[asl-commit] ActiveSambaLdap (trunk) r81:
null at cozmixng.org
null at cozmixng.org
Fri Aug 3 22:52:10 EDT 2007
retro 2007-08-04 11:52:08 +0900 (Sat, 04 Aug 2007)
New Revision: 81
Added files:
trunk/lib/active_samba_ldap/samba_entry.rb
Copied files:
trunk/lib/active_samba_ldap/group_entry.rb
(from rev 79, trunk/lib/active_samba_ldap/group.rb)
trunk/lib/active_samba_ldap/samba_group_entry.rb
(from rev 79, trunk/lib/active_samba_ldap/samba_group.rb)
Removed files:
trunk/lib/active_samba_ldap/group.rb
trunk/lib/active_samba_ldap/samba_computer.rb
trunk/lib/active_samba_ldap/samba_group.rb
trunk/lib/active_samba_ldap/samba_user.rb
Modified files:
trunk/bin/asl-groupadd
trunk/bin/asl-groupdel
trunk/bin/asl-groupmod
trunk/bin/asl-groupshow
trunk/bin/asl-passwd
trunk/bin/asl-populate
trunk/bin/asl-useradd
trunk/bin/asl-userdel
trunk/bin/asl-usermod
trunk/bin/asl-usershow
trunk/lib/active_samba_ldap/account.rb
trunk/lib/active_samba_ldap/base.rb
trunk/lib/active_samba_ldap/computer.rb
trunk/lib/active_samba_ldap/configuration.rb
trunk/lib/active_samba_ldap/populate.rb
trunk/lib/active_samba_ldap/samba_account.rb
trunk/lib/active_samba_ldap/user.rb
trunk/test/asl-test-utils.rb
Log:
Modified: trunk/lib/active_samba_ldap/user.rb (+29 -0)
===================================================================
--- trunk/lib/active_samba_ldap/user.rb 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/lib/active_samba_ldap/user.rb 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -1,14 +1,43 @@
+require 'active_samba_ldap/base'
require 'active_samba_ldap/entry'
+require 'active_samba_ldap/samba_entry'
require 'active_samba_ldap/account'
require 'active_samba_ldap/user_account'
+require 'active_samba_ldap/samba_account'
module ActiveSambaLdap
class User < Base
include Reloadable
include Entry
+ include SambaEntry
include Account
include UserAccount
+ include SambaAccount
+
+ def fill_default_values(options={})
+ result = super
+ return result unless samba_available?
+
+ subst = Proc.new do |key|
+ value = options[key]
+ if value
+ substitute_template(value)
+ else
+ substituted_value(key)
+ end
+ end
+
+ self.samba_home_path ||= subst[:user_home_unc]
+ self.samba_home_drive ||= subst[:user_home_drive].sub(/([^:])$/, "\\1:")
+ self.samba_profile_path ||= subst[:user_profile]
+ self.samba_logon_script ||= subst[:user_logon_script]
+ end
+
+ private
+ def default_account_flags
+ "[UH]"
+ end
end
end
Copied: trunk/lib/active_samba_ldap/samba_group_entry.rb (+146 -0)
===================================================================
--- trunk/lib/active_samba_ldap/samba_group.rb 2007-03-09 10:34:17 +09:00 (rev 79)
+++ trunk/lib/active_samba_ldap/samba_group_entry.rb 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -0,0 +1,146 @@
+require 'active_samba_ldap/samba_entry'
+
+module ActiveSambaLdap
+ module SambaGroupEntry
+ include SambaEntry
+
+ def self.included(base)
+ super
+ base.extend(ClassMethods)
+ end
+
+ # from librpc/ndr/security.h in Samba
+ SID_BUILTIN = "S-1-5-32"
+
+ # from source/include/rpc_misc.c in Samba
+ DOMAIN_ADMINS_RID = 0x00000200
+ DOMAIN_USERS_RID = 0x00000201
+ DOMAIN_GUESTS_RID = 0x00000202
+ DOMAIN_COMPUTERS_RID = 0x00000203
+
+ LOCAL_ADMINS_RID = 0x00000220
+ LOCAL_USERS_RID = 0x00000221
+ LOCAL_GUESTS_RID = 0x00000222
+ LOCAL_POWER_USERS_RID = 0x00000223
+
+ LOCAL_ACCOUNT_OPERATORS_RID = 0x00000224
+ LOCAL_SYSTEM_OPERATORS_RID = 0x00000225
+ LOCAL_PRINT_OPERATORS_RID = 0x00000226
+ LOCAL_BACKUP_OPERATORS_RID = 0x00000227
+
+ LOCAL_REPLICATORS_RID = 0x00000228
+
+
+ # from source/rpc_server/srv_util.c in Samba
+ DOMAIN_ADMINS_NAME = "Domain Administrators"
+ DOMAIN_USERS_NAME = "Domain Users"
+ DOMAIN_GUESTS_NAME = "Domain Guests"
+ DOMAIN_COMPUTERS_NAME = "Domain Computers"
+
+
+ WELL_KNOWN_RIDS = []
+ WELL_KNOWN_NAMES = []
+ constants.each do |name|
+ case name
+ when /_RID$/
+ WELL_KNOWN_RIDS << const_get(name)
+ when /_NAME$/
+ WELL_KNOWN_NAMES << const_get(name)
+ end
+ end
+
+
+ # from source/librpc/idl/lsa.idl in Samba
+ TYPES = {
+ "domain" => 2,
+ "local" => 4,
+ "builtin" => 5,
+ }
+
+ module ClassMethods
+ def gid2rid(gid)
+ gid = Integer(gid)
+ if WELL_KNOWN_RIDS.include?(gid)
+ gid
+ else
+ 2 * gid + 1001
+ end
+ end
+
+ def rid2gid(rid)
+ rid = Integer(rid)
+ if WELL_KNOWN_RIDS.include?(rid)
+ rid
+ else
+ (rid - 1001) / 2
+ end
+ end
+
+ def start_rid
+ gid2rid(start_gid)
+ end
+
+ private
+ def default_recommended_classes
+ super + ["sambaGroupMapping"]
+ end
+ end
+
+ def samba_available?
+ classes.include?("sambaGroupMapping")
+ end
+
+ def ensure_samba_available
+ ensure_recommended_classes
+ end
+
+ def fill_default_values(options={})
+ if samba_available?
+ change_type(options[:group_type] || "domain") unless samba_group_type
+ self.display_name ||= options[:display_name] || cn
+ end
+ super
+ end
+
+ def change_gid_number(gid, allow_non_unique=false)
+ result = super
+ return result unless samba_available?
+ rid = self.class.gid2rid(gid_number.to_s)
+ change_sid(rid, allow_non_unique)
+ end
+
+ def change_gid_number_by_rid(rid, allow_non_unique=false)
+ assert_samba_available
+ change_gid_number(self.class.rid2gid(rid), allow_non_unique)
+ end
+
+ def change_sid(rid, allow_non_unique=false)
+ assert_samba_available
+ if (LOCAL_ADMINS_RID..LOCAL_REPLICATORS_RID).include?(rid.to_i)
+ sid = "#{SID_BUILTIN}-#{rid}"
+ else
+ sid = "#{self.class.configuration[:sid]}-#{rid}"
+ end
+ # check_unique_sid_number(sid) unless allow_non_unique
+ self.samba_sid = sid
+ end
+
+ def rid
+ assert_samba_available
+ Integer(samba_sid.split(/-/).last)
+ end
+
+ def change_type(type)
+ assert_samba_available
+ normalized_type = type.to_s.downcase
+ if TYPES.has_key?(normalized_type)
+ type = TYPES[normalized_type]
+ elsif TYPES.values.include?(type.to_i)
+ # pass
+ else
+ raise ArgumentError, "invalid type: #{type}"
+ end
+ self.samba_group_type = type.to_s
+ end
+ end
+end
Added: trunk/lib/active_samba_ldap/samba_entry.rb (+10 -0)
===================================================================
--- trunk/lib/active_samba_ldap/samba_entry.rb 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/lib/active_samba_ldap/samba_entry.rb 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -0,0 +1,10 @@
+module ActiveSambaLdap
+ module SambaEntry
+ private
+ def assert_samba_available
+ unless samba_available?
+ raise NotSambaAavialableError.new(self)
+ end
+ end
+ end
+end
Modified: trunk/bin/asl-populate (+10 -10)
===================================================================
--- trunk/bin/asl-populate 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/bin/asl-populate 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -11,16 +11,16 @@
default = ActiveSambaLdap::Configuration::ClassMethods::Private.new({})
options.start_uid = Integer(default.start_uid)
options.start_gid = Integer(default.start_gid)
- options.administrator = ActiveSambaLdap::SambaUser::DOMAIN_ADMIN_NAME
- admin_rid = ActiveSambaLdap::SambaUser::DOMAIN_ADMIN_RID
- admins_rid = ActiveSambaLdap::SambaGroup::DOMAIN_ADMINS_RID
- guest_rid = ActiveSambaLdap::SambaUser::DOMAIN_GUEST_RID
- guests_rid = ActiveSambaLdap::SambaGroup::DOMAIN_GUESTS_RID
- options.administrator_uid = ActiveSambaLdap::SambaUser.rid2uid(admin_rid)
- options.administrator_gid = ActiveSambaLdap::SambaGroup.rid2gid(admins_rid)
- options.guest = ActiveSambaLdap::SambaUser::DOMAIN_GUEST_NAME
- options.guest_uid = ActiveSambaLdap::SambaUser.rid2uid(guest_rid)
- options.guest_gid = ActiveSambaLdap::SambaGroup.rid2gid(guests_rid)
+ options.administrator = ActiveSambaLdap::User::DOMAIN_ADMIN_NAME
+ admin_rid = ActiveSambaLdap::User::DOMAIN_ADMIN_RID
+ admins_rid = ActiveSambaLdap::Group::DOMAIN_ADMINS_RID
+ guest_rid = ActiveSambaLdap::User::DOMAIN_GUEST_RID
+ guests_rid = ActiveSambaLdap::Group::DOMAIN_GUESTS_RID
+ options.administrator_uid = ActiveSambaLdap::User.rid2uid(admin_rid)
+ options.administrator_gid = ActiveSambaLdap::Group.rid2gid(admins_rid)
+ options.guest = ActiveSambaLdap::User::DOMAIN_GUEST_NAME
+ options.guest_uid = ActiveSambaLdap::User.rid2uid(guest_rid)
+ options.guest_gid = ActiveSambaLdap::Group.rid2gid(guests_rid)
options.export_ldif = nil
options.import_ldif = nil
Modified: trunk/test/asl-test-utils.rb (+3 -3)
===================================================================
--- trunk/test/asl-test-utils.rb 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/test/asl-test-utils.rb 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -85,11 +85,11 @@
module TemporaryEntry
def setup
super
- @user_class = Class.new(ActiveSambaLdap::SambaUser)
+ @user_class = Class.new(ActiveSambaLdap::User)
@user_class.ldap_mapping
- @computer_class = Class.new(ActiveSambaLdap::SambaComputer)
+ @computer_class = Class.new(ActiveSambaLdap::Computer)
@computer_class.ldap_mapping
- @group_class = Class.new(ActiveSambaLdap::SambaGroup)
+ @group_class = Class.new(ActiveSambaLdap::Group)
@group_class.ldap_mapping
@user_class.set_associated_class(:primary_group, @group_class)
Modified: trunk/bin/asl-groupdel (+3 -3)
===================================================================
--- trunk/bin/asl-groupdel 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/bin/asl-groupdel 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -27,15 +27,15 @@
ActiveSambaLdap::Base.establish_connection("update")
-class Group < ActiveSambaLdap::SambaGroup
+class Group < ActiveSambaLdap::Group
ldap_mapping
end
-class User < ActiveSambaLdap::SambaUser
+class User < ActiveSambaLdap::User
ldap_mapping
end
-class Computer < ActiveSambaLdap::SambaComputer
+class Computer < ActiveSambaLdap::Computer
ldap_mapping
end
Modified: trunk/bin/asl-groupadd (+1 -1)
===================================================================
--- trunk/bin/asl-groupadd 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/bin/asl-groupadd 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -33,7 +33,7 @@
ActiveSambaLdap::Base.establish_connection("update")
-class Group < ActiveSambaLdap::SambaGroup
+class Group < ActiveSambaLdap::Group
ldap_mapping
end
Modified: trunk/bin/asl-userdel (+3 -3)
===================================================================
--- trunk/bin/asl-userdel 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/bin/asl-userdel 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -41,15 +41,15 @@
ActiveSambaLdap::Base.establish_connection("update")
-class User < ActiveSambaLdap::SambaUser
+class User < ActiveSambaLdap::User
ldap_mapping
end
-class Computer < ActiveSambaLdap::SambaComputer
+class Computer < ActiveSambaLdap::Computer
ldap_mapping
end
-class Group < ActiveSambaLdap::SambaGroup
+class Group < ActiveSambaLdap::Group
ldap_mapping
end
Modified: trunk/bin/asl-groupmod (+3 -3)
===================================================================
--- trunk/bin/asl-groupmod 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/bin/asl-groupmod 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -41,15 +41,15 @@
ActiveSambaLdap::Base.establish_connection("update")
-class Group < ActiveSambaLdap::SambaGroup
+class Group < ActiveSambaLdap::Group
ldap_mapping
end
-class User < ActiveSambaLdap::SambaUser
+class User < ActiveSambaLdap::User
ldap_mapping
end
-class Computer < ActiveSambaLdap::SambaComputer
+class Computer < ActiveSambaLdap::Computer
ldap_mapping
end
Modified: trunk/lib/active_samba_ldap/base.rb (+8 -0)
===================================================================
--- trunk/lib/active_samba_ldap/base.rb 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/lib/active_samba_ldap/base.rb 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -103,6 +103,14 @@
end
end
+ class NotSambaAavialableError < Error
+ attr_reader :object
+ def initialize(object)
+ @object = object
+ super("#{@object.inspect} is not Samba available")
+ end
+ end
+
class Base < ActiveLdap::Base
include Reloadable
Modified: trunk/lib/active_samba_ldap/account.rb (+5 -0)
===================================================================
--- trunk/lib/active_samba_ldap/account.rb 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/lib/active_samba_ldap/account.rb 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -40,6 +40,7 @@
:groups_many => "memberUid",
:prefix => default_prefix,
:classes => default_classes,
+ :recommended_classes => default_recommended_classes,
}
end
@@ -51,6 +52,10 @@
["top", "inetOrgPerson", "posixAccount"]
end
+ def default_recommended_classes
+ []
+ end
+
def primary_group_options(options)
{
:class => options[:primary_group_class],
Modified: trunk/bin/asl-useradd (+3 -3)
===================================================================
--- trunk/bin/asl-useradd 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/bin/asl-useradd 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -148,15 +148,15 @@
ActiveSambaLdap::Base.establish_connection("update")
-class User < ActiveSambaLdap::SambaUser
+class User < ActiveSambaLdap::User
ldap_mapping
end
-class Computer < ActiveSambaLdap::SambaComputer
+class Computer < ActiveSambaLdap::Computer
ldap_mapping
end
-class Group < ActiveSambaLdap::SambaGroup
+class Group < ActiveSambaLdap::Group
ldap_mapping
end
Modified: trunk/lib/active_samba_ldap/populate.rb (+3 -3)
===================================================================
--- trunk/lib/active_samba_ldap/populate.rb 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/lib/active_samba_ldap/populate.rb 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -37,9 +37,9 @@
end
def init_classes
- @options[:user_class] = user_class = Class.new(SambaUser)
- @options[:group_class] = group_class = Class.new(SambaGroup)
- @options[:computer_class] = computer_class = Class.new(SambaComputer)
+ @options[:user_class] = user_class = Class.new(User)
+ @options[:group_class] = group_class = Class.new(Group)
+ @options[:computer_class] = computer_class = Class.new(Computer)
@options[:idmap_class] = idmap_class = Class.new(Idmap)
@options[:unix_id_pool_class] = id_pool_class = Class.new(UnixIdPool)
Modified: trunk/lib/active_samba_ldap/computer.rb (+11 -0)
===================================================================
--- trunk/lib/active_samba_ldap/computer.rb 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/lib/active_samba_ldap/computer.rb 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -1,13 +1,24 @@
+require 'active_samba_ldap/base'
+require 'active_samba_ldap/entry'
+require 'active_samba_ldap/samba_entry'
require 'active_samba_ldap/account'
require 'active_samba_ldap/computer_account'
+require 'active_samba_ldap/samba_account'
module ActiveSambaLdap
class Computer < Base
include Reloadable
include Entry
+ include SambaEntry
include Account
include ComputerAccount
+ include SambaAccount
+
+ private
+ def default_account_flags
+ "[W]"
+ end
end
end
Modified: trunk/bin/asl-usermod (+3 -3)
===================================================================
--- trunk/bin/asl-usermod 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/bin/asl-usermod 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -141,15 +141,15 @@
ActiveSambaLdap::Base.establish_connection("update")
-class User < ActiveSambaLdap::SambaUser
+class User < ActiveSambaLdap::User
ldap_mapping
end
-class Computer < ActiveSambaLdap::SambaComputer
+class Computer < ActiveSambaLdap::Computer
ldap_mapping
end
-class Group < ActiveSambaLdap::SambaGroup
+class Group < ActiveSambaLdap::Group
ldap_mapping
end
Modified: trunk/bin/asl-groupshow (+1 -1)
===================================================================
--- trunk/bin/asl-groupshow 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/bin/asl-groupshow 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -17,7 +17,7 @@
ActiveSambaLdap::Base.establish_connection("reference")
-class Group < ActiveSambaLdap::SambaGroup
+class Group < ActiveSambaLdap::Group
ldap_mapping
end
Deleted: trunk/lib/active_samba_ldap/group.rb (+0 -182)
===================================================================
--- trunk/lib/active_samba_ldap/group.rb 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/lib/active_samba_ldap/group.rb 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -1,182 +0,0 @@
-require 'English'
-
-require 'active_samba_ldap/entry'
-
-module ActiveSambaLdap
- class Group < Base
- include Reloadable
-
- include Entry
-
- class << self
- def ldap_mapping(options={})
- options = default_options.merge(options)
- super(extract_ldap_mapping_options(options))
- init_associations(options)
- end
-
- def find_by_name_or_gid_number(key)
- group = nil
- begin
- gid_number = Integer(key)
- group = find_by_gid_number(gid_number)
- raise GidNumberDoesNotExist.new(gid_number) if group.nil?
- rescue ArgumentError
- raise GroupDoesNotExist.new(key) unless exists?(key)
- group = find(key)
- end
- group
- end
-
- def find_by_gid_number(number)
- attribute = "gidNumber"
- value = Integer(number).to_s
- find(:first, :filter => "(#{attribute}=#{value})")
- end
-
- private
- def default_options
- {
- :dn_attribute => "cn",
- :prefix => configuration[:groups_suffix],
- :classes => default_classes,
-
- :members_wrap => "memberUid",
- :users_class => default_user_class,
- :computers_class => default_computer_class,
-
- :primary_members_foreign_key => "gidNumber",
- :primary_members_primary_key => "gidNumber",
- :primary_users_class => default_user_class,
- :primary_computers_class => default_computer_class,
- }
- end
-
- def default_classes
- ["top", "posixGroup"]
- end
-
- def default_user_class
- "User"
- end
-
- def default_computer_class
- "Computer"
- end
-
- def init_associations(options)
- association_options = {}
- options.each do |key, value|
- case key.to_s
- when /^((?:primary_)?(?:(?:user|computer|member)s))_/
- association_options[$1] ||= {}
- association_options[$1][$POSTMATCH.to_sym] = value
- end
- end
-
- members_opts = association_options["members"] || {}
- user_members_opts = association_options["users"] || {}
- computer_members_opts = association_options["computers"] || {}
- has_many :users, members_opts.merge(user_members_opts)
- has_many :computers, members_opts.merge(computer_members_opts)
-
- primary_members_opts = association_options["primary_members"] || {}
- primary_user_members_opts =
- association_options["primary_users"] || {}
- primary_computer_members_opts =
- association_options["primary_computers"] || {}
- has_many :primary_users,
- primary_members_opts.merge(primary_user_members_opts)
- has_many :primary_computers,
- primary_members_opts.merge(primary_computer_members_opts)
- end
-
- def prepare_create_options(group, options)
- prepare_create_options_for_number(:gid_number, group, options)
- end
- end
-
- def fill_default_values(options={})
- gid_number = options[:gid_number]
- change_gid_number(gid_number) if gid_number
- self.description ||= options[:description] || cn
- end
-
- def members
- users.to_ary + computers.to_ary
- end
-
- def reload_members
- users.reload
- computers.reload
- end
-
- def primary_members
- primary_users.to_ary + primary_computers.to_ary
- end
-
- def reload_primary_members
- primary_users.reload
- primary_computers.reload
- end
-
- def change_gid_number(gid, allow_non_unique=false)
- check_unique_gid_number(gid) unless allow_non_unique
- self.gid_number = gid.to_s
- end
-
- def destroy(options={})
- if options[:remove_members]
- if options[:force_change_primary_members]
- change_primary_members(options)
- end
- reload_primary_members
- unless primary_members.empty?
- not_destroyed_members = primary_members.collect {|x| x.uid}
- raise PrimaryGroupCanNotBeDestroyed.new(cn, not_destroyed_members)
- end
- self.users = []
- self.computers = []
- end
- super()
- end
-
- private
- def ensure_uid(member_or_uid)
- if member_or_uid.is_a?(String)
- member_or_uid
- else
- member_or_uid.uid
- end
- end
-
- def check_unique_gid_number(gid_number)
- ActiveSambaLdap::Base.restart_nscd do
- if self.class.find_by_gid_number(Integer(gid_number))
- raise GidNumberAlreadyExists.new(gid_number)
- end
- end
- end
-
- def change_primary_members(options={})
- name = cn
-
- pr_members = primary_members
- cannot_removed_members = []
- pr_members.each do |member|
- if (member.groups.collect {|group| group.cn} - [name]).empty?
- cannot_removed_members << member.uid
- end
- end
- unless cannot_removed_members.empty?
- raise CanNotChangePrimaryGroup.new(name, cannot_removed_members)
- end
-
- pr_members.each do |member|
- new_group = member.groups.find {|gr| gr.cn != name}
- member.primary_group = new_group
- member.save!
- end
- end
- end
-end
Deleted: trunk/lib/active_samba_ldap/samba_group.rb (+0 -126)
===================================================================
--- trunk/lib/active_samba_ldap/samba_group.rb 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/lib/active_samba_ldap/samba_group.rb 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -1,126 +0,0 @@
-require 'active_samba_ldap/group'
-
-module ActiveSambaLdap
- class SambaGroup < Group
- include Reloadable
-
- # from librpc/ndr/security.h in Samba
- SID_BUILTIN = "S-1-5-32"
-
- # from source/include/rpc_misc.c in Samba
- DOMAIN_ADMINS_RID = 0x00000200
- DOMAIN_USERS_RID = 0x00000201
- DOMAIN_GUESTS_RID = 0x00000202
- DOMAIN_COMPUTERS_RID = 0x00000203
-
- LOCAL_ADMINS_RID = 0x00000220
- LOCAL_USERS_RID = 0x00000221
- LOCAL_GUESTS_RID = 0x00000222
- LOCAL_POWER_USERS_RID = 0x00000223
-
- LOCAL_ACCOUNT_OPERATORS_RID = 0x00000224
- LOCAL_SYSTEM_OPERATORS_RID = 0x00000225
- LOCAL_PRINT_OPERATORS_RID = 0x00000226
- LOCAL_BACKUP_OPERATORS_RID = 0x00000227
-
- LOCAL_REPLICATORS_RID = 0x00000228
-
-
- # from source/rpc_server/srv_util.c in Samba
- DOMAIN_ADMINS_NAME = "Domain Administrators"
- DOMAIN_USERS_NAME = "Domain Users"
- DOMAIN_GUESTS_NAME = "Domain Guests"
- DOMAIN_COMPUTERS_NAME = "Domain Computers"
-
-
- WELL_KNOWN_RIDS = []
- WELL_KNOWN_NAMES = []
- constants.each do |name|
- case name
- when /_RID$/
- WELL_KNOWN_RIDS << const_get(name)
- when /_NAME$/
- WELL_KNOWN_NAMES << const_get(name)
- end
- end
-
-
- # from source/librpc/idl/lsa.idl in Samba
- TYPES = {
- "domain" => 2,
- "local" => 4,
- "builtin" => 5,
- }
-
- class << self
- def gid2rid(gid)
- gid = Integer(gid)
- if WELL_KNOWN_RIDS.include?(gid)
- gid
- else
- 2 * gid + 1001
- end
- end
-
- def rid2gid(rid)
- rid = Integer(rid)
- if WELL_KNOWN_RIDS.include?(rid)
- rid
- else
- (rid - 1001) / 2
- end
- end
-
- def start_rid
- gid2rid(start_gid)
- end
-
- private
- def default_classes
- super + ["sambaGroupMapping"]
- end
- end
-
- def fill_default_values(options={})
- change_type(options[:group_type] || "domain") unless samba_group_type
- self.display_name ||= options[:display_name] || cn
- super
- end
-
- def change_gid_number(gid, allow_non_unique=false)
- super
- rid = self.class.gid2rid(gid_number.to_s)
- change_sid(rid, allow_non_unique)
- end
-
- def change_gid_number_by_rid(rid, allow_non_unique=false)
- change_gid_number(self.class.rid2gid(rid), allow_non_unique)
- end
-
- def change_sid(rid, allow_non_unique=false)
- if (LOCAL_ADMINS_RID..LOCAL_REPLICATORS_RID).include?(rid.to_i)
- sid = "#{SID_BUILTIN}-#{rid}"
- else
- sid = "#{self.class.configuration[:sid]}-#{rid}"
- end
- # check_unique_sid_number(sid) unless allow_non_unique
- self.samba_sid = sid
- end
-
- def rid
- Integer(samba_sid.split(/-/).last)
- end
-
- def change_type(type)
- normalized_type = type.to_s.downcase
- if TYPES.has_key?(normalized_type)
- type = TYPES[normalized_type]
- elsif TYPES.values.include?(type.to_i)
- # pass
- else
- raise ArgumentError, "invalid type: #{type}"
- end
- self.samba_group_type = type.to_s
- end
- end
-end
Deleted: trunk/lib/active_samba_ldap/samba_computer.rb (+0 -20)
===================================================================
--- trunk/lib/active_samba_ldap/samba_computer.rb 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/lib/active_samba_ldap/samba_computer.rb 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -1,20 +0,0 @@
-require 'active_samba_ldap/account'
-require 'active_samba_ldap/user_account'
-require 'active_samba_ldap/samba_account'
-
-module ActiveSambaLdap
- class SambaComputer < Base
- include Reloadable
-
- include Entry
-
- include Account
- include ComputerAccount
- include SambaAccount
-
- private
- def default_account_flags
- "[W]"
- end
- end
-end
Modified: trunk/bin/asl-usershow (+1 -1)
===================================================================
--- trunk/bin/asl-usershow 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/bin/asl-usershow 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -17,7 +17,7 @@
ActiveSambaLdap::Base.establish_connection("reference")
-class User < ActiveSambaLdap::SambaUser
+class User < ActiveSambaLdap::User
ldap_mapping
end
Deleted: trunk/lib/active_samba_ldap/samba_user.rb (+0 -39)
===================================================================
--- trunk/lib/active_samba_ldap/samba_user.rb 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/lib/active_samba_ldap/samba_user.rb 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -1,39 +0,0 @@
-require 'active_samba_ldap/entry'
-require 'active_samba_ldap/account'
-require 'active_samba_ldap/user_account'
-require 'active_samba_ldap/samba_account'
-
-module ActiveSambaLdap
- class SambaUser < Base
- include Reloadable
-
- include Entry
-
- include Account
- include UserAccount
- include SambaAccount
-
- def fill_default_values(options={})
- super
-
- subst = Proc.new do |key|
- value = options[key]
- if value
- substitute_template(value)
- else
- substituted_value(key)
- end
- end
-
- self.samba_home_path ||= subst[:user_home_unc]
- self.samba_home_drive ||= subst[:user_home_drive].sub(/([^:])$/, "\\1:")
- self.samba_profile_path ||= subst[:user_profile]
- self.samba_logon_script ||= subst[:user_logon_script]
- end
-
- private
- def default_account_flags
- "[UH]"
- end
- end
-end
Modified: trunk/lib/active_samba_ldap/samba_account.rb (+33 -6)
===================================================================
--- trunk/lib/active_samba_ldap/samba_account.rb 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/lib/active_samba_ldap/samba_account.rb 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -52,7 +52,7 @@
end
private
- def default_classes
+ def default_recommended_classes
super + ["sambaSamAccount"]
end
@@ -62,8 +62,9 @@
module PrimaryGroupProxy
def replace(entry)
- super
- if @target
+ result = super
+
+ if @target and @target.samba_available?
if @target.samba_sid.to_s.empty?
raise GroupDoesNotHaveSambaSID.new(@target.gid_number)
end
@@ -71,13 +72,23 @@
else
@owner.samba_primary_group_sid = nil
end
- entry
+
+ result
end
end
end
+ def samba_available?
+ classes.include?("sambaSamAccount")
+ end
+
+ def ensure_samba_available
+ ensure_recommended_classes
+ end
+
def fill_default_values(options={})
- super
+ result = super
+ return result unless samba_available?
self.samba_logon_time ||= "0"
self.samba_logoff_time ||= FAR_FUTURE_TIME
@@ -117,45 +128,55 @@
end
def change_uid_number(uid, allow_non_unique=false)
- super
+ result = super
+ return result unless samba_available?
+
rid = self.class.uid2rid(uid_number.to_s)
change_sid(rid, allow_non_unique)
end
def change_uid_number_by_rid(rid, allow_non_unique=false)
+ assert_samba_available
change_uid_number(self.class.rid2uid(rid), allow_non_unique)
end
def change_sid(rid, allow_non_unique=false)
+ assert_samba_available
sid = "#{self.class.configuration[:sid]}-#{rid}"
# check_unique_sid_number(sid) unless allow_non_unique
self.samba_sid = sid
end
def rid
+ assert_samba_available
Integer(samba_sid.split(/-/).last)
end
def change_samba_password(password)
+ assert_samba_available
self.samba_lm_password = Samba::Encrypt.lm_hash(password)
self.samba_nt_password = Samba::Encrypt.ntlm_hash(password)
self.samba_pwd_last_set = Time.now.to_i.to_s
end
def enable_password_change
+ assert_samba_available
self.samba_pwd_can_change = "0"
end
def disable_password_change
+ assert_samba_available
self.samba_pwd_can_change = FAR_FUTURE_TIME
end
def can_change_password?
+ assert_samba_available
samba_pwd_can_change.nil? or
Time.at(samba_pwd_can_change.to_i) <= Time.now
end
def enable_forcing_password_change
+ assert_samba_available
self.samba_pwd_must_change = "0"
if /X/ =~ samba_acct_flags.to_s
self.samba_acct_flags = samba_acct_flags.sub(/X/, '')
@@ -166,22 +187,26 @@
end
def disable_forcing_password_change
+ assert_samba_available
self.samba_pwd_must_change = FAR_FUTURE_TIME
end
def must_change_password?
+ assert_samba_available
!(/X/ =~ samba_acct_flags.to_s or
samba_pwd_must_change.nil? or
Time.at(samba_pwd_must_change.to_i) > Time.now)
end
def enable
+ assert_samba_available
if /D/ =~ samba_acct_flags.to_s
self.samba_acct_flags = samba_acct_flags.gsub(/D/, '')
end
end
def disable
+ assert_samba_available
flags = ""
if ACCOUNT_FLAGS_RE =~ samba_acct_flags.to_s
flags = $1
@@ -191,10 +216,12 @@
end
def enabled?
+ assert_samba_available
!disabled?
end
def disabled?
+ assert_samba_available
(/D/ =~ samba_acct_flags.to_s) ? true : false
end
end
Copied: trunk/lib/active_samba_ldap/group_entry.rb (+188 -0)
===================================================================
--- trunk/lib/active_samba_ldap/group.rb 2007-03-09 10:34:17 +09:00 (rev 79)
+++ trunk/lib/active_samba_ldap/group_entry.rb 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -0,0 +1,188 @@
+require 'English'
+
+require 'active_samba_ldap/entry'
+
+module ActiveSambaLdap
+ module GroupEntry
+ def self.included(base)
+ super
+ base.extend(ClassMethods)
+ end
+
+ module ClassMethods
+ def ldap_mapping(options={})
+ options = default_options.merge(options)
+ super(extract_ldap_mapping_options(options))
+ init_associations(options)
+ end
+
+ def find_by_name_or_gid_number(key)
+ group = nil
+ begin
+ gid_number = Integer(key)
+ group = find_by_gid_number(gid_number)
+ raise GidNumberDoesNotExist.new(gid_number) if group.nil?
+ rescue ArgumentError
+ raise GroupDoesNotExist.new(key) unless exists?(key)
+ group = find(key)
+ end
+ group
+ end
+
+ def find_by_gid_number(number)
+ attribute = "gidNumber"
+ value = Integer(number).to_s
+ find(:first, :filter => "(#{attribute}=#{value})")
+ end
+
+ private
+ def default_options
+ {
+ :dn_attribute => "cn",
+ :prefix => configuration[:groups_suffix],
+ :classes => default_classes,
+ :recommended_classes => default_recommended_classes,
+
+ :members_wrap => "memberUid",
+ :users_class => default_user_class,
+ :computers_class => default_computer_class,
+
+ :primary_members_foreign_key => "gidNumber",
+ :primary_members_primary_key => "gidNumber",
+ :primary_users_class => default_user_class,
+ :primary_computers_class => default_computer_class,
+ }
+ end
+
+ def default_classes
+ ["top", "posixGroup"]
+ end
+
+ def default_recommended_classes
+ []
+ end
+
+ def default_user_class
+ "User"
+ end
+
+ def default_computer_class
+ "Computer"
+ end
+
+ def init_associations(options)
+ association_options = {}
+ options.each do |key, value|
+ case key.to_s
+ when /^((?:primary_)?(?:(?:user|computer|member)s))_/
+ association_options[$1] ||= {}
+ association_options[$1][$POSTMATCH.to_sym] = value
+ end
+ end
+
+ members_opts = association_options["members"] || {}
+ user_members_opts = association_options["users"] || {}
+ computer_members_opts = association_options["computers"] || {}
+ has_many :users, members_opts.merge(user_members_opts)
+ has_many :computers, members_opts.merge(computer_members_opts)
+
+ primary_members_opts = association_options["primary_members"] || {}
+ primary_user_members_opts =
+ association_options["primary_users"] || {}
+ primary_computer_members_opts =
+ association_options["primary_computers"] || {}
+ has_many :primary_users,
+ primary_members_opts.merge(primary_user_members_opts)
+ has_many :primary_computers,
+ primary_members_opts.merge(primary_computer_members_opts)
+ end
+
+ def prepare_create_options(group, options)
+ prepare_create_options_for_number(:gid_number, group, options)
+ end
+ end
+
+ def fill_default_values(options={})
+ gid_number = options[:gid_number]
+ change_gid_number(gid_number) if gid_number
+ self.description ||= options[:description] || cn
+ end
+
+ def members
+ users.to_ary + computers.to_ary
+ end
+
+ def reload_members
+ users.reload
+ computers.reload
+ end
+
+ def primary_members
+ primary_users.to_ary + primary_computers.to_ary
+ end
+
+ def reload_primary_members
+ primary_users.reload
+ primary_computers.reload
+ end
+
+ def change_gid_number(gid, allow_non_unique=false)
+ check_unique_gid_number(gid) unless allow_non_unique
+ self.gid_number = gid.to_s
+ end
+
+ def destroy(options={})
+ if options[:remove_members]
+ if options[:force_change_primary_members]
+ change_primary_members(options)
+ end
+ reload_primary_members
+ unless primary_members.empty?
+ not_destroyed_members = primary_members.collect {|x| x.uid}
+ raise PrimaryGroupCanNotBeDestroyed.new(cn, not_destroyed_members)
+ end
+ self.users = []
+ self.computers = []
+ end
+ super()
+ end
+
+ private
+ def ensure_uid(member_or_uid)
+ if member_or_uid.is_a?(String)
+ member_or_uid
+ else
+ member_or_uid.uid
+ end
+ end
+
+ def check_unique_gid_number(gid_number)
+ ActiveSambaLdap::Base.restart_nscd do
+ if self.class.find_by_gid_number(Integer(gid_number))
+ raise GidNumberAlreadyExists.new(gid_number)
+ end
+ end
+ end
+
+ def change_primary_members(options={})
+ name = cn
+
+ pr_members = primary_members
+ cannot_removed_members = []
+ pr_members.each do |member|
+ if (member.groups.collect {|group| group.cn} - [name]).empty?
+ cannot_removed_members << member.uid
+ end
+ end
+ unless cannot_removed_members.empty?
+ raise CanNotChangePrimaryGroup.new(name, cannot_removed_members)
+ end
+
+ pr_members.each do |member|
+ new_group = member.groups.find {|gr| gr.cn != name}
+ member.primary_group = new_group
+ member.save!
+ end
+ end
+ end
+end
Modified: trunk/lib/active_samba_ldap/configuration.rb (+5 -5)
===================================================================
--- trunk/lib/active_samba_ldap/configuration.rb 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/lib/active_samba_ldap/configuration.rb 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -54,7 +54,7 @@
end - ActiveLdap::Adaptor::Base::VALID_ADAPTOR_CONFIGURATION_KEYS
super(config).reject do |key, value|
target_keys.include?(key)
- end
+ end
end
def merge_configuration(config)
@@ -229,13 +229,13 @@
end
def default_user_gid
- rid = ActiveSambaLdap::SambaGroup::DOMAIN_USERS_RID
- ActiveSambaLdap::SambaGroup.rid2gid(rid)
+ rid = ActiveSambaLdap::Group::DOMAIN_USERS_RID
+ ActiveSambaLdap::Group.rid2gid(rid)
end
def default_computer_gid
- rid = ActiveSambaLdap::SambaGroup::DOMAIN_COMPUTERS_RID
- ActiveSambaLdap::SambaGroup.rid2gid(rid)
+ rid = ActiveSambaLdap::Group::DOMAIN_COMPUTERS_RID
+ ActiveSambaLdap::Group.rid2gid(rid)
end
def skeleton_directory
Modified: trunk/bin/asl-passwd (+1 -7)
===================================================================
--- trunk/bin/asl-passwd 2007-04-27 11:31:30 +09:00 (rev 80)
+++ trunk/bin/asl-passwd 2007-08-04 11:52:08 +09:00 (rev 81)
@@ -40,13 +40,7 @@
ActiveSambaLdap::Base.establish_connection("update")
-if options.update_samba_password
- parent = ActiveSambaLdap::SambaUser
-else
- parent = ActiveSambaLdap::User
-end
-
-class User < parent
+class User < ActiveSambaLdap::User
ldap_mapping
end
More information about the asl-commit
mailing list