fakeldap 0.0.1 → 0.1

data/vendor/ruby-ldapserver/lib/ldap/server/filter.rb

@@ -1,223 +0,0 @@
-require 'ldap/server/result'
-require 'ldap/server/match'
-
-module LDAP
-class Server
-
-  # LDAP filters are parsed into a LISP-like internal representation:
-  #
-  #   [:true]
-  #   [:false]
-  #   [:undef]
-  #   [:and, ..., ..., ...]
-  #   [:or, ..., ..., ...]
-  #   [:not, ...]
-  #   [:present, attr]
-  #   [:eq, attr, MO, val]
-  #   [:approx, attr, MO, val]
-  #   [:substrings, attr, MO, initial=nil, {any, any...}, final=nil]
-  #   [:ge, attr, MO, val]
-  #   [:le, attr, MO, val]
-  #
-  # This is done rather than a more object-oriented approach, in the
-  # hope that it will make it easier to match certain filter structures
-  # when converting them into something else. e.g. certain LDAP filter
-  # constructs can be mapped to some fixed SQL queries.
-  #
-  # See RFC 2251 4.5.1 for the three-state(!) boolean logic from LDAP
-  #
-  # If no schema is provided: 'attr' is the raw attribute name as provided
-  # by the client. If a schema is provided: attr is converted to its
-  # normalized name as listed in the schema, e.g. 'commonname' becomes 'cn',
-  # 'objectclass' becomes 'objectClass' etc.
-  # If a schema is provided, MO is a matching object which can be used to
-  # perform the match. If no schema is provided, this is 'nil'. In that
-  # case you could use LDAP::Server::MatchingRule::DefaultMatch.
-
-  class Filter
-
-    # Parse a filter in OpenSSL::ASN1 format into our own format.
-    #
-    # There are some trivial optimisations we make: e.g.
-    #   (&(objectClass=*)(cn=foo)) -> (&(cn=foo)) -> (cn=foo)
-
-    def self.parse(asn1, schema=nil)
-      case asn1.tag
-      when 0 # and
-        conds = asn1.value.collect { |a| parse(a) }
-        conds.delete([:true])
-        return [:true] if conds.size == 0
-        return conds.first if conds.size == 1
-        return [:false] if conds.include?([:false])
-        return conds.unshift(:and)
-
-      when 1 # or
-        conds = asn1.value.collect { |a| parse(a) }
-        conds.delete([:false])
-        return [:false] if conds.size == 0
-        return conds.first if conds.size == 1
-        return [:true] if conds.include?([:true])
-        return conds.unshift(:or)
-
-      when 2 # not
-        cond = parse(asn1.value[0])
-        case cond
-        when [:false];	return [:true]
-	when [:true];	return [:false]
-	when [:undef];	return [:undef]
-	end
-	return [:not, cond]
-
-      when 3 # equalityMatch
-        attr = asn1.value[0].value
-        val = asn1.value[1].value
-        return [:true] if attr =~ /\AobjectClass\z/i and val =~ /\Atop\z/i
-        if schema
-          a = schema.find_attrtype(attr)
-          return [:undef] unless a.equality
-          return [:eq, a.to_s, a.equality, val]
-        end
-        return [:eq, attr, nil, val]
-
-      when 4 # substrings
-        attr = asn1.value[0].value
-        if schema
-          a = schema.find_attrtype(attr)
-          return [:undef] unless a.substr
-          res = [:substrings, a.to_s, a.substr, nil]
-        else
-          res = [:substrings, attr, nil, nil]
-        end
-        final_val = nil
-
-        asn1.value[1].value.each do |ss|
-          case ss.tag
-          when 0
-            res[3] = ss.value
-          when 1
-            res << ss.value
-          when 2
-            final_val = ss.value
-          else
-            raise LDAP::ResultError::ProtocolError,
-              "Unrecognised substring tag #{ss.tag.inspect}"
-          end
-        end
-        res << final_val
-        return res
-
-      when 5 # greaterOrEqual
-        attr = asn1.value[0].value
-        val = asn1.value[1].value
-        if schema
-          a = schema.find_attrtype(attr)
-          return [:undef] unless a.ordering
-          return [:ge, a.to_s, a.ordering, val]
-        end
-        return [:ge, attr, nil, val]
-
-      when 6 # lessOrEqual
-        attr = asn1.value[0].value
-        val = asn1.value[1].value
-        if schema
-          a = schema.find_attrtype(attr)
-          return [:undef] unless a.ordering
-          return [:le, a.to_s, a.ordering, val]
-        end
-        return [:le, attr, nil, val]
-
-      when 7 # present
-        attr = asn1.value
-        return [:true] if attr =~ /\AobjectClass\z/i
-        if schema
-          begin
-            a = schema.find_attrtype(attr)
-            return [:present, a.to_s]
-          rescue LDAP::ResultError::UndefinedAttributeType
-            return [:false]
-          end
-        end
-        return [:present, attr]
-
-      when 8 # approxMatch
-        attr = asn1.value[0].value
-        val = asn1.value[1].value
-        if schema
-          a = schema.find_attrtype(attr)
-          # I don't know how properly to deal with approxMatch. I'm assuming
-          # that the object will have an equality MatchingRule, and we
-          # can defer to that.
-          return [:undef] unless a.equality
-          return [:approx, a.to_s, a.equality, val]
-        end
-        return [:approx, attr, nil, val]
-
-      #when 9 # extensibleMatch
-      #  FIXME
-
-      else
-        raise LDAP::ResultError::ProtocolError,
-          "Unrecognised Filter tag #{asn1.tag}"
-      end
-
-    # Unknown attribute type
-    rescue LDAP::ResultError::UndefinedAttributeType
-      return [:undef]
-    end
-
-    # Run a parsed filter against an attr=>[val] hash.
-    #
-    # Returns true, false or nil.
-
-    def self.run(filter, av)
-      case filter[0]
-      when :and
-        res = true
-        filter[1..-1].each do |elem|
-          r = run(elem, av)
-          return false if r == false
-          res = nil if r.nil?
-        end
-        return res
-
-      when :or
-        res = false
-        filter[1..-1].each do |elem|
-          r = run(elem, av)
-          return true if r == true
-          res = nil if r.nil?
-        end
-        return res
-
-      when :not
-        case run(filter[1], av)
-        when true; 	return false
-        when false;	return true
-        else		return nil
-        end
-
-      when :present
-        return av.has_key?(filter[1])
-
-      when :eq, :approx, :le, :ge, :substrings
-        # the filter now includes a suitable matching object
-        return (filter[2] || LDAP::Server::MatchingRule::DefaultMatch).send(
-                filter.first, av[filter[1].to_s], *filter[3..-1])
-
-      when :true
-        return true
-
-      when :false
-        return false
-
-      when :undef
-        return nil
-      end
-
-      raise LDAP::ResultError::OperationsError,
-        "Unimplemented filter #{filter.first.inspect}"
-    end
-
-  end # class Filter
-end # class Server
-end # module LDAP

data/vendor/ruby-ldapserver/lib/ldap/server/match.rb

@@ -1,283 +0,0 @@
-require 'ldap/server/syntax'
-require 'ldap/server/result'
-
-module LDAP
-class Server
-
-  # A class which holds LDAP MatchingRules. For now there is a global pool
-  # of MatchingRule objects (rather than each Schema object having
-  # its own pool)
-
-  class MatchingRule
-    attr_reader :oid, :names, :syntax, :desc, :obsolete
-
-    # Create a new MatchingRule object
-
-    def initialize(oid, names, syntax, desc=nil, obsolete=false, &blk)
-      @oid = oid
-      @names = names
-      @names = [@names] unless @names.is_a?(Array)
-      @desc = desc
-      @obsolete = obsolete
-      @syntax = LDAP::Server::Syntax.find(syntax)  # creates new obj if reqd
-      @def = nil
-      # initialization hook
-      self.instance_eval(&blk) if blk
-    end
-
-    def name
-      (@names && names[0]) || @oid
-    end
-
-    def to_s
-      (@names && names[0]) || @oid
-    end
-
-    def normalize(x)
-      x
-    end
-
-    # Create a new MatchingRule object, given its description string
-
-    def self.from_def(str, &blk)
-      m = LDAP::Server::Syntax::MatchingRuleDescription.match(str)
-      raise LDAP::ResultError::InvalidAttributeSyntax,
-        "Bad MatchingRuleDescription #{str.inspect}" unless m
-      new(m[1], m[2].scan(/'(.*?)'/).flatten, m[5], m[3], m[4], &blk)
-    end
-
-    def to_def
-      return @def if @def
-      ans = "( #{@oid} "
-      if names.nil? or @names.empty?
-        # nothing
-      elsif @names.size == 1
-        ans << "NAME '#{@names[0]}' "
-      else
-        ans << "NAME ( "
-        @names.each { |n| ans << "'#{n}' " }
-        ans << ") "
-      end
-      ans << "DESC '#@desc' " if @desc
-      ans << "OBSOLETE " if @obsolete
-      ans << "SYNTAX #@syntax " if @syntax
-      ans << ")"
-      @def = ans
-    end
-
-    @@rules = {}    # oid / name / alias => object
-
-    # Add a new matching rule
-
-    def self.add(*args, &blk)
-      s = new(*args, &blk)
-      @@rules[s.oid] = s
-      return if s.names.nil?
-      s.names.each do |n|
-        @@rules[n.downcase] = s
-      end
-    end
-
-    # Find a MatchingRule object given a name or oid, or return nil
-    # (? should we create one automatically, like Syntax)
-
-    def self.find(x)
-      return x if x.nil? or x.is_a?(LDAP::Server::MatchingRule)
-      @@rules[x.downcase]
-    end
-
-    # Return all known matching rules
-
-    def self.all_matching_rules
-      @@rules.values.uniq
-    end
-
-    # Now some things we can mixin to a MatchingRule when needed.
-    # Replace 'normalize' with a function which gives the canonical
-    # version of a value for comparison.
-
-    module Equality
-      def eq(vals, m)
-        return false if vals.nil?
-        m = normalize(m)
-        vals.each { |v| return true if normalize(v) == m }
-        return false
-      end
-    end
-
-    module Ordering
-      def ge(vals, m)
-        return false if vals.nil?
-        m = normalize(m)
-        vals.each { |v| return true if normalize(v) >= m }
-        return false
-      end
-
-      def le(vals, m)
-        return false if vals.nil?
-        m = normalize(m)
-        vals.each { |v| return true if normalize(v) <= m }
-        return false
-      end
-    end
-
-    module Substrings
-      def substrings(vals, *ss)
-        return false if vals.nil?
-
-        # convert the condition list into a regexp
-        re = []
-        re << "^#{Regexp.escape(normalize(ss[0]).to_s)}" if ss[0]
-        ss[1..-2].each { |s| re << Regexp.escape(normalize(s).to_s) }
-        re << "#{Regexp.escape(normalize(ss[-1]).to_s)}$" if ss[-1]
-        re = Regexp.new(re.join(".*"))
-
-        vals.each do |v|
-          v = normalize(v).to_s
-          return true if re.match(v)
-        end
-        return false
-      end
-    end # module Substrings
-
-    class DefaultMatchingClass
-      include MatchingRule::Equality
-      include MatchingRule::Ordering
-      include MatchingRule::Substrings
-      def normalize(x)
-        x
-      end
-    end
-
-    DefaultMatch = DefaultMatchingClass.new
-
-  end # class MatchingRule
-
-  #
-  # And now, here are some matching rules you can use (RFC2252 section 8)
-  #
-
-  class MatchingRule
-
-    add('2.5.13.0', 'objectIdentifierMatch', '1.3.6.1.4.1.1466.115.121.1.38') do
-      extend Equality
-    end
-    # FIXME: Filters should return undef if the OID is not in the schema
-    # (which means passing in the schema to every equality test)
-
-    add('2.5.13.1', 'distinguishedNameMatch', '1.3.6.1.4.1.1466.115.121.1.12') do
-      extend Equality
-    end
-    # FIXME: Distinguished Name matching is supposed to parse the DN into
-    # its parts and then apply the schema equality rules to each part
-    # (i.e. some parts may be case-sensitive, others case-insensitive)
-    # This is just one of the many nonsense design decisions in LDAP :-(
-
-    # How is a DirectoryString different to an IA5String or a PrintableString?
-
-    module StringTrim
-      def normalize(x); x.gsub(/^\s*|\s*$/, '').gsub(/\s+/,' '); end
-    end
-
-    module StringDowncase
-      def normalize(x); x.downcase.gsub(/^\s*|\s*$/, '').gsub(/\s+/,' '); end
-    end
-
-    add('2.5.13.2', 'caseIgnoreMatch', '1.3.6.1.4.1.1466.115.1') do
-      extend Equality
-      extend StringDowncase
-    end
-
-    module Integer
-      def normalize(x); x.to_i; end
-    end
-
-    add('2.5.13.8', 'numericStringMatch', '1.3.6.1.4.1.1466.115.121.1.36') do
-      extend Equality
-      extend Integer
-    end
-
-    # TODO: Add semantics for these (difficult since RFC2252 doesn't give
-    # them, so we presumably have to go through X.500)
-    add('2.5.13.11', 'caseIgnoreListMatch', '1.3.6.1.4.1.1466.115.121.1.41')
-    add('2.5.13.14', 'integerMatch', '1.3.6.1.4.1.1466.115.121.1.27') do
-      extend Equality
-      extend Integer
-    end
-    add('2.5.13.16', 'bitStringMatch', '1.3.6.1.4.1.1466.115.121.1.6')
-    add('2.5.13.20', 'telephoneNumberMatch', '1.3.6.1.4.1.1466.115.121.1.50') do
-      extend Equality
-      extend StringTrim
-    end
-    add('2.5.13.22', 'presentationAddressMatch', '1.3.6.1.4.1.1466.115.121.1.43')
-    add('2.5.13.23', 'uniqueMemberMatch', '1.3.6.1.4.1.1466.115.121.1.34')
-    add('2.5.13.24', 'protocolInformationMatch', '1.3.6.1.4.1.1466.115.121.1.42')
-    add('2.5.13.27', 'generalizedTimeMatch', '1.3.6.1.4.1.1466.115.121.1.24') { extend Equality }
-
-    # IA5 stuff. FIXME: What's the correct way to 'downcase' UTF8 strings?
-
-    module IA5Trim
-      def normalize(x); x.gsub(/^\s*|\s*$/u, '').gsub(/\s+/u,' '); end
-    end
-
-    module IA5Downcase
-      def normalize(x); x.downcase.gsub(/^\s*|\s*$/u, '').gsub(/\s+/u,' '); end
-    end
-
-    add('1.3.6.1.4.1.1466.109.114.1', 'caseExactIA5Match', '1.3.6.1.4.1.1466.115.121.1.26') do
-      extend Equality
-      extend IA5Trim
-    end
-
-    add('1.3.6.1.4.1.1466.109.114.2', 'caseIgnoreIA5Match', '1.3.6.1.4.1.1466.115.121.1.26') do
-      extend Equality
-      extend IA5Downcase
-    end
-
-    add('2.5.13.28', 'generalizedTimeOrderingMatch', '1.3.6.1.4.1.1466.115.121.1.24') { extend Ordering }
-    add('2.5.13.3', 'caseIgnoreOrderingMatch', '1.3.6.1.4.1.1466.115.121.1.15') do
-      extend Ordering
-      extend StringDowncase
-    end
-
-    add('2.5.13.4', 'caseIgnoreSubstringsMatch', '1.3.6.1.4.1.1466.115.121.1.58') do
-      extend Substrings
-      extend StringDowncase
-    end
-    add('2.5.13.21', 'telephoneNumberSubstringsMatch', '1.3.6.1.4.1.1466.115.121.1.58') do
-      extend Substrings
-    end
-    add('2.5.13.10', 'numericStringSubstringsMatch', '1.3.6.1.4.1.1466.115.121.1.58') do
-      extend Substrings
-    end
-
-    # from OpenLDAP
-    add('1.3.6.1.4.1.4203.1.2.1', 'caseExactIA5SubstringsMatch', '1.3.6.1.4.1.1466.115.121.1.26') do
-      extend Substrings
-      extend IA5Trim
-    end
-    add('1.3.6.1.4.1.1466.109.114.3', 'caseIgnoreIA5SubstringsMatch', '1.3.6.1.4.1.1466.115.121.1.26') do
-      extend Substrings
-      extend IA5Downcase
-    end
-    add('2.5.13.5', 'caseExactMatch', '1.3.6.1.4.1.1466.115.121.1.15') { extend Equality }
-    add('2.5.13.6', 'caseExactOrderingMatch', '1.3.6.1.4.1.1466.115.121.1.15') { extend Ordering }
-    add('2.5.13.7', 'caseExactSubstringsMatch', '1.3.6.1.4.1.1466.115.121.1.58') { extend Substrings }
-    add('2.5.13.9', 'numericStringOrderingMatch', '1.3.6.1.4.1.1466.115.121.1.36') { extend Ordering; extend Integer }
-    add('2.5.13.13', 'booleanMatch', '1.3.6.1.4.1.1466.115.121.1.7') do
-      extend Equality
-      def self.normalize(x)
-        return true if x == 'TRUE'
-        return false if x == 'FALSE'
-        x
-      end
-    end
-    add('2.5.13.15', 'integerOrderingMatch', '1.3.6.1.4.1.1466.115.121.1.27') { extend Ordering; extend Integer }
-    add('2.5.13.17', 'octetStringMatch', '1.3.6.1.4.1.1466.115.121.1.40') { extend Equality }
-    add('2.5.13.18', 'octetStringOrderingMatch', '1.3.6.1.4.1.1466.115.121.1.40') { extend Ordering }
-    add('2.5.13.19', 'octetStringSubstringsMatch', '1.3.6.1.4.1.1466.115.121.1.40') { extend Substrings }
-
-  end # class MatchingRule
-
-end # class Server
-end # module LDAP