radcli 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 2dfdb7ef72454b16327f0043dbecca55c855634e
+  data.tar.gz: 8df85fb65856d1700f59a8ae98285521af0498ab
+SHA512:
+  metadata.gz: 86bc89bee5ab9d9e98f710a2ec835b70fd537f3e47f7be38fd76fa50267df698a4e1f87a9203181b58a2a2a2c138f5782aba3b0f45b1eb4d83be9266ac6d6986
+  data.tar.gz: 2767894076c47ae95edcad05a1accbfd93517e36f08812bf579acd732450bfa9f772531c3e147975e36a803b3baac08246bcc814c55077cb3203ba3ae55b3275

data/LICENSE

@@ -0,0 +1,201 @@
+		       The Artistic License 2.0
+
+	    Copyright (c) 2000-2006, The Perl Foundation.
+
+     Everyone is permitted to copy and distribute verbatim copies
+      of this license document, but changing it is not allowed.
+
+Preamble
+
+This license establishes the terms under which a given free software
+Package may be copied, modified, distributed, and/or redistributed.
+The intent is that the Copyright Holder maintains some artistic
+control over the development of that Package while still keeping the
+Package available as open source and free software.
+
+You are always permitted to make arrangements wholly outside of this
+license directly with the Copyright Holder of a given Package.  If the
+terms of this license do not permit the full use that you propose to
+make of the Package, you should contact the Copyright Holder and seek
+a different licensing arrangement. 
+
+Definitions
+
+    "Copyright Holder" means the individual(s) or organization(s)
+    named in the copyright notice for the entire Package.
+
+    "Contributor" means any party that has contributed code or other
+    material to the Package, in accordance with the Copyright Holder's
+    procedures.
+
+    "You" and "your" means any person who would like to copy,
+    distribute, or modify the Package.
+
+    "Package" means the collection of files distributed by the
+    Copyright Holder, and derivatives of that collection and/or of
+    those files. A given Package may consist of either the Standard
+    Version, or a Modified Version.
+
+    "Distribute" means providing a copy of the Package or making it
+    accessible to anyone else, or in the case of a company or
+    organization, to others outside of your company or organization.
+
+    "Distributor Fee" means any fee that you charge for Distributing
+    this Package or providing support for this Package to another
+    party.  It does not mean licensing fees.
+
+    "Standard Version" refers to the Package if it has not been
+    modified, or has been modified only in ways explicitly requested
+    by the Copyright Holder.
+
+    "Modified Version" means the Package, if it has been changed, and
+    such changes were not explicitly requested by the Copyright
+    Holder. 
+
+    "Original License" means this Artistic License as Distributed with
+    the Standard Version of the Package, in its current version or as
+    it may be modified by The Perl Foundation in the future.
+
+    "Source" form means the source code, documentation source, and
+    configuration files for the Package.
+
+    "Compiled" form means the compiled bytecode, object code, binary,
+    or any other form resulting from mechanical transformation or
+    translation of the Source form.
+
+
+Permission for Use and Modification Without Distribution
+
+(1)  You are permitted to use the Standard Version and create and use
+Modified Versions for any purpose without restriction, provided that
+you do not Distribute the Modified Version.
+
+
+Permissions for Redistribution of the Standard Version
+
+(2)  You may Distribute verbatim copies of the Source form of the
+Standard Version of this Package in any medium without restriction,
+either gratis or for a Distributor Fee, provided that you duplicate
+all of the original copyright notices and associated disclaimers.  At
+your discretion, such verbatim copies may or may not include a
+Compiled form of the Package.
+
+(3)  You may apply any bug fixes, portability changes, and other
+modifications made available from the Copyright Holder.  The resulting
+Package will still be considered the Standard Version, and as such
+will be subject to the Original License.
+
+
+Distribution of Modified Versions of the Package as Source 
+
+(4)  You may Distribute your Modified Version as Source (either gratis
+or for a Distributor Fee, and with or without a Compiled form of the
+Modified Version) provided that you clearly document how it differs
+from the Standard Version, including, but not limited to, documenting
+any non-standard features, executables, or modules, and provided that
+you do at least ONE of the following:
+
+    (a)  make the Modified Version available to the Copyright Holder
+    of the Standard Version, under the Original License, so that the
+    Copyright Holder may include your modifications in the Standard
+    Version.
+
+    (b)  ensure that installation of your Modified Version does not
+    prevent the user installing or running the Standard Version. In
+    addition, the Modified Version must bear a name that is different
+    from the name of the Standard Version.
+
+    (c)  allow anyone who receives a copy of the Modified Version to
+    make the Source form of the Modified Version available to others
+    under
+		
+	(i)  the Original License or
+
+	(ii)  a license that permits the licensee to freely copy,
+	modify and redistribute the Modified Version using the same
+	licensing terms that apply to the copy that the licensee
+	received, and requires that the Source form of the Modified
+	Version, and of any works derived from it, be made freely
+	available in that license fees are prohibited but Distributor
+	Fees are allowed.
+
+
+Distribution of Compiled Forms of the Standard Version 
+or Modified Versions without the Source
+
+(5)  You may Distribute Compiled forms of the Standard Version without
+the Source, provided that you include complete instructions on how to
+get the Source of the Standard Version.  Such instructions must be
+valid at the time of your distribution.  If these instructions, at any
+time while you are carrying out such distribution, become invalid, you
+must provide new instructions on demand or cease further distribution.
+If you provide valid instructions or cease distribution within thirty
+days after you become aware that the instructions are invalid, then
+you do not forfeit any of your rights under this license.
+
+(6)  You may Distribute a Modified Version in Compiled form without
+the Source, provided that you comply with Section 4 with respect to
+the Source of the Modified Version.
+
+
+Aggregating or Linking the Package 
+
+(7)  You may aggregate the Package (either the Standard Version or
+Modified Version) with other packages and Distribute the resulting
+aggregation provided that you do not charge a licensing fee for the
+Package.  Distributor Fees are permitted, and licensing fees for other
+components in the aggregation are permitted. The terms of this license
+apply to the use and Distribution of the Standard or Modified Versions
+as included in the aggregation.
+
+(8) You are permitted to link Modified and Standard Versions with
+other works, to embed the Package in a larger work of your own, or to
+build stand-alone binary or bytecode versions of applications that
+include the Package, and Distribute the result without restriction,
+provided the result does not expose a direct interface to the Package.
+
+
+Items That are Not Considered Part of a Modified Version 
+
+(9) Works (including, but not limited to, modules and scripts) that
+merely extend or make use of the Package, do not, by themselves, cause
+the Package to be a Modified Version.  In addition, such works are not
+considered parts of the Package itself, and are not subject to the
+terms of this license.
+
+
+General Provisions
+
+(10)  Any use, modification, and distribution of the Standard or
+Modified Versions is governed by this Artistic License. By using,
+modifying or distributing the Package, you accept this license. Do not
+use, modify, or distribute the Package, if you do not accept this
+license.
+
+(11)  If your Modified Version has been derived from a Modified
+Version made by someone other than you, you are nevertheless required
+to ensure that your Modified Version complies with the requirements of
+this license.
+
+(12)  This license does not grant you the right to use any trademark,
+service mark, tradename, or logo of the Copyright Holder.
+
+(13)  This license includes the non-exclusive, worldwide,
+free-of-charge patent license to make, have made, use, offer to sell,
+sell, import and otherwise transfer the Package with respect to any
+patent claims licensable by the Copyright Holder that are necessarily
+infringed by the Package. If you institute patent litigation
+(including a cross-claim or counterclaim) against any party alleging
+that the Package constitutes direct or contributory patent
+infringement, then this Artistic License to you shall terminate on the
+date that such litigation is filed.
+
+(14)  Disclaimer of Warranty:
+THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS "AS
+IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. THE IMPLIED
+WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
+NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY YOUR LOCAL
+LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR CONTRIBUTOR WILL
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL
+DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE, EVEN IF
+ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

data/MANIFEST

@@ -0,0 +1,13 @@
+CHANGES
+radcli.gemspec
+MANIFEST
+Rakefile
+README
+ext/adutil.h
+ext/adconn.h
+ext/adenroll.h
+ext/radconn.c
+ext/radenroll.c
+ext/radcli.c
+ext/radcli.h
+test/test_adcli.rb

data/README.md

@@ -0,0 +1,109 @@
+# Description
+The radcli library provides a Ruby interface for performing actions on a Active Directory domain using the realmd/adcli tool.
+(adcli: https://www.freedesktop.org/software/realmd/adcli/devel-building.html)
+
+# Installation
+
+
+### Prerequisites (Ubuntu)
+```
+sudo apt-get install ruby gem ruby-dev
+sudo gem install rake bundler rakecompiler rspec
+sudo apt-get install automake autoconf xmlto xsltproc libkrb5-dev libldap2-dev libsasl2-dev
+```
+
+### Prerequisites (Fedora)
+```
+sudo yum ruby gem ruby-devel
+gem install rake bundler rakecompiler rspec
+sudo yum install automake autoconf xmlto xsltproc krb5-devel openldap-devel cyrus-sasl-devel
+```
+
+### Building
+```
+git clone https://github.com/martencassel/radcli
+cd radcli
+rake build
+gem install pkg/radcli-0.0.1.gem
+```
+
+# Synposis
+
+### Connect using username/password
+```ruby
+require 'radcli'
+
+adconn = Adcli::AdConn.new("example.com")
+adconn.set_domain_realm("EXAMPLE.COM")
+adconn.set_domain_controller("dc.example.com")
+
+adconn.set_login_user("Administrator")
+adconn.set_user_password("password")
+
+res = adconn.connect
+```
+
+### or connect using local credentials cache
+```ruby
+require 'radcli'
+require "rkerberos"
+
+# Kinit using principal name and keytab.
+principal = "Administrator"
+keytab file over an unsecured network.
+keytab="/etc/foreman-proxy/ad.keytab"
+krb5 = Kerberos::Krb5.new
+ccache = Kerberos::Krb5::CredentialsCache.new
+krb5.get_init_creds_keytab principal, keytab, nil, ccache
+
+# Connect
+
+adconn = Adcli::AdConn.new("example.com")
+adconn.set_domain_realm("EXAMPLE.COM")
+adconn.set_domain_controller("dc.example.com")
+
+adconn.set_login_ccache_name("")
+
+res = adconn.connect
+```
+
+### Join
+```ruby
+
+enroll = Adcli::AdEnroll.new(adconn)
+enroll.set_computer_name("server")
+enroll.set_host_fqdn("server.example.com")
+enroll.set_computer_password("password")
+
+enroll.join()
+```
+
+### Reset Password
+```ruby
+
+enroll = Adcli::AdEnroll.new(adconn)
+enroll.set_computer_name("server")
+enroll.set_computer_password("newpass")
+
+enroll.password()
+
+```
+
+### Delete
+```ruby
+
+enroll = Adcli::AdEnroll.new(adconn)
+enroll.set_computer_name("server")
+
+enroll.delete()
+```
+
+# Notes
+For a testing environment you need the following:
+
+* A windows domain controller and a connected linux server.
+* The linux server must be able to resolve domain names from the domains dns server.
+
+# Authors
+* Mårten Cassel
+ 

data/Rakefile

@@ -0,0 +1,65 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/extensiontask'
+require 'rake/clean'
+require 'rbconfig'
+require 'rubygems/package'
+require 'bundler/gem_tasks'
+
+CLEAN.include(
+    "ext/radcli/*.o",
+    "ext/radcli/*.bundle",
+    "**/tmp"
+)
+
+CLOBBER.include(
+    "ext/radcli/Makefile",
+    "pkg"
+)
+
+BUILD_DIR = 'build'
+
+def gem_spec
+    @gem_spec ||= Gem::Specification.load('radcli.gemspec')
+end
+
+Gem::PackageTask.new(gem_spec) do |pkg|
+    pkg.need_zip = true
+    pkg.need_tar = true
+end
+
+Rake::ExtensionTask.new("radcli", gem_spec) do |ext|
+     ext.ext_dir = './ext/radcli' 
+     ext.lib_dir = './ext/lib'
+     ext.config_script = "extconf.rb"
+end
+
+namespace 'test' do
+
+  Rake::TestTask.new('all') do |t|
+    task :all => [:clean, :compile]
+    t.libs << 'ext/radcli' 
+    t.warning = true
+    t.verbose = true
+  end
+
+  Rake::TestTask.new('adconn') do |t|
+    task :context => [:clean, :compile]
+    t.libs << 'ext' 
+    t.test_files = FileList['test/test_radconn.rb']
+    t.warning = true
+    t.verbose = true
+  end
+
+  Rake::TestTask.new('adenroll') do |t|
+    task :context => [:clean, :compile]
+    t.libs << 'ext'
+    t.test_files = FileList['test/test_radenroll.rb']
+    t.warning = true
+    t.verbose = true
+  end
+end
+
+task :build   => [:clean, :compile]
+
+task :default => ['test:all']

data/build_adcli.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+yum -y groupinstall 'Development Tools' && sudo yum -y install automake autoconf xmlto xsltproc krb5-devel openldap-devel cyrus-sasl-devel
+rm -rf ./adcli && git clone http://cgit.freedesktop.org/realmd/adcli/
+cd ./adcli && ./autogen.sh --prefix=/usr --sysconfdir=/etc && make && mv ./library/.libs/libadcli.a ../ext/lib/
+git add -f ./ext/lib/libadcli.a
+rm -rf ./adcli

data/ext/radcli/adconn.h

@@ -0,0 +1,147 @@
+/*
+ * adcli
+ *
+ * Copyright (C) 2012 Red Hat Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
+ * MA 02110-1301 USA
+ *
+ * Author: Stef Walter <stefw@gnome.org>
+ */
+
+#ifndef ADCONN_H_
+#define ADCONN_H_
+
+#include "adutil.h"
+
+#include <krb5/krb5.h>
+#include <ldap.h>
+
+typedef enum {
+	ADCLI_LOGIN_UNKNOWN = 0,
+	ADCLI_LOGIN_COMPUTER_ACCOUNT = 1 << 1,
+	ADCLI_LOGIN_USER_ACCOUNT = 1 << 2,
+} adcli_login_type;
+
+#define ADCLI_CAP_OID                      "1.2.840.113556.1.4.800"
+#define ADCLI_CAP_LDAP_INTEG_OID           "1.2.840.113556.1.4.1791"
+#define ADCLI_CAP_V51_OID                  "1.2.840.113556.1.4.1670"
+#define ADCLI_CAP_ADAM_DIGEST              "1.2.840.113556.1.4.1880"
+#define ADCLI_CAP_ADAM_OID                 "1.2.840.113556.1.4.1851"
+#define ADCLI_CAP_PARTIAL_SECRETS_OID      "1.2.840.113556.1.4.1920"
+#define ADCLI_CAP_V60_OID                  "1.2.840.113556.1.4.1935"
+#define ADCLI_CAP_V61_R2_OID               "1.2.840.113556.1.4.2080"
+#define ADCLI_CAP_W8_OID                   "1.2.840.113556.1.4.2237"
+
+typedef char *      (* adcli_password_func)          (adcli_login_type type,
+                                                      const char *name,
+                                                      int flags,
+                                                      void *data);
+
+typedef void        (* adcli_destroy_func)           (void *data);
+
+typedef struct _adcli_conn_ctx adcli_conn;
+
+adcli_result        adcli_conn_discover              (adcli_conn *conn);
+
+adcli_result        adcli_conn_connect               (adcli_conn *conn);
+
+adcli_conn *        adcli_conn_new                   (const char *domain);
+
+adcli_conn *        adcli_conn_ref                   (adcli_conn *conn);
+
+void                adcli_conn_unref                 (adcli_conn *conn);
+
+void                adcli_conn_set_password_func     (adcli_conn *conn,
+                                                      adcli_password_func password_func,
+                                                      void *data,
+                                                      adcli_destroy_func destroy_data);
+
+const char *        adcli_conn_get_host_fqdn         (adcli_conn *conn);
+
+void                adcli_conn_set_host_fqdn         (adcli_conn *conn,
+                                                      const char *value);
+
+const char *        adcli_conn_get_domain_name       (adcli_conn *conn);
+
+void                adcli_conn_set_domain_name       (adcli_conn *conn,
+                                                      const char *value);
+
+const char *        adcli_conn_get_domain_realm      (adcli_conn *conn);
+
+void                adcli_conn_set_domain_realm      (adcli_conn *conn,
+                                                      const char *value);
+
+const char *        adcli_conn_get_domain_controller (adcli_conn *conn);
+
+void                adcli_conn_set_domain_controller (adcli_conn *conn,
+                                                      const char *value);
+
+const char *        adcli_conn_get_domain_short      (adcli_conn *conn);
+
+LDAP *              adcli_conn_get_ldap_connection   (adcli_conn *conn);
+
+krb5_context        adcli_conn_get_krb5_context      (adcli_conn *conn);
+
+const char *        adcli_conn_get_computer_name     (adcli_conn *conn);
+
+void                adcli_conn_set_computer_name     (adcli_conn *conn,
+                                                      const char *value);
+
+const char *        adcli_conn_get_computer_password (adcli_conn *conn);
+
+void                adcli_conn_set_computer_password (adcli_conn *conn,
+                                                      const char *password);
+
+const char *        adcli_conn_get_login_user         (adcli_conn *conn);
+
+void                adcli_conn_set_login_user         (adcli_conn *conn,
+                                                      const char *value);
+
+const char *        adcli_conn_get_user_password     (adcli_conn *conn);
+
+void                adcli_conn_set_user_password     (adcli_conn *conn,
+                                                      const char *value);
+
+adcli_login_type    adcli_conn_get_login_type        (adcli_conn *conn);
+
+adcli_login_type    adcli_conn_get_allowed_login_types  (adcli_conn *conn);
+
+void                adcli_conn_set_allowed_login_types  (adcli_conn *conn,
+                                                         adcli_login_type types);
+
+krb5_ccache         adcli_conn_get_login_ccache      (adcli_conn *conn);
+
+const char *        adcli_conn_get_login_ccache_name (adcli_conn *conn);
+
+void                adcli_conn_set_login_ccache_name (adcli_conn *conn,
+                                                      const char *ccname);
+
+const char *        adcli_conn_get_login_keytab_name (adcli_conn *conn);
+
+void                adcli_conn_set_login_keytab_name (adcli_conn *conn,
+                                                      const char *ktname);
+
+const char *        adcli_conn_get_default_naming_context (adcli_conn *conn);
+
+const char *        adcli_conn_get_krb5_conf_dir     (adcli_conn *conn);
+
+void                adcli_conn_set_krb5_conf_dir     (adcli_conn *conn,
+                                                      const char *value);
+
+int                 adcli_conn_server_has_capability (adcli_conn *conn,
+                                                      const char *capability);
+
+#endif /* ADCONN_H_ */