activesambaldap 0.0.1

data/lib/active_samba_ldap/samba_group.rb

@@ -0,0 +1,126 @@
+require 'active_samba_ldap/group'
+
+module ActiveSambaLdap
+  class SambaGroup < Group
+    include Reloadable::Subclasses
+
+    # from librpc/ndr/security.h in Samba
+    SID_BUILTIN = "S-1-5-32"
+
+    # from source/include/rpc_misc.c in Samba
+    DOMAIN_ADMINS_RID = 0x00000200
+    DOMAIN_USERS_RID = 0x00000201
+    DOMAIN_GUESTS_RID = 0x00000202
+    DOMAIN_COMPUTERS_RID = 0x00000203
+
+    LOCAL_ADMINS_RID = 0x00000220
+    LOCAL_USERS_RID = 0x00000221
+    LOCAL_GUESTS_RID = 0x00000222
+    LOCAL_POWER_USERS_RID = 0x00000223
+
+    LOCAL_ACCOUNT_OPERATORS_RID = 0x00000224
+    LOCAL_SYSTEM_OPERATORS_RID = 0x00000225
+    LOCAL_PRINT_OPERATORS_RID = 0x00000226
+    LOCAL_BACKUP_OPERATORS_RID = 0x00000227
+
+    LOCAL_REPLICATORS_RID = 0x00000228
+
+
+    # from source/rpc_server/srv_util.c in Samba
+    DOMAIN_ADMINS_NAME = "Domain Administrators"
+    DOMAIN_USERS_NAME = "Domain Users"
+    DOMAIN_GUESTS_NAME = "Domain Guests"
+    DOMAIN_COMPUTERS_NAME = "Domain Computers"
+
+
+    WELL_KNOWN_RIDS = []
+    WELL_KNOWN_NAMES = []
+    constants.each do |name|
+      case name
+      when /_RID$/
+        WELL_KNOWN_RIDS << const_get(name)
+      when /_NAME$/
+        WELL_KNOWN_NAMES << const_get(name)
+      end
+    end
+
+
+    # from source/librpc/idl/lsa.idl in Samba
+    TYPES = {
+      "domain" => 2,
+      "local" => 4,
+      "builtin" => 5,
+    }
+
+    class << self
+      def gid2rid(gid)
+        gid = Integer(gid)
+        if WELL_KNOWN_RIDS.include?(gid)
+          gid
+        else
+          2 * gid + 1001
+        end
+      end
+
+      def rid2gid(rid)
+        rid = Integer(rid)
+        if WELL_KNOWN_RIDS.include?(rid)
+          rid
+        else
+          (rid - 1001) / 2
+        end
+      end
+
+      def start_rid
+        gid2rid(start_gid)
+      end
+
+      private
+      def default_classes
+        super + ["sambaGroupMapping"]
+      end
+    end
+
+    def fill_default_values(options={})
+      change_type(options[:group_type] || "domain") unless samba_group_type
+      self.display_name ||= options[:display_name] || cn
+      super
+    end
+
+    def change_gid_number(gid, allow_non_unique=false)
+      super
+      rid = self.class.gid2rid(gid_number.to_s)
+      change_sid(rid, allow_non_unique)
+    end
+
+    def change_gid_number_by_rid(rid, allow_non_unique=false)
+      change_gid_number(self.class.rid2gid(rid), allow_non_unique)
+    end
+
+    def change_sid(rid, allow_non_unique=false)
+      if (LOCAL_ADMINS_RID..LOCAL_REPLICATORS_RID).include?(rid.to_i)
+        sid = "#{SID_BUILTIN}-#{rid}"
+      else
+        sid = "#{self.class.configuration[:sid]}-#{rid}"
+      end
+      # check_unique_sid_number(sid) unless allow_non_unique
+      self.samba_sid = sid
+    end
+
+    def rid
+      Integer(samba_sid.split(/-/).last)
+    end
+
+    def change_type(type)
+      normalized_type = type.to_s.downcase
+      if TYPES.has_key?(normalized_type)
+        type = TYPES[normalized_type]
+      elsif TYPES.values.include?(type.to_i)
+	# pass
+      else
+        raise ArgumentError, "invalid type: #{type}"
+      end
+      self.samba_group_type = type.to_s
+    end
+  end
+end

data/lib/active_samba_ldap/samba_user.rb

@@ -0,0 +1,39 @@
+require 'active_samba_ldap/entry'
+require 'active_samba_ldap/account'
+require 'active_samba_ldap/user_account'
+require 'active_samba_ldap/samba_account'
+
+module ActiveSambaLdap
+  class SambaUser < Base
+    include Reloadable::Subclasses
+
+    include Entry
+
+    include Account
+    include UserAccount
+    include SambaAccount
+
+    def fill_default_values(options={})
+      super
+
+      subst = Proc.new do |key|
+        value = options[key]
+        if value
+          substitute_template(value)
+        else
+          substituted_value(key)
+        end
+      end
+
+      self.samba_home_path ||= subst[:user_home_unc]
+      self.samba_home_drive ||= subst[:user_home_drive].sub(/([^:])$/, "\\1:")
+      self.samba_profile_path ||= subst[:user_profile]
+      self.samba_logon_script ||= subst[:user_logon_script]
+    end
+
+    private
+    def default_account_flags
+      "[UH]"
+    end
+  end
+end

data/lib/active_samba_ldap/unix_id_pool.rb

@@ -0,0 +1,41 @@
+module ActiveSambaLdap
+  class UnixIdPool < Base
+    include Reloadable::Subclasses
+
+    class << self
+      def ldap_mapping(options={})
+        default_options = {
+          :dn_attribute => "sambaDomainName",
+          :prefix => "",
+          :classes => ["top", "sambaDomain", "sambaUnixIdPool"],
+        }
+        options = default_options.merge(options)
+        super options
+      end
+    end
+
+    def find_available_uid_number(account_class)
+      find_available_number(account_class, "uidNumber", uid_number) do
+        account_class.configuration[:start_uid]
+      end
+    end
+
+    def find_available_gid_number(group_class)
+      find_available_number(group_class, "gidNumber", gid_number) do
+        group_class.configuration[:start_gid]
+      end
+    end
+
+    private
+    def find_available_number(klass, key, start_value)
+      number = Integer(start_value || yield)
+
+      100.times do |i|
+        return number if klass.search(:filter => "(#{key}=#{number})").empty?
+        number += 1
+      end
+
+      nil
+    end
+  end
+end

data/lib/active_samba_ldap/user.rb

@@ -0,0 +1,14 @@
+require 'active_samba_ldap/entry'
+require 'active_samba_ldap/account'
+require 'active_samba_ldap/user_account'
+
+module ActiveSambaLdap
+  class User < Base
+    include Reloadable::Subclasses
+
+    include Entry
+
+    include Account
+    include UserAccount
+  end
+end

data/lib/active_samba_ldap/user_account.rb

@@ -0,0 +1,30 @@
+module ActiveSambaLdap
+  module UserAccount
+    NAME_RE = /\A#{Account::NAME_RE_SRC}\z/
+
+    def self.included(base)
+      super
+      base.extend(ClassMethods)
+      base.validates_format_of :uid, :with => NAME_RE
+    end
+
+    module ClassMethods
+      def valid_name?(name)
+        NAME_RE =~ name ? true : false
+      end
+
+      private
+      def default_prefix
+        configuration[:users_suffix]
+      end
+    end
+
+    def remove_from_group(group)
+      group.users.delete(self)
+    end
+
+    def default_gid_number
+      self.class.configuration[:default_user_gid]
+    end
+  end
+end

data/lib/active_samba_ldap/version.rb

@@ -0,0 +1,3 @@
+module ActiveSambaLdap
+  VERSION = "0.0.1"
+end

data/lib/active_samba_ldap.rb

@@ -0,0 +1,29 @@
+require_gem_if_need = Proc.new do |library_name, gem_name, *options|
+  begin
+    require library_name
+  rescue LoadError
+    require 'rubygems'
+    require_gem gem_name, *options
+    require library_name
+  end
+end
+
+require_gem_if_need.call("active_ldap", "activeldap", ">= 0.8.0")
+
+require 'active_samba_ldap/version'
+require 'active_samba_ldap/base'
+require "active_samba_ldap/configuration"
+require 'active_samba_ldap/populate'
+
+ActiveSambaLdap::Base.class_eval do
+  include ActiveSambaLdap::Configuration
+  include ActiveSambaLdap::Populate
+end
+
+require 'active_samba_ldap/user'
+require 'active_samba_ldap/group'
+require 'active_samba_ldap/computer'
+require 'active_samba_ldap/idmap'
+require 'active_samba_ldap/unix_id_pool'
+require 'active_samba_ldap/ou'
+require 'active_samba_ldap/dc'

data/lib/samba/encrypt.rb

@@ -0,0 +1,86 @@
+require 'openssl'
+
+module Samba
+  module Encrypt
+    module_function
+    def lm_hash(password, encoding=nil)
+      dos_password = Private.convert_encoding("ISO-8859-1",
+                                              encoding || "UTF-8",
+                                              password.upcase)
+      if dos_password.size > 14
+        warn("password is truncated to 14 characters")
+        dos_password = dos_password[0, 14]
+      end
+      Private.encrypt_14characters(dos_password).unpack("C*").collect do |char|
+        "%02X" % char
+      end.join
+    end
+
+    def ntlm_hash(password, encoding=nil)
+      ucs2_password = Private.convert_encoding("UCS-2",
+                                               encoding || "UTF-8",
+                                               password)
+      if ucs2_password.size > 256
+        raise ArgumentError.new("must be <= 256 characters in UCS-2")
+      end
+      hex = OpenSSL::Digest::MD4.new(ucs2_password).hexdigest.upcase
+      hex
+    end
+
+    module Private
+      module_function
+      def convert_encoding(to, from, str)
+        if same_encoding?(to, from)
+          str
+        else
+          require 'iconv'
+          Iconv.iconv(to, from, str).join
+        end
+      end
+
+      def normalize_encoding(encoding)
+        encoding.downcase.gsub(/-/, "_")
+      end
+
+      def same_encoding?(a, b)
+        na = normalize_encoding(a)
+        nb = normalize_encoding(b)
+        na == nb or na.gsub(/_/, '') == nb.gsub(/_/, '')
+      end
+
+      def str_to_key(str)
+        key = "\000" * 8
+        key[0] = str[0] >> 1;
+        key[1] = ((str[0] & 0x01) << 6) | (str[1] >> 2);
+        key[2] = ((str[1] & 0x03) << 5) | (str[2] >> 3);
+        key[3] = ((str[2] & 0x07) << 4) | (str[3] >> 4);
+        key[4] = ((str[3] & 0x0F) << 3) | (str[4] >> 5);
+        key[5] = ((str[4] & 0x1F) << 2) | (str[5] >> 6);
+        key[6] = ((str[5] & 0x3F) << 1) | (str[6] >> 7);
+        key[7] = str[6] & 0x7F;
+
+        key.size.times do |i|
+          key[i] = (key[i] << 1);
+        end
+
+        key
+      end
+
+      def des_crypt56(input, key_str, forward_only)
+        key = str_to_key(key_str)
+        encoder = OpenSSL::Cipher::DES.new
+        encoder.encrypt
+        encoder.key = key
+        encoder.update(input)
+      end
+
+      LM_MAGIC = "KGS!@\#$%"
+      def encrypt_14characters(chars)
+        raise ArgumentError.new("must be <= 14 characters") if chars.size > 14
+        chars = chars.to_s.ljust(14, "\000")
+        des_crypt56(LM_MAGIC, chars[0, 7], true) +
+          des_crypt56(LM_MAGIC, chars[7, 7], true)
+      end
+    end
+  end
+end

data/misc/rd2html.rb

@@ -0,0 +1,42 @@
+#!/usr/bin/env ruby
+
+top = File.expand_path(File.join(File.dirname(__FILE__), ".."))
+html_dir = File.join(top, "html")
+
+require "fileutils"
+
+css = "base.css"
+kcode = "utf8"
+
+options = [
+  "-I#{File.join(top, 'misc')}",
+  "-S",
+  "rd2",
+  "-rrd/rd2html-lib",
+  "--out-code=#{kcode}",
+  proc do |f|
+    "--html-title=#{File.basename(f)}"
+  end,
+#   proc do |f|
+#     "--with-css=#{css}"
+#   end,
+  proc do |f|
+    f
+  end
+]
+
+Dir[File.join(top, "*.{ja,en}")].each do |f|
+  if /(README|NEWS)\.(ja|en)\z/ =~ f
+    args = options.collect do |x|
+      if x.respond_to?(:call)
+        x.call(f)
+      else
+        x
+      end
+    end
+    output_base = File.basename(f).sub(/(ja|en)\z/, "html.\\1")
+    File.open(File.join(html_dir, output_base), "w") do |out|
+      out.puts(`ruby #{args.flatten.join(' ')}`)
+    end
+  end
+end

data/rails/plugin/active_samba_ldap/README

@@ -0,0 +1,30 @@
+= ActiveSambaLdap plugin for Ruby on Rails
+
+== Setup
+
+You need to write RAILS_ROOT/config/ldap.yml like the following:
+
+  development:
+    host: 127.0.0.1
+    port: 389
+    base: dc=devel,dc=local,dc=net
+    bind_dn: cn=admin,dc=local,dc=net
+    password: secret
+    sid: S-1-5-21-915876905-2926214379-2876160357
+
+  test:
+    host: 127.0.0.1
+    port: 389
+    base: dc=test,dc=local,dc=net
+    bind_dn: cn=admin,dc=local,dc=net
+    password: secret
+    sid: S-1-5-21-915876905-2926214379-2876160357
+
+  production:
+    host: 127.0.0.1
+    port: 389
+    method: :tls
+    base: dc=production,dc=local,dc=net
+    bind_dn: cn=admin,dc=local,dc=net
+    password: secret
+    sid: S-1-5-21-915876905-2926214379-2876160357

data/rails/plugin/active_samba_ldap/generators/scaffold_asl/scaffold_asl_generator.rb

@@ -0,0 +1,28 @@
+class ScaffoldAslGenerator < Rails::Generator::Base
+  def manifest
+    record do |m|
+
+      m.template("ldap.yml", File.join("config", "ldap.yml"))
+
+      %w(user computer group unix_id_pool idmap ou dc).each do |component|
+        m.template("#{component}.rb",
+                   File.join("app", "models", "#{component}.rb"))
+      end
+
+      component = "samba"
+      controller_class_name = "#{Inflector.camelize(component)}Controller"
+      options = {:assigns => {:controller_class_name => controller_class_name}}
+
+      m.template("#{component}_controller.rb",
+                 File.join("app", "controllers", "#{component}_controller.rb"))
+      m.template("#{component}_helper.rb",
+                 File.join("app", "helpers", "#{component}_helper.rb"))
+      m.directory(File.join("app", "views", component))
+      %w(index populate purge).each do |action|
+        m.template("#{component}_#{action}.rhtml",
+                   File.join("app", "views", component, "#{action}.rhtml"),
+                   options)
+      end
+    end
+  end
+end

data/rails/plugin/active_samba_ldap/generators/scaffold_asl/templates/computer.rb

@@ -0,0 +1,3 @@
+class Computer < ActiveSambaLdap::SambaComputer
+  ldap_mapping
+end

data/rails/plugin/active_samba_ldap/generators/scaffold_asl/templates/dc.rb

@@ -0,0 +1,3 @@
+class Dc < ActiveSambaLdap::Dc
+  ldap_mapping
+end

data/rails/plugin/active_samba_ldap/generators/scaffold_asl/templates/group.rb

@@ -0,0 +1,3 @@
+class Group < ActiveSambaLdap::SambaGroup
+  ldap_mapping
+end

data/rails/plugin/active_samba_ldap/generators/scaffold_asl/templates/idmap.rb

@@ -0,0 +1,3 @@
+class Idmap < ActiveSambaLdap::Idmap
+  ldap_mapping
+end

data/rails/plugin/active_samba_ldap/generators/scaffold_asl/templates/ldap.yml

@@ -0,0 +1,24 @@
+development:
+  host: 127.0.0.1
+  port: 389
+  base: dc=devel,dc=local,dc=net
+  bind_dn: cn=admin,dc=local,dc=net
+  password: secret
+  sid: S-1-5-21-915876905-2926214379-2876160357
+
+test:
+  host: 127.0.0.1
+  port: 389
+  base: dc=test,dc=local,dc=net
+  bind_dn: cn=admin,dc=local,dc=net
+  password: secret
+  sid: S-1-5-21-915876905-2926214379-2876160357
+
+production:
+  host: 127.0.0.1
+  port: 389
+  method: :tls
+  base: dc=production,dc=local,dc=net
+  bind_dn: cn=admin,dc=local,dc=net
+  password: secret
+  sid: S-1-5-21-915876905-2926214379-2876160357

data/rails/plugin/active_samba_ldap/generators/scaffold_asl/templates/ou.rb

@@ -0,0 +1,3 @@
+class Ou < ActiveSambaLdap::Ou
+  ldap_mapping
+end

data/rails/plugin/active_samba_ldap/generators/scaffold_asl/templates/samba_controller.rb

@@ -0,0 +1,12 @@
+class SambaController < ApplicationController
+  def index
+  end
+
+  def populate
+    @entries, options = ActiveSambaLdap::Base.populate
+  end
+
+  def purge
+    ActiveSambaLdap::Base.purge
+  end
+end

data/rails/plugin/active_samba_ldap/generators/scaffold_asl/templates/samba_helper.rb

@@ -0,0 +1,2 @@
+module SambaHelper
+end

data/rails/plugin/active_samba_ldap/generators/scaffold_asl/templates/samba_index.rhtml

@@ -0,0 +1,17 @@
+<html>
+  <head>
+    <title><%= controller_class_name %>: <%%= controller.action_name %></title>
+  </head>
+  <body>
+    <h1>Samba + LDAP Management</h1>
+    <ul>
+      <li>
+        <%%= link_to "Populate Samba + LDAP environment",
+                     :action => :populate %>
+      </li>
+      <li>
+        <%%= link_to "Purge Samba + LDAP environment", :action => :purge %>
+      </li>
+    </ul>
+  </body>
+</html>

data/rails/plugin/active_samba_ldap/generators/scaffold_asl/templates/samba_populate.rhtml

@@ -0,0 +1,15 @@
+<html>
+  <head>
+    <title><%= controller_class_name %>: <%%= controller.action_name %></title>
+  </head>
+  <body>
+    <h1>Samba + LDAP Management</h1>
+    <p>Populated.</p>
+    <ul>
+    <%% @entries.each do |entry| %>
+      <li><%%= h entry.dn %></li>
+    <%% end %>
+    </ul>
+    <%%= link_to "Back", :action => nil %>
+  </body>
+</html>

data/rails/plugin/active_samba_ldap/generators/scaffold_asl/templates/samba_purge.rhtml

@@ -0,0 +1,10 @@
+<html>
+  <head>
+    <title><%= controller_class_name %>: <%%= controller.action_name %></title>
+  </head>
+  <body>
+    <h1>Samba + LDAP Management</h1>
+    <p>Purged.</p>
+    <%%= link_to "Back", :action => nil %>
+  </body>
+</html>

data/rails/plugin/active_samba_ldap/generators/scaffold_asl/templates/unix_id_pool.rb

@@ -0,0 +1,3 @@
+class UnixIdPool < ActiveSambaLdap::UnixIdPool
+  ldap_mapping
+end

data/rails/plugin/active_samba_ldap/generators/scaffold_asl/templates/user.rb

@@ -0,0 +1,3 @@
+class User < ActiveSambaLdap::SambaUser
+  ldap_mapping
+end

data/rails/plugin/active_samba_ldap/init.rb

@@ -0,0 +1,6 @@
+require_dependency 'active_samba_ldap'
+ActiveSambaLdap::Base.logger ||= RAILS_DEFAULT_LOGGER
+ldap_configuration_file = File.join(RAILS_ROOT, 'config', 'ldap.yml')
+ActiveSambaLdap::Base.configurations =
+  ActiveSambaLdap::Configuration.read(ldap_configuration_file)
+ActiveSambaLdap::Base.establish_connection