activeldap3 1.2.3

data/lib/active_ldap/adapter/jndi.rb

@@ -0,0 +1,184 @@
+require 'active_ldap/adapter/base'
+
+module ActiveLdap
+  module Adapter
+    class Base
+      class << self
+        def jndi_connection(options)
+          require 'active_ldap/adapter/jndi_connection'
+          Jndi.new(options)
+        end
+      end
+    end
+
+    class Jndi < Base
+      METHOD = {
+        :ssl => :ssl,
+        :tls => :start_tls,
+        :plain => nil,
+      }
+
+      def connect(options={})
+        super do |host, port, method|
+          uri = construct_uri(host, port, method == :ssl)
+          with_start_tls = method == :start_tls
+          info = {:uri => uri, :with_start_tls => with_start_tls}
+          [log("connect", info) {JndiConnection.new(host, port, method)},
+           uri, with_start_tls]
+        end
+      end
+
+      def unbind(options={})
+        super do
+          execute(:unbind)
+        end
+      end
+
+      def bind_as_anonymous(options={})
+        super do
+          execute(:bind_as_anonymous, :name => "bind: anonymous")
+          true
+        end
+      end
+
+      def search(options={}, &block)
+        super(options) do |base, scope, filter, attrs, limit|
+          info = {
+            :base => base, :scope => scope_name(scope), :filter => filter,
+            :attributes => attrs, :limit => limit,
+          }
+          execute(:search, info, base, scope, filter, attrs, limit, &block)
+        end
+      end
+
+      def delete(targets, options={})
+        super do |target|
+          execute(:delete, {:dn => target}, target)
+        end
+      end
+
+      def add(dn, entries, options={})
+        super do |_dn, _entries|
+          info = {:dn => _dn, :attributes => _entries}
+          execute(:add, info, _dn, parse_entries(_entries))
+        end
+      end
+
+      def modify(dn, entries, options={})
+        super do |_dn, _entries|
+          info = {:dn => _dn, :attributes => _entries}
+          execute(:modify, info, _dn, parse_entries(_entries))
+        end
+      end
+
+      def modify_rdn(dn, new_rdn, delete_old_rdn, new_superior, options={})
+        super do |_dn, _new_rdn, _delete_old_rdn, _new_superior|
+          info = {
+            :name => "modify: RDN",
+            :dn => _dn,
+            :new_rdn => _new_rdn,
+            :new_superior => _new_superior,
+            :delete_old_rdn => _delete_old_rdn
+          }
+          _new_rdn = "#{_new_rdn},#{_new_superior}" if _new_superior
+          execute(:modify_rdn, info, _dn, _new_rdn, _delete_old_rdn)
+        end
+      end
+
+      private
+      def execute(method, info=nil, *args, &block)
+        name = (info || {}).delete(:name) || method
+        log(name, info) {@connection.send(method, *args, &block)}
+      rescue JndiConnection::NamingException
+        if /\[LDAP: error code (\d+) - ([^\]]+)\]/ =~ $!.to_s
+          message = $2
+          klass = LdapError::ERRORS[Integer($1)]
+          klass ||= ActiveLdap::LdapError
+          raise klass, message
+        end
+        raise
+      end
+
+      def ensure_method(method)
+        method ||= "plain"
+        normalized_method = method.to_s.downcase.to_sym
+        return METHOD[normalized_method] if METHOD.has_key?(normalized_method)
+
+        available_methods = METHOD.keys.collect {|m| m.inspect}.join(", ")
+        format = _("%s is not one of the available connect methods: %s")
+        raise ConfigurationError, format % [method.inspect, available_methods]
+      end
+
+      def ensure_scope(scope)
+        scope_map = {
+          :base => JndiConnection::Scope::OBJECT,
+          :one => JndiConnection::Scope::ONE_LEVEL,
+          :sub => JndiConnection::Scope::SUBTREE,
+        }
+        value = scope_map[scope || :sub]
+        if value.nil?
+          available_scopes = scope_map.keys.inspect
+          format = _("%s is not one of the available LDAP scope: %s")
+          raise ArgumentError, format % [scope.inspect, available_scopes]
+        end
+        value
+      end
+
+      def scope_name(scope)
+        {
+          JndiConnection::Scope::OBJECT => :base,
+          JndiConnection::Scope::ONE_LEVEL => :one,
+          JndiConnection::Scope::SUBTREE => :sub,
+        }[scope]
+      end
+
+      def sasl_bind(bind_dn, options={})
+        super do |_bind_dn, mechanism, quiet|
+          info = {
+            :name => "bind: SASL",
+            :dn => _bind_dn,
+            :mechanism => mechanism
+          }
+          execute(:sasl_bind, info, _bind_dn, mechanism, quiet)
+          true
+        end
+      end
+
+      def simple_bind(bind_dn, options={})
+        super do |_bind_dn, password|
+          info = {:name => "bind", :dn => _bind_dn}
+          execute(:simple_bind, info, _bind_dn, password)
+          true
+        end
+      end
+
+      def parse_entries(entries)
+        result = []
+        entries.each do |type, key, attributes|
+          mod_type = ensure_mod_type(type)
+          binary = schema.attribute(key).binary?
+          attributes.each do |name, values|
+            real_binary = binary
+            if values.any? {|value| Ldif::Attribute.binary_value?(value)}
+              real_binary = true
+            end
+            result << JndiConnection::ModifyRecord.new(mod_type, name,
+                                                       values, real_binary)
+          end
+        end
+        result
+      end
+
+      def ensure_mod_type(type)
+        case type
+        when :replace, :add
+          type
+        when :delete
+          :remove
+        else
+          raise ArgumentError, _("unknown type: %s") % type
+        end
+      end
+    end
+  end
+end

data/lib/active_ldap/adapter/jndi_connection.rb

@@ -0,0 +1,185 @@
+require 'java'
+
+java.util.Enumeration.module_eval do
+  include Enumerable
+
+  def each
+    while has_more_elements
+      yield(next_element)
+    end
+  end
+end
+
+module ActiveLdap
+  module Adapter
+    class JndiConnection
+      HashTable = java.util.Hashtable
+      naming = javax.naming
+      directory = naming.directory
+      ldap = naming.ldap
+      InitialDirContext = directory.InitialDirContext
+      InitialLdapContext = ldap.InitialLdapContext
+      SearchControls = directory.SearchControls
+      ModificationItem = directory.ModificationItem
+      BasicAttributes = directory.BasicAttributes
+      Context = naming.Context
+      StartTlsRequest = ldap.StartTlsRequest
+      Control = ldap.Control
+
+      NamingException = naming.NamingException
+      NameNotFoundException = naming.NameNotFoundException
+
+      module Scope
+        OBJECT = SearchControls::OBJECT_SCOPE
+        ONE_LEVEL = SearchControls::ONELEVEL_SCOPE
+        SUBTREE = SearchControls::SUBTREE_SCOPE
+      end
+
+      class ModifyRecord
+        directory = javax.naming.directory
+        DirContext = directory.DirContext
+        BasicAttribute = directory.BasicAttribute
+
+        ADD_ATTRIBUTE = DirContext::ADD_ATTRIBUTE
+        REPLACE_ATTRIBUTE = DirContext::REPLACE_ATTRIBUTE
+        REMOVE_ATTRIBUTE = DirContext::REMOVE_ATTRIBUTE
+
+        attr_reader :type, :name, :values
+        def initialize(type, name, values, binary)
+          @type = self.class.const_get("#{type.to_s.upcase}_ATTRIBUTE")
+          @name = name
+          @values = values
+          @binary = binary
+        end
+
+        def binary?
+          @binary
+        end
+
+        def to_java_modification_item
+          ModificationItem.new(@type, to_java_attribute)
+        end
+
+        def to_java_attribute
+          attribute = BasicAttribute.new(@name)
+          values = @values
+          values = values.collect(&:to_java_bytes) if binary?
+          values.each do |value|
+            attribute.add(value)
+          end
+          attribute
+        end
+      end
+
+      def initialize(host, port, method)
+        @host = host
+        @port = port
+        @method = method
+        @context = nil
+        @tls = nil
+      end
+
+      def unbind
+        @tls.close if @tls
+        @tls = nil
+        @context.close if @context
+        @context = nil
+      end
+
+      def bound?
+        not @context.nil?
+      end
+
+      def sasl_bind(bind_dn, mechanism, quiet)
+        setup_context(bind_dn, password, mechanism)
+        bound?
+      end
+
+      def simple_bind(bind_dn, password)
+        setup_context(bind_dn, password, "simple")
+        bound?
+      end
+
+      def bind_as_anonymous
+        setup_context(nil, nil, "none")
+        bound?
+      end
+
+      def search(base, scope, filter, attrs, limit)
+        controls = SearchControls.new
+        controls.search_scope = scope
+
+        controls.count_limit = limit if limit
+        unless attrs.blank?
+          controls.returning_attributes = attrs.to_java(:string)
+        end
+
+        @context.search(base, filter, controls).each do |result|
+          attributes = {}
+          result.attributes.get_all.each do |attribute|
+            attributes[attribute.get_id] = attribute.get_all.collect do |value|
+              value.is_a?(String) ? value : String.from_java_bytes(value)
+            end
+          end
+          yield([result.name_in_namespace, attributes])
+        end
+      end
+
+      def add(dn, records)
+        attributes = BasicAttributes.new
+        records.each do |record|
+          attributes.put(record.to_java_attribute)
+        end
+        @context.create_subcontext(dn, attributes)
+      end
+
+      def modify(dn, records)
+        items = records.collect(&:to_java_modification_item)
+        @context.modify_attributes(dn, items.to_java(ModificationItem))
+      end
+
+      def modify_rdn(dn, new_rdn, delete_old_rdn)
+        # should use mutex
+        delete_rdn_key = "java.naming.ldap.deleteRDN"
+        @context.add_to_environment(delete_rdn_key, delete_old_rdn.to_s)
+        @context.rename(dn, new_rdn)
+      ensure
+        @context.remove_from_environment(delete_rdn_key)
+      end
+
+      def delete(dn)
+        @context.destroy_subcontext(dn)
+      end
+
+      private
+      def setup_context(bind_dn, password, authentication)
+        unbind
+        environment = {
+          Context::INITIAL_CONTEXT_FACTORY => "com.sun.jndi.ldap.LdapCtxFactory",
+          Context::PROVIDER_URL => ldap_uri,
+        }
+        environment = HashTable.new(environment)
+        context = InitialLdapContext.new(environment, nil)
+        if @method == :start_tls
+          @tls = context.extended_operation(StartTlsRequest.new)
+          @tls.negotiate
+        end
+        context.add_to_environment(Context::SECURITY_AUTHENTICATION,
+                                   authentication)
+        if bind_dn
+          context.add_to_environment(Context::SECURITY_PRINCIPAL, bind_dn)
+        end
+        if password
+          context.add_to_environment(Context::SECURITY_CREDENTIALS, password)
+        end
+        context.reconnect(nil)
+        @context = context
+      end
+
+      def ldap_uri
+        protocol = @method == :ssl ? "ldaps" : "ldap"
+        "#{protocol}://#{@host}:#{@port}/"
+      end
+    end
+  end
+end

data/lib/active_ldap/adapter/ldap.rb

@@ -0,0 +1,290 @@
+require 'active_ldap/adapter/base'
+
+module ActiveLdap
+  module Adapter
+    class Base
+      class << self
+        def ldap_connection(options)
+          require 'active_ldap/adapter/ldap_ext'
+          Ldap.new(options)
+        end
+      end
+    end
+
+    class Ldap < Base
+      module Method
+        class Base
+          def ssl?
+            false
+          end
+
+          def start_tls?
+            false
+          end
+        end
+
+        class SSL < Base
+          def connect(host, port)
+            LDAP::SSLConn.new(host, port, false)
+          end
+
+          def ssl?
+            true
+          end
+        end
+
+        class TLS < Base
+          def connect(host, port)
+            LDAP::SSLConn.new(host, port, true)
+          end
+
+          def start_tls?
+            true
+          end
+        end
+
+        class Plain < Base
+          def connect(host, port)
+            LDAP::Conn.new(host, port)
+          end
+        end
+      end
+
+      def connect(options={})
+        super do |host, port, method|
+          uri = construct_uri(host, port, method.ssl?)
+          with_start_tls = method.start_tls?
+          info = {:uri => uri, :with_start_tls => with_start_tls}
+          [log("connect", info) {method.connect(host, port)},
+           uri, with_start_tls]
+        end
+      end
+
+      def unbind(options={})
+        super do
+          execute(:unbind)
+        end
+      end
+
+      def bind(options={})
+        super do
+          @connection.error_message
+        end
+      end
+
+      def bind_as_anonymous(options={})
+        super do
+          execute(:bind, :name => "bind: anonymous")
+          true
+        end
+      end
+
+      def search(options={})
+        super(options) do |base, scope, filter, attrs, limit|
+          begin
+            info = {
+              :base => base, :scope => scope_name(scope),
+              :filter => filter, :attributes => attrs, :limit => limit,
+            }
+            execute(:search_with_limit,
+                    info, base, scope, filter, attrs, limit) do |entry|
+              attributes = {}
+              entry.attrs.each do |attr|
+                value = entry.vals(attr)
+                attributes[attr] = value if value
+              end
+              yield([entry.dn, attributes])
+            end
+          rescue RuntimeError
+            if $!.message == "no result returned by search"
+              @logger.debug do
+                args = [filter, attrs.inspect]
+                _("No matches: filter: %s: attributes: %s") % args
+              end
+            else
+              raise
+            end
+          end
+        end
+      end
+
+      def delete(targets, options={})
+        super do |target|
+          controls = options[:controls]
+          info = {:dn => target}
+          if controls
+            info.merge!(:name => :delete, :controls => controls)
+            execute(:delete_ext, info,
+                    target, controls, [])
+          else
+            execute(:delete, info, target)
+          end
+        end
+      end
+
+      def add(dn, entries, options={})
+        super do |_dn, _entries|
+          controls = options[:controls]
+          attributes = parse_entries(_entries)
+          info = {:dn => _dn, :attributes => _entries}
+          if controls
+            info.merge!(:name => :add, :controls => controls)
+            execute(:add_ext, info, _dn, attributes, controls, [])
+          else
+            execute(:add, info, _dn, attributes)
+          end
+        end
+      end
+
+      def modify(dn, entries, options={})
+        super do |_dn, _entries|
+          controls = options[:controls]
+          attributes = parse_entries(_entries)
+          info = {:dn => _dn, :attributes => _entries}
+          if controls
+            info.merge!(:name => :modify, :controls => controls)
+            execute(:modify_ext, info, _dn, attributes, controls, [])
+          else
+            execute(:modify, info, _dn, attributes)
+          end
+        end
+      end
+
+      def modify_rdn(dn, new_rdn, delete_old_rdn, new_superior, options={})
+        super do |_dn, _new_rdn, _delete_old_rdn, _new_superior|
+          if _new_superior
+            raise NotImplemented.new(_("modify RDN with new superior"))
+          end
+          info = {
+            :name => "modify: RDN",
+            :dn => _dn,
+            :new_rdn => _new_rdn,
+            :new_superior => _new_superior,
+            :delete_old_rdn => _delete_old_rdn
+          }
+          execute(:modrdn, info, _dn, _new_rdn, _delete_old_rdn)
+        end
+      end
+
+      private
+      def prepare_connection(options={})
+        operation(options) do
+          @connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
+        end
+      end
+
+      def execute(method, info=nil, *args, &block)
+        begin
+          name = (info || {}).delete(:name) || method
+          log(name, info) {@connection.send(method, *args, &block)}
+        rescue LDAP::ResultError
+          @connection.assert_error_code
+          raise $!.message
+        end
+      end
+
+      def do_in_timeout(timeout, &block)
+        Timeout.timeout(timeout, &block)
+      end
+
+      def ensure_method(method)
+        normalized_method = method.to_s.downcase
+        Method.constants.each do |name|
+          if normalized_method == name.to_s.downcase
+            return Method.const_get(name).new
+          end
+        end
+
+        available_methods = Method.constants.collect do |name|
+          name.downcase.to_sym.inspect
+        end.join(", ")
+        format = _("%s is not one of the available connect methods: %s")
+        raise ConfigurationError, format % [method.inspect, available_methods]
+      end
+
+      def ensure_scope(scope)
+        scope_map = {
+          :base => LDAP::LDAP_SCOPE_BASE,
+          :sub => LDAP::LDAP_SCOPE_SUBTREE,
+          :one => LDAP::LDAP_SCOPE_ONELEVEL,
+        }
+        value = scope_map[scope || :sub]
+        if value.nil?
+          available_scopes = scope_map.keys.inspect
+          format = _("%s is not one of the available LDAP scope: %s")
+          raise ArgumentError, format % [scope.inspect, available_scopes]
+        end
+        value
+      end
+
+      def scope_name(scope)
+        {
+          LDAP::LDAP_SCOPE_BASE => :base,
+          LDAP::LDAP_SCOPE_SUBTREE => :sub,
+          LDAP::LDAP_SCOPE_ONELEVEL => :one,
+        }[scope]
+      end
+
+      def sasl_bind(bind_dn, options={})
+        super do |_bind_dn, mechanism, quiet|
+          begin
+            _bind_dn ||= ''
+            sasl_quiet = @connection.sasl_quiet
+            @connection.sasl_quiet = quiet unless quiet.nil?
+            args = [_bind_dn, mechanism]
+            credential = nil
+            if need_credential_sasl_mechanism?(mechanism)
+              credential = password(_bind_dn, options)
+            end
+            if @sasl_options
+              credential ||= ""
+              args.concat([credential, nil, nil, @sasl_options])
+            else
+              args << credential if credential
+            end
+            info = {
+              :name => "bind: SASL", :dn => _bind_dn, :mechanism => mechanism
+            }
+            execute(:sasl_bind, info, *args)
+            true
+          ensure
+            @connection.sasl_quiet = sasl_quiet
+          end
+        end
+      end
+
+      def simple_bind(bind_dn, options={})
+        super do |_bind_dn, password|
+          execute(:bind, {:dn => _bind_dn}, _bind_dn, password)
+          true
+        end
+      end
+
+      def parse_entries(entries)
+        result = []
+        entries.each do |type, key, attributes|
+          mod_type = ensure_mod_type(type)
+          binary = schema.attribute(key).binary?
+          mod_type |= LDAP::LDAP_MOD_BVALUES if binary
+          attributes.each do |name, values|
+            additional_mod_type = 0
+            if values.any? {|value| Ldif::Attribute.binary_value?(value)}
+              additional_mod_type |= LDAP::LDAP_MOD_BVALUES
+            end
+            result << LDAP.mod(mod_type | additional_mod_type, name, values)
+          end
+        end
+        result
+      end
+
+      def ensure_mod_type(type)
+        case type
+        when :replace, :add, :delete
+          LDAP.const_get("LDAP_MOD_#{type.to_s.upcase}")
+        else
+          raise ArgumentError, _("unknown type: %s") % type
+        end
+      end
+    end
+  end
+end