1
1
require 'proxy/kerberos'
2
2
require 'radcli'
3
+ require 'digest'
3
4
4
5
module Proxy ::AdRealm
5
6
class Provider
6
7
include Proxy ::Log
7
8
include Proxy ::Util
8
9
include Proxy ::Kerberos
9
10
10
- def initialize ( realm , keytab_path , principal , domain_controller , ou )
11
- @realm = realm
12
- @keytab_path = keytab_path
13
- @principal = principal
14
- @domain_controller = domain_controller
15
- @domain = realm . downcase
16
- @ou = ou
17
- logger . info "Proxy::AdRealm: initialize... #{ @realm } , #{ @keytab_path } , #{ @principal } , #{ @domain_controller } , #{ @domain } , #{ @ou } "
11
+ attr_reader :realm , :keytab_path , :principal , :domain_controller , :domain , :ou , :computername_prefix , :computername_hash , :computername_use_fqdn
12
+
13
+ def initialize ( options = { } )
14
+ @realm = options [ :realm ]
15
+ @keytab_path = options [ :keytab_path ]
16
+ @principal = options [ :principal ]
17
+ @domain_controller = options [ :domain_controller ]
18
+ @domain = options [ :realm ] . downcase
19
+ @ou = options [ :ou ]
20
+ @computername_prefix = options [ :computername_prefix ]
21
+ @computername_hash = options . fetch ( :computername_hash , false )
22
+ @computername_use_fqdn = options . fetch ( :computername_use_fqdn , false )
23
+ logger . info 'Proxy::AdRealm: initialize...'
18
24
end
19
25
20
26
def check_realm ( realm )
@@ -33,10 +39,12 @@ def create(realm, hostfqdn, params)
33
39
password = generate_password
34
40
result = { randompassword : password }
35
41
42
+ computername = hostfqdn_to_computername ( hostfqdn )
43
+
36
44
if params [ :rebuild ] == 'true'
37
- do_host_rebuild ( hostfqdn , password )
45
+ radcli_password ( computername , password )
38
46
else
39
- do_host_create ( hostfqdn , password )
47
+ radcli_join ( hostfqdn , computername , password )
40
48
end
41
49
42
50
JSON . pretty_generate ( result )
@@ -46,24 +54,31 @@ def delete(realm, hostfqdn)
46
54
logger . info "Proxy::AdRealm: delete... #{ realm } , #{ hostfqdn } "
47
55
kinit_radcli_connect
48
56
check_realm ( realm )
49
- radcli_delete ( hostfqdn )
57
+ computername = hostfqdn_to_computername ( hostfqdn )
58
+ radcli_delete ( computername )
50
59
end
51
60
52
61
private
53
62
54
- def hostfqdn_to_hostname ( host_fqdn )
55
- host_fqdn_split = host_fqdn . split ( '.' )
56
- host_fqdn_split . first
57
- end
63
+ def hostfqdn_to_computername ( hostfqdn )
64
+ computername = hostfqdn
65
+
66
+ # strip the domain from the host
67
+ computername = computername . split ( '.' ) . first unless computername_use_fqdn
68
+
69
+ # generate the SHA256 hexdigest from the computername
70
+ computername = Digest ::SHA256 . hexdigest ( computername ) if computername_hash
71
+
72
+ # apply prefix if it has not already been applied
73
+ computername = computername_prefix + computername if apply_computername_prefix? ( computername )
58
74
59
- def do_host_create ( hostfqdn , password )
60
- hostname = hostfqdn_to_hostname ( hostfqdn )
61
- radcli_join ( hostfqdn , hostname , password )
75
+ # limit length to 15 characters and upcase the computername
76
+ # see https://support.microsoft.com/en-us/kb/909264
77
+ computername [ 0 , 15 ] . upcase
62
78
end
63
79
64
- def do_host_rebuild ( hostfqdn , password )
65
- hostname = hostfqdn_to_hostname hostfqdn
66
- radcli_password ( hostname , password )
80
+ def apply_computername_prefix? ( computername )
81
+ !computername_prefix . nil? && !computername_prefix . empty? && ( computername_hash || !computername [ 0 , computername_prefix . size ] . casecmp ( computername_prefix ) . zero? )
67
82
end
68
83
69
84
def kinit_radcli_connect
@@ -81,10 +96,10 @@ def radcli_connect
81
96
conn
82
97
end
83
98
84
- def radcli_join ( hostfqdn , hostname , password )
99
+ def radcli_join ( hostfqdn , computername , password )
85
100
# Join computer
86
101
enroll = Adcli ::AdEnroll . new ( @adconn )
87
- enroll . set_computer_name ( hostname )
102
+ enroll . set_computer_name ( computername )
88
103
enroll . set_host_fqdn ( hostfqdn )
89
104
enroll . set_domain_ou ( @ou ) if @ou
90
105
enroll . set_computer_password ( password )
@@ -96,19 +111,19 @@ def generate_password
96
111
Array . new ( 20 ) { characters . sample } . join
97
112
end
98
113
99
- def radcli_password ( hostname , password )
114
+ def radcli_password ( computername , password )
100
115
# Reset a computer's password
101
116
enroll = Adcli ::AdEnroll . new ( @adconn )
102
- enroll . set_computer_name ( hostname )
117
+ enroll . set_computer_name ( computername )
103
118
enroll . set_domain_ou ( @ou ) if @ou
104
119
enroll . set_computer_password ( password )
105
120
enroll . password
106
121
end
107
122
108
- def radcli_delete ( hostname )
123
+ def radcli_delete ( computername )
109
124
# Delete a computer's account
110
125
enroll = Adcli ::AdEnroll . new ( @adconn )
111
- enroll . set_computer_name ( hostname )
126
+ enroll . set_computer_name ( computername )
112
127
enroll . set_domain_ou ( @ou ) if @ou
113
128
enroll . delete
114
129
end
0 commit comments