acs-ldap 0.1.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 87192732f0e5cc5b001b0e80b18887dbb0179c62
+  data.tar.gz: ae9fb51329987aa1ff619c54db70fb65e6bb49f8
+SHA512:
+  metadata.gz: 64435288cabd7ab71f7d751e0538c490237a510816f795e79b311086dbba8aa186e0953a25fea8fd17682ccfa982ac866d5f6353494a4f5d14df66d4f534873d
+  data.tar.gz: 84a22a7ae34ab3408bd744f659e88d968390caf0ccb973b53be7b839048d4bab99ac41a229e16f21b19f65d331a370afd0470a76f4ac045df2666cd33c0b3bb5

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in acs-ldap.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Terranova David
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,31 @@
+# Acs::Ldap
+
+ActiveRecord to LDAP adapter
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'acs-ldap'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install acs-ldap
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/acs-ldap/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,15 @@
+require "bundler/gem_tasks"
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'spec'
+  t.pattern = "spec/*_spec.rb"
+end
+
+desc "Run tests"
+task :default => :test
+
+desc "Open an irb session preloaded with this library"
+task :console do
+  sh "irb -rubygems -I lib -r acs/ldap"
+end

data/acs-ldap.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'acs/ldap/version'
+
+Gem::Specification.new do |s|
+  s.name          = "acs-ldap"
+  s.version       = Acs::Ldap::VERSION
+  s.authors       = ["Terranova David"]
+  s.email         = ["dterranova@adhara-cybersecurity.com"]
+  s.summary       = %q{ActiveRecord to LDAP adapter}
+  s.description   = %q{ActiveRecord to LDAP adapter}
+  s.homepage      = ""
+  s.license       = "MIT"
+
+  s.files         = `git ls-files -z`.split("\x0")
+  s.executables   = s.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  s.test_files    = s.files.grep(%r{^(test|spec|features)/})
+  s.require_paths = ["lib"]
+
+  s.add_development_dependency "bundler", "~> 1.7"
+  s.add_development_dependency "rake", "~> 10.0"
+  s.add_development_dependency "rspec"
+  s.add_development_dependency "debugger2"
+
+  s.add_dependency 'net-ldap'
+  s.add_dependency 'rails'
+end

data/lib/acs/ldap/connector.rb

@@ -0,0 +1,141 @@
+class Acs::Ldap::Connector
+
+  def initialize(options = {})
+    @host     = options[:host] || '127.0.0.1'
+    @port     = options[:port] || 389
+    @base     = options[:base] || nil
+    @dn       = options[:dn] || nil
+    @password = options[:password] || nil
+    @tls      = options[:tls] || false
+
+    @connected = false
+  end
+
+  def ldap_params
+    ldap_params = {
+      host: @host,
+      port: @port,
+      base: @base,
+      auth: {
+        method: :simple, #other method ?
+        username: @dn,
+        password: @password
+      }
+    }
+
+    ldap_params[:encryption] = :simple_tls if @tls
+
+    logger.debug "Connection params: #{ldap_params}"
+
+    ldap_params
+  end
+
+  def search(options = {})
+    base        = options[:base] || nil
+    filter      = options[:filter] || nil # instance of Net::LDAP::Filter
+    attributes  = options[:attributes] || nil
+    logger.info "Search base '#{base}' filter '#{filter}' attributes '#{attributes}'"
+    entries = []
+    get_connection.search({base: base, filter: filter, attributes: attributes}) do |entry|
+      entries << entry
+    end
+    result = Acs::Ldap::Result.new(get_connection.get_operation_result, entries)
+    logger.info "Search result #{result}"
+    result
+  end
+
+  def search_by(base, key, value, attributes = nil)
+    filter = Net::LDAP::Filter.eq(key, value.to_s)
+    search({base: base, filter: filter, attributes: attributes})
+  end
+
+  def search_one(base, key, value, attributes = nil)
+    result = search_by(base, key, value, attributes)
+    if result.data.count > 0
+      result.data[0]
+    else
+      nil
+    end
+  end
+
+  def add(dn, attributes)
+    #debugger
+    logger.info "Add dn '#{dn}'  attributes '#{attributes.inspect}'"
+    get_connection.add(dn: dn, attributes: attributes)
+    result = Acs::Ldap::Result.new(get_connection.get_operation_result)
+    logger.info "Add result #{result}"
+
+    result
+  end
+
+  def update(dn, operations)
+    logger.info "Modify dn '#{dn}' operations '#{operations.inspect}'"
+    get_connection.modify(dn: dn, operations: operations)
+    result = Acs::Ldap::Result.new(get_connection.get_operation_result)
+    logger.info "Modify result #{result}"
+
+    result
+  end
+
+  def delete(dn)
+    logger.info "Delete dn '#{dn}'"
+    get_connection.delete(dn: dn)
+    result = Acs::Ldap::Result.new(get_connection.get_operation_result)
+    logger.info "Delete result #{result}"
+
+    result
+  end
+
+  def delete_all(ou)
+    logger.info "Delete all ou=#{ou}"
+    search({base: "ou=#{ou},#{base}", attributes: 'uid'}).data.each do |entry|
+      delete(entry[:dn].first) if entry[:uid].present?
+    end
+  end
+
+  def base
+    @base
+  end
+
+  def close_connection
+    if @connected
+      @ldap = nil
+    end
+    @connected = false
+  end
+
+  def get_connection
+    if @connected
+      @ldap
+    else
+      connect
+    end
+  end
+
+protected
+
+  # get_connection should be used
+  def connect
+    logger.debug "LDAP connect"
+    if ! @connected
+      logger.debug "Binding to ldap..."
+      @ldap = Net::LDAP.new(ldap_params)
+      if @ldap.bind
+        logger.debug "Connection succeed"
+        @connected = true
+      else
+        @connected = false
+        logger.debug "Connection failed"
+      end
+      @ldap
+    else
+      @logger.debug "LDAP already connected"
+      nil
+    end
+  end
+
+  def logger
+    Acs::Ldap.logger
+  end
+
+end

data/lib/acs/ldap/logger.rb

@@ -0,0 +1,77 @@
+class Acs::Ldap::Logger < ::Logger
+
+  def self.error(message)
+      build.error(message)
+    end
+
+    def self.info(message)
+      build.info(message)
+    end
+
+    def self.debug(message)
+      build.debug(message)
+    end
+
+    def self.read_latest
+      path = Rails.root.join("log", file_name)
+      self.build unless File.exist?(path)
+      tail_output, _ = Manager::Popen.popen(%W(tail -n 2000 #{path}))
+      tail_output.split("\n")
+    end
+
+    def self.read_latest_for filename
+      path = Rails.root.join("log", filename)
+      tail_output, _ = Manager::Popen.popen(%W(tail -n 2000 #{path}))
+      tail_output.split("\n")
+    end
+
+    def self.build
+      new(Rails.root.join("log", file_name))
+    end
+
+    def self.file_name
+      file_name_noext + '.log'
+    end
+
+    def format_message(severity, timestamp, progname, msg)
+      "#{severity} : #{timestamp.strftime("%y-%m-%d %H:%M:%S:%L %z")} : #{msg}\n"
+    end
+
+    def self.archive
+      %x(gzip -c #{file_path} > #{targz_file_path})
+    end
+
+    def self.clear
+      %x(echo > #{file_path})
+    end
+
+    def self.size
+      File.new(file_path).size
+    end
+
+    def self.targz_file_path
+      targz_file_name = "#{file_name}-" + %x(date "+%Y%m%d_%H%M%S").gsub("\n", '') + ".gz"
+      Rails.root.join("log", targz_file_name).to_s
+    end
+
+    def self.file_path
+      if Rails.root.present?
+        Rails.root.join("log", file_name).to_s
+      else
+        [Dir.pwd, "log", file_name].join("/").to_s
+      end
+    end
+
+    def self.build
+      # File.delete(file_path)
+      self.new(file_path)
+    end
+
+
+    ##########
+
+    def self.file_name
+      "acs_ldap.log"
+    end
+
+end

data/lib/acs/ldap/model.rb

@@ -0,0 +1,81 @@
+class Acs::Ldap::Model
+
+  def initialize(connector, options = {})
+    @connector = connector
+    @id = options[:id] || :id
+  end
+
+  def ou
+    @ou
+  end
+
+  def base
+    "ou=#{ou},#{@connector.base}"
+  end
+
+  def dn(model)
+    "uid=#{model.send @id},#{base}"
+  end
+
+  def find_by(key, value)
+    @connector.search_by(
+      base,
+      key,
+      value
+    )
+  end
+
+  def create(model)
+    attributes = attributes(model).except!(:uid)
+    attributes.merge!(objectClass: object_class)
+
+    @connector.add(
+      dn(model),
+      #base,
+      attributes
+    )
+  end
+
+  def update(model, attributes = nil)
+    operations = []
+    update_attributes = []
+    update_attributes << attributes
+    update_attributes.flatten
+    attributes(model).each do |sym, value|
+      if attributes == nil || update_attributes.include?(sym)
+        operations << [:replace, sym.to_s, value] unless sym.to_s == "uid"
+      end
+    end
+    @connector.update(
+      dn(model),
+      operations
+    )
+  end
+
+  def destroy(model)
+    @connector.delete(dn(model))
+  end
+
+  def flush
+    @connector.delete_all(ou)
+  end
+
+  def count
+    count = 0
+    @connector.search({base: base}).data.each do |entry|
+      count += 1 if entry[:uid].present?
+    end
+    count
+  end
+
+  def exist?(model)
+    @connector.search({base: dn(model)}).data.length > 0
+  end
+
+protected
+
+  def logger
+    Acs::Ldap.logger
+  end
+
+end

data/lib/acs/ldap/result.rb

@@ -0,0 +1,42 @@
+class Acs::Ldap::Result
+  def initialize(result, data = nil, log = false)
+    @code = result.code
+    @dn = result.matched_dn
+    @message = result.message
+    @data = data
+    logger.info to_s if log
+  end
+
+  def success?
+    @code == 0
+  end
+
+  def code
+    @code
+  end
+
+  def dn
+    @dn
+  end
+
+  def message
+    @message
+  end
+
+  def data=(data)
+    @data = data
+  end
+
+  def data
+    @data
+  end
+
+  def to_s
+    result = success? ? 'SUCCESS' : 'ERROR'
+    "#{result} return code:#{@code}, matched_dn: #{@dn}, message:#{@message}, data:#{@data.inspect}"
+  end
+
+  def logger
+    Acs::Ldap.logger
+  end
+end

data/lib/acs/ldap/version.rb

@@ -0,0 +1,5 @@
+module Acs
+  module Ldap
+    VERSION = "0.1.2"
+  end
+end

data/lib/acs/ldap.rb

@@ -0,0 +1,28 @@
+require 'rails'
+require 'net/ldap'
+require "acs/ldap/version"
+
+require "acs/ldap/logger"
+require "acs/ldap/result"
+require "acs/ldap/connector"
+require "acs/ldap/model"
+
+module Acs
+  module Ldap
+
+    def self.logger
+      @logger || Acs::Ldap::Logger
+    end
+
+    def self.logger=(logger)
+      @logger = logger
+    end
+
+    class Railtie < ::Rails::Railtie
+      initializer :acs_ldap do |app|
+        Acs::Ldap.logger = Rails.logger
+      end
+    end
+
+  end
+end

data/spec/acs/ldap/connector_spec.rb

@@ -0,0 +1,58 @@
+require 'spec_helper'
+
+describe Acs::Ldap::Connector, order: :defined do
+  before(:context) do
+    @connector = Acs::Ldap::Connector.new({host: '192.168.59.103', port: 49389, base: "dc=adharacs,dc=lan", dn: "cn=admin,dc=adharacs,dc=lan", password: "admin"})
+  end
+
+  it "should be possible to create a connector" do
+    expect(@connector).not_to be_nil
+  end
+
+  it "should be possible to create a connection" do
+    expect(@connector.get_connection()).not_to be_nil
+  end
+
+  it "should be possible to search without specs" do
+    expect(@connector.search()).not_to be_nil
+  end
+
+  it "should be possible to add a user" do
+    result = @connector.add(
+    "uid=1,ou=people,dc=adharacs,dc=lan",
+    {
+      sn: "john.doe",
+      cn: "John Doe",
+      givenName: "John Doe",
+      mail: "john.doe@adharacs.lan",
+      userPassword: "{SSHA}+MBMtUqzkOeH8hI1KVnl+djdqzw0YmU5M2Y5MmQyOTgxMDU1",
+      objectClass: [
+        "organizationalPerson",
+        "person",
+        "top",
+        "extensibleObject"
+      ]
+    }
+    )
+    expect(result.success?).to eq true
+  end
+
+  it "should be possible to find a user" do
+    result = @connector.search_by(
+      "ou=people,dc=adharacs,dc=lan",
+      'mail',
+      'john.doe@adharacs.lan',
+      'mail'
+    )
+    expect(result.success?).to eq true
+    expect(result.data.length).to eq 1
+  end
+
+  it "should be possible to remove a user" do
+    result = @connector.delete(
+    "uid=1,ou=people,dc=adharacs,dc=lan"
+    )
+    expect(result.success?).to eq true
+  end
+
+end

data/spec/acs/ldap/model_spec.rb

@@ -0,0 +1,86 @@
+require 'spec_helper'
+
+describe Acs::Ldap::Model, order: :defined do
+  before(:context) do
+    @connector = Acs::Ldap::Connector.new({host: '192.168.59.103', port: 49389, base: "dc=adharacs,dc=lan", dn: "cn=admin,dc=adharacs,dc=lan", password: "admin"})
+    @user_model = UserModel.new(@connector)
+    @user = User.new({uid: 2, sn: "dark.vador", cn: "dark.vador", givenName: "Dark Vador", userPassword: "{SSHA}+MBMtUqzkOeH8hI1KVnl+djdqzw0YmU5M2Y5MmQyOTgxMDU1", mail: "dvador@adharacs.lan"})
+  end
+
+  it "should be possible to flush an OU" do
+    @user_model.flush
+    expect(@user_model.count).to eq 0
+  end
+
+  it "should be possible to create a User" do
+    expect(@user_model.create(@user).success?).to eq true
+    expect(@user_model.count).to eq 1
+  end
+
+  it "should be possible to update a User" do
+    @user.givenName = "Vador Dark"
+    expect(@user_model.update(@user, :givenName).success?).to eq true
+    expect(@user_model.find_by('uid', 2).data[0][:givenName]).to eq ["Vador Dark"]
+  end
+
+  it "should be possible to remove a User" do
+    expect(@user_model.destroy(@user).success?).to eq true
+    expect(@user_model.count).to eq 0
+  end
+
+  it "should be possible to check if a User exists" do
+    @user_model.flush
+    expect(@user_model.exist?(@user)).to eq false
+    @user_model.create(@user)
+    expect(@user_model.exist?(@user)).to eq true
+    @user_model.flush
+  end
+
+  class UserModel < Acs::Ldap::Model
+    def initialize(connector, ou = nil)
+      @ou = ou || 'people'
+      super(connector, {id: :uid})
+    end
+
+    def attributes(user)
+      {
+        uid: user.id,
+        sn: user.sn,
+        cn: user.cn,
+        givenName: user.givenName,
+        mail: user.mail,
+        userPassword: user.userPassword
+      }
+    end
+
+    def object_class
+      [
+        "organizationalPerson",
+        "person",
+        "top",
+        "extensibleObject"
+      ]
+    end
+  end
+
+  class User
+
+    def initialize(options = {})
+      @options = options
+    end
+
+    def method_missing(method_sym, *args, &block)
+      if args.length > 0
+        @options[method_sym.to_s.gsub(/=/,'').to_sym] = args[0]
+      else
+        @options[method_sym] || nil
+      end
+    end
+
+    def to_s
+      @options.inspect
+    end
+
+  end
+
+end

data/spec/acs/ldap_spec.rb

@@ -0,0 +1,7 @@
+require 'spec_helper'
+
+describe Acs::Ldap do
+  it "should have a default logger" do
+    expect(Acs::Ldap.logger).not_to be nil
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,3 @@
+require 'debugger'
+
+require 'acs/ldap'

metadata

@@ -0,0 +1,150 @@
+--- !ruby/object:Gem::Specification
+name: acs-ldap
+version: !ruby/object:Gem::Version
+  version: 0.1.2
+platform: ruby
+authors:
+- Terranova David
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-03-19 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: debugger2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: net-ldap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ActiveRecord to LDAP adapter
+email:
+- dterranova@adhara-cybersecurity.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- acs-ldap.gemspec
+- lib/acs/ldap.rb
+- lib/acs/ldap/connector.rb
+- lib/acs/ldap/logger.rb
+- lib/acs/ldap/model.rb
+- lib/acs/ldap/result.rb
+- lib/acs/ldap/version.rb
+- log/.keep
+- log/acs_ldap.log
+- spec/acs/ldap/connector_spec.rb
+- spec/acs/ldap/model_spec.rb
+- spec/acs/ldap_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: ActiveRecord to LDAP adapter
+test_files:
+- spec/acs/ldap/connector_spec.rb
+- spec/acs/ldap/model_spec.rb
+- spec/acs/ldap_spec.rb
+- spec/spec_helper.rb