ldap_tools 0.5.0 → 0.6.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/bin/ldaptools +1 -4
  3. data/lib/tapjoy/ldap/base.rb +10 -0
  4. data/lib/tapjoy/ldap/key.rb +64 -163
  5. data/lib/tapjoy/ldap/key/add.rb +51 -0
  6. data/lib/tapjoy/ldap/key/install.rb +46 -0
  7. data/lib/tapjoy/ldap/key/remove.rb +92 -0
  8. data/lib/tapjoy/ldap/key/show.rb +27 -0
  9. data/lib/tapjoy/ldap/version.rb +1 -1
  10. metadata +3 -6
  11. data/lib/tapjoy/ldap/audit/by_group.rb +0 -0
  12. data/lib/tapjoy/ldap/audit/by_user.rb +0 -0
  13. data/lib/tapjoy/ldap/audit/raw.rb +0 -0
  14. data/lib/tapjoy/ldap/key/list.rb +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 87ea99ec2ff3fdf48a25f53868073540168f34fe
4
- data.tar.gz: 918dd42c64afeb5ceec56935fc72c34ff57439fa
3
+ metadata.gz: 3c022535acfa6078a97828ec84635bf46696480f
4
+ data.tar.gz: d9e03db054a580a268acf7742226602dfae551b7
5
5
  SHA512:
6
- metadata.gz: 208965f680e094e1afc62ee1a2b5c58f2d5a23e1afe11a1491beadea8dcdb21ab72bbfadefe0a5b763dee16b081bf36a439fd1d48bb0977456a55031bb8a3e14
7
- data.tar.gz: b52b0151ad7114e7e36ccab2347b43ac7e340ac784ca2d654ecdb19da64c27632403eb37012fbae006ad7f8045011fbd8ef59ab1cc932f7a5a24670033649bd2
6
+ metadata.gz: 1c0129b763def56e8a9ec64715b0339634a86db95387438175a1ae50004eb7fd6be7300137030fd7850c56e0c12df2a7597a89341844c369c0b7f01060c453a4
7
+ data.tar.gz: 9ea951e5f59988399c2447ea32e451a05f8769d2356dd0d30a87e85bef000eca5605ff5ddab52006775b4ea97d95b2d0691b791ad960a7e94d48b18b36128ded
data/bin/ldaptools CHANGED
@@ -25,10 +25,7 @@ when "user" # run commands associated with user object
25
25
  when 'group'
26
26
  Tapjoy::LDAP::Group.commands
27
27
  when 'key'
28
- KEY_SUB_COMMANDS = %w(add remove install list show)
29
- commands('This object is used for group management', cmd, KEY_SUB_COMMANDS)
30
- keys = Tapjoy::LDAP::Key.new
31
- puts keys.show(ARGV.shift)
28
+ Tapjoy::LDAP::Key.commands
32
29
  when 'audit'
33
30
  AUDIT_SUB_COMMANDS = %w(by_user by_group raw)
34
31
  commands('This object is used for auditing LDAP permissions', cmd, AUDIT_SUB_COMMANDS)
data/lib/tapjoy/ldap/base.rb CHANGED
@@ -44,6 +44,16 @@ module Tapjoy
44
44
  return return_result
45
45
  end
46
46
 
47
+ def add_attribute(distinguished_name, attribute, value)
48
+ @conn.add_attribute(dn, attribute, value)
49
+ return return_result
50
+ end
51
+
52
+ def replace_attribute(distinguished_name, attribute, value)
53
+ @conn.replace_attribute(distinguished_name, attribute, value)
54
+ return_result
55
+ end
56
+
47
57
  # Modify objects in LDAP
48
58
  def modify(distinguished_name, operations)
49
59
  @conn.modify(:dn => distinguished_name, :operations => operations)
data/lib/tapjoy/ldap/key.rb CHANGED
@@ -1,196 +1,97 @@
1
+ require_relative 'key/add'
2
+ require_relative 'key/remove'
3
+ require_relative 'key/show'
4
+ require_relative 'key/install'
5
+
1
6
  module Tapjoy
2
7
  module LDAP
3
- class Key
4
-
5
- # Instantiate class
6
- def initialize
7
- command = ARGV.shift
8
-
9
- case command
10
- when 'add', 'remove', 'install', 'list'
11
- send(command)
12
- when 'show'
13
- return
14
- else
15
- raise Tapjoy::LDAP::InvalidArgument
16
- end
17
- end
18
-
19
- def show(user)
20
- get_keys_from_ldap[user]
21
- end
8
+ # Entry point for all key subcommands
9
+ module Key
10
+ class << self
11
+ SUB_COMMANDS = %w(add remove install list show)
22
12
 
23
- ## Private methods start here ##
24
- private
25
- # Get key listing from LDAP
26
- def get_keys_from_ldap
13
+ def commands
14
+ Trollop::options do
15
+ usage 'key [SUB_COMMAND] [options]'
16
+ synopsis "\nThis object is used for user key management\nAvailable subcommands are: #{SUB_COMMANDS}"
27
17
 
28
- key_results = {}
29
-
30
- results = Tapjoy::LDAP::client.search(attributes = ['uid', 'sshPublicKey'],
31
- filter = Net::LDAP::Filter.eq('sshPublicKey', '*'))
32
-
33
- results.each { |result| key_results[result.uid[0]] = result.sshPublicKey }
34
-
35
- return key_results
36
- end
18
+ stop_on SUB_COMMANDS
19
+ end
37
20
 
38
- # Retrieve keys from file/stdin
39
- def get_keys_from_commandline(filename)
40
- return_keys = []
21
+ cmd = ARGV.shift
41
22
 
42
- if filename.eql?('-')
43
- STDIN.each do |str|
44
- return_keys << str.chomp!
23
+ case cmd
24
+ when 'add', 'remove', 'install', 'list', 'show'
25
+ send(cmd) # call method with respective name
26
+ else
27
+ raise Tapjoy::LDAP::InvalidArgument
45
28
  end
46
- else
47
- return_keys = Array(File.open(filename))
48
29
  end
49
30
 
50
- return_keys.each { |key| verify(key) }
51
- return return_keys
52
- end
53
-
54
- # Verify key format
55
- def verify(key)
56
- unless key.start_with?('ssh')
57
- puts "Invalid key due to missing ssh key type:\n\n"
58
- puts "\t#{ key }\n\n"
59
- abort "Please verify your key and try again"
31
+ def add
32
+ key = Tapjoy::LDAP::Key::Add.new
33
+ key.add
60
34
  end
61
- end
62
-
63
- # Add key to LDAP
64
- def add
65
- opts = Trollop::options do
66
- # Set help message
67
- banner("#{$0} key add [options]")
68
35
 
69
- opt :user, 'Specify username to add key to', :type => :string,
70
- :required => true
71
- opt :filename, 'File to load keys from', :type => :string, :default => '-'
36
+ def remove
37
+ key = Tapjoy::LDAP::Key::Remove.new
38
+ key.remove
72
39
  end
73
40
 
74
- keys = get_keys_from_commandline(opts[:filename])
75
-
76
- filter = Net::LDAP::Filter.eq('uid', opts[:user])
77
- results = Tapjoy::LDAP::client.search(attributes = ['*'], filter = filter)
78
-
79
- # Make sure we return one, and only one user DN
80
- if results.size < 1
81
- abort 'user not found'
82
- elsif results.size > 1
83
- abort 'Multiple users found. Please narrow your search.'
41
+ def install
42
+ key = Tapjoy::LDAP::Key::Install.new
43
+ key.install
84
44
  end
85
45
 
86
- results.each do |result|
87
- unless result.objectclass.include?('ldapPublicKey')
88
- puts 'LDAP Public Key Object Class not found.'
89
- abort 'Please ensure user was created correctly.'
90
- end
91
- keys.each do |key|
92
- Tapjoy::LDAP::client.conn.add_attribute(result.dn, :sshPublicKey, key)
93
- puts Tapjoy::LDAP::client.return_result
94
- end
46
+ def list
47
+ Tapjoy::LDAP::Key.get_keys_from_ldap
95
48
  end
96
- end
97
49
 
98
- # Remove key from LDAP
99
- def remove
100
- opts = Trollop::options do
101
- # Set help message
102
- banner("#{$0} key remove [options]")
103
-
104
- opt :user, 'Specify username to delete key from', :type => :string,
105
- :required => true
106
- opt :filename, 'File to load key deletion list from', :type => :string,
107
- :default => '-'
108
- opt(:force, 'Force delete')
50
+ def show
51
+ key = Tapjoy::LDAP::Key::Show.new
52
+ key.show
109
53
  end
110
54
 
111
- keys = get_keys_from_commandline(opts[:filename])
112
-
113
- filter = Net::LDAP::Filter.eq('uid', opts[:user])
114
- attributes = ['sshPublicKey']
115
- old_array = []
116
-
117
- new_array = []
55
+ def get_keys_from_ldap
118
56
 
119
- results = Tapjoy::LDAP::client.search(attributes, filter)
120
- if results.size < 1
121
- puts "User (#{ opts[:user] }) not found."
122
- abort 'Please check the username and try again'
123
- elsif results.size > 1
124
- abort 'Multiple users found. Please narrow your search.'
57
+ key_results = {}
58
+ filter = Net::LDAP::Filter.eq('sshPublicKey', '*')
59
+ attributes = %w(uid sshPublicKey)
60
+ results = Tapjoy::LDAP::client.search(attributes, filter)
61
+ results.each {|result| key_results[result.uid[0]] = result.sshPublicKey}
62
+ key_results
125
63
  end
126
64
 
127
- results.each do |result|
128
- @user_dn = result.dn
129
- puts "User DN: #{ @user_dn }"
130
- old_array = result.sshPublicKey
131
- end
65
+ # Retrieve keys from file/stdin
66
+ def get_keys_from_commandline(filename=nil)
67
+ ARGV << filename unless filename.nil?
68
+ return_keys = []
132
69
 
133
- keep_keys = old_array - keys
134
- delete_keys = old_array & keys
135
- keys_not_found = keys - old_array
136
-
137
- puts 'Please confirm the following operations:'
138
- puts "Keep these keys:\n\n"
139
- print "\t #{ keep_keys }\n\n"
140
- puts "Delete these keys:\n\n"
141
- print "\t #{ delete_keys }\n\n"
142
- puts "Ignore these keys (not found in LDAP for #{ opts[:user]}):\n\n"
143
- print "\t #{ keys_not_found }\n\n"
144
-
145
- # We have to create a new stdin here, because we already use stdin
146
- # in the get_keys_from_commandline method.
147
- fd = IO.sysopen('/dev/tty', 'w+')
148
- unless opts[:force]
149
- print '>'
150
- confirm = ''
151
- IO.open(fd, 'w+') { |io| confirm = io.gets.chomp }
152
- unless confirm.eql?('y') || confirm.eql?('yes')
153
- abort("Deletion of #{ opts[:user] } aborted")
70
+ ARGF.each do |line|
71
+ return_keys << line.chomp!
154
72
  end
73
+ ARGV << '-' # close ARGF
74
+ return_keys.each { |key| verify_key(key) }
75
+ return_keys
155
76
  end
156
77
 
157
- Tapjoy::LDAP::client.conn.replace_attribute(@user_dn, :sshPublicKey, keep_keys)
158
- end
159
-
160
- # Install key on localhost
161
- def install
162
- opts = Trollop::options do
163
- # Set help message
164
- banner("#{$0} key install [options]")
165
-
166
- opt :debug, 'Enable debug/dry-run mode'
167
- end
168
-
169
- # Store results of query
170
- if opts[:debug]
171
- puts search_results
172
- exit 1
78
+ def verify_key(key)
79
+ unless key.start_with?('ssh')
80
+ puts "Invalid key due to missing ssh key type:\n\n"
81
+ puts "\t#{ key }\n\n"
82
+ abort "Please verify your key and try again"
83
+ end
173
84
  end
174
85
 
175
- get_keys_from_ldap.each do |key,values|
176
- directory = "/etc/ssh/users/#{key}"
177
- FileUtils.mkdir_p(directory) unless File.exists?directory
178
- keypath = "#{directory}/authorized_keys"
179
- if File.exists?(keypath)
180
- keys = File.read(keypath)
181
- else
182
- keys = []
183
- end
184
- File.open(keypath, 'a+') do |file|
185
- file.puts values.reject { |value| keys.include?(value) }
86
+ def verify_user(user, results)
87
+ # Make sure we return one, and only one user DN
88
+ if results.size < 1
89
+ puts "User (#{user}) not found."
90
+ abort 'Please check the username and try again'
91
+ elsif results.size > 1
92
+ abort 'Multiple users found. Please narrow your search.'
186
93
  end
187
94
  end
188
-
189
- # @TODO method to remove from authorized_keys any key that is not in LDAP
190
- end
191
-
192
- def list
193
- puts get_keys_from_ldap
194
95
  end
195
96
  end
196
97
  end
data/lib/tapjoy/ldap/key/add.rb CHANGED
@@ -0,0 +1,51 @@
1
+ module Tapjoy
2
+ module LDAP
3
+ module Key
4
+ # Add user key to user profile
5
+ class Add
6
+ # Add key to LDAP
7
+ def add
8
+ filter_users.each do |result|
9
+ confirm_ldap_schema(result)
10
+ keys.each do |key|
11
+ puts Tapjoy::LDAP::client.add_attribute(result.dn, :sshPublicKey, key)
12
+ end
13
+ end
14
+ end
15
+
16
+ private
17
+ def opts
18
+ @opts ||= Trollop::options do
19
+ # Set help message
20
+ usage 'key add [options]'
21
+ synopsis "\nThis command is for adding user keys to a given user's profile"
22
+
23
+ opt :user, 'Specify username to add key to', type: :string,
24
+ required: true
25
+ opt :filename, 'File to load keys from', type: :string
26
+ end
27
+ end
28
+
29
+ def keys
30
+ @keys ||= Tapjoy::LDAP::Key.get_keys_from_commandline(opts[:filename] || nil)
31
+ end
32
+
33
+ def filter_users
34
+ filter = Net::LDAP::Filter.eq('uid', opts[:user])
35
+ results = Tapjoy::LDAP::client.search(attributes = ['*'], filter = filter)
36
+
37
+ Tapjoy::LDAP::Key.verify_user(opts[:user], results)
38
+
39
+ results
40
+ end
41
+
42
+ def confirm_ldap_schema(result)
43
+ unless result.objectclass.include?('ldapPublicKey')
44
+ puts 'LDAP Public Key Object Class not found.'
45
+ abort 'Please ensure user was created correctly.'
46
+ end
47
+ end
48
+ end
49
+ end
50
+ end
51
+ end
data/lib/tapjoy/ldap/key/install.rb ADDED
@@ -0,0 +1,46 @@
1
+ module Tapjoy
2
+ module LDAP
3
+ module Key
4
+ # Install key on localhost
5
+ class Install
6
+ def install
7
+ Tapjoy::LDAP::Key.get_keys_from_ldap.each do |user, values|
8
+ directory = directory(user)
9
+ FileUtils.mkdir_p(directory) unless File.exists?directory
10
+ authorized_keys_file = "#{directory}/authorized_keys"
11
+ keys = load_keys_from_file(authorized_keys_file)
12
+ insert_keys(authorized_keys_file, keys, values)
13
+ end
14
+ end
15
+
16
+ private
17
+ def opts
18
+ @opts ||= Trollop::options do
19
+ # Set help message
20
+ usage 'key install [options]'
21
+ synopsis "\nThis command is for keys to the appropriate authorized_keys file"
22
+
23
+ end
24
+ end
25
+
26
+ def load_keys_from_file(authorized_keys_file)
27
+ if File.exists?(authorized_keys_file)
28
+ keys = File.read(authorized_keys_file)
29
+ else
30
+ keys = []
31
+ end
32
+ end
33
+
34
+ def insert_keys(authorized_keys_file, keys, values)
35
+ File.open(authorized_keys_file, 'a+') do |file|
36
+ file.puts values.reject { |value| keys.include?(value) }
37
+ end
38
+ end
39
+
40
+ def directory(user)
41
+ File.join('etc', 'ssh', 'users', user)
42
+ end
43
+ end
44
+ end
45
+ end
46
+ end
data/lib/tapjoy/ldap/key/remove.rb CHANGED
@@ -0,0 +1,92 @@
1
+ module Tapjoy
2
+ module LDAP
3
+ module Key
4
+ # Remove a user key from user profile
5
+ class Remove
6
+ # Remove key from LDAP
7
+ def remove
8
+ keys # Get keys first
9
+ Tapjoy::LDAP::Key.verify_user(opts[:user], results)
10
+
11
+ confirm unless opts[:force]
12
+ Tapjoy::LDAP::client.replace_attribute(
13
+ @user_dn, :sshPublicKey, keep_keys)
14
+ end
15
+
16
+ private
17
+ def opts
18
+ @opts ||= Trollop::options do
19
+ # Set help message
20
+ usage 'key remove [options]'
21
+ synopsis "\nThis command is for removing a user's SSH key(s)"
22
+
23
+ opt :user, 'Specify username to delete key from', type: :string,
24
+ required: true
25
+ opt :filename, 'File to load key deletion list from', type: :string
26
+ opt :force, 'Force delete', short: '-F'
27
+ end
28
+ end
29
+
30
+ def keys
31
+ @keys ||= Tapjoy::LDAP::Key.get_keys_from_commandline(opts[:filename])
32
+ end
33
+
34
+ def filter
35
+ @filter ||= Net::LDAP::Filter.eq('uid', opts[:user])
36
+ end
37
+
38
+ def results
39
+ @results ||= Tapjoy::LDAP::client.search(['sshPublicKey'], filter)
40
+ end
41
+
42
+ def current_keys
43
+ @current_keys ||= begin
44
+ current_keys_array = []
45
+ results.each do |result|
46
+ @user_dn = result.dn
47
+ current_keys_array = result.sshPublicKey
48
+ end
49
+
50
+ current_keys_array
51
+ end
52
+ end
53
+
54
+ def keep_keys
55
+ @keep_keys ||= current_keys.flatten - keys.flatten
56
+ end
57
+
58
+ def delete_keys
59
+ @delete_keys ||= current_keys & keys
60
+ end
61
+
62
+ def keys_not_found
63
+ @keys_not_found ||= keys - current_keys
64
+ end
65
+
66
+ def confirm
67
+ puts 'Please confirm the following operations:'
68
+ puts "Keep these keys:\n\n"
69
+ print "\t #{ keep_keys }\n\n"
70
+ puts "Delete these keys:\n\n"
71
+ print "\t #{ delete_keys }\n\n"
72
+ puts "Ignore these keys (not found in LDAP for #{ opts[:user]}):\n\n"
73
+ print "\t #{ keys_not_found }\n\n"
74
+ get_confirmation
75
+ end
76
+
77
+ def fd
78
+ @fd ||= IO.sysopen('/dev/tty', 'w+')
79
+ end
80
+
81
+ def get_confirmation
82
+ print '>'
83
+ confirm = gets.chomp
84
+ # IO.open(fd, 'w+') { |io| confirm = io.gets.chomp }
85
+ unless confirm.eql?('y') || confirm.eql?('yes')
86
+ abort("Deletion of #{ opts[:user] } aborted")
87
+ end
88
+ end
89
+ end
90
+ end
91
+ end
92
+ end
data/lib/tapjoy/ldap/key/show.rb CHANGED
@@ -0,0 +1,27 @@
1
+ module Tapjoy
2
+ module LDAP
3
+ module Key
4
+ # Show all of a user's keys
5
+ class Show
6
+ def show
7
+ username = opts[:user]
8
+ keys = Tapjoy::LDAP::Key.get_keys_from_ldap[username]
9
+ puts "No keys found for #{opts[:user]}" if keys.length? 0
10
+ puts keys
11
+ end
12
+
13
+ private
14
+ def opts
15
+ @opts ||= Trollop::options do
16
+ # Set help message
17
+ usage 'key show [options]'
18
+ synopsis "\nThis command is for showing a specific user's SSH keys"
19
+
20
+ opt :user, 'Specify username', type: :string, required: true
21
+ end
22
+ end
23
+
24
+ end
25
+ end
26
+ end
27
+ end
data/lib/tapjoy/ldap/version.rb CHANGED
@@ -2,7 +2,7 @@ module Tapjoy
2
2
  module LDAP
3
3
  module Version
4
4
  MAJOR = 0
5
- MINOR = 5
5
+ MINOR = 6
6
6
  PATCH = 0
7
7
  end
8
8
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ldap_tools
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.5.0
4
+ version: 0.6.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Ali Tayarani
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-12-14 00:00:00.000000000 Z
11
+ date: 2016-01-08 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: trollop
@@ -76,9 +76,6 @@ files:
76
76
  - bin/ldaptools
77
77
  - lib/tapjoy/ldap.rb
78
78
  - lib/tapjoy/ldap/audit.rb
79
- - lib/tapjoy/ldap/audit/by_group.rb
80
- - lib/tapjoy/ldap/audit/by_user.rb
81
- - lib/tapjoy/ldap/audit/raw.rb
82
79
  - lib/tapjoy/ldap/base.rb
83
80
  - lib/tapjoy/ldap/group.rb
84
81
  - lib/tapjoy/ldap/group/add_user.rb
@@ -86,7 +83,7 @@ files:
86
83
  - lib/tapjoy/ldap/group/delete.rb
87
84
  - lib/tapjoy/ldap/key.rb
88
85
  - lib/tapjoy/ldap/key/add.rb
89
- - lib/tapjoy/ldap/key/list.rb
86
+ - lib/tapjoy/ldap/key/install.rb
90
87
  - lib/tapjoy/ldap/key/remove.rb
91
88
  - lib/tapjoy/ldap/key/show.rb
92
89
  - lib/tapjoy/ldap/user.rb
data/lib/tapjoy/ldap/audit/by_group.rb DELETED
File without changes
data/lib/tapjoy/ldap/audit/by_user.rb DELETED
File without changes
data/lib/tapjoy/ldap/audit/raw.rb DELETED
File without changes
data/lib/tapjoy/ldap/key/list.rb DELETED
File without changes