macadmin 0.0.4

data/lib/macadmin/dslocal.rb

@@ -0,0 +1,252 @@
+module MacAdmin
+  
+  # Stub Error class
+  class DSLocalError < StandardError
+  end
+  
+  # DSLocalRecord (super class)
+  # - this is the raw constructor class for DSLocal records
+  # - records of 'type' should be created using one of the provided subclasses
+  # - this class delegates to Hash and therefore behaves as though it were one
+  # - added method_missing? to do fancy dot-style attribute returns
+  class DSLocalRecord < DelegateClass(Hash)
+    
+    include MacAdmin::Common
+    include MacAdmin::MCX
+    
+    # Where all the files on disk live
+    DSLOCAL_ROOT = '/private/var/db/dslocal/nodes'
+    
+    # Some reader attributes for introspection and debugging
+    attr_reader   :data, :composite, :real, :file, :record, :node
+    attr_accessor :file
+    
+    class << self
+      
+      # Inits a record from a file on disk
+      # - param is a path to a DSLocal Property List file
+      # - if file is invalid, return nil
+      def init_with_file(file)
+        data = load_plist file
+        return nil unless data
+        self.new :name => data['name'].first, :file => file, :real => data
+      end
+      
+    end
+    
+    # Create a new DSLocalRecord
+    # - this method is not meant to be called directly; use subclasses instead
+    # - params are valid DSLocalRecord attributes
+    # - when a node is not specified, 'Default' is assumed
+    def initialize(args)
+      @real = (args.delete(:real) { nil }) unless args.is_a? String
+      @data = normalize(args)
+      @name = @data['name'].first
+      @record_type = record_type
+      @node = (@data.delete('node') { ['Default'] }).first.to_s
+      @file = (@data.delete('file') { ["#{DSLOCAL_ROOT}/#{@node}/#{@record_type + 's'}/#{@name}.plist"] }).first.to_s
+      @record = synthesize(@data)
+      super(@record)
+    end
+    
+    # Does the specified resource already exist?
+    # - returns Boolean
+    def exists?
+      @real = load_plist @file
+      @composite.eql? @real
+    end
+    
+    # Create the record
+    # - simply writes the compiled Hash to disk
+    # - converts ShadowHashData attrib to CFPropertyList::Blob before writing
+    # - will accept an alternate path than the default; useful for debugging
+    def create(file = @file)
+      out = @record.dup
+      if shadowhashdata = out['ShadowHashData']
+        out['ShadowHashData'] = [CFPropertyList::Blob.new(shadowhashdata.first)]
+      end
+      plist = CFPropertyList::List.new
+      plist.value = CFPropertyList.guess(out)
+      plist.save(file, CFPropertyList::List::FORMAT_BINARY)
+      FileUtils.chmod(0600, file)
+    end
+    
+    # Delete the record
+    # - removes the file representing the record from disk
+    # - will accept an alternate path than the default; useful for debugging
+    # - returns true if the file was destroyed or does not exist; false otherwise
+    def destroy(file = @file)
+      FileUtils.rm file if File.exists? file
+      !File.exists? file
+    end
+    
+    # Test object equality
+    # - Class#eql? is not being passed to the delegate
+    # - it needs a little help
+    def eql?(obj)
+      if obj.is_a?(self.class)
+        return self.record.eql?(obj.record)
+      end
+      false
+    end
+    alias equal? eql?
+    
+    # Diff two records
+    # - of limited value except for debugging
+    # - output is not very coherent
+    def diff(other)
+      this = self.record
+      other = other.record
+      (this.keys + other.keys).uniq.inject({}) do |memo, key|
+        unless this[key] == other[key]
+          if this[key].kind_of?(Hash) &&  other[key].kind_of?(Hash)
+            memo[key] = this[key].diff(other[key])
+          else
+            memo[key] = [this[key], other[key]] 
+          end
+        end
+        memo
+      end
+    end
+    
+    # Override the Hash getter method
+    # - so that we can use Symbols as well as Strings
+    def [](key)
+      key = key.to_s if key.is_a?(Symbol)
+      super(key)
+    end
+    
+    # Override the Hash setter method
+    # - so that we can use Symbols as well as Strings
+    def []=(key, value)
+      key = key.to_s if key.is_a?(Symbol)
+      super(key, value)
+    end
+    
+    private
+    
+    # Synthesize a record
+    # - returns a composite record (Hash) compiled by merging the input data with a pre-existing matched record
+    # - if there is no matching record, missing attributes will be synthesized from defaults
+    # - returns an Hash stored in an instance variable: @composite
+    def synthesize(data)
+      @real ||= load_plist(@file)
+      if @real
+        @composite = @real.dup
+        @composite.merge!(data)
+      else
+        @composite = defaults(data)
+      end
+      @composite
+    end
+    
+    # Handle required but unspecified record attributes
+    # - GUID is the only attribute common to all record types
+    def defaults(data)
+      next_guid = UUID.new
+      defaults = { 'generateduid' => ["#{next_guid}"] }
+      defaults.merge(data)
+    end
+    
+    # Format the user input so it can be processed
+    # - input is key/value pairs
+    # - keys are preserved
+    # - values are converted to arrays to satisfy record schema
+    def normalize(input)
+      name_error = "Name attribute only supports lowercase letters, hypens, and underscrores."
+      # If there's only a single arg, and it's a String, make it the :name attrib
+      input  = input.is_a?(String) ? { 'name' => input } : input
+      result = input.inject({}){ |memo,(k,v)| memo[k.to_s] = [v.to_s]; memo }
+      raise DSLocalError.new(name_error) unless result['name'].first.match /^[_a-z0-9][a-z0-9_-]*$/
+      result
+    end
+    
+    # Returns the type of record being instantiated
+    # - derived from class of object
+    # - returns String 
+    def record_type
+      string = self.class.to_s
+      parts = string.split(/::/)
+      parts.last.to_s.downcase
+    end
+    
+    # Get all records of type
+    # - returns Array of all records for the matching type
+    def all_records(node)
+      records = []
+      search_base = "#{DSLOCAL_ROOT}/#{node}/#{@record_type + 's'}"
+      files = Dir["#{search_base}/*.plist"]
+      unless files.empty?
+        files.each do |path|
+          records << eval("#{self.class}.init_with_file('#{path}')")
+        end
+      end
+      records
+    end
+    
+    # For a set of records, get all attributes of type
+    # - params are: type (Symbol) and records (Array)
+    # - symbol is one of the valid DSLocalRecord attribute types (ie. :uid, :gid) as Symbol
+    # - array is a collection of records (see DSLocalRecord#all_records)
+    # - parses array of records and collects attribs of type
+    # - returns Array
+    def get_all_attribs_of_type(type, records)
+      type = type.to_s
+      begin
+        attribs = []
+        unless records.empty?
+          records.each do |record|
+            attrib = record[type]
+            next if attrib.empty?
+            attribs << attrib
+          end
+        end
+      rescue => error
+        puts "Ruby Error: #{error.message}"
+      end
+      attribs
+    end
+    
+    # Given an array of id number attributes, find the next available id number
+    # - params are: min (Integer) and ids (Array)
+    # - scans the array and delivers the next free id number
+    # - returns String
+    def next_id(min, ids)
+      ids.flatten!
+      ids.collect! { |id| id.to_i }
+      begin
+        ids.sort!.uniq!
+        ids.each_with_index do |id, i|
+          next if (id < min)
+          next if (id + 1 == ids[i + 1])
+          return (id + 1).to_s
+        end
+      rescue => error
+        puts "Ruby Error: #{error.message}"
+      end
+      min.to_s
+    end
+    
+    # Provide dot notation for setting and getting valid attribs
+    def method_missing(meth, *args, &block)
+      if args.empty?
+        return self[meth.to_s] if self[meth.to_s]
+        return nil if defaults(@data)[meth.to_s]
+      else
+        if meth.to_s =~ /=$/
+          if self["#{$`}"] or defaults(@data)["#{$`}"]
+            if args.is_a? Array
+              return self["#{$`}"] = (args.each { |e| e.to_s }).flatten
+            elsif args.is_a? String
+              return self["#{$`}"] = e.to_s
+            end
+          end
+        end
+      end
+      super
+    end
+    
+  end
+  
+end
+

data/lib/macadmin/dslocal/computer.rb

@@ -0,0 +1,22 @@
+module MacAdmin
+  
+  # Computer
+  # - creates and manages Mac OS X Computer records
+  # - params: :name, :realname, :en_address
+  class Computer < DSLocalRecord
+    
+    # Handle required but unspecified record attributes
+    # - generates missing attributes
+    # - changes are merged into the composite record
+    def defaults(data)
+      mac_address = get_primary_mac_address
+      defaults = {
+        'realname'   => ["#{data['name'].first.capitalize}"],
+        'en_address' => [mac_address]
+      }
+      super defaults.merge(data)
+    end
+    
+  end
+  
+end

data/lib/macadmin/dslocal/computergroup.rb

@@ -0,0 +1,19 @@
+module MacAdmin
+  
+  # ComputerGroup
+  # - creates and manages AMC OS X Computer Groups
+  # - inherits from MacAdmin::Group
+  # - params: :name, :realname, :gid
+  class ComputerGroup < Group
+    
+    MIN_GID = 501
+    
+    def initialize(args)
+      @member_class = Computer      unless defined? @member_class
+      @group_class  = ComputerGroup unless defined? @group_class
+      super args
+    end
+    
+  end
+  
+end

data/lib/macadmin/dslocal/dslocalnode.rb

@@ -0,0 +1,281 @@
+module MacAdmin
+  
+  class DSLocalNodeError < StandardError
+  end
+  
+  # DSLocalNode
+  # - constructs and manages Local OpenDirectory nodes
+  # - takes one parameter: name
+  # - if no name param is passed, 'Default' node is used
+  class DSLocalNode
+    
+    require 'find'
+    
+    SANDBOX_FILE       = '/System/Library/Sandbox/Profiles/com.apple.opendirectoryd.sb'
+    PREFERENCES        = '/Library/Preferences/OpenDirectory/Configurations/Search.plist'
+    PREFERENCES_LEGACY = '/Library/Preferences/DirectoryService/SearchNodeConfig.plist'
+    CHILD_DIRS         = ['aliases', 'computer_lists', 'computergroups', 'computers', 'config', 'groups', 'networks', 'users']
+    DSLOCAL_ROOT       = '/private/var/db/dslocal/nodes'
+    DIRMODE            = 16832
+    FILEMODE           = 33152
+    OWNER              = 0
+    GROUP              = 0
+    
+    attr_reader :name, :label, :root
+    
+    def initialize(name='Default')
+      @name   = name
+      @label  = "/Local/#{name}"
+      @root   = "#{DSLOCAL_ROOT}/#{name}"
+      load_configuration_file
+      self
+    end
+    
+    # Compound method: create and then activate the node
+    def create_and_activate
+      create
+      activate
+    end
+    
+    # Compound method: destroy and then deactivate the node
+    def destroy_and_deactivate
+      destroy
+      deactivate
+    end
+    
+    # Compound method: does the node exist and is it active?
+    def exists_and_active?
+      exists? and active?
+    end
+    
+    # Does the directory structure exist?
+    def exists?
+      validate_directory_structure
+    end
+    
+    # Test whether or not the node is in the search path
+    # - also: test the sandbox configuration if required
+    def active?
+      if needs_sandbox?
+        return false unless sandbox_active?
+      end
+      load_configuration_file
+      if self.name.eql? 'Default'
+        case policy = self.searchpolicy
+        when Integer
+          return true if policy < 3
+        else
+          return true if policy =~ /\AdsAttrTypeStandard:[LN]SPSearchPath\z/
+        end
+      end
+      return false if cspsearchpath.nil?
+      return false unless searchpolicy_is_custom?
+      cspsearchpath.member?(@label)
+    end
+    
+    # Create the directory structure
+    def create
+      create_directories
+    end
+    
+    # Destroy the directory structure
+    def destroy
+      FileUtils.rm_rf @root
+    end
+    
+    # Add the node to the list of searchable directory services
+    # - also: add a sandbox configuration if required
+    def activate
+      activate_sandbox if needs_sandbox?
+      insert_node
+      set_custom_searchpolicy
+      save_config
+    end
+    
+    # Remove the node to the list of searchable directory services
+    # - also: remove a sandbox configuration if required
+    def deactivate
+      deactivate_sandbox if needs_sandbox?
+      remove_node
+      save_config
+    end
+    
+    # Returns the search policy
+    def searchpolicy
+      eval @policy_key
+    end
+    
+    # Replaces the search policy
+    def searchpolicy=(val)
+      if val.is_a?(String)
+        eval @policy_key+"= val"
+      else
+        eval @policy_key+"= #{val}"
+      end
+    end
+    
+    # Returns the search path array
+    def cspsearchpath
+      eval @paths_key
+    end
+    
+    # Replaces the search path array
+    def cspsearchpath=(array)
+      eval @paths_key+"= array"
+    end
+    
+    private
+    
+    # Does this platform require a sandbox configuration?
+    def needs_sandbox?
+      MAC_OS_X_PRODUCT_VERSION > 10.7
+    end
+    
+    # Produces a Regex for matching the OpenDirectory sandbox's "allow file-write" rules
+    def sb_regex(name = 'Default')
+      exemplar = %Q{#"^(/private)?/var/db/dslocal/nodes/Default(/|$)"}
+      pattern = name.eql?('Default') ? name : exemplar.sub(/Default/, name)
+      pattern = Regexp.escape pattern
+      Regexp.new pattern.gsub /\//,'\\/'
+    end
+    
+    # Is the there an active sandbox for the node?
+    def sandbox_active?
+      if File.exists? SANDBOX_FILE
+        @sandbox = File.readlines(SANDBOX_FILE)
+        @sandbox.each { |line| return true if line.match sb_regex(@name) } 
+      end
+      false
+    end
+    
+    # Activate the node's sandbox
+    def activate_sandbox
+      unless sandbox_active?
+        @sandbox.each_with_index do |line, index|
+          if line.match sb_regex
+            @sandbox.insert index + 1, line.sub(/Default/, @name)
+          end
+        end
+        File.open(SANDBOX_FILE, 'w') { |f| f << @sandbox } 
+      end
+    end
+    
+    # De-activate the node's sandbox
+    def deactivate_sandbox
+      if sandbox_active?
+        @sandbox.delete_if do |line|
+          line.match sb_regex @name
+        end
+        File.open(SANDBOX_FILE, 'w') { |f| f << @sandbox } 
+      end
+    end
+    
+    # Insert the node into the search path immediately after any builtin local nodes
+    def insert_node
+      self.cspsearchpath ||= []
+      dslocal_node  = '/Local/Default'
+      bsd_node      = '/BSD/local'
+      
+      unless self.cspsearchpath.include? @label      
+        if index = cspsearchpath.index(bsd_node)
+          cspsearchpath.insert(index + 1, @label)
+        elsif index = cspsearchpath.index(dslocal_node)
+          cspsearchpath.insert(index + 1, @label)
+        else
+          cspsearchpath.unshift(@label)
+        end
+      end
+      self.cspsearchpath.uniq!
+    end
+    
+    # Remove the node from the search path
+    def remove_node
+      cspsearchpath.delete(@label)
+    end
+    
+    # Has custom ds searching been enabled?
+    def searchpolicy_is_custom?
+      searchpolicy.eql?(@custom)
+    end
+    
+    # Set the search opolicy to custom
+    def set_custom_searchpolicy
+      self.searchpolicy = @custom
+    end
+    
+    # Save the configuraton file to disk
+    def save_config
+      plist = CFPropertyList::List.new
+      plist.value = CFPropertyList.guess(@config)
+      plist.save(@file, CFPropertyList::List::FORMAT_XML)
+    end
+    
+    # Check hierarchy and permissions and ownership are valid
+    # - returns bool
+    def validate_directory_structure
+      return false unless File.exists? @root
+      Find.find(@root) do |path|
+        stat = File::Stat.new path
+        return false unless stat.uid == OWNER and stat.gid == GROUP
+        if File.directory? path
+         return false unless stat.mode == DIRMODE
+       else
+         return false unless stat.mode == FILEMODE
+       end
+      end
+      true
+    end
+    
+    # Create the dir structure for a DSLocal node
+    def create_directories
+      begin
+        FileUtils.mkdir_p @root unless File.exist? @root
+        FileUtils.chmod(0700, @root)
+        CHILD_DIRS.each do |child|
+          FileUtils.mkdir_p("#{@root}/#{child}") unless File.exist?("#{@root}/#{child}")
+          FileUtils.chmod(0700, "#{@root}/#{child}")
+        end
+        FileUtils.chown_R(OWNER, GROUP, @root)
+      rescue Exception => e
+        p e.message
+        p e.backtrace.inspect
+      end
+    end
+    
+    # Decide which configuration file we should be trying to access
+    def get_configuration_file
+      file = PREFERENCES_LEGACY
+      file = PREFERENCES if File.exists? '/usr/libexec/opendirectoryd'
+      file
+    end
+    
+    # If the file we need is still not on disk, we HUP the dir service
+    # Try 3 times, and then fail
+    def load_configuration_file
+      3.times do
+        @file = get_configuration_file
+        if File.exists? @file
+          break
+        else
+          restart_directoryservice(11)
+        end
+      end
+      raise DSLocalNodeError "Cannot read the Search policy file, #{@file}" unless File.exists?(@file)
+      @config = load_plist @file
+      # Setup some configuration key paths that can be evaluated and plugged into
+      # the standard methods. Which paths are used is based on which config file 
+      # we are working with.
+      if @config['modules']
+        @paths_key  = %q{@config['modules']['session'][0]['options']['dsAttrTypeStandard:CSPSearchPath']}
+        @policy_key = %q{@config['modules']['session'][0]['options']['dsAttrTypeStandard:SearchPolicy']}
+        @custom     = 'dsAttrTypeStandard:CSPSearchPath'
+      else
+        @paths_key  = %q{@config['Search Node Custom Path Array']}
+        @policy_key = %q{@config['Search Policy']}
+        @custom     = 3
+      end
+    end
+    
+  end
+  
+end