ruby-jss 0.9.2 → 0.10.0a1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of ruby-jss might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/CHANGES.md +13 -1
- data/README.md +7 -7
- data/bin/cgrouper +6 -6
- data/bin/netseg-update +1 -1
- data/lib/jss.rb +1 -0
- data/lib/jss/api_connection.rb +428 -44
- data/lib/jss/api_object.rb +119 -68
- data/lib/jss/api_object/account.rb +12 -12
- data/lib/jss/api_object/advanced_search.rb +12 -12
- data/lib/jss/api_object/categorizable.rb +4 -4
- data/lib/jss/api_object/category.rb +2 -2
- data/lib/jss/api_object/computer.rb +111 -58
- data/lib/jss/api_object/computer_invitation.rb +2 -2
- data/lib/jss/api_object/creatable.rb +19 -8
- data/lib/jss/api_object/criteriable/criteria.rb +8 -8
- data/lib/jss/api_object/distribution_point.rb +14 -48
- data/lib/jss/api_object/extension_attribute.rb +14 -11
- data/lib/jss/api_object/extension_attribute/computer_extension_attribute.rb +18 -18
- data/lib/jss/api_object/group.rb +7 -7
- data/lib/jss/api_object/ldap_server.rb +51 -60
- data/lib/jss/api_object/locatable.rb +2 -2
- data/lib/jss/api_object/matchable.rb +8 -9
- data/lib/jss/api_object/mobile_device.rb +61 -59
- data/lib/jss/api_object/mobile_device_application.rb +3 -3
- data/lib/jss/api_object/network_segment.rb +24 -19
- data/lib/jss/api_object/package.rb +6 -6
- data/lib/jss/api_object/peripheral.rb +5 -5
- data/lib/jss/api_object/policy.rb +5 -5
- data/lib/jss/api_object/restricted_software.rb +4 -4
- data/lib/jss/api_object/scopable/scope.rb +3 -3
- data/lib/jss/api_object/script.rb +1 -1
- data/lib/jss/api_object/self_servable.rb +3 -3
- data/lib/jss/api_object/self_servable/icon.rb +7 -2
- data/lib/jss/api_object/updatable.rb +2 -2
- data/lib/jss/api_object/uploadable.rb +1 -1
- data/lib/jss/api_object/user.rb +2 -2
- data/lib/jss/composer.rb +37 -10
- data/lib/jss/ruby_extensions/string.rb +51 -42
- data/lib/jss/server.rb +27 -6
- data/lib/jss/utility.rb +44 -0
- data/lib/jss/validate.rb +85 -0
- data/lib/jss/version.rb +1 -1
- metadata +5 -4
@@ -1,26 +1,26 @@
|
|
1
1
|
### Copyright 2017 Pixar
|
2
2
|
|
3
|
-
###
|
3
|
+
###
|
4
4
|
### Licensed under the Apache License, Version 2.0 (the "Apache License")
|
5
5
|
### with the following modification; you may not use this file except in
|
6
6
|
### compliance with the Apache License and the following modification to it:
|
7
7
|
### Section 6. Trademarks. is deleted and replaced with:
|
8
|
-
###
|
8
|
+
###
|
9
9
|
### 6. Trademarks. This License does not grant permission to use the trade
|
10
10
|
### names, trademarks, service marks, or product names of the Licensor
|
11
11
|
### and its affiliates, except as required to comply with Section 4(c) of
|
12
12
|
### the License and to reproduce the content of the NOTICE file.
|
13
|
-
###
|
13
|
+
###
|
14
14
|
### You may obtain a copy of the Apache License at
|
15
|
-
###
|
15
|
+
###
|
16
16
|
### http://www.apache.org/licenses/LICENSE-2.0
|
17
|
-
###
|
17
|
+
###
|
18
18
|
### Unless required by applicable law or agreed to in writing, software
|
19
19
|
### distributed under the Apache License with the above modification is
|
20
20
|
### distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
21
21
|
### KIND, either express or implied. See the Apache License for the specific
|
22
22
|
### language governing permissions and limitations under the Apache License.
|
23
|
-
###
|
23
|
+
###
|
24
24
|
###
|
25
25
|
|
26
26
|
###
|
@@ -94,7 +94,7 @@ module JSS
|
|
94
94
|
### @return [void]
|
95
95
|
###
|
96
96
|
def criteria= (new_criteria)
|
97
|
-
unless new_criteria.kind_of? Array
|
97
|
+
unless new_criteria.kind_of? Array && new_criteria.reject{|c| c.is_a? JSS::Criteriable::Criterion }.empty?
|
98
98
|
raise JSS::InvalidDataError, "Argument must be an Array of JSS::Criteriable::Criterion instances."
|
99
99
|
end
|
100
100
|
new_criteria.each{ |nc| criterion_ok? nc }
|
@@ -140,7 +140,7 @@ module JSS
|
|
140
140
|
###
|
141
141
|
### @return [void]
|
142
142
|
###
|
143
|
-
def insert_criterion(priority,criterion)
|
143
|
+
def insert_criterion(priority, criterion)
|
144
144
|
criterion_ok? criterion
|
145
145
|
@criteria.insert criterion[:priority], criterion
|
146
146
|
set_priorities
|
@@ -26,22 +26,11 @@
|
|
26
26
|
###
|
27
27
|
module JSS
|
28
28
|
|
29
|
-
#####################################
|
30
|
-
### Module Variables
|
31
|
-
#####################################
|
32
|
-
|
33
|
-
### the master dist. point, see JSS.master_distribution_point
|
34
|
-
@@master_distribution_point = nil
|
35
|
-
|
36
|
-
### the dist point for this machine right now
|
37
|
-
@@my_distribution_point =nil
|
38
|
-
|
39
29
|
#####################################
|
40
30
|
### Module Methods
|
41
31
|
#####################################
|
42
32
|
|
43
33
|
|
44
|
-
|
45
34
|
###
|
46
35
|
### A Distribution Point in the JSS
|
47
36
|
###
|
@@ -96,15 +85,6 @@ module JSS
|
|
96
85
|
|
97
86
|
DEFAULT_MOUNTPOINT_PREFIX = "CasperDistribution-id"
|
98
87
|
|
99
|
-
#####################################
|
100
|
-
### Class Variables
|
101
|
-
#####################################
|
102
|
-
|
103
|
-
@@master_distribution_point = nil
|
104
|
-
|
105
|
-
@@my_distribution_point = nil
|
106
|
-
|
107
|
-
#####################################
|
108
88
|
### Class Methods
|
109
89
|
#####################################
|
110
90
|
|
@@ -112,21 +92,14 @@ module JSS
|
|
112
92
|
### distribution point in the JSS. If there's only one
|
113
93
|
### in the JSS, return it even if not marked as master.
|
114
94
|
###
|
95
|
+
### @param refresh[Boolean] should the distribution point be re-queried?
|
96
|
+
###
|
97
|
+
### @param api[JSS::APIConnection] which API connection should we query?
|
98
|
+
###
|
115
99
|
### @return [JSS::DistributionPoint]
|
116
100
|
###
|
117
|
-
def self.master_distribution_point(refresh = false)
|
118
|
-
|
119
|
-
return @@master_distribution_point if @@master_distribution_point
|
120
|
-
|
121
|
-
case self.all.count
|
122
|
-
when 0
|
123
|
-
raise JSS::NoSuchItemError, "No distribution points defined"
|
124
|
-
when 1
|
125
|
-
@@master_distribution_point = self.new :id => self.all_ids[0]
|
126
|
-
else
|
127
|
-
@@master_distribution_point = self.new :id => :master
|
128
|
-
end
|
129
|
-
@@master_distribution_point
|
101
|
+
def self.master_distribution_point(refresh = false, api: JSS.api)
|
102
|
+
api.master_distribution_point refresh
|
130
103
|
end
|
131
104
|
|
132
105
|
### Get the DistributionPoint instance for the machine running
|
@@ -135,20 +108,12 @@ module JSS
|
|
135
108
|
###
|
136
109
|
### @param refresh[Boolean] should the distribution point be re-queried?
|
137
110
|
###
|
111
|
+
### @param api[JSS::APIConnection] which API connection should we query?
|
112
|
+
###
|
138
113
|
### @return [JSS::DistributionPoint]
|
139
114
|
###
|
140
|
-
def self.my_distribution_point(refresh = false)
|
141
|
-
|
142
|
-
return @@my_distribution_point if @@my_distribution_point
|
143
|
-
|
144
|
-
my_net_seg = JSS::NetworkSegment.my_network_segment[0]
|
145
|
-
specific = if my_net_seg
|
146
|
-
JSS::NetworkSegment.new(:id => my_net_seg).distribution_point
|
147
|
-
else
|
148
|
-
nil
|
149
|
-
end
|
150
|
-
@@my_distribution_point = specific ? self.new(:name => specific) : self.master_distribution_point
|
151
|
-
@@my_distribution_point
|
115
|
+
def self.my_distribution_point(refresh = false, api: JSS.api)
|
116
|
+
api.my_distribution_point refresh
|
152
117
|
end
|
153
118
|
|
154
119
|
#####################################
|
@@ -242,7 +207,6 @@ module JSS
|
|
242
207
|
### @return [String] the ssh password as a SHA256 digest
|
243
208
|
attr_reader :ssh_password_sha256
|
244
209
|
|
245
|
-
###
|
246
210
|
### As well as the standard :id, :name, and :data, you can
|
247
211
|
### instantiate this class with :id => :master, in which case you'll
|
248
212
|
### get the Master Distribution Point as defined in the JSS.
|
@@ -251,14 +215,16 @@ module JSS
|
|
251
215
|
### You can also do this more easily by calling JSS.master_distribution_point
|
252
216
|
###
|
253
217
|
def initialize(args = {})
|
218
|
+
args[:api] ||= JSS.api
|
219
|
+
@api = args[:api]
|
254
220
|
|
255
221
|
@init_data = nil
|
256
222
|
|
257
223
|
### looking for master?
|
258
224
|
if args[:id] == :master
|
259
225
|
|
260
|
-
self.class.all_ids.each do |id|
|
261
|
-
@init_data =
|
226
|
+
self.class.all_ids(api: @api).each do |id|
|
227
|
+
@init_data = @api.get_rsrc("#{RSRC_BASE}/id/#{id}")[RSRC_OBJECT_KEY]
|
262
228
|
if @init_data[:is_master]
|
263
229
|
@id = @init_data[:id]
|
264
230
|
@name = @init_data[:name]
|
@@ -201,15 +201,15 @@ module JSS
|
|
201
201
|
### @see JSS::APIObject#delete
|
202
202
|
###
|
203
203
|
def delete
|
204
|
-
orig_open_timeout =
|
205
|
-
orig_timeout =
|
206
|
-
|
207
|
-
|
204
|
+
orig_open_timeout = @api.cnx.options[:open_timeout]
|
205
|
+
orig_timeout = @api.cnx.options[:timeout]
|
206
|
+
@api.timeout = orig_timeout + 1800
|
207
|
+
@api.open_timeout = orig_open_timeout + 1800
|
208
208
|
begin
|
209
209
|
super
|
210
210
|
ensure
|
211
|
-
|
212
|
-
|
211
|
+
@api.timeout = orig_timeout
|
212
|
+
@api.open_timeout = orig_open_timeout
|
213
213
|
end
|
214
214
|
end
|
215
215
|
|
@@ -333,7 +333,7 @@ module JSS
|
|
333
333
|
begin
|
334
334
|
|
335
335
|
search_class = self.class::TARGET_CLASS::SEARCH_CLASS
|
336
|
-
acs = search_class.new :id => :new, :name => "
|
336
|
+
acs = search_class.new api: @api, :id => :new, :name => "ruby-jss-EA-result-search-#{Time.now.to_jss_epoch}"
|
337
337
|
acs.display_fields = [@name]
|
338
338
|
crit_list = [JSS::Criteriable::Criterion.new(:and_or => "and", :name => @name, :search_type => search_type.to_s, :value => desired_value)]
|
339
339
|
acs.criteria = JSS::Criteriable::Criteria.new crit_list
|
@@ -387,11 +387,11 @@ module JSS
|
|
387
387
|
###
|
388
388
|
def latest_values
|
389
389
|
raise JSS::NoSuchItemError, "EA Not In JSS! Use #create to create this #{self.class::RSRC_OBJECT_KEY}." unless @in_jss
|
390
|
-
tmp_advsrch = "
|
390
|
+
tmp_advsrch = "ruby-jss-EA-latest-search-#{Time.now.to_jss_epoch}"
|
391
391
|
|
392
392
|
begin
|
393
393
|
search_class = self.class::TARGET_CLASS::SEARCH_CLASS
|
394
|
-
acs = search_class.new :
|
394
|
+
acs = search_class.new id: :new, name: tmp_advsrch, api: @api
|
395
395
|
acs.display_fields = self.class::TARGET_CLASS == JSS::User ? [@name, USERNAME_FIELD] : [@name, USERNAME_FIELD, LAST_RECON_FIELD]
|
396
396
|
|
397
397
|
# search for 'Username like "" ' because all searchable object classes have a "Username" value
|
@@ -415,8 +415,11 @@ module JSS
|
|
415
415
|
end #acs.search_results.each
|
416
416
|
|
417
417
|
ensure
|
418
|
-
acs
|
419
|
-
|
418
|
+
if defined? acs
|
419
|
+
acs.delete
|
420
|
+
else
|
421
|
+
search_class.fetch(:name => tmp_advsrch, api: @api).delete if search_class.all_names(:refresh, api: @api).include? tmp_advsrch
|
422
|
+
end
|
420
423
|
end
|
421
424
|
|
422
425
|
results
|
@@ -1,26 +1,26 @@
|
|
1
1
|
### Copyright 2017 Pixar
|
2
2
|
|
3
|
-
###
|
3
|
+
###
|
4
4
|
### Licensed under the Apache License, Version 2.0 (the "Apache License")
|
5
5
|
### with the following modification; you may not use this file except in
|
6
6
|
### compliance with the Apache License and the following modification to it:
|
7
7
|
### Section 6. Trademarks. is deleted and replaced with:
|
8
|
-
###
|
8
|
+
###
|
9
9
|
### 6. Trademarks. This License does not grant permission to use the trade
|
10
10
|
### names, trademarks, service marks, or product names of the Licensor
|
11
11
|
### and its affiliates, except as required to comply with Section 4(c) of
|
12
12
|
### the License and to reproduce the content of the NOTICE file.
|
13
|
-
###
|
13
|
+
###
|
14
14
|
### You may obtain a copy of the Apache License at
|
15
|
-
###
|
15
|
+
###
|
16
16
|
### http://www.apache.org/licenses/LICENSE-2.0
|
17
|
-
###
|
17
|
+
###
|
18
18
|
### Unless required by applicable law or agreed to in writing, software
|
19
19
|
### distributed under the Apache License with the above modification is
|
20
20
|
### distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
21
21
|
### KIND, either express or implied. See the Apache License for the specific
|
22
22
|
### language governing permissions and limitations under the Apache License.
|
23
|
-
###
|
23
|
+
###
|
24
24
|
###
|
25
25
|
|
26
26
|
###
|
@@ -81,10 +81,10 @@ module JSS
|
|
81
81
|
|
82
82
|
### these ext attribs are related to these kinds of objects
|
83
83
|
TARGET_CLASS = JSS::Computer
|
84
|
-
|
84
|
+
|
85
85
|
### A criterion that will return all members of the TARGET_CLASS
|
86
86
|
ALL_TARGETS_CRITERION = JSS::Criteriable::Criterion.new(:and_or => "and", :name => "Username", :search_type => "like", :value => '')
|
87
|
-
|
87
|
+
|
88
88
|
### When the intput type is script, what platforms can they run on?
|
89
89
|
PLATFORMS = ["Mac","Windows"]
|
90
90
|
|
@@ -111,12 +111,12 @@ module JSS
|
|
111
111
|
### scripts defined when the type is "script",
|
112
112
|
### however the API will only return the Mac script info if both are defined.
|
113
113
|
###
|
114
|
-
### @return [String]
|
114
|
+
### @return [String]
|
115
115
|
attr_reader :platform
|
116
116
|
|
117
117
|
### @return [String] the script code that will be executed when the @input_type is "script",
|
118
118
|
attr_reader :script
|
119
|
-
|
119
|
+
|
120
120
|
|
121
121
|
### The scripting language of the @script when @input_type is "script",
|
122
122
|
### and the @platform is "Windows"
|
@@ -246,7 +246,7 @@ module JSS
|
|
246
246
|
@script = new_val
|
247
247
|
@need_to_update = true
|
248
248
|
end #
|
249
|
-
|
249
|
+
|
250
250
|
|
251
251
|
###
|
252
252
|
### Change the scripting_language of this EA.
|
@@ -288,12 +288,12 @@ module JSS
|
|
288
288
|
raise JSS::InvalidConnectionError, "Database connection required for 'history' query." unless JSS::DB_CNX.connected?
|
289
289
|
|
290
290
|
computer_id = case computer
|
291
|
-
when *JSS::Computer.all_ids
|
291
|
+
when *JSS::Computer.all_ids(api: @api)
|
292
292
|
computer
|
293
|
-
when *JSS::Computer.all_names
|
294
|
-
JSS::Computer.map_all_ids_to(:name).invert[computer]
|
293
|
+
when *JSS::Computer.all_names(api: @api)
|
294
|
+
JSS::Computer.map_all_ids_to(:name, api: @api).invert[computer]
|
295
295
|
else nil
|
296
|
-
|
296
|
+
end # case
|
297
297
|
|
298
298
|
raise JSS::NoSuchItemError, "No computer found matching '#{computer}'" unless computer_id
|
299
299
|
|
@@ -323,12 +323,12 @@ module JSS
|
|
323
323
|
|
324
324
|
history
|
325
325
|
end # history
|
326
|
-
|
327
|
-
|
326
|
+
|
327
|
+
|
328
328
|
### Aliases here, since YARD seems to have issues with them above
|
329
329
|
alias code script
|
330
330
|
alias code= script=
|
331
|
-
|
331
|
+
|
332
332
|
######################
|
333
333
|
### Private Instance Methods
|
334
334
|
#####################
|
data/lib/jss/api_object/group.rb
CHANGED
@@ -88,16 +88,16 @@ module JSS
|
|
88
88
|
### Returns an Array of all the smart
|
89
89
|
### groups.
|
90
90
|
###
|
91
|
-
def self.all_smart(refresh = false)
|
92
|
-
|
91
|
+
def self.all_smart(refresh = false, api: JSS.api)
|
92
|
+
all(refresh, api: api).select{|g| g[:is_smart] }
|
93
93
|
end
|
94
94
|
|
95
95
|
###
|
96
96
|
### Returns an Array of all the static
|
97
97
|
### groups.
|
98
98
|
###
|
99
|
-
def self.all_static(refresh = false)
|
100
|
-
|
99
|
+
def self.all_static(refresh = false, api: JSS.api)
|
100
|
+
all(refresh, api: api).select{|g| not g[:is_smart] }
|
101
101
|
end
|
102
102
|
|
103
103
|
#####################################
|
@@ -304,7 +304,7 @@ module JSS
|
|
304
304
|
### @return [Array<Hash>] the refresh membership
|
305
305
|
###
|
306
306
|
def refresh_members
|
307
|
-
@members =
|
307
|
+
@members = @api.get_rsrc(@rest_rsrc)[self.class::RSRC_OBJECT_KEY][self.class::MEMBER_CLASS::RSRC_LIST_KEY]
|
308
308
|
end
|
309
309
|
|
310
310
|
###
|
@@ -315,7 +315,7 @@ module JSS
|
|
315
315
|
### @return [void]
|
316
316
|
###
|
317
317
|
def site= (new_val)
|
318
|
-
raise JSS::NoSuchItemError, "No site named #{new_val} in the JSS" unless JSS::Site.all_names.include? new_val
|
318
|
+
raise JSS::NoSuchItemError, "No site named #{new_val} in the JSS" unless JSS::Site.all_names(api: @api).include? new_val
|
319
319
|
@site = new_val
|
320
320
|
@need_to_update = true
|
321
321
|
end
|
@@ -341,7 +341,7 @@ module JSS
|
|
341
341
|
### @return [Hash{:id=>Integer,:name=>String}] the valid id and name
|
342
342
|
###
|
343
343
|
def check_member(m)
|
344
|
-
potential_members = self.class::MEMBER_CLASS.map_all_ids_to(:name)
|
344
|
+
potential_members = self.class::MEMBER_CLASS.map_all_ids_to(:name, api: @api)
|
345
345
|
if m.to_s =~ /^\d+$/
|
346
346
|
return {:id=>m.to_i, :name=> potential_members[m]} if potential_members.keys.include? m.to_i
|
347
347
|
else
|
@@ -1,26 +1,26 @@
|
|
1
1
|
### Copyright 2017 Pixar
|
2
2
|
|
3
|
-
###
|
3
|
+
###
|
4
4
|
### Licensed under the Apache License, Version 2.0 (the "Apache License")
|
5
5
|
### with the following modification; you may not use this file except in
|
6
6
|
### compliance with the Apache License and the following modification to it:
|
7
7
|
### Section 6. Trademarks. is deleted and replaced with:
|
8
|
-
###
|
8
|
+
###
|
9
9
|
### 6. Trademarks. This License does not grant permission to use the trade
|
10
10
|
### names, trademarks, service marks, or product names of the Licensor
|
11
11
|
### and its affiliates, except as required to comply with Section 4(c) of
|
12
12
|
### the License and to reproduce the content of the NOTICE file.
|
13
|
-
###
|
13
|
+
###
|
14
14
|
### You may obtain a copy of the Apache License at
|
15
|
-
###
|
15
|
+
###
|
16
16
|
### http://www.apache.org/licenses/LICENSE-2.0
|
17
|
-
###
|
17
|
+
###
|
18
18
|
### Unless required by applicable law or agreed to in writing, software
|
19
19
|
### distributed under the Apache License with the above modification is
|
20
20
|
### distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
21
21
|
### KIND, either express or implied. See the Apache License for the specific
|
22
22
|
### language governing permissions and limitations under the Apache License.
|
23
|
-
###
|
23
|
+
###
|
24
24
|
###
|
25
25
|
|
26
26
|
###
|
@@ -49,21 +49,21 @@ module JSS
|
|
49
49
|
### LDAP servers, and checking group membership.
|
50
50
|
###
|
51
51
|
### When an LDAPServer instance is created, if it
|
52
|
-
### uses anonymous binding for lookups (the Authentication Type is set to 'none') then
|
52
|
+
### uses anonymous binding for lookups (the Authentication Type is set to 'none') then
|
53
53
|
### the LDAP connection is established immediately. Otherwise, you must use the {#connect}
|
54
54
|
### method, and provide the appropriate password for the lookup account defined.
|
55
55
|
###
|
56
|
-
### Since LDAP server connections are used to verify the validity of LDAP users & groups used in
|
56
|
+
### Since LDAP server connections are used to verify the validity of LDAP users & groups used in
|
57
57
|
### scopes, if you don't connect to all LDAP servers before modifying any scope's user & group
|
58
58
|
### limitations or exceptions, those new values may not be verifiable. Unverified limitations and
|
59
|
-
### exceptions, when sent to the API, will result in a REST 409 Conflict error if the user or
|
59
|
+
### exceptions, when sent to the API, will result in a REST 409 Conflict error if the user or
|
60
60
|
### group doesn't exist. Unfortunately, 409 Conflict errors are very generic and don't indicate the
|
61
|
-
### source of the problem (in this case, a non-existent user or group limitation or exception to the
|
61
|
+
### source of the problem (in this case, a non-existent user or group limitation or exception to the
|
62
62
|
### scope). The {JSS::Scopable} module tries to catch these errors and raise a more useful
|
63
63
|
### exception when they happen.
|
64
64
|
###
|
65
65
|
### The class method {LDAPServer.all_ldaps} returns a Hash of JSS::LDAPServer instances.
|
66
|
-
### one for each server defined in the JSS.
|
66
|
+
### one for each server defined in the JSS.
|
67
67
|
###
|
68
68
|
### The class methods {LDAPServer.user_in_ldap?} and {LDAPServer.group_in_ldap?} can be
|
69
69
|
### used to check all defined LDAP servers for a user or group. They are used by
|
@@ -76,44 +76,33 @@ module JSS
|
|
76
76
|
###
|
77
77
|
class LDAPServer < JSS::APIObject
|
78
78
|
|
79
|
-
#####################################
|
80
|
-
### Mix-Ins
|
81
|
-
#####################################
|
82
79
|
|
83
|
-
#####################################
|
84
|
-
### Class Variables
|
85
|
-
#####################################
|
86
|
-
|
87
|
-
@@all_ldaps = nil
|
88
|
-
|
89
|
-
#####################################
|
90
80
|
### Class Methods
|
91
81
|
#####################################
|
92
|
-
|
82
|
+
|
83
|
+
### DEPRECATED: Please Use ::all_objects
|
93
84
|
###
|
94
85
|
### @param refresh[Boolean] should the LDAP server data be re-read from the API?
|
95
86
|
###
|
96
87
|
### @return [Hash{String => JSS::LDAPServer}] JSS::LDAPServer instances for all defined servers
|
97
88
|
###
|
98
|
-
def self.all_ldaps(refresh = false)
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
@@all_ldaps = {}
|
103
|
-
JSS::LDAPServer.all.each { |svr| @@all_ldaps[svr[:name]] = JSS::LDAPServer.new(:id =>svr[:id])}
|
104
|
-
|
105
|
-
@@all_ldaps
|
89
|
+
def self.all_ldaps(refresh = false, api: JSS.api)
|
90
|
+
hash = {}
|
91
|
+
all_objects(refresh, api: api) { |ls| hash[ls.name] = s }
|
92
|
+
hash
|
106
93
|
end
|
107
|
-
|
94
|
+
|
108
95
|
###
|
109
96
|
### @param user[String] a username to search for in all LDAP servers
|
110
97
|
###
|
111
98
|
### @return [Boolean] does the user exist in any LDAP server?
|
112
99
|
###
|
113
|
-
def self.user_in_ldap?
|
114
|
-
|
115
|
-
|
116
|
-
|
100
|
+
def self.user_in_ldap?(user, api: JSS.api)
|
101
|
+
all_objects(refresh, api: api).each do |ldap|
|
102
|
+
next if ldap.find_user(user, :exact).empty?
|
103
|
+
return true
|
104
|
+
end
|
105
|
+
false
|
117
106
|
end
|
118
107
|
|
119
108
|
###
|
@@ -121,10 +110,12 @@ module JSS
|
|
121
110
|
###
|
122
111
|
### @return [Boolean] does the group exist in any LDAP server?
|
123
112
|
###
|
124
|
-
def self.group_in_ldap? (group)
|
125
|
-
|
126
|
-
|
127
|
-
|
113
|
+
def self.group_in_ldap? (group, api: JSS.api)
|
114
|
+
all_objects(refresh, api: api).each do |ldap|
|
115
|
+
next if ldap.find_group(group, :exact).empty?
|
116
|
+
return true
|
117
|
+
end
|
118
|
+
false
|
128
119
|
end
|
129
120
|
|
130
121
|
|
@@ -258,10 +249,10 @@ module JSS
|
|
258
249
|
### - :map_user_membership_to_group_field =>
|
259
250
|
###
|
260
251
|
attr_reader :user_group_membership_mappings
|
261
|
-
|
252
|
+
|
262
253
|
### @return [Boolean] we we connected to this server at the moment?
|
263
254
|
attr_reader :connected
|
264
|
-
|
255
|
+
|
265
256
|
#####################################
|
266
257
|
### Constructor
|
267
258
|
#####################################
|
@@ -313,7 +304,7 @@ module JSS
|
|
313
304
|
|
314
305
|
@connection = nil
|
315
306
|
@connected = false
|
316
|
-
|
307
|
+
|
317
308
|
# If we are using anonymous binding, connect now
|
318
309
|
connect if @authentication_type == :anonymous
|
319
310
|
end
|
@@ -333,9 +324,9 @@ module JSS
|
|
333
324
|
### @return [Array<Hash>] The @user_attrs_to_get for all usernames matching the query
|
334
325
|
###
|
335
326
|
def find_user(user, exact = false, additional_filter = nil)
|
336
|
-
|
327
|
+
|
337
328
|
raise JSS::InvalidConnectionError, "Not connected to LDAP server '#{@name}'. Please use #connect first." unless @connected
|
338
|
-
|
329
|
+
|
339
330
|
if @use_wildcards and not exact
|
340
331
|
user_filter = Net::LDAP::Filter.contains(@user_mappings[:map_username], user)
|
341
332
|
else
|
@@ -391,9 +382,9 @@ module JSS
|
|
391
382
|
### @return [Array<Hash>] The @user_group_attrs_to_get for all groups matching the query
|
392
383
|
###
|
393
384
|
def find_group(group, exact = false, additional_filter = nil)
|
394
|
-
|
385
|
+
|
395
386
|
raise JSS::InvalidConnectionError, "Not connected to LDAP server '#{@name}'. Please use #connect first." unless @connected
|
396
|
-
|
387
|
+
|
397
388
|
if @use_wildcards and not exact
|
398
389
|
group_filter = Net::LDAP::Filter.contains(@user_group_mappings[:map_group_name], group)
|
399
390
|
else
|
@@ -448,9 +439,9 @@ module JSS
|
|
448
439
|
### @todo Implement checking groups membership in 'other' ldap area
|
449
440
|
###
|
450
441
|
def check_membership(user, group)
|
451
|
-
|
442
|
+
|
452
443
|
raise JSS::InvalidConnectionError, "Not connected to LDAP server '#{@name}'. Please use #connect first." unless @connected
|
453
|
-
|
444
|
+
|
454
445
|
found_user = find_user(user, :exact)[0]
|
455
446
|
found_group = find_group(group, :exact)[0]
|
456
447
|
|
@@ -492,15 +483,15 @@ module JSS
|
|
492
483
|
### @param pw[String,Symbol] the LDAP connection password for this server. Can be nil if
|
493
484
|
### authentication type is 'none'.
|
494
485
|
### If :prompt, the user is promted on the commandline to enter the password for the :user.
|
495
|
-
### If :stdin#, the password is read from a line of std in represented by the digit at #,
|
496
|
-
### so :stdin3 reads the passwd from the third line of standard input. defaults to line 2,
|
486
|
+
### If :stdin#, the password is read from a line of std in represented by the digit at #,
|
487
|
+
### so :stdin3 reads the passwd from the third line of standard input. defaults to line 2,
|
497
488
|
### if no digit is supplied. see {JSS.stdin}
|
498
489
|
###
|
499
490
|
###
|
500
491
|
### @return [Boolean] did we connect to the LDAP server with the defined credentials
|
501
492
|
###
|
502
493
|
def connect(pw = nil)
|
503
|
-
|
494
|
+
|
504
495
|
unless @authentication_type == :anonymous
|
505
496
|
# how do we get the password?
|
506
497
|
password = if pw == :prompt
|
@@ -513,24 +504,24 @@ module JSS
|
|
513
504
|
else
|
514
505
|
pw
|
515
506
|
end
|
516
|
-
|
517
|
-
|
507
|
+
|
508
|
+
|
518
509
|
raise JSS::InvalidDataError, "Incorrect password for LDAP connection account '#{@lookup_dn}'" unless @lookup_pw_sha256 == Digest::SHA2.new(256).update(password.to_s).to_s
|
519
|
-
end # unless
|
510
|
+
end # unless
|
520
511
|
|
521
512
|
@connection = Net::LDAP.new :host => @hostname, :port => @port, :auth => {:method => @authentication_type, :username => @lookup_dn, :password => password }
|
522
|
-
|
513
|
+
|
523
514
|
@connected = true
|
524
515
|
end # connect
|
525
|
-
|
526
|
-
|
527
|
-
|
516
|
+
|
517
|
+
|
518
|
+
|
528
519
|
###
|
529
520
|
### Aliases
|
530
521
|
###
|
531
|
-
|
522
|
+
|
532
523
|
alias connected? connected
|
533
|
-
|
524
|
+
|
534
525
|
end # class ldap server
|
535
526
|
|
536
527
|
end # module
|