activeldap 4.0.4 → 4.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/doc/text/news.textile +25 -0
- data/doc/text/rails.textile +1 -1
- data/lib/active_ldap/connection.rb +1 -1
- data/lib/active_ldap/ldif.rb +6 -0
- data/lib/active_ldap/railties/controller_runtime.rb +6 -6
- data/lib/active_ldap/schema/syntaxes.rb +27 -3
- data/lib/active_ldap/user_password.rb +13 -3
- data/lib/active_ldap/version.rb +1 -1
- data/test/test_ldif.rb +21 -0
- data/test/test_user_password.rb +105 -21
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4f80df61b7c3ce5999e745306e16007bc5b17f6d
|
4
|
+
data.tar.gz: 6de78b2c730aab8884c3de3d0a49efce255a45b3
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2a6bbedd08e66e15391642d7c37132e4c83b90c01d2fbf213fbdcdff9352a80f0112716f28e1c373b89908f18d5a2b5f36975425c1d248c6b094cc4a02e3df4b
|
7
|
+
data.tar.gz: 472d41a261d52c4001f333fbdf5e07e4450cfbff210cf199a592e9e47c7f123032c250f6ebea79b9e7d7c9c1989e3d93742cfa92e0fb6e2404f35cf0ab7e4d70
|
data/doc/text/news.textile
CHANGED
@@ -1,5 +1,30 @@
|
|
1
1
|
h1. News
|
2
2
|
|
3
|
+
h2(#release-4-0-5). 4.0.5: 2016-01-20
|
4
|
+
|
5
|
+
h3. Improvements
|
6
|
+
|
7
|
+
* Supported @unicodePwd@ in Active Directory
|
8
|
+
[GitHub#105] [Reported by Laas Toom]
|
9
|
+
* Supported Blowfish, SHA-256 and SHA-512 password hash with salt.
|
10
|
+
[GitHub#108] [Patch by Gary Richards]
|
11
|
+
* Supported Ruby 2.2.
|
12
|
+
[GitHub#115] [Reported by Jan Zikan]
|
13
|
+
[GitHub#125] [Patch by Bohuslav Blín]
|
14
|
+
* Supported Ruby 2.3.
|
15
|
+
|
16
|
+
h3. Fixes
|
17
|
+
|
18
|
+
* Fixed documentation for @rails generate@.
|
19
|
+
[GitHub#107] [Patch by Gary Richards]
|
20
|
+
|
21
|
+
h3. Thanks
|
22
|
+
|
23
|
+
* Laas Toom
|
24
|
+
* Gary Richards
|
25
|
+
* Jan Zikan
|
26
|
+
* Bohuslav Blín
|
27
|
+
|
3
28
|
h2(#release-4-0-4). 4.0.4: 2014-10-11
|
4
29
|
|
5
30
|
h3. Improvements
|
data/doc/text/rails.textile
CHANGED
@@ -96,7 +96,7 @@ end
|
|
96
96
|
You can also generate a Group model by the following command:
|
97
97
|
|
98
98
|
<pre class="command">
|
99
|
-
% script/rails generate model Group --classes PosixGroup
|
99
|
+
% script/rails generate active_ldap:model Group --classes PosixGroup
|
100
100
|
</pre>
|
101
101
|
|
102
102
|
app/model/group.rb:
|
@@ -55,7 +55,7 @@ module ActiveLdap
|
|
55
55
|
def clear_active_connection_name
|
56
56
|
@active_connection_name = nil
|
57
57
|
ObjectSpace.each_object(Class) do |klass|
|
58
|
-
if klass < self and !klass.name.blank?
|
58
|
+
if klass < self and !klass.name.blank? and !klass.frozen?
|
59
59
|
klass.instance_variable_set("@active_connection_name", nil)
|
60
60
|
end
|
61
61
|
end
|
data/lib/active_ldap/ldif.rb
CHANGED
@@ -140,6 +140,8 @@ module ActiveLdap
|
|
140
140
|
def read_external_file
|
141
141
|
uri_string = @scanner.scan(URI::ABS_URI)
|
142
142
|
raise uri_is_missing if uri_string.nil?
|
143
|
+
uri_string.chomp!
|
144
|
+
|
143
145
|
uri = nil
|
144
146
|
begin
|
145
147
|
uri = URI.parse(uri_string)
|
@@ -441,6 +443,10 @@ module ActiveLdap
|
|
441
443
|
invalid_ldif(_("URI is invalid: %s: %s") % [uri_string, message])
|
442
444
|
end
|
443
445
|
|
446
|
+
def uri_is_missing
|
447
|
+
invalid_ldif(_("URI is missing"))
|
448
|
+
end
|
449
|
+
|
444
450
|
def modify_spec_separator_is_missing
|
445
451
|
invalid_ldif(_("'-' is missing"))
|
446
452
|
end
|
@@ -5,11 +5,11 @@ module ActiveLdap
|
|
5
5
|
module Railties
|
6
6
|
module ControllerRuntime #:nodoc:
|
7
7
|
extend ActiveSupport::Concern
|
8
|
-
|
8
|
+
|
9
9
|
protected
|
10
|
-
|
10
|
+
|
11
11
|
attr_internal :ldap_runtime
|
12
|
-
|
12
|
+
|
13
13
|
def process_action(action, *args)
|
14
14
|
# We also need to reset the runtime before each action
|
15
15
|
# because of queries in middleware or in cases we are streaming
|
@@ -17,7 +17,7 @@ module ActiveLdap
|
|
17
17
|
ActiveLdap::LogSubscriber.reset_runtime
|
18
18
|
super
|
19
19
|
end
|
20
|
-
|
20
|
+
|
21
21
|
def cleanup_view_runtime
|
22
22
|
if ActiveLdap::Base.connected?
|
23
23
|
ldap_rt_before_render = ActiveLdap::LogSubscriber.reset_runtime
|
@@ -29,12 +29,12 @@ module ActiveLdap
|
|
29
29
|
super
|
30
30
|
end
|
31
31
|
end
|
32
|
-
|
32
|
+
|
33
33
|
def append_info_to_payload(payload)
|
34
34
|
super
|
35
35
|
payload[:ldap_runtime] = ldap_runtime
|
36
36
|
end
|
37
|
-
|
37
|
+
|
38
38
|
module ClassMethods
|
39
39
|
def log_process_action(payload)
|
40
40
|
messages, ldap_runtime = super, payload[:ldap_runtime]
|
@@ -191,10 +191,15 @@ module ActiveLdap
|
|
191
191
|
fraction = match_data[-2]
|
192
192
|
fraction = fraction.to_f if fraction
|
193
193
|
time_zone = match_data[-1]
|
194
|
+
arguments = [
|
195
|
+
year, month, day, hour, minute, second, fraction, time_zone,
|
196
|
+
Time.now,
|
197
|
+
]
|
198
|
+
if Time.method(:make_time).arity == 10
|
199
|
+
arguments.unshift(value)
|
200
|
+
end
|
194
201
|
begin
|
195
|
-
Time.send(:make_time,
|
196
|
-
year, month, day, hour, minute, second, fraction,
|
197
|
-
time_zone, Time.now)
|
202
|
+
Time.send(:make_time, *arguments)
|
198
203
|
rescue ArgumentError
|
199
204
|
raise if year >= 1700
|
200
205
|
out_of_range_messages = ["argument out of range",
|
@@ -444,6 +449,25 @@ module ActiveLdap
|
|
444
449
|
# String(NT-Sec-Desc) 1.2.840.113556.1.4.907
|
445
450
|
SYNTAXES["1.2.840.113556.1.4.907"] = self
|
446
451
|
end
|
452
|
+
|
453
|
+
class UnicodePwd < OctetString
|
454
|
+
# @see http://msdn.microsoft.com/en-us/library/cc220961.aspx
|
455
|
+
# cn: Unicode-Pwd
|
456
|
+
# ldapDisplayName: unicodePwd
|
457
|
+
# attributeId: 1.2.840.113556.1.4.90
|
458
|
+
# attributeSyntax: 2.5.5.10
|
459
|
+
# omSyntax: 4
|
460
|
+
# isSingleValued: TRUE
|
461
|
+
# schemaIdGuid: bf9679e1-0de6-11d0-a285-00aa003049e2
|
462
|
+
# systemOnly: FALSE
|
463
|
+
# searchFlags: 0
|
464
|
+
# systemFlags: FLAG_SCHEMA_BASE_OBJECT
|
465
|
+
# schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
|
466
|
+
#
|
467
|
+
# @see http://msdn.microsoft.com/en-us/library/cc223177.aspx
|
468
|
+
# String(Octet) 2.5.5.10
|
469
|
+
SYNTAXES["1.2.840.113556.1.4.90"] = self
|
470
|
+
end
|
447
471
|
end
|
448
472
|
end
|
449
473
|
end
|
@@ -5,6 +5,8 @@ require 'digest/sha1'
|
|
5
5
|
|
6
6
|
module ActiveLdap
|
7
7
|
module UserPassword
|
8
|
+
include GetText
|
9
|
+
|
8
10
|
module_function
|
9
11
|
def valid?(password, hashed_password)
|
10
12
|
unless /^\{([A-Za-z][A-Za-z\d]+)\}/ =~ hashed_password
|
@@ -37,10 +39,18 @@ module ActiveLdap
|
|
37
39
|
end
|
38
40
|
|
39
41
|
def extract_salt_for_crypt(crypted_password)
|
40
|
-
if
|
41
|
-
$MATCH
|
42
|
+
if /\A\$(?:1|5|6|2a)\$[a-zA-Z0-9.\/]{,16}\$/ =~ crypted_password
|
43
|
+
$MATCH
|
42
44
|
else
|
43
|
-
crypted_password[0, 2]
|
45
|
+
salt = crypted_password[0, 2]
|
46
|
+
if salt.size != 2
|
47
|
+
raise ArgumentError, _("salt size must be 2: <%s>") % salt
|
48
|
+
end
|
49
|
+
unless /\A[a-zA-Z0-9.\/]{2}\z/ =~ salt
|
50
|
+
message = _("salt character must be [a-zA-Z0-9./]: <%s>") % salt
|
51
|
+
raise ArgumentError, message
|
52
|
+
end
|
53
|
+
salt
|
44
54
|
end
|
45
55
|
end
|
46
56
|
|
data/lib/active_ldap/version.rb
CHANGED
data/test/test_ldif.rb
CHANGED
@@ -1247,6 +1247,27 @@ uid: hjensen
|
|
1247
1247
|
EOL
|
1248
1248
|
end
|
1249
1249
|
|
1250
|
+
def test_record_with_external_file_reference_is_invalid
|
1251
|
+
ldif_source = <<-EOL
|
1252
|
+
version: 1
|
1253
|
+
dn: cn=Horatio Jensen, ou=Product Testing, dc=airius, dc=com
|
1254
|
+
objectclass: top
|
1255
|
+
objectclass: person
|
1256
|
+
objectclass: organizationalPerson
|
1257
|
+
cn: Horatio Jensen
|
1258
|
+
sn: Jensen
|
1259
|
+
uid: hjensen
|
1260
|
+
jpegphoto:< INVALID_URI
|
1261
|
+
EOL
|
1262
|
+
|
1263
|
+
ldif_source_with_error_mark = <<-EOL
|
1264
|
+
jpegphoto:< |@|INVALID_URI
|
1265
|
+
EOL
|
1266
|
+
|
1267
|
+
assert_invalid_ldif("URI is missing",
|
1268
|
+
ldif_source, 9, 13, ldif_source_with_error_mark)
|
1269
|
+
end
|
1270
|
+
|
1250
1271
|
def test_records_with_option_attributes
|
1251
1272
|
ldif_source = <<-EOL
|
1252
1273
|
version: 1
|
data/test/test_user_password.rb
CHANGED
@@ -24,25 +24,107 @@ class TestUserPassword < Test::Unit::TestCase
|
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
27
|
+
sub_test_case("crypt") do
|
28
|
+
def test_encrypt
|
29
|
+
salt = ".WoUoU9f3IlUx9Hh7D/8y.xA6ziklGib"
|
30
|
+
assert_equal("{CRYPT}.W57FZhV52w0s",
|
31
|
+
ActiveLdap::UserPassword.crypt("password", salt))
|
32
|
+
|
33
|
+
password = "PASSWORD"
|
34
|
+
hashed_password = ActiveLdap::UserPassword.crypt(password)
|
35
|
+
salt = hashed_password.sub(/^\{CRYPT\}/, '')
|
36
|
+
assert_equal(hashed_password,
|
37
|
+
ActiveLdap::UserPassword.crypt(password, salt))
|
38
|
+
end
|
38
39
|
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
40
|
+
sub_test_case("extract_salt") do
|
41
|
+
sub_test_case("base format") do
|
42
|
+
def test_less
|
43
|
+
message = "salt size must be 2: <a>"
|
44
|
+
assert_raise(ArgumentError.new(message)) do
|
45
|
+
extract_salt(:crypt, "a")
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def test_exact
|
50
|
+
assert_extract_salt(:crypt, "ab", "ab")
|
51
|
+
end
|
52
|
+
|
53
|
+
def test_more
|
54
|
+
assert_extract_salt(:crypt, "ab", "abc")
|
55
|
+
end
|
56
|
+
end
|
57
|
+
|
58
|
+
sub_test_case("glibc2 format") do
|
59
|
+
sub_test_case("ID") do
|
60
|
+
def test_md5
|
61
|
+
assert_extract_salt(:crypt, "$1$abcdefgh$", "$1$abcdefgh$")
|
62
|
+
end
|
63
|
+
|
64
|
+
def test_blowfish
|
65
|
+
assert_extract_salt(:crypt, "$2a$abcdefgh$", "$2a$abcdefgh$")
|
66
|
+
end
|
67
|
+
|
68
|
+
def test_sha256
|
69
|
+
assert_extract_salt(:crypt, "$5$abcdefgh$", "$5$abcdefgh$")
|
70
|
+
end
|
71
|
+
|
72
|
+
def test_sha512
|
73
|
+
assert_extract_salt(:crypt, "$6$abcdefgh$", "$6$abcdefgh$")
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
sub_test_case("salt") do
|
78
|
+
def test_not_teminated
|
79
|
+
message = "salt character must be [a-zA-Z0-9./]: <$1>"
|
80
|
+
assert_raise(ArgumentError.new(message)) do
|
81
|
+
extract_salt(:crypt, "$1$")
|
82
|
+
end
|
83
|
+
end
|
84
|
+
|
85
|
+
def test_empty
|
86
|
+
assert_extract_salt(:crypt, "$1$$", "$1$$")
|
87
|
+
end
|
88
|
+
|
89
|
+
def test_lower_case
|
90
|
+
assert_extract_salt(:crypt, "$1$abc$", "$1$abc$")
|
91
|
+
end
|
92
|
+
|
93
|
+
def test_upper_case
|
94
|
+
assert_extract_salt(:crypt, "$1$ABC$", "$1$ABC$")
|
95
|
+
end
|
96
|
+
|
97
|
+
def test_digit
|
98
|
+
assert_extract_salt(:crypt, "$1$012$", "$1$012$")
|
99
|
+
end
|
100
|
+
|
101
|
+
def test_dot
|
102
|
+
assert_extract_salt(:crypt, "$1$...$", "$1$...$")
|
103
|
+
end
|
104
|
+
|
105
|
+
def test_slash
|
106
|
+
assert_extract_salt(:crypt, "$1$///$", "$1$///$")
|
107
|
+
end
|
108
|
+
|
109
|
+
def test_mix
|
110
|
+
assert_extract_salt(:crypt, "$1$aA0./$", "$1$aA0./$")
|
111
|
+
end
|
112
|
+
|
113
|
+
def test_max
|
114
|
+
assert_extract_salt(:crypt,
|
115
|
+
"$1$0123456789abcdef$",
|
116
|
+
"$1$0123456789abcdef$")
|
117
|
+
end
|
118
|
+
|
119
|
+
def test_over
|
120
|
+
message = "salt character must be [a-zA-Z0-9./]: <$1>"
|
121
|
+
assert_raise(ArgumentError.new(message)) do
|
122
|
+
extract_salt(:crypt, "$1$0123456789abcdefg$")
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|
126
|
+
end
|
127
|
+
end
|
46
128
|
end
|
47
129
|
|
48
130
|
def test_md5
|
@@ -94,10 +176,12 @@ class TestUserPassword < Test::Unit::TestCase
|
|
94
176
|
end
|
95
177
|
|
96
178
|
private
|
179
|
+
def extract_salt(type, hashed_password)
|
180
|
+
ActiveLdap::UserPassword.send("extract_salt_for_#{type}",
|
181
|
+
hashed_password)
|
182
|
+
end
|
97
183
|
def assert_extract_salt(type, expected, hashed_password)
|
98
|
-
|
99
|
-
hashed_password)
|
100
|
-
assert_equal(expected, actual)
|
184
|
+
assert_equal(expected, extract_salt(type, hashed_password))
|
101
185
|
end
|
102
186
|
|
103
187
|
def encode64(string)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: activeldap
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 4.0.
|
4
|
+
version: 4.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Will Drewry
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2016-01-20 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activemodel
|
@@ -347,7 +347,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
347
347
|
version: '0'
|
348
348
|
requirements: []
|
349
349
|
rubyforge_project: ruby-activeldap
|
350
|
-
rubygems_version: 2.
|
350
|
+
rubygems_version: 2.4.5.1
|
351
351
|
signing_key:
|
352
352
|
specification_version: 4
|
353
353
|
summary: ActiveLdap is a object-oriented API to LDAP
|