ldaptic 0.2.0

data/test/ldaptic_schema_test.rb

@@ -0,0 +1,44 @@
+require File.join(File.dirname(File.expand_path(__FILE__)),'test_helper')
+require 'ldaptic/schema'
+
+class LdapticSyntaxesTest < Test::Unit::TestCase
+  NAME_FORM = "(1.2.3 NAME 'foo' DESC ('bar') OC objectClass MUST (cn $ ou) X-AWESOME TRUE)"
+  ATTRIBUTE_TYPE = "(1.3.5 NAME 'cn' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15{256}')"
+  def assert_parse_error(&block)
+    assert_raise(Ldaptic::Schema::ParseError, &block)
+  end
+
+  def test_name_form
+    name_form = Ldaptic::Schema::NameForm.new(NAME_FORM)
+    assert_equal "1.2.3", name_form.oid
+    assert_equal "foo", name_form.name
+    assert_equal %w(foo), name_form.names
+    assert_equal %w(cn ou), name_form.must
+    assert name_form.x_awesome?
+    assert !name_form.x_lame
+    assert_raise(NoMethodError) { name_form.applies }
+    assert_raise(ArgumentError) { name_form.desc(1) }
+    assert_raise(ArgumentError) { name_form.x_lame(1) }
+    assert_equal nil, name_form.may
+    assert_equal NAME_FORM, name_form.to_s
+    assert name_form.inspect.include?("#<Ldaptic::Schema::NameForm")
+    assert name_form.inspect.include?("1.2.3")
+  end
+
+  def test_object_class
+    assert_equal "AUXILIARY", Ldaptic::Schema::ObjectClass.new("(1.2 AUXILIARY)").kind
+  end
+
+  def test_attribute_type
+    attribute_type = Ldaptic::Schema::AttributeType.new(ATTRIBUTE_TYPE)
+    assert_equal 256, attribute_type.syntax_len
+    assert_not_nil attribute_type.syntax
+  end
+
+  def test_parse_error
+    assert_parse_error { Ldaptic::Schema::NameForm.new("x") }
+    assert_parse_error { Ldaptic::Schema::NameForm.new("(1.2.3 NAME (foo | bar))") }
+    assert_parse_error { Ldaptic::Schema::NameForm.new("(1.2.3 &)") }
+  end
+
+end

data/test/ldaptic_syntaxes_test.rb

@@ -0,0 +1,66 @@
+require File.join(File.dirname(File.expand_path(__FILE__)),'test_helper')
+require 'ldaptic/syntaxes'
+
+class LdapticSyntaxesTest < Test::Unit::TestCase
+
+  def test_for
+    assert_equal Ldaptic::Syntaxes::GeneralizedTime, Ldaptic::Syntaxes.for("Generalized Time")
+  end
+
+  def test_bit_string
+    assert_nil Ldaptic::Syntaxes::BitString.new.error("'01'B")
+    assert_not_nil Ldaptic::Syntaxes::BitString.new.error("01'B")
+  end
+
+  def test_boolean
+    assert_equal true,    Ldaptic::Syntaxes::Boolean.parse("TRUE")
+    assert_equal false,   Ldaptic::Syntaxes::Boolean.parse("FALSE")
+    assert_equal "TRUE",  Ldaptic::Syntaxes::Boolean.format(true)
+    assert_equal "FALSE", Ldaptic::Syntaxes::Boolean.format(false)
+  end
+
+  def test_postal_address
+    assert_not_nil Ldaptic::Syntaxes::PostalAddress.new.error('\\a')
+  end
+
+  def test_generalized_time
+    assert_equal Time.utc(2000,1,1,12,34,56), Ldaptic::Syntaxes::GeneralizedTime.parse("20000101123456.0Z")
+    assert_equal Time.utc(2000,1,1,12,34,56), Ldaptic::Syntaxes::GeneralizedTime.parse("20000101123456.0Z")
+    assert_equal 1601, Ldaptic::Syntaxes::GeneralizedTime.parse("16010101000001.0Z").year
+    assert_equal "20000101123456.000000Z", Ldaptic::Syntaxes::GeneralizedTime.format(Time.utc(2000,1,1,12,34,56))
+  end
+
+  def test_ia5_string
+    assert_nil Ldaptic::Syntaxes::IA5String.new.error('a')
+  end
+
+  def test_integer
+    assert_equal 1,   Ldaptic::Syntaxes::INTEGER.parse("1")
+    assert_equal "1", Ldaptic::Syntaxes::INTEGER.format(1)
+  end
+
+  def test_printable_string
+    assert_nil Ldaptic::Syntaxes::PrintableString.new.error("Az0'\"()+,-./:? =")
+    assert_not_nil Ldaptic::Syntaxes::PrintableString.new('$')
+    assert_not_nil Ldaptic::Syntaxes::PrintableString.new("\\")
+    assert_not_nil Ldaptic::Syntaxes::PrintableString.new("\t")
+  end
+
+  def test_country_string
+    assert_nil Ldaptic::Syntaxes::CountryString.new.error('ab')
+    assert_not_nil Ldaptic::Syntaxes::CountryString.new.error('a')
+    assert_not_nil Ldaptic::Syntaxes::CountryString.new.error('abc')
+    assert_not_nil Ldaptic::Syntaxes::CountryString.new.error('a_')
+  end
+
+  def test_delivery_method
+    assert_not_nil Ldaptic::Syntaxes::DeliveryMethod.new.error('')
+  end
+
+  def test_facsimile_telephone_number
+    assert_nil Ldaptic::Syntaxes::FacsimileTelephoneNumber.new.error("911")
+    assert_nil Ldaptic::Syntaxes::FacsimileTelephoneNumber.new.error("911$b4Length")
+    assert_not_nil Ldaptic::Syntaxes::FacsimileTelephoneNumber.new("\t")
+  end
+
+end

data/test/mock_adapter.rb

@@ -0,0 +1,47 @@
+$:.unshift(File.join(File.dirname(__FILE__),'..','lib')).uniq!
+require 'ldaptic/adapters'
+require 'ldaptic/adapters/abstract_adapter'
+
+class Ldaptic::Adapters::MockAdapter < Ldaptic::Adapters::AbstractAdapter
+  register_as(:mock)
+
+  def schema(arg = nil)
+    {
+      'objectClasses' => [
+        "( 2.5.6.0 NAME 'top' ABSTRACT MUST (objectClass) MAY (cn $ description $ distinguishedName) )",
+        "( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST (cn) MAY (sn $ age) )",
+        "( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' SUP top AUXILIARY MAY userPassword )",
+        "( 9.9.9.1 NAME 'searchResult' SUP top STRUCTURAL MUST (filter $ scope) )"
+      ],
+      'attributeTypes' => [
+        "( 2.5.4.0 NAME 'objectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION )",
+        "( 2.5.4.3 NAME ( 'cn' 'commonName' ) SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )",
+        "( 2.5.4.49 NAME 'distinguishedName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION )",
+        "( 2.5.4.13 NAME 'description' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )",
+        "( 2.5.4.4 NAME ( 'sn' 'surname' ) SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )",
+        "( 2.5.4.35 NAME 'userPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )",
+        "( 2.5.4.4 NAME 'filter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )",
+        "( 9.9.9.2 NAME 'scope' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )",
+        "( 9.9.9.2 NAME 'age' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )",
+      ],
+      "dITContentRules" => [
+        "( 2.5.6.6 NAME 'person' AUX simpleSecurityObject )"
+      ]
+    }
+  end
+
+  def server_default_base_dn
+    "DC=org"
+  end
+
+  # Returns a mock object which encapsulates the search query.
+  def search(options)
+    yield({
+      'objectClass' => %w(top searchResult),
+      'filter' => [options[:filter].to_s],
+      'scope' => [options[:scope].to_s],
+      'dn' => [options[:base]]
+    })
+    0
+  end
+end

data/test/rbslapd1.rb

@@ -0,0 +1,111 @@
+#!/usr/local/bin/ruby -w
+
+# This is a trivial LDAP server which just stores directory entries in RAM.
+# It does no validation or authentication. This is intended just to
+# demonstrate the API, it's not for real-world use!!
+
+$:.unshift('../lib')
+$debug = true
+
+require 'ldap/server'
+
+# We subclass the Operation class, overriding the methods to do what we need
+
+class HashOperation < LDAP::Server::Operation
+  def initialize(connection, messageID, hash)
+    super(connection, messageID)
+    @hash = hash   # an object reference to our directory data
+  end
+
+  def search(basedn, scope, deref, filter)
+    basedn.downcase!
+
+    case scope
+    when LDAP::Server::BaseObject
+      # client asked for single object by DN
+      obj = @hash[basedn]
+      raise LDAP::ResultError::NoSuchObject unless obj
+      send_SearchResultEntry(basedn, obj) if LDAP::Server::Filter.run(filter, obj)
+
+    when LDAP::Server::WholeSubtree
+      @hash.each do |dn, av|
+        next unless dn.index(basedn, -basedn.length)    # under basedn?
+        next unless LDAP::Server::Filter.run(filter, av)  # attribute filter?
+        send_SearchResultEntry(dn, av)
+      end
+
+    else
+      raise LDAP::ResultError::UnwillingToPerform, "OneLevel not implemented"
+
+    end
+  end
+
+  def add(dn, av)
+    dn.downcase!
+    raise LDAP::ResultError::EntryAlreadyExists if @hash[dn]
+    @hash[dn] = av
+  end
+
+  def del(dn)
+    dn.downcase!
+    raise LDAP::ResultError::NoSuchObject unless @hash.has_key?(dn)
+    @hash.delete(dn)
+  end
+
+  def modify(dn, ops)
+    entry = @hash[dn]
+    raise LDAP::ResultError::NoSuchObject unless entry
+    ops.each do |attr, vals|
+      op = vals.shift
+      case op 
+      when :add
+        entry[attr] ||= []
+        entry[attr] += vals
+        entry[attr].uniq!
+      when :delete
+        if vals == []
+          entry.delete(attr)
+        else
+          vals.each { |v| entry[attr].delete(v) }
+        end
+      when :replace
+        entry[attr] = vals
+      end
+      entry.delete(attr) if entry[attr] == []
+    end
+  end
+end
+
+# This is the shared object which carries our actual directory entries.
+# It's just a hash of {dn=>entry}, where each entry is {attr=>[val,val,...]}
+
+directory = {}
+
+# Let's put some backing store on it
+
+require 'yaml'
+begin
+  File.open("ldapdb.yaml") { |f| directory = YAML::load(f.read) }
+rescue Errno::ENOENT
+end
+
+at_exit do
+  File.open("ldapdb.new","w") { |f| f.write(YAML::dump(directory)) }
+  File.rename("ldapdb.new","ldapdb.yaml")
+end
+
+# Listen for incoming LDAP connections. For each one, create a Connection
+# object, which will invoke a HashOperation object for each request.
+
+s = LDAP::Server.new(
+	:port			=> 1389,
+	:nodelay		=> true,
+	:listen			=> 10,
+#	:ssl_key_file		=> "key.pem",
+#	:ssl_cert_file		=> "cert.pem",
+#	:ssl_on_connect		=> true,
+	:operation_class	=> HashOperation,
+	:operation_args		=> [directory]
+)
+s.run_tcpserver
+s.join

data/test/rbslapd4.rb

@@ -0,0 +1,172 @@
+#!/usr/local/bin/ruby -w
+
+# This is similar to rbslapd1.rb but here we use TOMITA Masahiro's prefork
+# library: <http://raa.ruby-lang.org/project/prefork/>
+# Advantages over Ruby threading:
+# - each client connection is handled in its own process; don't need
+#   to worry about Ruby thread blocking (except if one client issues
+#   overlapping LDAP operations down the same connection, which is uncommon)
+# - better scalability on multi-processor systems
+# - better scalability on single-processor systems (e.g. shouldn't hit
+#   max FDs per process limit)
+# Disadvantages:
+# - client connections can't share state in RAM. So our shared directory
+#   now has to be read from disk, and flushed to disk after every update.
+#
+# Additionally, I have added schema support. An LDAP v3 client can
+# query the schema remotely, and adds/modifies have data validated.
+
+$:.unshift('../lib')
+
+require 'ldap/server'
+require 'ldap/server/schema'
+require 'yaml'
+
+$debug = nil # $stderr
+
+# An object to keep our in-RAM database and synchronise it to disk
+# when necessary
+
+class Directory
+  attr_reader :data
+
+  def initialize(filename)
+    @filename = filename
+    @stat = nil
+    update
+  end
+
+  # synchronise with directory on disk (re-read if it has changed)
+
+  def update
+    begin
+      tmp = {}
+      sb = File.stat(@filename)
+      return if @stat and @stat.ino == sb.ino and @stat.mtime == sb.mtime
+      File.open(@filename) do |f|
+        tmp = YAML::load(f.read)
+        @stat = f.stat
+      end
+    rescue Errno::ENOENT
+    end
+    @data = tmp
+  end
+
+  # write back to disk
+
+  def write
+    File.open(@filename+".new","w") { |f| f.write(YAML::dump(@data)) }
+    File.rename(@filename+".new",@filename)
+    @stat = File.stat(@filename)
+  end
+
+  # run a block while holding a lock on the database
+
+  def lock
+    File.open(@filename+".lock","w") do |f|
+      f.flock(File::LOCK_EX)  # will block here until lock available
+      yield
+    end
+  end
+end
+
+# We subclass the Operation class, overriding the methods to do what we need
+
+class DirOperation < LDAP::Server::Operation
+  def initialize(connection, messageID, dir)
+    super(connection, messageID)
+    @dir = dir
+  end
+
+  def search(basedn, scope, deref, filter)
+    $debug << "Search: basedn=#{basedn.inspect}, scope=#{scope.inspect}, deref=#{deref.inspect}, filter=#{filter.inspect}\n" if $debug
+    basedn.downcase!
+
+    case scope
+    when LDAP::Server::BaseObject
+      # client asked for single object by DN
+      @dir.update
+      obj = @dir.data[basedn]
+      raise LDAP::ResultError::NoSuchObject unless obj
+      ok = LDAP::Server::Filter.run(filter, obj)
+      $debug << "Match=#{ok.inspect}: #{obj.inspect}\n" if $debug
+      send_SearchResultEntry(basedn, obj) if ok
+
+    when LDAP::Server::WholeSubtree
+      @dir.update
+      @dir.data.each do |dn, av|
+        $debug << "Considering #{dn}\n" if $debug
+        next unless dn.index(basedn, -basedn.length)    # under basedn?
+        next unless LDAP::Server::Filter.run(filter, av)  # attribute filter?
+        $debug << "Sending: #{av.inspect}\n" if $debug
+        send_SearchResultEntry(dn, av)
+      end
+
+    else
+      raise LDAP::ResultError::UnwillingToPerform, "OneLevel not implemented"
+
+    end
+  end
+
+  def add(dn, entry)
+    entry = @schema.validate(entry)
+    entry['createTimestamp'] = [Time.now.gmtime.strftime("%Y%m%d%H%MZ")]
+    entry['creatorsName'] = [@connection.binddn.to_s]
+    # FIXME: normalize the DN and check it's below our root DN
+    # FIXME: validate that a superior object exists
+    # FIXME: validate that entry contains the RDN attribute (yuk)
+    dn.downcase!
+    @dir.lock do
+      @dir.update
+      raise LDAP::ResultError::EntryAlreadyExists if @dir.data[dn]
+      @dir.data[dn] = entry
+      @dir.write
+    end
+  end
+
+  def del(dn)
+    dn.downcase!
+    @dir.lock do
+      @dir.update
+      raise LDAP::ResultError::NoSuchObject unless @dir.data.has_key?(dn)
+      @dir.data.delete(dn)
+      @dir.write
+    end
+  end
+
+  def modify(dn, ops)
+    dn.downcase!
+    @dir.lock do
+      @dir.update
+      entry = @dir.data[dn]
+      raise LDAP::ResultError::NoSuchObject unless entry
+      entry = @schema.validate(ops, entry)  # also does the update
+      entry['modifyTimestamp'] = [Time.now.gmtime.strftime("%Y%m%d%H%MZ")]
+      entry['modifiersName'] = [@connection.binddn.to_s]
+      @dir.data[dn] = entry
+      @dir.write
+    end
+  end
+end
+
+directory = Directory.new("ldapdb.yaml")
+
+schema = LDAP::Server::Schema.new
+schema.load_system
+schema.load_file("../test/core.schema")
+schema.resolve_oids
+
+s = LDAP::Server.new(
+	:port			=> 1389,
+	:nodelay		=> true,
+	:listen			=> 10,
+#	:ssl_key_file		=> "key.pem",
+#	:ssl_cert_file		=> "cert.pem",
+#	:ssl_on_connect		=> true,
+	:operation_class	=> DirOperation,
+	:operation_args		=> [directory],
+	:schema			=> schema,
+	:namingContexts		=> ['dc=example,dc=com']
+)
+s.run_tcpserver
+s.join

data/test/test_helper.rb

@@ -0,0 +1,2 @@
+$:.unshift(File.join(File.dirname(__FILE__),'..','lib')).uniq!
+require 'test/unit'