drbservice 1.0.4
Sign up to get free protection for your applications and to get access to all the features.
- data.tar.gz.sig +2 -0
- data/.gemtest +0 -0
- data/ChangeLog +249 -0
- data/History.rdoc +4 -0
- data/LICENSE +27 -0
- data/Manifest.txt +18 -0
- data/README.rdoc +74 -0
- data/Rakefile +38 -0
- data/examples/homedirservice.rb +110 -0
- data/examples/rubyversion.rb +26 -0
- data/lib/drb/authsslprotocol.rb +55 -0
- data/lib/drbservice.rb +208 -0
- data/lib/drbservice/ldapauth.rb +200 -0
- data/lib/drbservice/passwordauth.rb +58 -0
- data/lib/drbservice/utils.rb +426 -0
- data/spec/drb/authsslprotocol_spec.rb +76 -0
- data/spec/drbservice/ldapauth_spec.rb +382 -0
- data/spec/drbservice/passwordauth_spec.rb +141 -0
- data/spec/drbservice_spec.rb +168 -0
- data/spec/lib/helpers.rb +108 -0
- metadata +166 -0
- metadata.gz.sig +2 -0
data.tar.gz.sig
ADDED
data/.gemtest
ADDED
File without changes
|
data/ChangeLog
ADDED
@@ -0,0 +1,249 @@
|
|
1
|
+
2011-08-29 Michael Granger <ged@FaerieMUD.org>
|
2
|
+
|
3
|
+
* .hgtags:
|
4
|
+
Added tag v1.0.4 for changeset b250b71fa728
|
5
|
+
[8550332d12a5] [tip]
|
6
|
+
|
7
|
+
* .hgsigs:
|
8
|
+
Added signature for changeset 59c8e5acd8bb
|
9
|
+
[b250b71fa728] [v1.0.4]
|
10
|
+
|
11
|
+
* lib/drbservice.rb:
|
12
|
+
Bump minor version for release.
|
13
|
+
[59c8e5acd8bb]
|
14
|
+
|
15
|
+
* spec/lib/helpers.rb:
|
16
|
+
Fix for RSpec >= 2.6.0.
|
17
|
+
[0fad2566e6ae] [github/master]
|
18
|
+
|
19
|
+
* .hgignore, History.md, History.rdoc, Manifest.txt, README.md,
|
20
|
+
README.rdoc, Rakefile, lib/drb/authsslprotocol.rb,
|
21
|
+
lib/drbservice.rb, lib/drbservice/ldapauth.rb,
|
22
|
+
lib/drbservice/utils.rb:
|
23
|
+
De-Yard, docs cleanup.
|
24
|
+
[87bc5aa9e2be]
|
25
|
+
|
26
|
+
* examples/homedirservice.rb, examples/rubyversion.rb:
|
27
|
+
A few more example fixes.
|
28
|
+
[ad2d90b0aae2]
|
29
|
+
|
30
|
+
* examples/homedirservice.rb:
|
31
|
+
Fix the auth mixin require in the homedirservice example.
|
32
|
+
[6cb7201f5934]
|
33
|
+
|
34
|
+
* examples/homedirservice.rb, examples/rubyversion.rb:
|
35
|
+
Fixed the examples to use the hash-argument ::start instead of the
|
36
|
+
old 4-arg style. Thanks to Mike Hix for pointing this out.
|
37
|
+
[2b1f61e44360]
|
38
|
+
|
39
|
+
2011-06-02 Michael Granger <ged@FaerieMUD.org>
|
40
|
+
|
41
|
+
* .hgsubstate, Rakefile, lib/drbservice.rb,
|
42
|
+
spec/drb/authsslprotocol_spec.rb, spec/drbservice/ldapauth_spec.rb,
|
43
|
+
spec/drbservice/passwordauth_spec.rb, spec/drbservice_spec.rb,
|
44
|
+
spec/lib/helpers.rb:
|
45
|
+
Merge with 127eef144aab
|
46
|
+
[48b523f7d5d1]
|
47
|
+
|
48
|
+
2011-06-01 Michael Granger <ged@FaerieMUD.org>
|
49
|
+
|
50
|
+
* .hgignore:
|
51
|
+
Ignore all PEM files instead of just ones under experiments/
|
52
|
+
[94cb33b621f1]
|
53
|
+
|
54
|
+
2011-03-22 Michael Granger <ged@FaerieMUD.org>
|
55
|
+
|
56
|
+
* .hgignore, .hgsub, .hgsubstate, .hgsubstate, History.md,
|
57
|
+
Manifest.txt, README, README.md, Rakefile,
|
58
|
+
examples/homedirservice.rb, lib/drbservice.rb, project.yml,
|
59
|
+
spec/drb/authsslprotocol_spec.rb, spec/drbservice/ldapauth_spec.rb,
|
60
|
+
spec/drbservice/passwordauth_spec.rb, spec/drbservice_spec.rb,
|
61
|
+
spec/lib/helpers.rb:
|
62
|
+
Converted to Hoe + Rspec2.
|
63
|
+
[43fde1b39dc8]
|
64
|
+
|
65
|
+
2010-11-22 Michael Granger <ged@FaerieMUD.org>
|
66
|
+
|
67
|
+
* .hgtags:
|
68
|
+
Added tag 1.0.3 for changeset 2579ef395c28
|
69
|
+
[127eef144aab]
|
70
|
+
|
71
|
+
* .hgsigs:
|
72
|
+
Added signature for changeset ac1224d968a3
|
73
|
+
[2579ef395c28] [1.0.3]
|
74
|
+
|
75
|
+
* .hgignore, .hgsubstate, Rakefile, lib/drbservice.rb, project.yml,
|
76
|
+
spec/drb/authsslprotocol_spec.rb, spec/drbservice/ldapauth_spec.rb,
|
77
|
+
spec/drbservice/passwordauth_spec.rb, spec/drbservice_spec.rb,
|
78
|
+
spec/lib/helpers.rb:
|
79
|
+
Converted tests to RSpec 2, updated build system.
|
80
|
+
[ac1224d968a3]
|
81
|
+
|
82
|
+
2010-09-17 Michael Granger <ged@FaerieMUD.org>
|
83
|
+
|
84
|
+
* .hgtags:
|
85
|
+
Added tag 1.0.2 for changeset aafc620fe400
|
86
|
+
[2d3b180c09f8]
|
87
|
+
|
88
|
+
* .hgsigs:
|
89
|
+
Added signature for changeset df7b5e123ed7
|
90
|
+
[aafc620fe400] [1.0.2]
|
91
|
+
|
92
|
+
* .hgsub, .hgsubstate, Rakefile, lib/drbservice.rb,
|
93
|
+
spec/drb/authsslprotocol_spec.rb, spec/drbservice/ldapauth_spec.rb,
|
94
|
+
spec/drbservice/passwordauth_spec.rb, spec/drbservice_spec.rb:
|
95
|
+
Runtime fixes, build system updates.
|
96
|
+
* Version bump to 1.0.2
|
97
|
+
* Set the process name to the service name and uri.
|
98
|
+
* Fix the logic for which methods to obscure
|
99
|
+
* Fixes for Ruby 1.9.2
|
100
|
+
[df7b5e123ed7]
|
101
|
+
|
102
|
+
2010-06-29 Michael Granger <ged@FaerieMUD.org>
|
103
|
+
|
104
|
+
* lib/drbservice.rb:
|
105
|
+
Only obscure public methods, as protected methods are already
|
106
|
+
inaccessible
|
107
|
+
[7700fbce0823]
|
108
|
+
|
109
|
+
2010-06-17 Michael Granger <ged@FaerieMUD.org>
|
110
|
+
|
111
|
+
* bin/drbservice, lib/drbservice/ldapauth.rb:
|
112
|
+
Started the drbservice CLI tool, small enhancements to ldapauth
|
113
|
+
mixin.
|
114
|
+
* Adding drbservice tool for creating new services
|
115
|
+
* DRbService::LDAPAuth
|
116
|
+
- Adding authuser and authuser_branch attributes
|
117
|
+
- Don't log passwords. Stupid.
|
118
|
+
[d846d86005c8]
|
119
|
+
|
120
|
+
* .hgignore:
|
121
|
+
Ignore Emacs backups
|
122
|
+
[fbb2410ab153]
|
123
|
+
|
124
|
+
* lib/drbservice.rb:
|
125
|
+
Fixed REVISION keyword
|
126
|
+
[cfcd91f854e7]
|
127
|
+
|
128
|
+
2010-06-16 Michael Granger <ged@FaerieMUD.org>
|
129
|
+
|
130
|
+
* .hgtags:
|
131
|
+
Added tag 1.0.1 for changeset a44c7cc339e5
|
132
|
+
[c40ae6332bb1]
|
133
|
+
|
134
|
+
* .hgsigs:
|
135
|
+
Added signature for changeset 1e217bbd49c9
|
136
|
+
[a44c7cc339e5] [1.0.1]
|
137
|
+
|
138
|
+
* lib/drbservice.rb, lib/drbservice/ldapauth.rb,
|
139
|
+
spec/drbservice_spec.rb:
|
140
|
+
Pass the service config to the constructor of the front object to
|
141
|
+
allow for configurable services.
|
142
|
+
* Modified the DRbService.start method to use a config hash instead of
|
143
|
+
a parameter list.
|
144
|
+
* Log the binding user and password in the LdapAuthentication mixin
|
145
|
+
until I can test it more thoroughly.
|
146
|
+
[1e217bbd49c9]
|
147
|
+
|
148
|
+
2010-06-04 Michael Granger <ged@FaerieMUD.org>
|
149
|
+
|
150
|
+
* .hgignore, README, Rakefile, examples/homedirservice.rb,
|
151
|
+
examples/roottrusted.rb, lib/drbservice.rb, project.yml,
|
152
|
+
spec/drbservice_spec.rb:
|
153
|
+
Fixed the SSL cert problem in DRb::Service.start, README/examples
|
154
|
+
corrections.
|
155
|
+
[7e47a5da137e]
|
156
|
+
|
157
|
+
* .hgtags:
|
158
|
+
Added tag 1.0.0 for changeset 5dbc6f3c1661
|
159
|
+
[2a8d298eb3ee]
|
160
|
+
|
161
|
+
* .hgsigs:
|
162
|
+
Added signature for changeset 8ec0ab828ada
|
163
|
+
[5dbc6f3c1661] [1.0.0]
|
164
|
+
|
165
|
+
2010-05-05 Michael Granger <ged@FaerieMUD.org>
|
166
|
+
|
167
|
+
* .hgignore, .irbrc, README, Rakefile, examples/roottrusted.rb,
|
168
|
+
lib/drbservice.rb, lib/drbservice/ldapauth.rb,
|
169
|
+
lib/drbservice/utils.rb, spec/drbservice/ldapauth_spec.rb,
|
170
|
+
spec/drbservice_spec.rb:
|
171
|
+
* Added a project .irbrc
|
172
|
+
* Updated build system
|
173
|
+
* Added more YARD docs
|
174
|
+
* Made the real_methods hash of the DRbService class a class instance
|
175
|
+
variable instead of a class variable for simplicity
|
176
|
+
* Finished initial work on the LDAPAuthentication mixin
|
177
|
+
[8ec0ab828ada]
|
178
|
+
|
179
|
+
2010-04-05 Michael Granger <ged@FaerieMUD.org>
|
180
|
+
|
181
|
+
* .hgignore, examples/roottrusted.rb, examples/rubyversion.rb,
|
182
|
+
lib/drbservice.rb, lib/drbservice/ldapauth.rb,
|
183
|
+
lib/drbservice/passwordauth.rb, spec/drbservice/ldapauth_spec.rb,
|
184
|
+
spec/drbservice/passwordauth_spec.rb, spec/drbservice_spec.rb:
|
185
|
+
Factored out authentication into a mixin.
|
186
|
+
* Factored the shared-secret authentication from the base DRbService
|
187
|
+
class into DRbService::PasswordAuthentication.
|
188
|
+
* Added a nascent LDAP authentication mixin.
|
189
|
+
* Added some example services.
|
190
|
+
[15d9e50c7f24]
|
191
|
+
|
192
|
+
2010-03-29 Michael Granger <ged@FaerieMUD.org>
|
193
|
+
|
194
|
+
* lib/drb/authsslprotocol.rb, spec/drb/authsslprotocol_spec.rb,
|
195
|
+
spec/drbservice_spec.rb:
|
196
|
+
Authenticated SSL protocol work, more tests for the basic service
|
197
|
+
class.
|
198
|
+
[efd5316143eb]
|
199
|
+
|
200
|
+
2010-03-28 Michael Granger <ged@FaerieMUD.org>
|
201
|
+
|
202
|
+
* lib/drbservice.rb, lib/drbservice/utils.rb:
|
203
|
+
Merged with 3:f0e9e2a7bace
|
204
|
+
[6a8c5fc9d0ac]
|
205
|
+
|
206
|
+
2010-03-09 Michael Granger <ged@FaerieMUD.org>
|
207
|
+
|
208
|
+
* experiments/irbclient.rb, experiments/sslauthservice-spike.rb,
|
209
|
+
features/basicservice.feature, lib/drbservice.rb,
|
210
|
+
lib/drbservice/utils.rb, spec/drbservice_spec.rb,
|
211
|
+
spec/lib/helpers.rb:
|
212
|
+
First working (tested) version, IRb experiment
|
213
|
+
* Created the first working version of the base service class from the
|
214
|
+
strategy worked out in the spike.
|
215
|
+
* Added an experiment script to wrap the service object in an IRb
|
216
|
+
shell for further experimentation.
|
217
|
+
[f0e9e2a7bace]
|
218
|
+
|
219
|
+
2010-03-26 Michael Granger <ged@FaerieMUD.org>
|
220
|
+
|
221
|
+
* experiments/irbclient.rb, experiments/sslauthservice-spike.rb,
|
222
|
+
features/basicservice.feature, lib/drb/authsslprotocol.rb,
|
223
|
+
lib/drbservice.rb, lib/drbservice/utils.rb,
|
224
|
+
spec/drb/authsslprotocol_spec.rb, spec/drbservice_spec.rb,
|
225
|
+
spec/lib/helpers.rb:
|
226
|
+
Checkpoint commit
|
227
|
+
[a3442ae4e182]
|
228
|
+
|
229
|
+
2010-03-08 Michael Granger <ged@FaerieMUD.org>
|
230
|
+
|
231
|
+
* experiments/sslauthclient-spike.rb, experiments/sslauthservice-
|
232
|
+
spike.rb:
|
233
|
+
First working version of the spike. Now to implement as a library
|
234
|
+
/command-line tool.
|
235
|
+
[53f00f271569]
|
236
|
+
|
237
|
+
* .hgignore, experiments/sslauthclient-spike.rb, experiments
|
238
|
+
/sslauthservice-spike.rb:
|
239
|
+
Checkpoint commit
|
240
|
+
[978d5fc07e50]
|
241
|
+
|
242
|
+
2010-03-04 Michael Granger <ged@FaerieMUD.org>
|
243
|
+
|
244
|
+
* LICENSE, README, Rakefile, experiments/sslauthclient-spike.rb,
|
245
|
+
experiments/sslauthservice-spike.rb, features/basicservice.feature,
|
246
|
+
features/commandline.feature, lib/drbservice.rb, project.yml,
|
247
|
+
spec/drbservice_spec.rb:
|
248
|
+
Initial spike of service and client
|
249
|
+
[cbfe682e8e43]
|
data/History.rdoc
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
Copyright (c) 2010, Michael Granger
|
2
|
+
All rights reserved.
|
3
|
+
|
4
|
+
Redistribution and use in source and binary forms, with or without
|
5
|
+
modification, are permitted provided that the following conditions are met:
|
6
|
+
|
7
|
+
* Redistributions of source code must retain the above copyright notice,
|
8
|
+
this list of conditions and the following disclaimer.
|
9
|
+
|
10
|
+
* Redistributions in binary form must reproduce the above copyright notice,
|
11
|
+
this list of conditions and the following disclaimer in the documentation
|
12
|
+
and/or other materials provided with the distribution.
|
13
|
+
|
14
|
+
* Neither the name of the author/s, nor the names of the project's
|
15
|
+
contributors may be used to endorse or promote products derived from this
|
16
|
+
software without specific prior written permission.
|
17
|
+
|
18
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
19
|
+
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
20
|
+
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
21
|
+
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
|
22
|
+
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
23
|
+
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
24
|
+
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
25
|
+
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
26
|
+
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
27
|
+
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
data/Manifest.txt
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
ChangeLog
|
2
|
+
History.rdoc
|
3
|
+
LICENSE
|
4
|
+
Manifest.txt
|
5
|
+
README.rdoc
|
6
|
+
Rakefile
|
7
|
+
examples/homedirservice.rb
|
8
|
+
examples/rubyversion.rb
|
9
|
+
lib/drb/authsslprotocol.rb
|
10
|
+
lib/drbservice.rb
|
11
|
+
lib/drbservice/ldapauth.rb
|
12
|
+
lib/drbservice/passwordauth.rb
|
13
|
+
lib/drbservice/utils.rb
|
14
|
+
spec/drb/authsslprotocol_spec.rb
|
15
|
+
spec/drbservice/ldapauth_spec.rb
|
16
|
+
spec/drbservice/passwordauth_spec.rb
|
17
|
+
spec/drbservice_spec.rb
|
18
|
+
spec/lib/helpers.rb
|
data/README.rdoc
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
= drbservice
|
2
|
+
|
3
|
+
* https://bitbucket.org/ged/drbservice
|
4
|
+
|
5
|
+
== Description
|
6
|
+
|
7
|
+
DRbService is a framework we use at LAIKA for creating authenticated
|
8
|
+
SSL-encrypted DRb services that provide access to privileged operations
|
9
|
+
without the need to give shell access to everyone.
|
10
|
+
|
11
|
+
There are a few examples in the `examples/` directory of the gem, which
|
12
|
+
are stripped-down versions of the services we actually use.
|
13
|
+
|
14
|
+
The current implementation is kind of a hack, but I intend to
|
15
|
+
eventually finish a DRb protocol that does the same thing in a more
|
16
|
+
elegant, less-hackish way, as well as a tool that can generate
|
17
|
+
a new service along with support files for one of several different
|
18
|
+
runtime environments.
|
19
|
+
|
20
|
+
If you're curious, see the `drb/authsslprotocol.rb` file for the
|
21
|
+
protocol. This will replace the current method-hiding code in
|
22
|
+
`drbservice.rb`, but existing services should be able to switch over
|
23
|
+
quite easily. Or that's the intention.
|
24
|
+
|
25
|
+
|
26
|
+
== Installation
|
27
|
+
|
28
|
+
gem install drbservice
|
29
|
+
|
30
|
+
|
31
|
+
== Contributing
|
32
|
+
|
33
|
+
You can check out the current development source with Mercurial via its
|
34
|
+
{Bitbucket project}[https://bitbucket.org/ged/drbservice]. Or if you prefer Git, via
|
35
|
+
{its Github mirror}[https://github.com/ged/drbservice].
|
36
|
+
|
37
|
+
After checking out the source, run:
|
38
|
+
|
39
|
+
$ rake newb
|
40
|
+
|
41
|
+
This task will install any missing dependencies, run the tests/specs,
|
42
|
+
and generate the API documentation.
|
43
|
+
|
44
|
+
|
45
|
+
== License
|
46
|
+
|
47
|
+
Copyright (c) 2010, 2011, Michael Granger
|
48
|
+
All rights reserved.
|
49
|
+
|
50
|
+
Redistribution and use in source and binary forms, with or without
|
51
|
+
modification, are permitted provided that the following conditions are met:
|
52
|
+
|
53
|
+
* Redistributions of source code must retain the above copyright notice,
|
54
|
+
this list of conditions and the following disclaimer.
|
55
|
+
|
56
|
+
* Redistributions in binary form must reproduce the above copyright notice,
|
57
|
+
this list of conditions and the following disclaimer in the documentation
|
58
|
+
and/or other materials provided with the distribution.
|
59
|
+
|
60
|
+
* Neither the name of the author/s, nor the names of the project's
|
61
|
+
contributors may be used to endorse or promote products derived from this
|
62
|
+
software without specific prior written permission.
|
63
|
+
|
64
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
65
|
+
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
66
|
+
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
67
|
+
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
|
68
|
+
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
69
|
+
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
70
|
+
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
71
|
+
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
72
|
+
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
73
|
+
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
74
|
+
|
data/Rakefile
ADDED
@@ -0,0 +1,38 @@
|
|
1
|
+
#!/usr/bin/env rake
|
2
|
+
|
3
|
+
begin
|
4
|
+
require 'hoe'
|
5
|
+
rescue LoadError
|
6
|
+
abort "This Rakefile requires 'hoe' (gem install hoe)"
|
7
|
+
end
|
8
|
+
|
9
|
+
Hoe.plugin :mercurial
|
10
|
+
Hoe.plugin :signing
|
11
|
+
|
12
|
+
Hoe.plugins.delete :rubyforge
|
13
|
+
|
14
|
+
hoespec = Hoe.spec 'drbservice' do
|
15
|
+
self.readme_file = 'README.rdoc'
|
16
|
+
self.history_file = 'History.rdoc'
|
17
|
+
self.extra_rdoc_files << 'README.rdoc' << 'History.rdoc'
|
18
|
+
|
19
|
+
self.developer 'Michael Granger', 'ged@FaerieMUD.org'
|
20
|
+
|
21
|
+
self.dependency 'rspec', '~> 2.6', :developer
|
22
|
+
|
23
|
+
self.spec_extras[:licenses] = ["BSD"]
|
24
|
+
self.spec_extras[:post_install_message] = %{
|
25
|
+
|
26
|
+
This library isn't really ready for production use yet, but
|
27
|
+
feel free to experiment with it.
|
28
|
+
|
29
|
+
}.gsub( /^\t{2}/, '' )
|
30
|
+
|
31
|
+
self.require_ruby_version( '>=1.8.7' )
|
32
|
+
|
33
|
+
self.hg_sign_tags = true if self.respond_to?( :hg_sign_tags= )
|
34
|
+
self.rdoc_locations << "deveiate:/usr/local/www/public/code/#{remote_rdoc_dir}"
|
35
|
+
end
|
36
|
+
|
37
|
+
ENV['VERSION'] ||= hoespec.spec.version.to_s
|
38
|
+
|
@@ -0,0 +1,110 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require 'fileutils'
|
4
|
+
|
5
|
+
require 'drbservice'
|
6
|
+
require 'drbservice/ldapauth'
|
7
|
+
|
8
|
+
# An example service that provides functions that operate from a
|
9
|
+
# root-trusted host to make changes to a network storage server from
|
10
|
+
# unprivileged hosts.
|
11
|
+
class HomeDirService < DRbService
|
12
|
+
include DRbService::LDAPAuthentication
|
13
|
+
|
14
|
+
# Home directory Pathname
|
15
|
+
HOMEDIR_BASE = Pathname( '/mnt/storage/acme/home' )
|
16
|
+
|
17
|
+
# Archived homedir path
|
18
|
+
ARCHIVE_BASE = HOMEDIR_BASE + '__archived'
|
19
|
+
|
20
|
+
# Skeldir path
|
21
|
+
SKELDIR = HOMEDIR_BASE + '__skel'
|
22
|
+
|
23
|
+
|
24
|
+
# Configure LDAP authentication
|
25
|
+
ldap_uri 'ldap://ldap.acme.com/dc=acme,dc=com'
|
26
|
+
ldap_dn_search 'uid=%s',
|
27
|
+
:base => 'ou=employees,dc=acme,dc=com',
|
28
|
+
:scope => :one
|
29
|
+
|
30
|
+
# Authorize users who are in the posixGroup called 'sysadmin' under ou=groups
|
31
|
+
ldap_authz_callback do |directory, bound_user|
|
32
|
+
sysadmin_group = directory.ou( :groups ).cn( :sysadmin )
|
33
|
+
return bound_user[:active] &&
|
34
|
+
sysadmin_group[:memberUids].include?( bound_user[:uid].first )
|
35
|
+
end
|
36
|
+
|
37
|
+
|
38
|
+
### Define some methods that can be called without authenticating
|
39
|
+
unguarded do
|
40
|
+
|
41
|
+
### Returns +true+ if either an active home directory or an archived home
|
42
|
+
### directory for +username+ currently exists.
|
43
|
+
def homedir_exists?( username )
|
44
|
+
self.active_homedir_exists?( username ) ||
|
45
|
+
self.archived_homedir_exists?( username )
|
46
|
+
end
|
47
|
+
|
48
|
+
### Returns +true+ if an active home directory for +username+ currently
|
49
|
+
### exists.
|
50
|
+
def active_homedir_exists?( username )
|
51
|
+
homedir = HOMEDIR_BASE + username
|
52
|
+
return homedir.directory?
|
53
|
+
end
|
54
|
+
|
55
|
+
### Returns +true+ if an archived home directory for +username+ currently
|
56
|
+
### exists.
|
57
|
+
def archived_homedir_exists?( username )
|
58
|
+
archived_homedir = ARCHIVE_BASE + username
|
59
|
+
return archived_homedir.directory?
|
60
|
+
end
|
61
|
+
|
62
|
+
end # unguarded
|
63
|
+
|
64
|
+
|
65
|
+
### Make a new home directory for +username+, cloned from the given +skeldir+.
|
66
|
+
def make_home_directory( username, skeldir=SKELDIR )
|
67
|
+
self.log.info "Making home directory for %p, cloned from %s" % [ username, skeldir ]
|
68
|
+
homedir = HOMEDIR_BASE + username
|
69
|
+
raise "%s: already exists" % [ homedir ] if homedir.exist?
|
70
|
+
raise "%s: already has an archived homedir" % [ username ] if
|
71
|
+
( ARCHIVE_BASE + username ).exist?
|
72
|
+
|
73
|
+
FileUtils.cp_r( skeldir.to_s, homedir )
|
74
|
+
FileUtils.chown_R( username, nil, homedir )
|
75
|
+
|
76
|
+
return homedir.to_s
|
77
|
+
end
|
78
|
+
|
79
|
+
|
80
|
+
### Move a user's home directory to the archive directory
|
81
|
+
def archive_home_directory( username )
|
82
|
+
self.log.info "Archiving home directory for %p" % [ username ]
|
83
|
+
homedir = HOMEDIR_BASE + username
|
84
|
+
archivedir = ARCHIVE_BASE + username
|
85
|
+
raise "#{username}: no current home directory" unless homedir.exist?
|
86
|
+
raise "#{username}: already has an archived home" if archivedir.exist?
|
87
|
+
|
88
|
+
FileUtils.mv( homedir, archivedir )
|
89
|
+
end
|
90
|
+
|
91
|
+
|
92
|
+
### Move a user's archived home directory back to the active directory.
|
93
|
+
def unarchive_home_directory( username )
|
94
|
+
self.log.info "Unarchiving home directory for %p" % [ username ]
|
95
|
+
homedir = HOMEDIR_BASE + username
|
96
|
+
archivedir = ARCHIVE_BASE + username
|
97
|
+
raise "#{username}: already has an unarchived home directory" if homedir.exist?
|
98
|
+
raise "#{username}: no archived home" unless archivedir.exist?
|
99
|
+
|
100
|
+
FileUtils.mv( archivedir, homedir )
|
101
|
+
end
|
102
|
+
|
103
|
+
end # HomeDirService
|
104
|
+
|
105
|
+
HomeDirService.start(
|
106
|
+
:ip => '127.0.0.1',
|
107
|
+
:port => 4848,
|
108
|
+
:certfile => 'service.pem',
|
109
|
+
:keyfile => 'service.pem' )
|
110
|
+
|