Module: ActiveSambaLdap::SambaAccountEntry

Included in:

Computer, User

Defined in:

lib/active_samba_ldap/samba_account_entry.rb

Defined Under Namespace

Modules: ClassMethods

Constant Summary

DOMAIN_ADMIN_RID =

from source/include/rpc_misc.c in Samba

0x000001F4

DOMAIN_GUEST_RID =

0x000001F5

DOMAIN_ADMIN_NAME =

from source/rpc_server/srv_util.c in Samba

"Administrator"

DOMAIN_GUEST_NAME =

"Guest"

WELL_KNOWN_RIDS =

[]

WELL_KNOWN_NAMES =

[]

FAR_FUTURE_TIME =

FAR_FUTURE_TIME = Time.parse(“2050/01/01”).to_i.to_s

Time.parse("2038/01/18").to_i.to_s

ACCOUNT_FLAGS_RE =

/\A\[([NDHTUMWSLXI ]+)\]\z/

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #can_change_password? ⇒ Boolean
• #change_samba_password(password) ⇒ Object
• #change_sid(rid, allow_non_unique = false) ⇒ Object
• #change_uid_number(uid, allow_non_unique = false) ⇒ Object
• #change_uid_number_by_rid(rid, allow_non_unique = false) ⇒ Object
• #disable ⇒ Object
• #disable_forcing_password_change ⇒ Object
• #disable_password_change ⇒ Object
• #disabled? ⇒ Boolean
• #enable ⇒ Object
• #enable_forcing_password_change ⇒ Object
• #enable_password_change ⇒ Object
• #enabled? ⇒ Boolean
• #fill_default_values(options = {}) ⇒ Object
• #must_change_password? ⇒ Boolean
• #rid ⇒ Object

Class Method Details

.included(base) ⇒ Object

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 5

def self.included(base)
  super
  base.extend(ClassMethods)
end

Instance Method Details

#can_change_password? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 171

def can_change_password?
  assert_samba_available
  samba_pwd_can_change.nil? or
    Time.at(samba_pwd_can_change.to_i) <= Time.now
end

#change_samba_password(password) ⇒ Object

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 154

def change_samba_password(password)
  assert_samba_available
  self.samba_lm_password = Samba::Encrypt.lm_hash(password)
  self.samba_nt_password = Samba::Encrypt.ntlm_hash(password)
  self.samba_pwd_last_set = Time.now.to_i.to_s
end

#change_sid(rid, allow_non_unique = false) ⇒ Object

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 142

def change_sid(rid, allow_non_unique=false)
  assert_samba_available
  sid = "#{self.class.configuration[:sid]}-#{rid}"
  # check_unique_sid_number(sid) unless allow_non_unique
  self.samba_sid = sid
end

#change_uid_number(uid, allow_non_unique = false) ⇒ Object

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 129

def change_uid_number(uid, allow_non_unique=false)
  result = super
  return result unless samba_available?

  rid = self.class.uid2rid(uid_number.to_s)
  change_sid(rid, allow_non_unique)
end

#change_uid_number_by_rid(rid, allow_non_unique = false) ⇒ Object

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 137

def change_uid_number_by_rid(rid, allow_non_unique=false)
  assert_samba_available
  change_uid_number(self.class.rid2uid(rid), allow_non_unique)
end

#disable ⇒ Object

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 212

def disable
  assert_samba_available
  if samba4?
    self.user_account_control +=
      ActiveDirectory::UserAccountControl::ACCOUNT_DISABLE
  else
    flags = ""
    if ACCOUNT_FLAGS_RE =~ samba_acct_flags.to_s
      flags = $1
      return if /D/ =~ flags
    end
    self.samba_acct_flags = "[D#{flags}]"
  end
end

#disable_forcing_password_change ⇒ Object

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 188

def disable_forcing_password_change
  assert_samba_available
  self.samba_pwd_must_change = FAR_FUTURE_TIME
end

#disable_password_change ⇒ Object

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 166

def disable_password_change
  assert_samba_available
  self.samba_pwd_can_change = FAR_FUTURE_TIME
end

#disabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 232

def disabled?
  assert_samba_available
  if samba4?
    not (user_account_control &
         ActiveDirectory::UserAccountControl::ACCOUNT_DISABLE).zero?
  else
    (/D/ =~ samba_acct_flags.to_s) ? true : false
  end
end

#enable ⇒ Object

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 200

def enable
  assert_samba_available
  if samba4?
    self.user_account_control -=
      ActiveDirectory::UserAccountControl::ACCOUNT_DISABLE
  else
    if /D/ =~ samba_acct_flags.to_s
      self.samba_acct_flags = samba_acct_flags.gsub(/D/, '')
    end
  end
end

#enable_forcing_password_change ⇒ Object

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 177

def enable_forcing_password_change
  assert_samba_available
  self.samba_pwd_must_change = "0"
  if /X/ =~ samba_acct_flags.to_s
    self.samba_acct_flags = samba_acct_flags.sub(/X/, '')
  end
  if samba_pwd_last_set.to_i.zero?
    self.samba_pwd_last_set = FAR_FUTURE_TIME
  end
end

#enable_password_change ⇒ Object

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 161

def enable_password_change
  assert_samba_available
  self.samba_pwd_can_change = "0"
end

#enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 227

def enabled?
  assert_samba_available
  !disabled?
end

#fill_default_values(options = {}) ⇒ Object

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 88

def fill_default_values(options={})
  result = super
  return result unless samba_available?

  self.samba_logon_time ||= "0"
  self.samba_logoff_time ||= FAR_FUTURE_TIME
  self.samba_kickoff_time ||= nil

  password = options["password"]
  change_samba_password(password) if password
  self.samba_lm_password ||= "XXX"
  self.samba_nt_password ||= "XXX"
  self.samba_pwd_last_set ||= "0"

  account_flags_is_not_set = samba_acct_flags.nil?
  self.samba_acct_flags ||= default_account_flags

  can_change_password = options["can_change_password"]
  if can_change_password
    self.enable_password_change
  elsif account_flags_is_not_set or can_change_password == false
    self.disable_password_change
  end

  must_change_password = options["must_change_password"]
  if must_change_password
    self.enable_forcing_password_change
  elsif account_flags_is_not_set or must_change_password == false
    self.disable_forcing_password_change
  end

  enable_account = options["enable"]
  if enable_account
    self.enable
  elsif account_flags_is_not_set or enable_account == false
    self.disable
  end

  self
end

#must_change_password? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 193

def must_change_password?
  assert_samba_available
  !(/X/ =~ samba_acct_flags.to_s or
    samba_pwd_must_change.nil? or
    Time.at(samba_pwd_must_change.to_i) > Time.now)
end

#rid ⇒ Object

# File 'lib/active_samba_ldap/samba_account_entry.rb', line 149

def rid
  assert_samba_available
  Integer(samba_sid.split(/-/).last)
end