verdnatura/salix
verdnatura
/
salix
3
4
Fork 0
Code Issues Pull Requests 59 Releases Wiki Activity

feat(samba): refs #5770 #5770 Mayor updates

This commit is contained in:
Javier Segarra 2024-05-08 07:35:05 +02:00
parent ba1a29ac88
commit cf259ad0ce
2 changed files with 48 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
modules/account/back/models/samba-config.js
View File

@ -1,9 +1,8 @@
const app = require('vn-loopback/server/server'); const app = require('vn-loopback/server/server');
const ldap = require('../util/ldapjs-extra'); const ldap = require('../util/ldapjs-extra');
const { differences, handleExecResponse, toMap } = require('../util/helpers'); const {differences, toMap, printResults} = require('../util/helpers');
const { stdout } = require('process');
const execFile = require('child_process').execFile; const execFile = require('child_process').execFile;
const ROLE_PREFIX = 'VN_'; // const ROLE_PREFIX = 'VN_';
/** /**
* Summary of userAccountControl flags: * Summary of userAccountControl flags:
* https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties * https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
@ -25,6 +24,7 @@ module.exports = Self => {
'adUser', 'adUser',
'adPassword', 'adPassword',
'userDn', 'userDn',
'groupDn',
'verifyCert' 'verifyCert'
] ]
}); });
@ -47,6 +47,7 @@ module.exports = Self => {
Object.assign(this, { Object.assign(this, {
adClient, adClient,
fullUsersDn: `${this.userDn},${baseDn}`, fullUsersDn: `${this.userDn},${baseDn}`,
fullGroupsDn: `${this.groupDn},${baseDn}`,
bindDn bindDn
}); });
}, },
@ -182,28 +183,27 @@ module.exports = Self => {
// Prepare data // Prepare data
try { try {
const filter = '(cn=VN_*)' // const filter = '(cn=VN_*)';
const scope = 'sub' const scope = 'sub';
const baseDN = 'cn=Users,dc=verdnatura,dc=es'; // const baseDN = 'cn=Users,dc=verdnatura,dc=es';
const ldapMembersGroups = await this.adClient.searchAll(baseDN,{ // const ldapMembersGroups = await this.adClient.searchAll(baseDN, {
scope, // scope,
attributes: ['cn','member'], // attributes: ['cn', 'member'],
filter // filter
}); // });
// OBTENER ROLES // OBTENER ROLES
let rolesBD = (await $.VnRole.find({ let roles = (await $.VnRole.find({
fields: ['id', 'name', 'description'], fields: ['id', 'name', 'description'],
order: 'modified DESC', order: 'modified DESC',
limit: 1 limit: 1
})); }));
let roles = rolesBD.map(({id, name, description}) => ({vn:`${ROLE_PREFIX}${name}`, name, id, description}));
let rolesName = roles.map(role=>role.name) let rolesName = roles.map(role => role.name);
//OBTENER LDAPSJS ROLES // OBTENER LDAPSJS ROLES
const ldapGroups = (await this.adClient.searchAll(baseDN,{ const ldapGroups = (await this.adClient.searchAll(baseDN, {
scope, scope,
attributes: ['cn', 'description'], attributes: ['cn', 'description'],
filter }));/* , (err, res)=>{
}))/*, (err, res)=>{
res.on('searchEntry', entry=>{ res.on('searchEntry', entry=>{
console.log(entry) console.log(entry)
}) })
@ -215,7 +215,9 @@ module.exports = Self => {
}) })
})*/ })*/
// OBTENER SAMBA ROLES // OBTENER SAMBA ROLES
let sambaCurrentRoles = ldapGroups.map(({cn})=>cn);;// handleExecResponse(await this.sambaTool('group', ['list'])).filter(group => group.startsWith(ROLE_PREFIX)); let sambaCurrentRoles = ldapGroups.map(({cn}) => cn);
// handleExecResponse(await this.sambaTool('group', ['list']))
// .filter(group => group.startsWith(ROLE_PREFIX));
// Encontrar elementos a eliminar // Encontrar elementos a eliminar
const rolesToDelete = differences(sambaCurrentRoles, rolesName); const rolesToDelete = differences(sambaCurrentRoles, rolesName);
@ -252,7 +254,7 @@ module.exports = Self => {
usersMap.set('group1', ['employee']); usersMap.set('group1', ['employee']);
if (rolesToDelete.length > 0) { if (rolesToDelete.length > 0) {
// PROCEDIMIENTO PARA ELIMINAR USUARIOS ASOCIADOS AL ROL // PROCEDIMIENTO PARA ELIMINAR USUARIOS ASOCIADOS AL ROL
let usersToDelete = rolesToDelete.flatMap(role => { let usersToUngroup = rolesToDelete.flatMap(role => {
const exist = usersMap.get(role); const exist = usersMap.get(role);
if (exist) { if (exist) {
@ -262,49 +264,47 @@ module.exports = Self => {
} else return []; } else return [];
} }
); );
const resultsUserDelete = await Promise.all(usersToDelete); const resultsUsersUngroup = await Promise.all(usersToUngroup);
printResults(resultsUsersUngroup);
// PROCEDIMIENTO PARA ELIMINAR ROLES // PROCEDIMIENTO PARA ELIMINAR ROLES
//const resultsRoleDelete = await Promise.all( const resultsRoleDelete = await Promise.all(
// rolesToDelete.map(role => this.sambaTool('group', ['delete', role])) rolesToDelete.map(role => this.sambaTool('group', ['delete', role]))
// ); );
printResults(resultsRoleDelete);
} }
if (rolesToInsert.length > 0) { if (rolesToInsert.length > 0) {
// PROCEDIMIENTO PARA INSERTAR ROLES // PROCEDIMIENTO PARA INSERTAR ROLES
const resultsRoleInsert = await Promise.all( const resultsRoleInsert = await Promise.all(
rolesToInsert.map(({description,vn}) => this.sambaTool('group', ['add', vn, `--description="${description}"`])) rolesToInsert.map(
({description, name}) =>
this.sambaTool('group',
['add', name, `--groupou=${this.groupDN}`, `--description="${description}"`]))
); );
resultsRoleInsert.forEach(({stdout}) => console.log(stdout)); printResults(resultsRoleInsert);
// PROCEDIMIENTO PARA INSERTAR USUARIOS ASOCIADOS AL ROL
let usersToInsert = rolesToInsert.flatMap(({name: role} )=> usersMap.get(role).map(
a => this.sambaTool('user', ['add', a,
'--random-password', '--must-change-at-next-login'])
)
);
const resultsUserInsert = await Promise.all(usersToInsert);
resultsUserInsert.forEach(({stdout}) => console.log(stdout));
// PROCEDIMIENTO PARA INSERTAR USUARIOS ASOCIADOS AL ROL // PROCEDIMIENTO PARA INSERTAR USUARIOS ASOCIADOS AL ROL
let usersToGroup = rolesToInsert.flatMap(role => usersMap.get(role.name).map( let usersToGroup = rolesToInsert.flatMap(role => usersMap.get(role.name).map(
a => this.sambaTool('group', ['addmembers', role.vn, a]) a => this.sambaTool('group', ['addmembers', role.name, a])
) )
); );
const resultsUserGroup = await Promise.all(usersToGroup); const resultsUserGroup = await Promise.all(usersToGroup);
resultsUserGroup.forEach(({stdout}) => console.log(stdout)); printResults(resultsUserGroup);
} }
if (rolesToUpdate.length > 0) { if (rolesToUpdate.length > 0) {
let promises = []; let promises = [];
//OBTENER LDAPSJS MIEMBROS ROLES // OBTENER LDAPSJS MIEMBROS ROLES
for await (const role of rolesToUpdate) { for await (const role of rolesToUpdate) {
const users = await this.sambaTool('group', ['listmembers', role]); const users = await this.sambaTool('group', ['listmembers', role]);
const usersToDelete = differences(users, usersMap.get(role)); const usersToDelete = differences(users, usersMap.get(role));
promises.push(usersToDelete.map(user => this.sambaTool('group', ['removemembers', user.name]))); promises.push(usersToDelete.map(user =>
this.sambaTool('group', ['removemembers', user.name])));
const usersToInsert = differences(usersMap.get(role), users); const usersToInsert = differences(usersMap.get(role), users);
promises.push(usersToInsert.map(user => this.sambaTool('group', ['addmembers', user.name]))); promises.push(usersToInsert.map(user =>
this.sambaTool('group', ['addmembers', role.name, user.name])));
await Promise.all(promises); await Promise.all(promises);
} }

9
modules/account/back/util/helpers.js
View File

@ -1,12 +1,17 @@
module.exports ={ module.exports = {
toMap, toMap,
binarySearch, binarySearch,
differences, differences,
printResults,
handleExecResponse handleExecResponse
}; };
function handleExecResponse({stdin, stdout}) { function handleExecResponse({stdin, stdout}) {
return stdout.split("\n"); return stdout.split('\n');
}
function printResults(results) {
// eslint-disable-next-line no-console
results.forEach(({stdout}) => console.log(stdout));
} }
function toMap(array, fn) { function toMap(array, fn) {