datacom-net-ldap 0.5.0.datacom

data/lib/net/ldap/password.rb

@@ -0,0 +1,37 @@
+# -*- ruby encoding: utf-8 -*-
+require 'digest/sha1'
+require 'digest/md5'
+require 'base64'
+
+class Net::LDAP::Password
+  class << self
+    # Generate a password-hash suitable for inclusion in an LDAP attribute.
+    # Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext
+    # password. This function will return a hashed representation.
+    #
+    #--
+    # STUB: This is here to fulfill the requirements of an RFC, which
+    # one?
+    #
+    # TODO:
+    # * maybe salted-md5
+    # * Should we provide sha1 as a synonym for sha1? I vote no because then
+    #   should you also provide ssha1 for symmetry?
+    #
+    attribute_value = ""
+    def generate(type, str)
+       case type
+         when :md5
+            attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp! 
+         when :sha
+            attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp! 
+         when :ssha
+            srand; salt = (rand * 1000).to_i.to_s 
+            attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
+         else
+            raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
+         end
+      return attribute_value
+    end
+  end
+end

data/lib/net/ldap/pdu.rb

@@ -0,0 +1,273 @@
+# -*- ruby encoding: utf-8 -*-
+require 'ostruct'
+
+##
+# Defines the Protocol Data Unit (PDU) for LDAP. An LDAP PDU always looks
+# like a BER SEQUENCE with at least two elements: an INTEGER message ID
+# number and an application-specific SEQUENCE. Some LDAPv3 packets also
+# include an optional third element, a sequence of "controls" (see RFC 2251
+# section 4.1.12 for more information).
+#
+# The application-specific tag in the sequence tells us what kind of packet
+# it is, and each kind has its own format, defined in RFC-1777.
+#
+# Observe that many clients (such as ldapsearch) do not necessarily enforce
+# the expected application tags on received protocol packets. This
+# implementation does interpret the RFC strictly in this regard, and it
+# remains to be seen whether there are servers out there that will not work
+# well with our approach.
+#
+# Currently, we only support controls on SearchResult.
+class Net::LDAP::PDU
+  class Error < RuntimeError; end
+
+  ##
+  # This message packet is a bind request.
+  BindRequest = 0
+  BindResult = 1
+  UnbindRequest = 2
+  SearchRequest = 3
+  SearchReturnedData = 4
+  SearchResult = 5
+  ModifyResponse = 7
+  AddResponse = 9
+  DeleteResponse = 11
+  ModifyRDNResponse = 13
+  SearchResultReferral = 19
+  ExtendedRequest = 23
+  ExtendedResponse = 24
+
+  ##
+  # The LDAP packet message ID.
+  attr_reader :message_id
+  alias_method :msg_id, :message_id
+
+  ##
+  # The application protocol format tag.
+  attr_reader :app_tag
+
+  attr_reader :search_entry
+  attr_reader :search_referrals
+  attr_reader :search_parameters
+  attr_reader :bind_parameters
+
+  ##
+  # Returns RFC-2251 Controls if any.
+  attr_reader :ldap_controls
+  alias_method :result_controls, :ldap_controls
+  # Messy. Does this functionality belong somewhere else?
+
+  def initialize(ber_object)
+    begin
+      @message_id = ber_object[0].to_i
+      # Grab the bottom five bits of the identifier so we know which type of
+      # PDU this is.
+      #
+      # This is safe enough in LDAP-land, but it is recommended that other
+      # approaches be taken for other protocols in the case that there's an
+      # app-specific tag that has both primitive and constructed forms.
+      @app_tag = ber_object[1].ber_identifier & 0x1f
+      @ldap_controls = []
+    rescue Exception => ex
+      raise Net::LDAP::PDU::Error, "LDAP PDU Format Error: #{ex.message}"
+    end
+
+    case @app_tag
+    when BindResult
+      parse_bind_response(ber_object[1])
+    when SearchReturnedData
+      parse_search_return(ber_object[1])
+    when SearchResultReferral
+      parse_search_referral(ber_object[1])
+    when SearchResult
+      parse_ldap_result(ber_object[1])
+    when ModifyResponse
+      parse_ldap_result(ber_object[1])
+    when AddResponse
+      parse_ldap_result(ber_object[1])
+    when DeleteResponse
+      parse_ldap_result(ber_object[1])
+    when ModifyRDNResponse
+      parse_ldap_result(ber_object[1])
+    when SearchRequest
+      parse_ldap_search_request(ber_object[1])
+    when BindRequest
+      parse_bind_request(ber_object[1])
+    when UnbindRequest
+      parse_unbind_request(ber_object[1])
+    when ExtendedResponse
+      parse_ldap_result(ber_object[1])
+    else
+      raise LdapPduError.new("unknown pdu-type: #{@app_tag}")
+    end
+
+    parse_controls(ber_object[2]) if ber_object[2]
+  end
+
+  ##
+  # Returns a hash which (usually) defines the members :resultCode,
+  # :errorMessage, and :matchedDN. These values come directly from an LDAP
+  # response packet returned by the remote peer. Also see #result_code.
+  def result
+    @ldap_result || {}
+  end
+
+  def error_message
+    result[:errorMessage] || ""
+  end
+
+  ##
+  # This returns an LDAP result code taken from the PDU, but it will be nil
+  # if there wasn't a result code. That can easily happen depending on the
+  # type of packet.
+  def result_code(code = :resultCode)
+    @ldap_result and @ldap_result[code]
+  end
+
+  def status
+    result_code == 0 ? :success : :failure
+  end
+
+  def success?
+    status == :success
+  end
+
+  def failure?
+    !success?
+  end
+
+  ##
+  # Return serverSaslCreds, which are only present in BindResponse packets.
+  #--
+  # Messy. Does this functionality belong somewhere else? We ought to
+  # refactor the accessors of this class before they get any kludgier.
+  def result_server_sasl_creds
+    @ldap_result && @ldap_result[:serverSaslCreds]
+  end
+
+  def parse_ldap_result(sequence)
+    sequence.length >= 3 or raise Net::LDAP::PDU::Error, "Invalid LDAP result length."
+    @ldap_result = {
+      :resultCode => sequence[0],
+      :matchedDN => sequence[1],
+      :errorMessage => sequence[2]
+    }
+    parse_search_referral(sequence[3]) if @ldap_result[:resultCode] == 10
+  end
+  private :parse_ldap_result
+
+  ##
+  # A Bind Response may have an additional field, ID [7], serverSaslCreds,
+  # per RFC 2251 pgh 4.2.3.
+  def parse_bind_response(sequence)
+    sequence.length >= 3 or raise Net::LDAP::PDU::Error, "Invalid LDAP Bind Response length."
+    parse_ldap_result(sequence)
+    @ldap_result[:serverSaslCreds] = sequence[3] if sequence.length >= 4
+    @ldap_result
+  end
+  private :parse_bind_response
+
+  # Definition from RFC 1777 (we're handling application-4 here).
+  #
+  # Search Response ::=
+  #   CHOICE {
+  #     entry      [APPLICATION 4] SEQUENCE {
+  #                  objectName     LDAPDN,
+  #                  attributes     SEQUENCE OF SEQUENCE {
+  #                    AttributeType,
+  #                    SET OF AttributeValue
+  #                  }
+  #                },
+  #     resultCode [APPLICATION 5] LDAPResult
+  #   }
+  #
+  # We concoct a search response that is a hash of the returned attribute
+  # values.
+  #
+  # NOW OBSERVE CAREFULLY: WE ARE DOWNCASING THE RETURNED ATTRIBUTE NAMES.
+  #
+  # This is to make them more predictable for user programs, but it may not
+  # be a good idea. Maybe this should be configurable.
+  def parse_search_return(sequence)
+    sequence.length >= 2 or raise Net::LDAP::PDU::Error, "Invalid Search Response length."
+    @search_entry = Net::LDAP::Entry.new(sequence[0])
+    sequence[1].each { |seq| @search_entry[seq[0]] = seq[1] }
+  end
+  private :parse_search_return
+
+  ##
+  # A search referral is a sequence of one or more LDAP URIs. Any number of
+  # search-referral replies can be returned by the server, interspersed with
+  # normal replies in any order.
+  #--
+  # Until I can think of a better way to do this, we'll return the referrals
+  # as an array. It'll be up to higher-level handlers to expose something
+  # reasonable to the client.
+  def parse_search_referral(uris)
+    @search_referrals = uris
+  end
+  private :parse_search_referral
+
+  ##
+  # Per RFC 2251, an LDAP "control" is a sequence of tuples, each consisting
+  # of an OID, a boolean criticality flag defaulting FALSE, and an OPTIONAL
+  # Octet String. If only two fields are given, the second one may be either
+  # criticality or data, since criticality has a default value. Someday we
+  # may want to come back here and add support for some of more-widely used
+  # controls. RFC-2696 is a good example.
+  def parse_controls(sequence)
+    @ldap_controls = sequence.map do |control|
+      o = OpenStruct.new
+      o.oid, o.criticality, o.value = control[0], control[1], control[2]
+      if o.criticality and o.criticality.is_a?(String)
+        o.value = o.criticality
+        o.criticality = false
+      end
+      o
+    end
+  end
+  private :parse_controls
+
+  # (provisional, must document)
+  def parse_ldap_search_request(sequence)
+    s = OpenStruct.new
+    s.base_object, s.scope, s.deref_aliases, s.size_limit, s.time_limit,
+      s.types_only, s.filter, s.attributes = sequence
+    @search_parameters = s
+  end
+  private :parse_ldap_search_request
+
+  # (provisional, must document)
+  def parse_bind_request sequence
+    s = OpenStruct.new
+    s.version, s.name, s.authentication = sequence
+    @bind_parameters = s
+  end
+  private :parse_bind_request
+
+  # (provisional, must document)
+  # UnbindRequest has no content so this is a no-op.
+  def parse_unbind_request(sequence)
+    nil
+  end
+  private :parse_unbind_request
+end
+
+module Net
+  ##
+  # Handle renamed constants Net::LdapPdu (Net::LDAP::PDU) and
+  # Net::LdapPduError (Net::LDAP::PDU::Error).
+  def self.const_missing(name) #:nodoc:
+    case name.to_s
+    when "LdapPdu"
+      warn "Net::#{name} has been deprecated. Use Net::LDAP::PDU instead."
+      Net::LDAP::PDU
+    when "LdapPduError"
+      warn "Net::#{name} has been deprecated. Use Net::LDAP::PDU::Error instead."
+      Net::LDAP::PDU::Error
+    when 'LDAP'
+    else
+      super
+    end
+  end
+end # module Net

data/lib/net/ldap/version.rb

@@ -0,0 +1,5 @@
+module Net
+  class LDAP
+    VERSION = "0.5.0.datacom"
+  end
+end

data/lib/net/snmp.rb

@@ -0,0 +1,270 @@
+# -*- ruby encoding: utf-8 -*-
+require 'net/ldap/version'
+
+# :stopdoc:
+module Net
+    class SNMP
+      VERSION = Net::LDAP::VERSION
+
+	AsnSyntax = Net::BER.compile_syntax({
+	    :application => {
+		:primitive => {
+		    1 => :integer,	# Counter32, (RFC2578 sec 2)
+		    2 => :integer,	# Gauge32 or Unsigned32, (RFC2578 sec 2)
+		    3 => :integer	# TimeTicks32, (RFC2578 sec 2)
+		},
+		:constructed => {
+		}
+	    },
+	    :context_specific => {
+		:primitive => {
+		},
+		:constructed => {
+		    0 => :array,	# GetRequest PDU (RFC1157 pgh 4.1.2)
+		    1 => :array,	# GetNextRequest PDU (RFC1157 pgh 4.1.3)
+		    2 => :array		# GetResponse PDU (RFC1157 pgh 4.1.4)
+		}
+	    }
+	})
+
+	# SNMP 32-bit counter.
+	# Defined in RFC1155 (Structure of Mangement Information), section 6.
+	# A 32-bit counter is an ASN.1 application [1] implicit unsigned integer
+	# with a range from 0 to 2^^32 - 1.
+	class Counter32
+	    def initialize value
+		@value = value
+	    end
+	    def to_ber
+		@value.to_ber_application(1)
+	    end
+	end
+
+	# SNMP 32-bit gauge.
+	# Defined in RFC1155 (Structure of Mangement Information), section 6.
+	# A 32-bit counter is an ASN.1 application [2] implicit unsigned integer.
+	# This is also indistinguishable from Unsigned32. (Need to alias them.)
+	class Gauge32
+	    def initialize value
+		@value = value
+	    end
+	    def to_ber
+		@value.to_ber_application(2)
+	    end
+	end
+
+	# SNMP 32-bit timer-ticks.
+	# Defined in RFC1155 (Structure of Mangement Information), section 6.
+	# A 32-bit counter is an ASN.1 application [3] implicit unsigned integer.
+	class TimeTicks32
+	    def initialize value
+		@value = value
+	    end
+	    def to_ber
+		@value.to_ber_application(3)
+	    end
+	end
+    end
+
+    class SnmpPdu
+	class Error < StandardError; end
+
+	PduTypes = [
+	    :get_request,
+	    :get_next_request,
+	    :get_response,
+	    :set_request,
+	    :trap
+	]
+	ErrorStatusCodes = { # Per RFC1157, pgh 4.1.1
+	    0 => "noError",
+	    1 => "tooBig",
+	    2 => "noSuchName",
+	    3 => "badValue",
+	    4 => "readOnly",
+	    5 => "genErr"
+	}
+
+	class << self
+	    def parse ber_object
+		n = new
+		n.send :parse, ber_object
+		n
+	    end
+	end
+
+	attr_reader :version, :community, :pdu_type, :variables, :error_status
+	attr_accessor :request_id, :error_index
+
+
+	def initialize args={}
+	    @version = args[:version] || 0
+	    @community = args[:community] || "public"
+	    @pdu_type = args[:pdu_type] # leave nil unless specified; there's no reasonable default value.
+	    @error_status = args[:error_status] || 0
+	    @error_index = args[:error_index] || 0
+	    @variables = args[:variables] || []
+	end
+
+	#--
+	def parse ber_object
+	    begin
+		parse_ber_object ber_object
+	    rescue Error
+		# Pass through any SnmpPdu::Error instances
+		raise $!
+	    rescue
+		# Wrap any basic parsing error so it becomes a PDU-format error
+		raise Error.new( "snmp-pdu format error" )
+	    end
+	end
+	private :parse
+
+	def parse_ber_object ber_object
+	    send :version=, ber_object[0].to_i
+	    send :community=, ber_object[1].to_s
+
+	    data = ber_object[2]
+	    case (app_tag = data.ber_identifier & 31)
+	    when 0
+		send :pdu_type=, :get_request
+		parse_get_request data
+	    when 1
+		send :pdu_type=, :get_next_request
+		# This PDU is identical to get-request except for the type.
+		parse_get_request data
+	    when 2
+		send :pdu_type=, :get_response
+		# This PDU is identical to get-request except for the type,
+		# the error_status and error_index values are meaningful,
+		# and the fact that the variable bindings will be non-null.
+		parse_get_response data
+	    else
+		raise Error.new( "unknown snmp-pdu type: #{app_tag}" )
+	    end
+	end
+	private :parse_ber_object
+
+	#--
+	# Defined in RFC1157, pgh 4.1.2.
+	def parse_get_request data
+	    send :request_id=, data[0].to_i
+	    # data[1] is error_status, always zero.
+	    # data[2] is error_index, always zero.
+	    send :error_status=, 0
+	    send :error_index=, 0
+	    data[3].each {|n,v|
+		# A variable-binding, of which there may be several,
+		# consists of an OID and a BER null.
+		# We're ignoring the null, we might want to verify it instead.
+		unless v.is_a?(Net::BER::BerIdentifiedNull)
+		    raise Error.new(" invalid variable-binding in get-request" )
+		end
+		add_variable_binding n, nil
+	    }
+	end
+	private :parse_get_request
+
+	#--
+	# Defined in RFC1157, pgh 4.1.4
+	def parse_get_response data
+	    send :request_id=, data[0].to_i
+	    send :error_status=, data[1].to_i
+	    send :error_index=, data[2].to_i
+	    data[3].each {|n,v|
+		# A variable-binding, of which there may be several,
+		# consists of an OID and a BER null.
+		# We're ignoring the null, we might want to verify it instead.
+		add_variable_binding n, v
+	    }
+	end
+	private :parse_get_response
+
+
+	def version= ver
+	    unless [0,2].include?(ver)
+		raise Error.new("unknown snmp-version: #{ver}")
+	    end
+	    @version = ver
+	end
+
+	def pdu_type= t
+	    unless PduTypes.include?(t)
+		raise Error.new("unknown pdu-type: #{t}")
+	    end
+	    @pdu_type = t
+	end
+
+	def error_status= es
+	    unless ErrorStatusCodes.has_key?(es)
+		raise Error.new("unknown error-status: #{es}")
+	    end
+	    @error_status = es
+	end
+
+	def community= c
+	    @community = c.to_s
+	end
+
+	#--
+	# Syntactic sugar
+	def add_variable_binding name, value=nil
+	    @variables ||= []
+	    @variables << [name, value]
+	end
+
+	def to_ber_string
+	    [
+		version.to_ber,
+		community.to_ber,
+		pdu_to_ber_string
+	    ].to_ber_sequence
+	end
+
+	#--
+	# Helper method that returns a PDU payload in BER form,
+	# depending on the PDU type.
+	def pdu_to_ber_string
+	    case pdu_type
+	    when :get_request
+		[
+		    request_id.to_ber,
+		    error_status.to_ber,
+		    error_index.to_ber,
+		    [
+			@variables.map {|n,v|
+			    [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence
+			}
+		    ].to_ber_sequence
+		].to_ber_contextspecific(0)
+	    when :get_next_request
+		[
+		    request_id.to_ber,
+		    error_status.to_ber,
+		    error_index.to_ber,
+		    [
+			@variables.map {|n,v|
+			    [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence
+			}
+		    ].to_ber_sequence
+		].to_ber_contextspecific(1)
+	    when :get_response
+		[
+		    request_id.to_ber,
+		    error_status.to_ber,
+		    error_index.to_ber,
+		    [
+			@variables.map {|n,v|
+			    [n.to_ber_oid, v.to_ber].to_ber_sequence
+			}
+		    ].to_ber_sequence
+		].to_ber_contextspecific(2)
+	    else
+		raise Error.new( "unknown pdu-type: #{pdu_type}" )
+	    end
+	end
+	private :pdu_to_ber_string
+
+    end
+end
+# :startdoc: