net-ldap 0.1.1 → 0.2

data/lib/net/ldap/dataset.rb

@@ -1,99 +1,154 @@
-#----------------------------------------------------------------------------
-#
-# Copyright (C) 2006 by Francis Cianfrocca. All Rights Reserved.
-#
-# Gmail: garbagecat10
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-#
-#---------------------------------------------------------------------------
-
-module Net
-  class LDAP
-    class Dataset < Hash
-      attr_reader :comments
-
-      class IOFilter
-        def initialize(io)
-          @io = io
-        end
-        def gets
-          s = @io.gets
-          s.chomp if s
-        end
-      end
+# -*- ruby encoding: utf-8 -*-
+##
+# An LDAP Dataset. Used primarily as an intermediate format for converting
+# to and from LDIF strings and Net::LDAP::Entry objects.
+class Net::LDAP::Dataset < Hash
+  ##
+  # Dataset object comments.
+  attr_reader :comments
 
-      def self.read_ldif io
-        ds = Dataset.new
-        io = IOFilter.new(io)
+  def initialize(*args, &block) # :nodoc:
+    super
+    @comments = []
+  end
 
-        line = io.gets
-        dn = nil
+  ##
+  # Outputs an LDAP Dataset as an array of strings representing LDIF
+  # entries.
+  def to_ldif
+    ary = []
+    ary += @comments unless @comments.empty?
+    keys.sort.each do |dn|
+      ary << "dn: #{dn}"
 
-        while line
-          new_line = io.gets
-          if new_line =~ /^[\s]+/
-            line << " " << $'
+      attributes = self[dn].keys.map { |attr| attr.to_s }.sort
+      attributes.each do |attr|
+        self[dn][attr.to_sym].each do |value|
+          if attr == "userpassword" or value_is_binary?(value)
+            value = [value].pack("m").chomp.gsub(/\n/m, "\n ")
+            ary << "#{attr}:: #{value}"
           else
-            nextline = new_line
-
-            if line =~ /^\#/
-              ds.comments << line
-            elsif line =~ /^dn:[\s]*/i
-              dn = $'
-              ds[dn] = Hash.new {|k,v| k[v] = []}
-            elsif line.length == 0
-              dn = nil
-            elsif line =~ /^([^:]+):([\:]?)[\s]*/
-              # $1 is the attribute name
-              # $2 is a colon iff the attr-value is base-64 encoded
-              # $' is the attr-value
-              # Avoid the Base64 class because not all Ruby versions have it.
-              attrvalue = ($2 == ":") ? $'.unpack('m').shift : $'
-              ds[dn][$1.downcase.intern] << attrvalue
-            end
-
-            line = nextline
+            ary << "#{attr}: #{value}"
           end
         end
+      end
+
+      ary << ""
+    end
+    block_given? and ary.each { |line| yield line}
+
+    ary
+  end
+
+  ##
+  # Outputs an LDAP Dataset as an LDIF string.
+  def to_ldif_string
+    to_ldif.join("\n")
+  end
 
-        ds
+  ##
+  # Convert the parsed LDIF objects to Net::LDAP::Entry objects.
+  def to_entries
+    ary = []
+    keys.each do |dn|
+      entry = Net::LDAP::Entry.new(dn)
+      self[dn].each do |attr, value|
+        entry[attr] = value
       end
+      ary << entry
+    end
+    ary
+  end
 
+  ##
+  # This is an internal convenience method to determine if a value requires
+  # base64-encoding before conversion to LDIF output. The standard approach
+  # in most LDAP tools is to check whether the value is a password, or if
+  # the first or last bytes are non-printable. Microsoft Active Directory,
+  # on the other hand, sometimes sends values that are binary in the middle.
+  #
+  # In the worst cases, this could be a nasty performance killer, which is
+  # why we handle the simplest cases first. Ideally, we would also test the
+  # first/last byte, but it's a bit harder to do this in a way that's
+  # compatible with both 1.8.6 and 1.8.7.
+  def value_is_binary?(value) # :nodoc:
+    value = value.to_s
+    return true if value[0] == ?: or value[0] == ?<
+    value.each_byte { |byte| return true if (byte < 32) || (byte > 126) }
+    false
+  end
+  private :value_is_binary?
 
-      def initialize
-        @comments = []
+  class << self
+    class ChompedIO # :nodoc:
+      def initialize(io)
+        @io = io
       end
+      def gets
+        s = @io.gets
+        s.chomp if s
+      end
+    end
+
+    ##
+    # Creates a Dataset object from an Entry object. Used mostly to assist
+    # with the conversion of
+    def from_entry(entry)
+      dataset = Net::LDAP::Dataset.new
+      hash = { }
+      entry.each_attribute do |attribute, value|
+        next if attribute == :dn
+        hash[attribute] = value
+      end
+      dataset[entry.dn] = hash
+      dataset
+    end
 
+    ##
+    # Reads an object that returns data line-wise (using #gets) and parses
+    # LDIF data into a Dataset object.
+    def read_ldif(io)
+      ds = Net::LDAP::Dataset.new
+      io = ChompedIO.new(io)
 
-      def to_ldif
-        ary = []
-        ary += (@comments || [])
-        keys.sort.each do |dn|
-          ary << "dn: #{dn}"
+      line = io.gets
+      dn = nil
 
-          self[dn].keys.map {|sym| sym.to_s}.sort.each do |attr|
-            self[dn][attr.intern].each {|val| ary << "#{attr}: #{val}" }
+      while line
+        new_line = io.gets
+
+        if new_line =~ /^[\s]+/
+          line << " " << $'
+        else
+          nextline = new_line
+
+          if line =~ /^#/
+            ds.comments << line
+            yield :comment, line if block_given?
+          elsif line =~ /^dn:[\s]*/i
+            dn = $'
+            ds[dn] = Hash.new { |k,v| k[v] = [] }
+            yield :dn, dn if block_given?
+          elsif line.empty?
+            dn = nil
+            yield :end, nil if block_given?
+          elsif line =~ /^([^:]+):([\:]?)[\s]*/
+            # $1 is the attribute name
+            # $2 is a colon iff the attr-value is base-64 encoded
+            # $' is the attr-value
+            # Avoid the Base64 class because not all Ruby versions have it.
+            attrvalue = ($2 == ":") ? $'.unpack('m').shift : $'
+            ds[dn][$1.downcase.to_sym] << attrvalue
+            yield :attr, [$1.downcase.to_sym, attrvalue] if block_given?
           end
 
-          ary << ""
+          line = nextline
         end
-        block_given? and ary.each {|line| yield line}
-        ary
       end
 
-    end 
-  end 
+      ds
+    end
+  end
 end
+
+require 'net/ldap/entry' unless defined? Net::LDAP::Entry

data/lib/net/ldap/dn.rb

@@ -0,0 +1,225 @@
+# -*- ruby encoding: utf-8 -*-
+
+##
+# Objects of this class represent an LDAP DN ("Distinguished Name"). A DN
+# ("Distinguished Name") is a unique identifier for an entry within an LDAP
+# directory. It is made up of a number of other attributes strung together,
+# to identify the entry in the tree.
+#
+# Each attribute that makes up a DN needs to have its value escaped so that
+# the DN is valid. This class helps take care of that.
+#
+# A fully escaped DN needs to be unescaped when analysing its contents. This
+# class also helps take care of that.
+class Net::LDAP::DN
+  ##
+  # Initialize a DN, escaping as required. Pass in attributes in name/value
+  # pairs. If there is a left over argument, it will be appended to the dn
+  # without escaping (useful for a base string).
+  #
+  # Most uses of this class will be to escape a DN, rather than to parse it,
+  # so storing the dn as an escaped String and parsing parts as required
+  # with a state machine seems sensible.
+  def initialize(*args)
+    buffer = StringIO.new
+
+    args.each_index do |index|
+      buffer << "=" if index % 2 == 1
+      buffer << "," if index % 2 == 0 && index != 0
+
+      if index < args.length - 1 || index % 2 == 1
+        buffer << Net::LDAP::DN.escape(args[index])
+      else
+        buffer << args[index]
+      end
+    end
+
+    @dn = buffer.string
+  end
+
+  ##
+  # Parse a DN into key value pairs using ASN from
+  # http://tools.ietf.org/html/rfc2253 section 3.
+  def each_pair
+    state = :key
+    key = StringIO.new
+    value = StringIO.new
+    hex_buffer = ""
+
+    @dn.each_char do |char|
+      case state
+      when :key then
+        case char
+        when 'a'..'z', 'A'..'Z' then
+          state = :key_normal
+          key << char
+        when '0'..'9' then
+          state = :key_oid
+          key << char
+        when ' ' then state = :key
+        else raise "DN badly formed"
+        end
+      when :key_normal then
+        case char
+        when '=' then state = :value
+        when 'a'..'z', 'A'..'Z', '0'..'9', '-', ' ' then key << char
+        else raise "DN badly formed"
+        end
+      when :key_oid then
+        case char
+        when '=' then state = :value
+        when '0'..'9', '.', ' ' then key << char
+        else raise "DN badly formed"
+        end
+      when :value then
+        case char
+        when '\\' then state = :value_normal_escape
+        when '"' then state = :value_quoted
+        when ' ' then state = :value
+        when '#' then
+          state = :value_hexstring
+          value << char
+        when ',' then
+          state = :key
+          yield key.string.strip, value.string.rstrip
+          key = StringIO.new
+          value = StringIO.new;
+        else
+          state = :value_normal
+          value << char
+        end
+      when :value_normal then
+        case char
+        when '\\' then state = :value_normal_escape
+        when ',' then
+          state = :key
+          yield key.string.strip, value.string.rstrip
+          key = StringIO.new
+          value = StringIO.new;
+        else value << char
+        end
+      when :value_normal_escape then
+        case char
+        when '0'..'9', 'a'..'f', 'A'..'F' then
+          state = :value_normal_escape_hex
+          hex_buffer = char
+        else state = :value_normal; value << char
+        end
+      when :value_normal_escape_hex then
+        case char
+        when '0'..'9', 'a'..'f', 'A'..'F' then
+          state = :value_normal
+          value << "#{hex_buffer}#{char}".to_i(16).chr
+        else raise "DN badly formed"
+        end
+      when :value_quoted then
+        case char
+        when '\\' then state = :value_quoted_escape
+        when '"' then state = :value_end
+        else value << char
+        end
+      when :value_quoted_escape then
+        case char
+        when '0'..'9', 'a'..'f', 'A'..'F' then
+          state = :value_quoted_escape_hex
+          hex_buffer = char
+        else
+          state = :value_quoted;
+          value << char
+        end
+      when :value_quoted_escape_hex then
+        case char
+        when '0'..'9', 'a'..'f', 'A'..'F' then
+          state = :value_quoted
+          value << "#{hex_buffer}#{char}".to_i(16).chr
+        else raise "DN badly formed"
+        end
+      when :value_hexstring then
+        case char
+        when '0'..'9', 'a'..'f', 'A'..'F' then
+          state = :value_hexstring_hex
+          value << char
+        when ' ' then state = :value_end
+        when ',' then
+          state = :key
+          yield key.string.strip, value.string.rstrip
+          key = StringIO.new
+          value = StringIO.new;
+        else raise "DN badly formed"
+        end
+      when :value_hexstring_hex then
+        case char
+        when '0'..'9', 'a'..'f', 'A'..'F' then
+          state = :value_hexstring
+          value << char
+        else raise "DN badly formed"
+        end
+      when :value_end then
+        case char
+        when ' ' then state = :value_end
+        when ',' then
+          state = :key
+          yield key.string.strip, value.string.rstrip
+          key = StringIO.new
+          value = StringIO.new;
+        else raise "DN badly formed"
+        end
+      else raise "Fell out of state machine"
+      end
+    end
+
+    # Last pair
+    if [:value, :value_normal, :value_hexstring, :value_end].include? state
+      yield key.string.strip, value.string.rstrip
+    else
+      raise "DN badly formed"
+    end
+  end
+
+  ##
+  # Returns the DN as an array in the form expected by the constructor.
+  def to_a
+    a = []
+    self.each_pair { |key, value| a << key << value }
+    a
+  end
+
+  ##
+  # Return the DN as an escaped string.
+  def to_s
+    @dn
+  end
+
+  # http://tools.ietf.org/html/rfc2253 section 2.4 lists these exceptions
+  # for dn values. All of the following must be escaped in any normal string
+  # using a single backslash ('\') as escape.
+  ESCAPES = {
+    ','  => ',',
+    '+'  => '+',
+    '"'  => '"',
+    '\\' => '\\',
+    '<' => '<',
+    '>' => '>',
+    ';' => ';',
+  }
+
+  # Compiled character class regexp using the keys from the above hash, and
+  # checking for a space or # at the start, or space at the end, of the
+  # string.
+  ESCAPE_RE = Regexp.new("(^ |^#| $|[" +
+                         ESCAPES.keys.map { |e| Regexp.escape(e) }.join +
+                         "])")
+
+  ##
+  # Escape a string for use in a DN value
+  def self.escape(string)
+    string.gsub(ESCAPE_RE) { |char| "\\" + ESCAPES[char] }
+  end
+
+  ##
+  # Proxy all other requests to the string object, because a DN is mainly
+  # used within the library as a string
+  def method_missing(method, *args, &block)
+    @dn.send(method, *args, &block)
+  end
+end