open_directory_utils 0.1.0

data/lib/open_directory_utils/connection.rb

@@ -0,0 +1,127 @@
+require 'net/ssh'
+require "open_directory_utils/dscl"
+require "open_directory_utils/pwpolicy"
+require "open_directory_utils/commands_user"
+require "open_directory_utils/commands_group"
+
+module OpenDirectoryUtils
+  class Connection
+
+    attr_reader :srv_info, :dir_info
+
+    include OpenDirectoryUtils::Dscl
+    include OpenDirectoryUtils::Pwpolicy
+    include OpenDirectoryUtils::CommandsUser
+    include OpenDirectoryUtils::CommandsGroup
+
+    # configure connection with ENV_VARS (or parameters)
+    # @params [Hash] - reqiured info includes: srv_hostname:, srv_username: (password: if not using ssh-keys)
+    # @note - mostly likely needed for better security is -- dir_username:, dir_password:
+    def initialize(params={})
+      config = defaults.merge(params)
+
+      @srv_info = { hostname: config[:srv_hostname],
+                    username: config[:srv_username],
+                    ssh_options: config[:ssh_options]}
+      @dir_info = { username: config[:dir_username],
+                    password: config[:dir_password],
+                    data_path: config[:dir_datapath],
+                    dscl: config[:dscl_path],
+                    pwpol: config[:pwpol_path],
+                  }
+      raise ArgumentError, 'server hostname missing' if srv_info[:hostname].nil? or
+                                                        srv_info[:hostname].empty?
+      raise ArgumentError, 'server username missing' if srv_info[:username].nil? or
+                                                        srv_info[:username].empty?
+    end
+
+    # after configuring a connection with .new - send commands via ssh to open directory
+    # @command [Symbol] - required -- to choose the action wanted
+    # @params [Hash] - required -- necessary information to accomplish action
+    # @output [String] - optional -- 'xml' or 'plist' will return responses using xml format
+    def run(command:, params:, output: nil)
+      answer = {}
+      params[:format] = output
+      # just in case clear record_name and calculate later
+      params[:record_name] = nil
+      ssh_cmds = send(command, params, dir_info)
+      results  = send_cmds_to_od_server(ssh_cmds)
+      # pp ssh_cmds
+      # pp results
+      format_results(results, command, params, ssh_cmds)
+      rescue ArgumentError, NoMethodError => error
+        {error:  {response: error.message, command: command,
+                  attributes: params, dscl_cmds: ssh_cmds}}
+    end
+
+    private
+
+    def send_cmds_to_od_server(cmds)
+      cmd_array = Array( cmds )
+      output = []
+      Net::SSH.start( srv_info[:hostname], srv_info[:username],
+                      srv_info[:ssh_options] ) do |ssh|
+          cmd_array.each do |one_cmd|
+            output << (ssh.exec!(one_cmd)).strip
+          end
+      end
+      return output
+    end
+
+    def format_results(results, command, params, ssh_cmds)
+      errors = true         if results.to_s.include? 'Error'
+      errors = false    unless results.to_s.include? 'Error'
+
+      if command.eql?(:user_exists?) or command.eql?(:group_exists?)
+        errors  = false        # in this case not actually an error
+        unless results.to_s.include?('eDSRecordNotFound')
+          results = [true]
+        else
+          results = [false]
+        end
+      end
+
+      if command.eql?(:user_in_group?) or command.eql?(:group_has_user?)
+        username = nil
+        username = username || params[:user_name]
+        username = username || params[:username]
+        username = username || params[:uid]
+        username = username.to_s.strip
+
+        raise ArgumentError, "username invalid or missing"  if username.eql? '' or username.include? ' '
+        raise ArgumentError, "groupname invalid or missing" if results.to_s.include?('eDSRecordNotFound')
+
+        if results.to_s.include?( username )
+          results = [true]
+        else
+          results = [false]
+        end
+      end
+
+      ans = case errors
+      when false
+        {success:{response: results, command: command, attributes: params}}
+      else
+        {error:  {response: results, command: command,
+                  attributes: params, dscl_cmds: ssh_cmds}}
+      end
+      return ans
+    end
+
+    def defaults
+      {
+        srv_hostname: ENV['OD_HOSTNAME'],
+        srv_username: ENV['OD_USERNAME'],
+        ssh_options:  (eval(ENV['OD_SSH_OPTIONS'].to_s) || {}),
+
+        dir_username: ENV['DIR_ADMIN_USER'],
+        dir_password: ENV['DIR_ADMIN_PASS'],
+        dir_datapath: (ENV['DIR_DATAPATH'] || '/LDAPv3/127.0.0.1/'),
+
+        dscl_path:    ENV['DSCL_PATH']  || '/usr/bin/dscl',
+        pwpol_path:   ENV['PWPOL_PATH'] || '/usr/bin/pwpolicy'
+      }
+    end
+
+  end
+end

data/lib/open_directory_utils/dscl.rb

@@ -0,0 +1,53 @@
+require "open_directory_utils/clean_check"
+
+module OpenDirectoryUtils
+
+  # https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/dscl.1.html
+  # https://superuser.com/questions/592921/mac-osx-users-vs-dscl-command-to-list-user/621055?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
+  module Dscl
+
+    include OpenDirectoryUtils::CleanCheck
+
+    # builds the dscl command (with complete flexibility)
+    # attribs [Hash] - required - :record_name (the resource to affect), :action (create, append, delete, passwd, etc), attribute: (resource attribute to change), value: (value to add to attribute)
+    # dir_info [Hash] - usually configured in the connection initializer and then passed to dscl to build command correctly
+    def dscl(attribs, dir_info)
+      check_critical_attribute( attribs, :record_name )
+      check_critical_attribute( attribs, :action )
+      check_critical_attribute( attribs, :scope )
+      tidy_attribs = tidy_attribs(attribs)
+      build_dscl_command( tidy_attribs, dir_info )
+    end
+
+    # TODO: switch to template pattern
+    def build_dscl_command(attribs, dir_info)
+      # allow :recordname to be passed-in if using dscl directly
+      attribs[:record_name] = attribs[:record_name] || attribs[:recordname]
+      # /usr/bin/dscl -u diradmin -P "BigSecret" /LDAPv3/127.0.0.1/ -append /Users/$UID_USERNAME apple-keyword "$VALUE"
+      # "/usr/bin/dscl -plist -u #{od_username} -P #{od_password} #{od_dsclpath} -#{command} #{resource} #{params}"
+      ans  = "#{dir_info[:dscl]}"
+      unless attribs[:format].nil?
+        ans += ' -plist'                           if attribs[:format].eql? 'plist' or
+                                                      attribs[:format].eql? 'xml'
+      end
+      ans += " -u #{dir_info[:username]}"      unless dir_info[:username].nil? or
+                                                      dir_info[:username].empty? or
+                                                      attribs[:action].eql? 'auth'
+      ans += %Q[ -P "#{dir_info[:password]}"]    unless dir_info[:password].nil? or
+                                                      dir_info[:password].empty? or
+                                                      attribs[:action].eql? 'auth'
+      ans += " #{dir_info[:data_path]}"
+
+      ans += %Q[ -#{attribs[:action]}]
+      ans += %Q[ #{attribs[:record_name]}]         if attribs[:action].eql? 'auth'
+      ans += %Q[ /#{attribs[:scope]}/#{attribs[:record_name]}] unless
+                                                      attribs[:action].eql? 'auth'
+      ans += %Q[ #{attribs[:attribute]}]       unless attribs[:attribute].nil? or
+                                                      attribs[:attribute].empty?
+      ans += %Q[ "#{attribs[:value]}"]         unless attribs[:value].nil? or
+                                                      attribs[:value].empty?
+      return ans
+    end
+
+  end
+end

data/lib/open_directory_utils/pwpolicy.rb

@@ -0,0 +1,48 @@
+require "open_directory_utils/clean_check"
+
+module OpenDirectoryUtils
+
+  # https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/dscl.1.html
+  # https://superuser.com/questions/592921/mac-osx-users-vs-dscl-command-to-list-user/621055?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
+  module Pwpolicy
+
+    include OpenDirectoryUtils::CleanCheck
+
+    def build_pwpolicy_command(params, dir_info)
+      # /usr/bin/pwpolicy -a diradmin -p "BigSecret" -u username -setpolicy "isDisabled=0"
+      ans  = "#{dir_info[:pwpol]}"
+      ans += " -a #{dir_info[:diradmin]}"      unless dir_info[:diradmin].nil? or
+                                                      dir_info[:diradmin].empty?
+      ans += %Q[ -p "#{dir_info[:password]}"]  unless dir_info[:password].nil? or
+                                                      dir_info[:password].empty?
+      ans += %Q[ -u #{params[:record_name]}]
+      ans += %Q[ -#{params[:attribute]}]
+      ans += %Q[ "#{params[:value]}"]          unless params[:value].nil? or
+                                                      params[:value].empty?
+      return ans
+    end
+
+    def pwpolicy(params, dir_info)
+      check_critical_attribute( params, :record_name )
+      cmd_params = tidy_attribs(params)
+
+      build_pwpolicy_command( cmd_params, dir_info )
+    end
+
+    ## PRE-BUILT commands
+    #####################
+    # /usr/bin/pwpolicy -a diradmin -p A-B1g-S3cret -u $shortname_USERNAME -setpolicy "isDisabled=0"
+    def user_enable_login(params, dir_info)
+      command = {attribute: 'enableuser'}
+      params  = command.merge(params)
+      pwpolicy(params, dir_info)
+    end
+    # /usr/bin/pwpolicy -a diradmin -p A-B1g-S3cret -u $shortname_USERNAME -setpolicy "isDisabled=1"
+    def user_disable_login(params, dir_info)
+      command = {attribute: 'disableuser'}
+      params  = command.merge(params)
+      pwpolicy(params, dir_info)
+    end
+
+  end
+end

data/lib/open_directory_utils/user_command_pattern.rb

@@ -0,0 +1,188 @@
+module OpenDirectoryUtils
+  # command pattern
+  # https://makandracards.com/alexander-m/43748-command-pattern
+  # https://stackoverflow.com/questions/43535421/command-pattern-in-ruby?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
+  #
+  # DSCL
+  # https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/dscl.1.html
+  # https://superuser.com/questions/592921/mac-osx-users-vs-dscl-command-to-list-user/621055?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
+  class Commands
+    class Error < StandardError; end
+
+    def initialize(params)
+    end
+
+    def execute
+      raise NotYetImplemented
+    end
+  end
+
+  # # get all usernames -- dscl . -list /Users
+  # # get all user details -- dscl . -readall /Users
+  # def user_exists?
+  # end
+  class UserGetInfo
+    # get user record -- dscl . -read /Users/<username>
+    # get user value  -- dscl . -read /Users/<username> <key>
+    # search od user  -- dscl . -search /Users RealName "Andrew Garrett"
+    # return as xml   -- dscl -plist . -search /Users RealName "Andrew Garrett"
+    def user_get_info
+    end
+  end
+
+    # https://images.apple.com/server/docs/Command_Line.pdf
+    # https://serverfault.com/questions/20702/how-do-i-create-user-accounts-from-the-terminal-in-mac-os-x-10-5?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa
+    # https://superuser.com/questions/1154564/how-to-create-a-user-from-the-macos-command-line
+    # There are a few steps to create a user account from the command line. The good news is that you're using the right tool, dscl. What you're missing are the separate components that comprise a user account. You have to create these manually.
+    # sudo dscl . -create /Users/someuser
+    # sudo dscl . -create /Users/someuser UserShell /bin/bash
+    # sudo dscl . -create /Users/someuser RealName "Lucius Q. User"
+    # sudo dscl . -create /Users/someuser UniqueID "1010"  #use something not already in use
+    # sudo dscl . -create /Users/someuser PrimaryGroupID 80
+    # sudo dscl . -create /Users/someuser NFSHomeDirectory /Users/soemuser
+    #
+    # You can then use passwd to change the user's password, or use:
+    # sudo dscl . -passwd /Users/someuser password
+
+    # You'll also have to create the user's home directory and change ownership so the user can access it. And be sure that the UniqueID is, in fact, unique.
+    #
+    # This line will add the user to the administrator's group:
+    # sudo dscl . -append /Groups/admin GroupMembership someuser
+    def user_create
+    end
+
+    # add 1st user   -- dscl . create /Groups/ladmins GroupMembership localadmin
+    # add more users -- dscl . append /Groups/ladmins GroupMembership 2ndlocaladmin
+    def user_add_to_group
+    end
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -delete /Groups/$VALUE GroupMembership $UID_USERNAME
+    def user_remove_from_group
+    end
+
+    # dscl . -delete /Users/yourUserName
+    # https://tutorialforlinux.com/2011/09/15/delete-users-and-groups-from-terminal/
+    def user_delete
+    end
+
+    # /usr/bin/dscl -plist -u diradmin -P #{adminpw} /LDAPv3/127.0.0.1/ -passwd /Users/#{uid} #{passwd}
+    def user_set_password
+    end
+
+    # /usr/bin/dscl /LDAPv3/127.0.0.1 auth #{uid} #{passwd}
+    def user_test_password
+    end
+
+    # /usr/bin/pwpolicy -a diradmin -p A-B1g-S3cret -u $UID_USERNAME -setpolicy "isDisabled=0"
+    def user_enable_login
+    end
+
+    # /usr/bin/pwpolicy -a diradmin -p A-B1g-S3cret -u $UID_USERNAME -setpolicy "isDisabled=1"
+    def user_disable_login
+    end
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME gidnumber "$VALUE"
+    def user_set_groupnumber
+    end
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME givenName "$VALUE"
+    def user_set_first_name
+    end
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME sn "$VALUE"
+    def user_set_last_name
+    end
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME apple-namesuffix "$VALUE"
+    def user_set_name_suffix
+    end
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME mail "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME email "$VALUE"
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME apple-user-mailattribute "$VALUE"
+    def user_set_email
+    end
+
+    # create first keyword
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME apple-keyword "$VALUE"
+    # add a keyword
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -append /Users/$UID_USERNAME apple-keyword "$VALUE"
+    def user_set_keywords
+    end
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -append /Users/$UID_USERNAME apple-keyword "$VALUE"
+    def user_add_keywords
+    end
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME mobile "$VALUE"
+    def user_set_mobile_phone
+    end
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME telephoneNumber "$VALUE"
+    def user_set_work_phone
+    end
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME homePhone "$VALUE"
+    def user_set_home_phone
+    end
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME title "$VALUE"
+    def user_set_title
+    end
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME homedirectory "$VALUE"
+    def user_set_home_directoy
+    end
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME loginShell "$VALUE"
+    def user_set_shell
+    end
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME apple-company "$VALUE"
+    def user_set_company
+    end
+    alias_method :las_program_info, :user_set_company
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME street "$VALUE"
+    def user_set_street
+    end
+    alias_method :las_, :user_set_street
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID l "$VALUE"
+    def user_set_city
+    end
+    alias_method :las_, :user_set_city
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME st "$VALUE"
+    def user_set_state
+    end
+    alias_method :las_cultural_trip, :user_set_state
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME postalCode "$VALUE"
+    def user_set_postcode
+    end
+    alias_method :las_faculty_family, :user_set_postcode
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME apple-webloguri "$VALUE"
+    def user_set_blog
+    end
+    alias_method :las_, :user_set_blog
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME apple-organizationinfo "$VALUE"
+    def user_organizational_info
+    end
+    alias_method :las_link_student_to_parent, :user_organizational_info
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME apple-relationships "$VALUE"
+    def user_relationships
+    end
+    alias_method :las_link_parent_to_student, :user_relationships
+
+    # /usr/bin/dscl -u diradmin -P A-B1g-S3cret /LDAPv3/127.0.0.1/ -create /Users/$UID_USERNAME labeledURI "$VALUE"
+    def user_set_homepage
+    end
+    alias_method :las_enrollment_date, :user_set_homepage
+    alias_method :las_start_date, :user_set_homepage
+
+  end
+end

data/lib/open_directory_utils/version.rb

@@ -0,0 +1,5 @@
+module OpenDirectoryUtils
+  module Version
+    VERSION = "0.1.0"
+  end
+end

data/open_directory_utils.gemspec

@@ -0,0 +1,38 @@
+
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "open_directory_utils/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "open_directory_utils"
+  spec.version       = OpenDirectoryUtils::Version::VERSION
+  spec.authors       = ["Bill Tihen", "Lee Weisbecker"]
+  spec.email         = ["btihen@gmail.com", "leeweisbecker@gmail.com"]
+
+  spec.summary       = %q{A ruby wrapper to access MacOpenDirectory management commands remotely}
+  spec.description   = %q{Create and update users and groups on a MacOpenDirectory Server}
+  spec.homepage      = "https://github.com/btihen/open_directory_utils"
+  spec.license       = "MIT"
+
+  # # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # # to allow pushing to a single host or delete this section to allow pushing to any host.
+  # if spec.respond_to?(:metadata)
+  #   spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
+  # else
+  #   raise "RubyGems 2.0 or newer is required to protect against " \
+  #     "public gem pushes."
+  # end
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency "net-ssh", "~> 4.2"
+
+  spec.add_development_dependency "bundler", "~> 1.16"
+  spec.add_development_dependency "rake", "~> 12.3"
+  spec.add_development_dependency "rspec", "~> 3.7"
+end