapping
+end
+
+unless Group.exists?(name)
+  $stderr.puts "group '#{name}' doesn't exist."
+  exit 1
+end
+group = Group.find(name)
+
+if options.gid
+  begin
+    group.change_gid_number(options.gid, options.allow_non_unique_gid_number)
+  rescue ActiveSambaLdap::GidNumberAlreadyExists
+    $stderr.puts $!.message
+    exit 1
+  end
+end
+
+if options.members_to_add and options.members_to_delete
+  duplicated_members = options.members_to_add & options.members_to_delete
+  unless duplicated_members.empty?
+    message = "there are duplicated members in adding and deleting members: "
+    message << duplicated_members.join(", ")
+    $stderr.puts message
+    exit 1
+  end
+end
+
+if options.members_to_add
+  users = []
+  computers = []
+  options.members_to_add.each do |member|
+    if /\$$/ =~ member
+      computers << Computer.find(member)
+    else
+      users << User.find(member)
+    end
+  end
+  group.users.concat(users)
+  group.computers.concat(computers)
+end
+
+if options.members_to_delete
+  users = []
+  computers = []
+  options.members_to_delete.each do |member|
+    if /\$$/ =~ member
+      computers << Computer.find(member)
+    else
+      users << User.find(member)
+    end
+  end
+  group.users -= users
+  group.computers -= computers
+end
+
+group.save!
+
+if options.new_group_name
+  if Group.exists?(options.new_group_name)
+    $stderr.puts "group '#{options.new_group_name}' always exists."
+    exit 1
+  end
+
+  new_group = Group.new(options.new_group_name)
+  new_group.attributes = group.attributes.reject do |key, value|
+    %w(cn).include?(key)
+  end
+  primary_members = group.primary_members
+  group.gid_number = nil
+  new_group.save!
+  primary_members.each do |member|
+    member.primary_group = new_group
+    member.save!
+  end
+  group.destroy(:remove_members => true)
+end
+
+ActiveSambaLdap::Base.restart_nscd
+
+ActiveSambaLdap::Base.clear_active_connections!

data/bin/asl-groupshow

@@ -0,0 +1,31 @@
+#!/usr/bin/env ruby
+
+require 'active_samba_ldap'
+require 'active_samba_ldap/command'
+
+argv, opts, options = ActiveSambaLdap::Command.parse_options do |opts, options|
+  opts.banner += " GROUP_NAME"
+end
+
+name = nil
+if argv.size == 1
+  name = argv.first
+else
+  $stderr.puts opts
+  exit 1
+end
+
+ActiveSambaLdap::Base.establish_connection("reference")
+
+class Group < ActiveSambaLdap::SambaGroup
+  ldap_mapping
+end
+
+unless Group.exists?(name)
+  $stderr.puts "group '#{name}' doesn't exist."
+  exit 1
+end
+group = Group.find(name)
+puts group.to_ldif
+
+ActiveSambaLdap::Base.clear_active_connections!

data/bin/asl-passwd

@@ -0,0 +1,99 @@
+#!/usr/bin/env ruby
+
+require 'etc'
+
+require 'active_samba_ldap'
+require 'active_samba_ldap/command'
+
+argv, opts, options = ActiveSambaLdap::Command.parse_options do |opts, options|
+  options.update_samba_password = true
+  options.update_unix_password = true
+
+  opts.banner += " [USER_NAME]"
+
+  opts.on("-s", "--[no-]samba-password",
+          "update samba password (#{options.update_samba_password})") do |bool|
+    options.update_samba_password = bool
+  end
+
+  opts.on("-u", "--[no-]unix-password",
+          "update UNIX password (#{options.update_unix_password})") do |bool|
+    options.update_unix_password = bool
+  end
+end
+
+name = nil
+case argv.size
+when 0
+  name = Etc.getpwuid(Process.uid).name
+when 1
+  name = argv.first
+else
+  $stderr.puts opts
+  exit 1
+end
+
+if !options.update_samba_password and !options.update_unix_password
+  $stderr.puts "do nothing"
+  exit
+end
+
+ActiveSambaLdap::Base.establish_connection("update")
+
+if options.update_samba_password
+  parent = ActiveSambaLdap::SambaUser
+else
+  parent = ActiveSambaLdap::User
+end
+
+class User < parent
+  ldap_mapping
+end
+
+unless User.exists?(name)
+  $stderr.puts "user '#{name}' doesn't exist."
+  exit 1
+end
+user = User.find(name)
+
+unless Process.uid.zero?
+  prompt = "Enter your current password: "
+  old_password = ActiveSambaLdap::Command.read_password(prompt)
+
+  auth_class = Class.new(ActiveSambaLdap::Base)
+  config = ActiveSambaLdap::Base.configurations["reference"].symbolize_keys
+  begin
+    auth_class.establish_connection(config.merge(:bind_dn => user.dn,
+                                                 :password => old_password,
+                                                 :allow_anonymous => false))
+  rescue ActiveLdap::AuthenticationError
+    $stderr.puts "password isn't match"
+    exit 1
+  ensure
+    auth_class.remove_connection
+  end
+end
+
+password = ActiveSambaLdap::Command.read_password("New password: ")
+password2 = ActiveSambaLdap::Command.read_password("Retype new password: ")
+
+unless password == password2
+  $stderr.puts "New passwords don't match."
+  exit 1
+end
+
+changed = false
+
+if options.update_unix_password
+  user.change_password(password)
+  changed = true
+end
+
+if options.update_samba_password
+  user.change_samba_password(password)
+  changed = true
+end
+
+user.save! if changed
+
+ActiveSambaLdap::Base.clear_active_connections!

data/bin/asl-populate

@@ -0,0 +1,96 @@
+#!/usr/bin/env ruby
+
+require 'fileutils'
+require 'etc'
+require 'time'
+
+require 'active_samba_ldap'
+require 'active_samba_ldap/command'
+
+argv, opts, options = ActiveSambaLdap::Command.parse_options do |opts, options|
+  default = ActiveSambaLdap::Configuration::ClassMethods::Private.new({})
+  options.start_uid = Integer(default.start_uid)
+  options.start_gid = Integer(default.start_gid)
+  options.administrator = ActiveSambaLdap::SambaUser::DOMAIN_ADMIN_NAME
+  admin_rid = ActiveSambaLdap::SambaUser::DOMAIN_ADMIN_RID
+  admins_rid = ActiveSambaLdap::SambaGroup::DOMAIN_ADMINS_RID
+  guest_rid = ActiveSambaLdap::SambaUser::DOMAIN_GUEST_RID
+  guests_rid = ActiveSambaLdap::SambaGroup::DOMAIN_GUESTS_RID
+  options.administrator_uid = ActiveSambaLdap::SambaUser.rid2uid(admin_rid)
+  options.administrator_gid = ActiveSambaLdap::SambaGroup.rid2gid(admins_rid)
+  options.guest = ActiveSambaLdap::SambaUser::DOMAIN_GUEST_NAME
+  options.guest_uid = ActiveSambaLdap::SambaUser.rid2uid(guest_rid)
+  options.guest_gid = ActiveSambaLdap::SambaGroup.rid2gid(guests_rid)
+  options.export_ldif = nil
+  options.import_ldif = nil
+
+  opts.on("-u", "--start-uid=UID", Integer,
+          "first uid number to allocate",
+          "(#{options.start_uid})") {|options.start_uid|}
+  opts.on("-g", "--start-gid=GID", Integer,
+          "first gid number to allocate",
+          "(#{options.start_gid})") {|options.start_gid|}
+  opts.on("-a", "--administrator=NAME",
+          "administrator login name",
+          "(#{options.administrator})") {|options.administrator|}
+  opts.on("--administrator-uid=UID", Integer,
+          "administrator's uid number",
+          "(#{options.administrator_uid})") {|options.administrator_uid|}
+  opts.on("--administrator-gid=GID", Integer,
+          "administrator's gid number",
+          "(#{options.administrator_gid})") {|options.administrator_gid|}
+  opts.on("-g", "--guest=NAME",
+          "guest login name (#{options.guest})") {|options.guest|}
+  opts.on("--guest-uid=UID", Integer,
+          "guest's uid number (#{options.guest_uid})") {|options.guest_uid|}
+  opts.on("--guest-gid=GID", Integer,
+          "guest's gid number (#{options.guest_gid})") {|options.guest_gid|}
+  opts.on("-e", "--export-ldif=LDIF",
+          "export LDIF file") {|options.export_ldif|}
+#   opts.on("-i", "--import-ldif=LDIF",
+#           "import LDIF file") {|options.import_ldif|}
+end
+
+unless Process.uid.zero?
+  $stderr.puts "need root authority."
+  exit 1
+end
+
+ActiveSambaLdap::Base.establish_connection("update")
+
+entries, opts = ActiveSambaLdap::Base.populate(options.marshal_dump)
+
+def init_administrator(opts, entries)
+  admin_name = opts[:administrator]
+  user_class = opts[:user_class]
+  admin = entries.find do |entry|
+    entry.is_a?(user_class) and entry.uid == admin_name
+  end
+  return if admin.new_entry?
+
+  prompt = "Password for #{admin_name}: "
+  password = ActiveSambaLdap::Command.read_password(prompt)
+  prompt2 = "Retype password for #{admin_name}: "
+  password2 = ActiveSambaLdap::Command.read_password(prompt2)
+  unless password == password2
+    $stderr.puts "Passwords don't match."
+    exit 1
+  end
+
+  admin.change_password(password)
+  admin.change_samba_password(password)
+  admin.enable
+  admin.save!
+end
+
+init_administrator(opts, entries)
+
+if options.export_ldif
+  File.open(options.export_ldif, "w") do |out|
+    out.puts(entries.join("\n"))
+  end
+end
+
+ActiveSambaLdap::Base.restart_nscd
+
+ActiveSambaLdap::Base.clear_active_connections!

data/bin/asl-purge

@@ -0,0 +1,24 @@
+#!/usr/bin/env ruby
+
+require 'fileutils'
+require 'etc'
+require 'time'
+
+require 'active_samba_ldap'
+require 'active_samba_ldap/command'
+
+argv, opts, options = ActiveSambaLdap::Command.parse_options do |opts, options|
+end
+
+unless Process.uid.zero?
+  $stderr.puts "need root authority."
+  exit 1
+end
+
+ActiveSambaLdap::Base.establish_connection("update")
+
+ActiveSambaLdap::Base.purge
+
+ActiveSambaLdap::Base.restart_nscd
+
+ActiveSambaLdap::Base.clear_active_connections!

data/bin/asl-samba-computeradd

@@ -0,0 +1,94 @@
+#!/usr/bin/env ruby
+
+require 'active_samba_ldap'
+require 'active_samba_ldap/command'
+
+argv, opts, options = ActiveSambaLdap::Command.parse_options do |opts, options|
+  options.ou = nil
+
+  opts.banner += " COMPUTER_NAME"
+
+  opts.on("-o", "--ou=OU",
+          "add the user in the organizational unit OU",
+          "(relative to the user suffix)") do |ou|
+    if /^ou=/ =~ ou
+      options.ou = ou
+    else
+      options.ou = "ou=#{ou}"
+    end
+  end
+end
+
+name = nil
+if argv.size == 1
+  name = argv.first.chomp("$") + "$"
+else
+  $stderr.puts opts
+  exit 1
+end
+
+unless Process.uid.zero?
+  $stderr.puts "need root authority."
+  exit 1
+end
+
+ActiveSambaLdap::Base.establish_connection("update")
+
+
+class User < ActiveSambaLdap::User
+  ldap_mapping
+end
+
+class Computer < ActiveSambaLdap::Computer
+  ldap_mapping
+end
+
+class Group < ActiveSambaLdap::Group
+  ldap_mapping
+end
+
+class UnixIdPool < ActiveSambaLdap::UnixIdPool
+  ldap_mapping
+end
+
+unless Computer.valid_name?(name)
+  $stderr.puts "'#{name}' is illegal computer name"
+  exit 1
+end
+
+if Computer.exists?(name)
+  $stderr.puts "computer '#{name}' already exists."
+  exit 1
+end
+
+create_options = {
+  :uid => [name, options.ou].compact.join(","),
+  :group_class => Group,
+}
+
+create_options[:description] = "Computer"
+create_options[:gecos] = "Computer"
+
+computer = nil
+begin
+  computer = Computer.create(:uid => name, :group_class => Group)
+rescue ActiveSambaLdap::UidNumberAlreadyExists
+  $stderr.puts "UID '#{uid_number}' already exists"
+  exit 1
+rescue ActiveSambaLdap::GidNumberDoesNotExist,
+  ActiveSambaLdap::GroupDoesNotExist,
+  ActiveSambaLdap::GroupDoesNotHaveSambaSID
+  $stderr.puts $!
+  exit 1
+end
+
+unless computer.errors.empty?
+  computer.errors.each_full do |message|
+    $stderr.puts(message)
+  end
+  exit 1
+end
+
+ActiveSambaLdap::Base.restart_nscd
+
+ActiveSambaLdap::Base.clear_active_connections!