### Copyright 2016 Pixar ### ### Licensed under the Apache License, Version 2.0 (the "Apache License") ### with the following modification; you may not use this file except in ### compliance with the Apache License and the following modification to it: ### Section 6. Trademarks. is deleted and replaced with: ### ### 6. Trademarks. This License does not grant permission to use the trade ### names, trademarks, service marks, or product names of the Licensor ### and its affiliates, except as required to comply with Section 4(c) of ### the License and to reproduce the content of the NOTICE file. ### ### You may obtain a copy of the Apache License at ### ### http://www.apache.org/licenses/LICENSE-2.0 ### ### Unless required by applicable law or agreed to in writing, software ### distributed under the Apache License with the above modification is ### distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY ### KIND, either express or implied. See the Apache License for the specific ### language governing permissions and limitations under the Apache License. ### ### ### module D3 class Client < JSS::Client ################# Class Methods ################# ### Connect to the JSS and the DB with read-only connections ### The connection details must be stored in the D3 and JSS ### CONFIG data. ### def self.connect jss_ro_user = D3::CONFIG.client_jss_ro_user jss_ro_user ||= JSS::CONFIG.api_username db_ro_user = D3::CONFIG.client_db_ro_user db_ro_user ||= JSS::CONFIG.db_username JSS::DB_CNX.connect :server => JSS::CONFIG.db_server_name, :user => db_ro_user, :pw => D3::Client.get_ro_pass(:db), :connect_timeout => 10 JSS::API.connect :server => JSS::CONFIG.api_server_name, :user => jss_ro_user, :pw => D3::Client.get_ro_pass(:jss), :open_timeout => 10 D3::Database.check_schema_version end # connect ### Disconnect from the JSS and DB def self.disconnect JSS::API.disconnect if JSS::API.connected? JSS::DB_CNX.disconnect if JSS::DB_CNX.connected? end # disconnect ### Get a stored read-only password from a file or ### an executable. ### ### Raises a JSS::UnsupportedError if the file isn't ### owned by root with 0600 permissions. ### ### NOTE: for slightly better security, don't store the ### result in a variable, use this method as needed to retrieve ### the passwd every time you need it. ### ### See also D3::Configuration ### ### @param pw[Symbol] which pw to get, one of :jss, :db, :dist, :http ### ### @return [String, nil] the password, or nil if the file ### isn't defiend, or doesn't exist. ### def self.get_ro_pass (pw) raise JSS::InvalidDataError, "Arg must be one of :jss, :db, :dist, :http" unless [:jss, :db, :dist, :http].include? pw path = case pw when :jss then D3::CONFIG.client_jss_ropw_path when :db then D3::CONFIG.client_db_ropw_path when :dist then D3::CONFIG.client_distpoint_ropw_path when :http then D3::CONFIG.client_http_ropw_path end # path = case return nil unless path # if the path ends with a pipe, its a command that will # return the desired password, so remove the pipe, # execute it, and return stdout from it. if path.end_with? "|" return `#{path.chomp "|"}`.chomp end file = Pathname.new path return nil unless file.file? stat = file.stat unless ("%o" % stat.mode).end_with? "0600" and stat.uid == 0 raise JSS::UnsupportedError, "Password file for '#{pw}' has insecure permissions, must be 0600." end # chomping an empty string removes all trailing \n's and \r\n's file.read.chomp('') end ### Actions requiring an admin name end # class Client end # module D3