open_directory_utils 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +3 -0
- data/Gemfile.lock +1 -1
- data/README.md +14 -6
- data/examples/connection-sample.yml +6 -0
- data/examples/create_od_users.rb +45 -0
- data/examples/users-sample.yml +17 -0
- data/lib/open_directory_utils/clean_check.rb +10 -0
- data/lib/open_directory_utils/commands_base.rb +125 -0
- data/lib/open_directory_utils/commands_group.rb +53 -162
- data/lib/open_directory_utils/commands_user_attribs_ldap.rb +23 -79
- data/lib/open_directory_utils/commands_user_attribs_od.rb +188 -100
- data/lib/open_directory_utils/connection.rb +76 -33
- data/lib/open_directory_utils/dscl.rb +1 -1
- data/lib/open_directory_utils/version.rb +1 -1
- metadata +6 -2
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
require 'net/ssh'
|
|
2
|
-
require "open_directory_utils/dscl"
|
|
3
|
-
require "open_directory_utils/pwpolicy"
|
|
2
|
+
# require "open_directory_utils/dscl"
|
|
3
|
+
# require "open_directory_utils/pwpolicy"
|
|
4
|
+
require "open_directory_utils/commands_base"
|
|
4
5
|
require "open_directory_utils/commands_group"
|
|
5
6
|
require "open_directory_utils/commands_user_attribs_od"
|
|
6
7
|
require "open_directory_utils/commands_user_attribs_ldap"
|
|
@@ -10,8 +11,9 @@ module OpenDirectoryUtils
|
|
|
10
11
|
|
|
11
12
|
attr_reader :srv_info, :dir_info
|
|
12
13
|
|
|
13
|
-
include OpenDirectoryUtils::Dscl
|
|
14
|
-
include OpenDirectoryUtils::Pwpolicy
|
|
14
|
+
# include OpenDirectoryUtils::Dscl
|
|
15
|
+
# include OpenDirectoryUtils::Pwpolicy
|
|
16
|
+
include OpenDirectoryUtils::CommandsBase
|
|
15
17
|
include OpenDirectoryUtils::CommandsGroup
|
|
16
18
|
include OpenDirectoryUtils::CommandsUserAttribsOd
|
|
17
19
|
include OpenDirectoryUtils::CommandsUserAttribsLdap
|
|
@@ -30,6 +32,7 @@ module OpenDirectoryUtils
|
|
|
30
32
|
data_path: config[:dir_datapath],
|
|
31
33
|
dscl: config[:dscl_path],
|
|
32
34
|
pwpol: config[:pwpol_path],
|
|
35
|
+
dsedit: config[:dsedit_path],
|
|
33
36
|
}
|
|
34
37
|
raise ArgumentError, 'server hostname missing' if srv_info[:hostname].nil? or
|
|
35
38
|
srv_info[:hostname].empty?
|
|
@@ -47,10 +50,10 @@ module OpenDirectoryUtils
|
|
|
47
50
|
# just in case clear record_name and calculate later
|
|
48
51
|
params[:record_name] = nil
|
|
49
52
|
ssh_cmds = send(command, params, dir_info)
|
|
50
|
-
results = send_cmds_to_od_server(ssh_cmds)
|
|
51
53
|
# pp ssh_cmds
|
|
54
|
+
results = send_cmds_to_od_server(ssh_cmds)
|
|
52
55
|
# pp results
|
|
53
|
-
|
|
56
|
+
process_results(results, command, params, ssh_cmds)
|
|
54
57
|
rescue ArgumentError, NoMethodError => error
|
|
55
58
|
{error: {response: error.message, command: command,
|
|
56
59
|
attributes: params, dscl_cmds: ssh_cmds}}
|
|
@@ -70,44 +73,83 @@ module OpenDirectoryUtils
|
|
|
70
73
|
return output
|
|
71
74
|
end
|
|
72
75
|
|
|
73
|
-
def
|
|
74
|
-
|
|
75
|
-
errors =
|
|
76
|
+
def process_results(results, command, params, ssh_cmds)
|
|
77
|
+
results_str = results.to_s
|
|
78
|
+
errors = true if results_str.include? 'Error'
|
|
79
|
+
errors = false unless results_str.include? 'Error'
|
|
76
80
|
|
|
77
81
|
if command.eql?(:user_exists?) or command.eql?(:group_exists?)
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
82
|
+
found = record_found?(results_str)
|
|
83
|
+
results = [ found, results ]
|
|
84
|
+
return format_results(results, command, params, ssh_cmds, false)
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
if results_str.include?('Group not found') or # can't find group to move user into
|
|
88
|
+
results.to_s.include?('eDSRecordNotFound') or # return error if resource wasn't found
|
|
89
|
+
results_str.include?('Record was not found') or # can't find user to move into a group
|
|
90
|
+
results.to_s.include?('eDSAuthAccountDisabled') or # can't set passwd when disabled
|
|
91
|
+
results_str.include?('unknown AuthenticationAuthority') # can't reset password when account disabled
|
|
92
|
+
return format_results(results, command, params, ssh_cmds, true)
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
if command.eql?(:user_password_verified?) or command.eql?(:user_password_ok?)
|
|
96
|
+
passed = password_verified?(results_str)
|
|
97
|
+
results = [ passed, results ]
|
|
98
|
+
return format_results(results, command, params, ssh_cmds, false)
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
if command.eql?(:user_login_enabled?)
|
|
102
|
+
# puts "login enabled -- #{results}".upcase
|
|
103
|
+
enabled = login_enabled?(results_str)
|
|
104
|
+
results = [ enabled, results ]
|
|
105
|
+
return format_results(results, command, params, ssh_cmds, false)
|
|
84
106
|
end
|
|
85
107
|
|
|
86
108
|
if command.eql?(:user_in_group?) or command.eql?(:group_has_user?)
|
|
87
|
-
username =
|
|
88
|
-
username
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
raise ArgumentError, "username invalid or missing" if username.eql? '' or username.include? ' '
|
|
94
|
-
raise ArgumentError, "groupname invalid or missing" if results.to_s.include?('eDSRecordNotFound')
|
|
95
|
-
|
|
96
|
-
if results.to_s.include?( username )
|
|
97
|
-
results = [true]
|
|
98
|
-
else
|
|
99
|
-
results = [false]
|
|
109
|
+
username = params[:value]
|
|
110
|
+
unless username.nil? or username.eql? '' or username.include? ' ' or
|
|
111
|
+
results_str.include?('eDSRecordNotFound')
|
|
112
|
+
results = [true, results] if results_str.include?( username )
|
|
113
|
+
results = [false, results] unless results_str.include?( username )
|
|
100
114
|
end
|
|
101
115
|
end
|
|
102
116
|
|
|
103
|
-
|
|
117
|
+
if errors and ( results_str.include?('eDSRecordNotFound') or
|
|
118
|
+
results_str.include?('unknown AuthenticationAuthority') )
|
|
119
|
+
results = ["Resource not found", results]
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
return format_results(results, command, params, ssh_cmds, errors)
|
|
123
|
+
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
def format_results(results, command, params, ssh_cmds, errors)
|
|
127
|
+
answer = case errors
|
|
104
128
|
when false
|
|
105
129
|
{success:{response: results, command: command, attributes: params}}
|
|
106
130
|
else
|
|
107
131
|
{error: {response: results, command: command,
|
|
108
132
|
attributes: params, dscl_cmds: ssh_cmds}}
|
|
109
133
|
end
|
|
110
|
-
return
|
|
134
|
+
return answer
|
|
135
|
+
end
|
|
136
|
+
|
|
137
|
+
def login_enabled?(results_str)
|
|
138
|
+
return false if results_str.include?('account is disabled')
|
|
139
|
+
return false if results_str.include?('isDisabled=1')
|
|
140
|
+
# some enabled accounts return no policies ?#$?
|
|
141
|
+
# return true if results_str.include?('isDisabled=0')
|
|
142
|
+
true
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
def password_verified?(results_str)
|
|
146
|
+
return false if results_str.include?('eDSAuthFailed')
|
|
147
|
+
true
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
def record_found?(results_str)
|
|
151
|
+
return false if results_str.include?('eDSRecordNotFound')
|
|
152
|
+
true
|
|
111
153
|
end
|
|
112
154
|
|
|
113
155
|
def defaults
|
|
@@ -118,10 +160,11 @@ module OpenDirectoryUtils
|
|
|
118
160
|
|
|
119
161
|
dir_username: ENV['DIR_ADMIN_USER'],
|
|
120
162
|
dir_password: ENV['DIR_ADMIN_PASS'],
|
|
121
|
-
dir_datapath: (ENV['DIR_DATAPATH'] || '/LDAPv3/127.0.0.1
|
|
163
|
+
dir_datapath: (ENV['DIR_DATAPATH'] || '/LDAPv3/127.0.0.1'),
|
|
122
164
|
|
|
123
|
-
dscl_path: ENV['DSCL_PATH']
|
|
124
|
-
pwpol_path: ENV['PWPOL_PATH']
|
|
165
|
+
dscl_path: ENV['DSCL_PATH'] || '/usr/bin/dscl',
|
|
166
|
+
pwpol_path: ENV['PWPOL_PATH'] || '/usr/bin/pwpolicy',
|
|
167
|
+
dsedit_path: ENV['DSEDIT_PATH'] || '/usr/sbin/dseditgroup',
|
|
125
168
|
}
|
|
126
169
|
end
|
|
127
170
|
|
|
@@ -23,7 +23,7 @@ module OpenDirectoryUtils
|
|
|
23
23
|
def build_dscl_command(attribs, dir_info)
|
|
24
24
|
# allow :recordname to be passed-in if using dscl directly
|
|
25
25
|
attribs[:record_name] = attribs[:record_name] || attribs[:recordname]
|
|
26
|
-
# /usr/bin/dscl -u diradmin -P "BigSecret" /LDAPv3/127.0.0.1
|
|
26
|
+
# /usr/bin/dscl -u diradmin -P "BigSecret" /LDAPv3/127.0.0.1 -append /Users/$UID_USERNAME apple-keyword "$VALUE"
|
|
27
27
|
# "/usr/bin/dscl -plist -u #{od_username} -P #{od_password} #{od_dsclpath} -#{command} #{resource} #{params}"
|
|
28
28
|
ans = "#{dir_info[:dscl]}"
|
|
29
29
|
unless attribs[:format].nil?
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: open_directory_utils
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Bill Tihen
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2018-06-
|
|
12
|
+
date: 2018-06-09 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: net-ssh
|
|
@@ -86,8 +86,12 @@ files:
|
|
|
86
86
|
- Rakefile
|
|
87
87
|
- bin/console
|
|
88
88
|
- bin/setup
|
|
89
|
+
- examples/connection-sample.yml
|
|
90
|
+
- examples/create_od_users.rb
|
|
91
|
+
- examples/users-sample.yml
|
|
89
92
|
- lib/open_directory_utils.rb
|
|
90
93
|
- lib/open_directory_utils/clean_check.rb
|
|
94
|
+
- lib/open_directory_utils/commands_base.rb
|
|
91
95
|
- lib/open_directory_utils/commands_group.rb
|
|
92
96
|
- lib/open_directory_utils/commands_user_attribs_ldap.rb
|
|
93
97
|
- lib/open_directory_utils/commands_user_attribs_od.rb
|