open_directory_utils 0.1.1 → 0.1.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +3 -0
- data/Gemfile.lock +1 -1
- data/README.md +14 -6
- data/examples/connection-sample.yml +6 -0
- data/examples/create_od_users.rb +45 -0
- data/examples/users-sample.yml +17 -0
- data/lib/open_directory_utils/clean_check.rb +10 -0
- data/lib/open_directory_utils/commands_base.rb +125 -0
- data/lib/open_directory_utils/commands_group.rb +53 -162
- data/lib/open_directory_utils/commands_user_attribs_ldap.rb +23 -79
- data/lib/open_directory_utils/commands_user_attribs_od.rb +188 -100
- data/lib/open_directory_utils/connection.rb +76 -33
- data/lib/open_directory_utils/dscl.rb +1 -1
- data/lib/open_directory_utils/version.rb +1 -1
- metadata +6 -2
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
require 'net/ssh'
|
|
2
|
-
require "open_directory_utils/dscl"
|
|
3
|
-
require "open_directory_utils/pwpolicy"
|
|
2
|
+
# require "open_directory_utils/dscl"
|
|
3
|
+
# require "open_directory_utils/pwpolicy"
|
|
4
|
+
require "open_directory_utils/commands_base"
|
|
4
5
|
require "open_directory_utils/commands_group"
|
|
5
6
|
require "open_directory_utils/commands_user_attribs_od"
|
|
6
7
|
require "open_directory_utils/commands_user_attribs_ldap"
|
|
@@ -10,8 +11,9 @@ module OpenDirectoryUtils
|
|
|
10
11
|
|
|
11
12
|
attr_reader :srv_info, :dir_info
|
|
12
13
|
|
|
13
|
-
include OpenDirectoryUtils::Dscl
|
|
14
|
-
include OpenDirectoryUtils::Pwpolicy
|
|
14
|
+
# include OpenDirectoryUtils::Dscl
|
|
15
|
+
# include OpenDirectoryUtils::Pwpolicy
|
|
16
|
+
include OpenDirectoryUtils::CommandsBase
|
|
15
17
|
include OpenDirectoryUtils::CommandsGroup
|
|
16
18
|
include OpenDirectoryUtils::CommandsUserAttribsOd
|
|
17
19
|
include OpenDirectoryUtils::CommandsUserAttribsLdap
|
|
@@ -30,6 +32,7 @@ module OpenDirectoryUtils
|
|
|
30
32
|
data_path: config[:dir_datapath],
|
|
31
33
|
dscl: config[:dscl_path],
|
|
32
34
|
pwpol: config[:pwpol_path],
|
|
35
|
+
dsedit: config[:dsedit_path],
|
|
33
36
|
}
|
|
34
37
|
raise ArgumentError, 'server hostname missing' if srv_info[:hostname].nil? or
|
|
35
38
|
srv_info[:hostname].empty?
|
|
@@ -47,10 +50,10 @@ module OpenDirectoryUtils
|
|
|
47
50
|
# just in case clear record_name and calculate later
|
|
48
51
|
params[:record_name] = nil
|
|
49
52
|
ssh_cmds = send(command, params, dir_info)
|
|
50
|
-
results = send_cmds_to_od_server(ssh_cmds)
|
|
51
53
|
# pp ssh_cmds
|
|
54
|
+
results = send_cmds_to_od_server(ssh_cmds)
|
|
52
55
|
# pp results
|
|
53
|
-
|
|
56
|
+
process_results(results, command, params, ssh_cmds)
|
|
54
57
|
rescue ArgumentError, NoMethodError => error
|
|
55
58
|
{error: {response: error.message, command: command,
|
|
56
59
|
attributes: params, dscl_cmds: ssh_cmds}}
|
|
@@ -70,44 +73,83 @@ module OpenDirectoryUtils
|
|
|
70
73
|
return output
|
|
71
74
|
end
|
|
72
75
|
|
|
73
|
-
def
|
|
74
|
-
|
|
75
|
-
errors =
|
|
76
|
+
def process_results(results, command, params, ssh_cmds)
|
|
77
|
+
results_str = results.to_s
|
|
78
|
+
errors = true if results_str.include? 'Error'
|
|
79
|
+
errors = false unless results_str.include? 'Error'
|
|
76
80
|
|
|
77
81
|
if command.eql?(:user_exists?) or command.eql?(:group_exists?)
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
82
|
+
found = record_found?(results_str)
|
|
83
|
+
results = [ found, results ]
|
|
84
|
+
return format_results(results, command, params, ssh_cmds, false)
|
|
85
|
+
end
|
|
86
|
+
|
|
87
|
+
if results_str.include?('Group not found') or # can't find group to move user into
|
|
88
|
+
results.to_s.include?('eDSRecordNotFound') or # return error if resource wasn't found
|
|
89
|
+
results_str.include?('Record was not found') or # can't find user to move into a group
|
|
90
|
+
results.to_s.include?('eDSAuthAccountDisabled') or # can't set passwd when disabled
|
|
91
|
+
results_str.include?('unknown AuthenticationAuthority') # can't reset password when account disabled
|
|
92
|
+
return format_results(results, command, params, ssh_cmds, true)
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
if command.eql?(:user_password_verified?) or command.eql?(:user_password_ok?)
|
|
96
|
+
passed = password_verified?(results_str)
|
|
97
|
+
results = [ passed, results ]
|
|
98
|
+
return format_results(results, command, params, ssh_cmds, false)
|
|
99
|
+
end
|
|
100
|
+
|
|
101
|
+
if command.eql?(:user_login_enabled?)
|
|
102
|
+
# puts "login enabled -- #{results}".upcase
|
|
103
|
+
enabled = login_enabled?(results_str)
|
|
104
|
+
results = [ enabled, results ]
|
|
105
|
+
return format_results(results, command, params, ssh_cmds, false)
|
|
84
106
|
end
|
|
85
107
|
|
|
86
108
|
if command.eql?(:user_in_group?) or command.eql?(:group_has_user?)
|
|
87
|
-
username =
|
|
88
|
-
username
|
|
89
|
-
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
raise ArgumentError, "username invalid or missing" if username.eql? '' or username.include? ' '
|
|
94
|
-
raise ArgumentError, "groupname invalid or missing" if results.to_s.include?('eDSRecordNotFound')
|
|
95
|
-
|
|
96
|
-
if results.to_s.include?( username )
|
|
97
|
-
results = [true]
|
|
98
|
-
else
|
|
99
|
-
results = [false]
|
|
109
|
+
username = params[:value]
|
|
110
|
+
unless username.nil? or username.eql? '' or username.include? ' ' or
|
|
111
|
+
results_str.include?('eDSRecordNotFound')
|
|
112
|
+
results = [true, results] if results_str.include?( username )
|
|
113
|
+
results = [false, results] unless results_str.include?( username )
|
|
100
114
|
end
|
|
101
115
|
end
|
|
102
116
|
|
|
103
|
-
|
|
117
|
+
if errors and ( results_str.include?('eDSRecordNotFound') or
|
|
118
|
+
results_str.include?('unknown AuthenticationAuthority') )
|
|
119
|
+
results = ["Resource not found", results]
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
return format_results(results, command, params, ssh_cmds, errors)
|
|
123
|
+
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
def format_results(results, command, params, ssh_cmds, errors)
|
|
127
|
+
answer = case errors
|
|
104
128
|
when false
|
|
105
129
|
{success:{response: results, command: command, attributes: params}}
|
|
106
130
|
else
|
|
107
131
|
{error: {response: results, command: command,
|
|
108
132
|
attributes: params, dscl_cmds: ssh_cmds}}
|
|
109
133
|
end
|
|
110
|
-
return
|
|
134
|
+
return answer
|
|
135
|
+
end
|
|
136
|
+
|
|
137
|
+
def login_enabled?(results_str)
|
|
138
|
+
return false if results_str.include?('account is disabled')
|
|
139
|
+
return false if results_str.include?('isDisabled=1')
|
|
140
|
+
# some enabled accounts return no policies ?#$?
|
|
141
|
+
# return true if results_str.include?('isDisabled=0')
|
|
142
|
+
true
|
|
143
|
+
end
|
|
144
|
+
|
|
145
|
+
def password_verified?(results_str)
|
|
146
|
+
return false if results_str.include?('eDSAuthFailed')
|
|
147
|
+
true
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
def record_found?(results_str)
|
|
151
|
+
return false if results_str.include?('eDSRecordNotFound')
|
|
152
|
+
true
|
|
111
153
|
end
|
|
112
154
|
|
|
113
155
|
def defaults
|
|
@@ -118,10 +160,11 @@ module OpenDirectoryUtils
|
|
|
118
160
|
|
|
119
161
|
dir_username: ENV['DIR_ADMIN_USER'],
|
|
120
162
|
dir_password: ENV['DIR_ADMIN_PASS'],
|
|
121
|
-
dir_datapath: (ENV['DIR_DATAPATH'] || '/LDAPv3/127.0.0.1
|
|
163
|
+
dir_datapath: (ENV['DIR_DATAPATH'] || '/LDAPv3/127.0.0.1'),
|
|
122
164
|
|
|
123
|
-
dscl_path: ENV['DSCL_PATH']
|
|
124
|
-
pwpol_path: ENV['PWPOL_PATH']
|
|
165
|
+
dscl_path: ENV['DSCL_PATH'] || '/usr/bin/dscl',
|
|
166
|
+
pwpol_path: ENV['PWPOL_PATH'] || '/usr/bin/pwpolicy',
|
|
167
|
+
dsedit_path: ENV['DSEDIT_PATH'] || '/usr/sbin/dseditgroup',
|
|
125
168
|
}
|
|
126
169
|
end
|
|
127
170
|
|
|
@@ -23,7 +23,7 @@ module OpenDirectoryUtils
|
|
|
23
23
|
def build_dscl_command(attribs, dir_info)
|
|
24
24
|
# allow :recordname to be passed-in if using dscl directly
|
|
25
25
|
attribs[:record_name] = attribs[:record_name] || attribs[:recordname]
|
|
26
|
-
# /usr/bin/dscl -u diradmin -P "BigSecret" /LDAPv3/127.0.0.1
|
|
26
|
+
# /usr/bin/dscl -u diradmin -P "BigSecret" /LDAPv3/127.0.0.1 -append /Users/$UID_USERNAME apple-keyword "$VALUE"
|
|
27
27
|
# "/usr/bin/dscl -plist -u #{od_username} -P #{od_password} #{od_dsclpath} -#{command} #{resource} #{params}"
|
|
28
28
|
ans = "#{dir_info[:dscl]}"
|
|
29
29
|
unless attribs[:format].nil?
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: open_directory_utils
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Bill Tihen
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2018-06-
|
|
12
|
+
date: 2018-06-09 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: net-ssh
|
|
@@ -86,8 +86,12 @@ files:
|
|
|
86
86
|
- Rakefile
|
|
87
87
|
- bin/console
|
|
88
88
|
- bin/setup
|
|
89
|
+
- examples/connection-sample.yml
|
|
90
|
+
- examples/create_od_users.rb
|
|
91
|
+
- examples/users-sample.yml
|
|
89
92
|
- lib/open_directory_utils.rb
|
|
90
93
|
- lib/open_directory_utils/clean_check.rb
|
|
94
|
+
- lib/open_directory_utils/commands_base.rb
|
|
91
95
|
- lib/open_directory_utils/commands_group.rb
|
|
92
96
|
- lib/open_directory_utils/commands_user_attribs_ldap.rb
|
|
93
97
|
- lib/open_directory_utils/commands_user_attribs_od.rb
|