RubyGems - net-ldap - Versions diffs - 0.13.0 → 0.14.0 - Mend

net-ldap 0.13.0 → 0.14.0

Potentially problematic release.

This version of net-ldap might be problematic. Click here for more details.

Files changed (40) hide show

checksums.yaml +4 -4
data/.rubocop.yml +12 -0
data/.rubocop_todo.yml +282 -145
data/Contributors.rdoc +1 -0
data/History.rdoc +17 -0
data/README.rdoc +1 -1
data/lib/net/ber.rb +3 -2
data/lib/net/ber/ber_parser.rb +1 -1
data/lib/net/ber/core_ext/array.rb +1 -1
data/lib/net/ber/core_ext/integer.rb +1 -1
data/lib/net/ber/core_ext/string.rb +1 -1
data/lib/net/ldap.rb +89 -24
data/lib/net/ldap/auth_adapter/gss_spnego.rb +2 -2
data/lib/net/ldap/auth_adapter/sasl.rb +2 -2
data/lib/net/ldap/connection.rb +108 -25
data/lib/net/ldap/dataset.rb +2 -2
data/lib/net/ldap/entry.rb +3 -3
data/lib/net/ldap/filter.rb +5 -5
data/lib/net/ldap/pdu.rb +26 -2
data/lib/net/ldap/version.rb +1 -1
data/lib/net/snmp.rb +18 -18
data/test/ber/core_ext/test_array.rb +1 -1
data/test/ber/test_ber.rb +2 -2
data/test/fixtures/openldap/slapd.conf.ldif +1 -1
data/test/integration/test_add.rb +1 -1
data/test/integration/test_ber.rb +1 -1
data/test/integration/test_delete.rb +1 -1
data/test/integration/test_open.rb +1 -1
data/test/integration/test_password_modify.rb +80 -0
data/test/integration/test_search.rb +1 -1
data/test/test_auth_adapter.rb +6 -3
data/test/test_dn.rb +3 -3
data/test/test_filter.rb +4 -4
data/test/test_ldap.rb +51 -10
data/test/test_ldap_connection.rb +62 -51
data/test/test_ldif.rb +10 -10
data/test/test_search.rb +2 -2
data/test/test_snmp.rb +4 -4
data/testserver/ldapserver.rb +11 -12
metadata +5 -4

@@ -29,7 +29,7 @@ class Net::LDAP::Dataset < Hash
     keys.sort.each do |dn|
       ary << "dn: #{dn}"
-      attributes = self[dn].keys.map { |attr| attr.to_s }.sort
+      attributes = self[dn].keys.map(&:to_s).sort
       attributes.each do |attr|
         self[dn][attr.to_sym].each do |value|
           if attr == "userpassword" or value_is_binary?(value)
@@ -141,7 +141,7 @@ class Net::LDAP::Dataset < Hash
             # $' is the dn-value
             # Avoid the Base64 class because not all Ruby versions have it.
             dn = ($1 == ":") ? $'.unpack('m').shift : $'
-            ds[dn] = Hash.new { |k,v| k[v] = [] }
+            ds[dn] = Hash.new { |k, v| k[v] = [] }
             yield :dn, dn if block_given?
           elsif line.empty?
             dn = nil

data/lib/net/ldap/entry.rb CHANGED

@@ -141,10 +141,10 @@ class Net::LDAP::Entry
   # (possibly empty) \Array of data values.
   def each # :yields: attribute-name, data-values-array
     if block_given?
-      attribute_names.each {|a|
-        attr_name,values = a,self[a]
+      attribute_names.each do|a|
+        attr_name, values = a, self[a]
         yield attr_name, values
-      }
+      end
     end
   end
   alias_method :each_attribute, :each

data/lib/net/ldap/filter.rb CHANGED

@@ -23,7 +23,7 @@
 class Net::LDAP::Filter
   ##
   # Known filter types.
-  FilterTypes = [ :ne, :eq, :ge, :le, :and, :or, :not, :ex, :bineq ]
+  FilterTypes = [:ne, :eq, :ge, :le, :and, :or, :not, :ex, :bineq]
   def initialize(op, left, right) #:nodoc:
     unless FilterTypes.include?(op)
@@ -287,7 +287,7 @@ class Net::LDAP::Filter
       when 0xa4 # context-specific constructed 4, "substring"
         str = ""
         final = false
-        ber.last.each { |b|
+        ber.last.each do |b|
           case b.ber_identifier
           when 0x80 # context-specific primitive 0, SubstringFilter "initial"
             raise Net::LDAP::SubstringFilterError, "Unrecognized substring filter; bad initial value." if str.length > 0
@@ -298,7 +298,7 @@ class Net::LDAP::Filter
             str += "*#{escape(b)}"
             final = true
           end
-        }
+        end
         str += "*" unless final
         eq(ber.first.to_s, str)
       when 0xa5 # context-specific constructed 5, "greaterOrEqual"
@@ -550,10 +550,10 @@ class Net::LDAP::Filter
       [self.class.eq(@left, @right).to_ber].to_ber_contextspecific(2)
     when :and
       ary = [@left.coalesce(:and), @right.coalesce(:and)].flatten
-      ary.map {|a| a.to_ber}.to_ber_contextspecific(0)
+      ary.map(&:to_ber).to_ber_contextspecific(0)
     when :or
       ary = [@left.coalesce(:or), @right.coalesce(:or)].flatten
-      ary.map {|a| a.to_ber}.to_ber_contextspecific(1)
+      ary.map(&:to_ber).to_ber_contextspecific(1)
     when :not
       [@left.to_ber].to_ber_contextspecific(2)
     end

data/lib/net/ldap/pdu.rb CHANGED

@@ -74,6 +74,7 @@ class Net::LDAP::PDU
   attr_reader :search_referrals
   attr_reader :search_parameters
   attr_reader :bind_parameters
+  attr_reader :extended_response
   ##
   # Returns RFC-2251 Controls if any.
@@ -120,7 +121,7 @@ class Net::LDAP::PDU
     when UnbindRequest
       parse_unbind_request(ber_object[1])
     when ExtendedResponse
-      parse_ldap_result(ber_object[1])
+      parse_extended_response(ber_object[1])
     else
       raise LdapPduError.new("unknown pdu-type: #{@app_tag}")
     end
@@ -174,12 +175,35 @@ class Net::LDAP::PDU
     @ldap_result = {
       :resultCode => sequence[0],
       :matchedDN => sequence[1],
-      :errorMessage => sequence[2]
+      :errorMessage => sequence[2],
     }
     parse_search_referral(sequence[3]) if @ldap_result[:resultCode] == Net::LDAP::ResultCodeReferral
   end
   private :parse_ldap_result
+  ##
+  # Parse an extended response
+  #
+  # http://www.ietf.org/rfc/rfc2251.txt
+  #
+  # Each Extended operation consists of an Extended request and an
+  # Extended response.
+  #
+  #      ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
+  #           requestName      [0] LDAPOID,
+  #           requestValue     [1] OCTET STRING OPTIONAL }
+  def parse_extended_response(sequence)
+    sequence.length >= 3 or raise Net::LDAP::PDU::Error, "Invalid LDAP result length."
+    @ldap_result = {
+      :resultCode => sequence[0],
+      :matchedDN => sequence[1],
+      :errorMessage => sequence[2],
+    }
+    @extended_response = sequence[3]
+  end
+  private :parse_extended_response
   ##
   # A Bind Response may have an additional field, ID [7], serverSaslCreds,
   # per RFC 2251 pgh 4.2.3.

data/lib/net/ldap/version.rb CHANGED

@@ -1,5 +1,5 @@
 module Net
   class LDAP
-    VERSION = "0.13.0"
+    VERSION = "0.14.0"
   end
 end

data/lib/net/snmp.rb CHANGED

@@ -12,7 +12,7 @@ module Net
           2 => :integer,  # Gauge32 or Unsigned32, (RFC2578 sec 2)
           3 => :integer  # TimeTicks32, (RFC2578 sec 2)
         },
-        :constructed => {}
+        :constructed => {},
       },
       :context_specific => {
         :primitive => {},
@@ -20,8 +20,8 @@ module Net
           0 => :array,  # GetRequest PDU (RFC1157 pgh 4.1.2)
           1 => :array,  # GetNextRequest PDU (RFC1157 pgh 4.1.3)
           2 => :array    # GetResponse PDU (RFC1157 pgh 4.1.4)
-        }
-      }
+        },
+      },
     })
     # SNMP 32-bit counter.
@@ -70,7 +70,7 @@ module Net
       :get_next_request,
       :get_response,
       :set_request,
-      :trap
+      :trap,
     ]
     ErrorStatusCodes = { # Per RFC1157, pgh 4.1.1
       0 => "noError",
@@ -78,7 +78,7 @@ module Net
       2 => "noSuchName",
       3 => "badValue",
       4 => "readOnly",
-      5 => "genErr"
+      5 => "genErr",
     }
     class << self
@@ -148,7 +148,7 @@ module Net
       # data[2] is error_index, always zero.
       send :error_status=, 0
       send :error_index=, 0
-      data[3].each do |n,v|
+      data[3].each do |n, v|
         # A variable-binding, of which there may be several,
         # consists of an OID and a BER null.
         # We're ignoring the null, we might want to verify it instead.
@@ -166,7 +166,7 @@ module Net
       send :request_id=, data[0].to_i
       send :error_status=, data[1].to_i
       send :error_index=, data[2].to_i
-      data[3].each do |n,v|
+      data[3].each do |n, v|
         # A variable-binding, of which there may be several,
         # consists of an OID and a BER null.
         # We're ignoring the null, we might want to verify it instead.
@@ -177,7 +177,7 @@ module Net
     def version= ver
-      unless [0,2].include?(ver)
+      unless [0, 2].include?(ver)
         raise Error.new("unknown snmp-version: #{ver}")
       end
       @version = ver
@@ -191,7 +191,7 @@ module Net
     end
     def error_status= es
-      unless ErrorStatusCodes.has_key?(es)
+      unless ErrorStatusCodes.key?(es)
         raise Error.new("unknown error-status: #{es}")
       end
       @error_status = es
@@ -227,10 +227,10 @@ module Net
           error_status.to_ber,
           error_index.to_ber,
           [
-            @variables.map {|n,v|
+            @variables.map do|n, v|
               [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence
-            }
-          ].to_ber_sequence
+            end,
+          ].to_ber_sequence,
         ].to_ber_contextspecific(0)
       when :get_next_request
         [
@@ -238,10 +238,10 @@ module Net
           error_status.to_ber,
           error_index.to_ber,
           [
-            @variables.map {|n,v|
+            @variables.map do|n, v|
               [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence
-            }
-          ].to_ber_sequence
+            end,
+          ].to_ber_sequence,
         ].to_ber_contextspecific(1)
       when :get_response
         [
@@ -249,10 +249,10 @@ module Net
           error_status.to_ber,
           error_index.to_ber,
           [
-            @variables.map {|n,v|
+            @variables.map do|n, v|
               [n.to_ber_oid, v.to_ber].to_ber_sequence
-            }
-          ].to_ber_sequence
+            end,
+          ].to_ber_sequence,
         ].to_ber_contextspecific(2)
       else
         raise Error.new( "unknown pdu-type: #{pdu_type}" )

data/test/ber/core_ext/test_array.rb CHANGED

@@ -6,7 +6,7 @@ class TestBERArrayExtension < Test::Unit::TestCase
     control_codes << ['1.2.3'.to_ber, true.to_ber].to_ber_sequence
     control_codes << ['1.7.9'.to_ber, false.to_ber].to_ber_sequence
     control_codes = control_codes.to_ber_sequence
-    res = [['1.2.3', true],['1.7.9',false]].to_ber_control
+    res = [['1.2.3', true], ['1.7.9', false]].to_ber_control
     assert_equal control_codes, res
   end

data/test/ber/test_ber.rb CHANGED

@@ -6,8 +6,8 @@ class TestBEREncoding < Test::Unit::TestCase
   end
   def test_array
-    ary = [1,2,3]
-    encoded_ary = ary.map { |el| el.to_ber }.to_ber
+    ary = [1, 2, 3]
+    encoded_ary = ary.map(&:to_ber).to_ber
     assert_equal ary, encoded_ary.read_ber
   end

data/test/fixtures/openldap/slapd.conf.ldif CHANGED

@@ -3,7 +3,7 @@ objectClass: olcGlobal
 cn: config
 olcPidFile: /var/run/slapd/slapd.pid
 olcArgsFile: /var/run/slapd/slapd.args
-olcLogLevel: none
+olcLogLevel: -1
 olcToolThreads: 1
 dn: olcDatabase={-1}frontend,cn=config

data/test/integration/test_add.rb CHANGED

@@ -14,7 +14,7 @@ class TestAddIntegration < LDAPIntegrationTestCase
       uid:  "added-user1",
       cn:   "added-user1",
       sn:   "added-user1",
-      mail: "added-user1@rubyldap.com"
+      mail: "added-user1@rubyldap.com",
     }
     assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect

data/test/integration/test_ber.rb CHANGED

@@ -12,7 +12,7 @@ class TestBERIntegration < LDAPIntegrationTestCase
       filter: "(uid=user1)",
       size: 1,
       attributes: attrs,
-      attributes_only: true
+      attributes_only: true,
     ).first
     # matches attributes we requested

data/test/integration/test_delete.rb CHANGED

@@ -12,7 +12,7 @@ class TestDeleteIntegration < LDAPIntegrationTestCase
       uid:  "delete-user1",
       cn:   "delete-user1",
       sn:   "delete-user1",
-      mail: "delete-user1@rubyldap.com"
+      mail: "delete-user1@rubyldap.com",
     }
     unless @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
       assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect

data/test/integration/test_open.rb CHANGED

@@ -63,7 +63,7 @@ class TestBindIntegration < LDAPIntegrationTestCase
       uid:  "nested-open-added-user1",
       cn:   "nested-open-added-user1",
       sn:   "nested-open-added-user1",
-      mail: "nested-open-added-user1@rubyldap.com"
+      mail: "nested-open-added-user1@rubyldap.com",
     }
     @ldap.authenticate "cn=admin,dc=rubyldap,dc=com", "passworD1"

data/test/integration/test_password_modify.rb ADDED

@@ -0,0 +1,80 @@
+require_relative '../test_helper'
+class TestPasswordModifyIntegration < LDAPIntegrationTestCase
+  def setup
+    super
+    @ldap.authenticate 'cn=admin,dc=rubyldap,dc=com', 'passworD1'
+    @dn = 'uid=modify-password-user1,ou=People,dc=rubyldap,dc=com'
+    attrs = {
+      objectclass: %w(top inetOrgPerson organizationalPerson person),
+      uid: 'modify-password-user1',
+      cn: 'modify-password-user1',
+      sn: 'modify-password-user1',
+      mail: 'modify-password-user1@rubyldap.com',
+      userPassword: 'passworD1',
+    }
+    unless @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
+      assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect
+    end
+    assert @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject)
+    @auth = {
+      method: :simple,
+      username: @dn,
+      password: 'passworD1',
+    }
+  end
+  def test_password_modify
+    assert @ldap.password_modify(dn: @dn,
+                                 auth: @auth,
+                                 old_password: 'passworD1',
+                                 new_password: 'passworD2')
+    assert @ldap.get_operation_result.extended_response.nil?,
+      'Should not have generated a new password'
+    refute @ldap.bind(username: @dn, password: 'passworD1', method: :simple),
+      'Old password should no longer be valid'
+    assert @ldap.bind(username: @dn, password: 'passworD2', method: :simple),
+      'New password should be valid'
+  end
+  def test_password_modify_generate
+    assert @ldap.password_modify(dn: @dn,
+                                 auth: @auth,
+                                 old_password: 'passworD1')
+    generated_password = @ldap.get_operation_result.extended_response[0][0]
+    assert generated_password, 'Should have generated a password'
+    refute @ldap.bind(username: @dn, password: 'passworD1', method: :simple),
+      'Old password should no longer be valid'
+    assert @ldap.bind(username: @dn, password: generated_password, method: :simple),
+      'New password should be valid'
+  end
+  def test_password_modify_generate_no_old_password
+    assert @ldap.password_modify(dn: @dn,
+                                 auth: @auth)
+    generated_password = @ldap.get_operation_result.extended_response[0][0]
+    assert generated_password, 'Should have generated a password'
+    refute @ldap.bind(username: @dn, password: 'passworD1', method: :simple),
+      'Old password should no longer be valid'
+    assert @ldap.bind(username: @dn, password: generated_password, method: :simple),
+      'New password should be valid'
+  end
+  def teardown
+    @ldap.delete dn: @dn
+  end
+end

data/test/integration/test_search.rb CHANGED

@@ -57,7 +57,7 @@ class TestSearchIntegration < LDAPIntegrationTestCase
       entries << entry
     end
-    payload, _ = events.pop
+    payload, = events.pop
     assert_equal 5, payload[:time]
     assert_equal entries, result
   end

data/test/test_auth_adapter.rb CHANGED

@@ -1,10 +1,13 @@
 require 'test_helper'
 class TestAuthAdapter < Test::Unit::TestCase
-  def test_undefined_auth_adapter
-    flexmock(Socket).should_receive(:tcp).ordered.with('ldap.example.com', 379, { connect_timeout: 5 }).once.and_return(nil)
+  class FakeSocket
+    def initialize(*args)
+    end
+  end
-    conn = Net::LDAP::Connection.new(host: 'ldap.example.com', port: 379)
+  def test_undefined_auth_adapter
+    conn = Net::LDAP::Connection.new(host: 'ldap.example.com', port: 379, :socket_class => FakeSocket)
     assert_raise Net::LDAP::AuthMethodUnsupportedError, "Unsupported auth method (foo)" do
       conn.bind(method: :foo)
     end

data/test/test_dn.rb CHANGED

@@ -13,17 +13,17 @@ class TestDN < Test::Unit::TestCase
   def test_to_a
     dn = Net::LDAP::DN.new('cn=James, ou=Company\\,\\20LLC')
-    assert_equal ['cn','James','ou','Company, LLC'], dn.to_a
+    assert_equal ['cn', 'James', 'ou', 'Company, LLC'], dn.to_a
   end
   def test_to_a_parenthesis
     dn = Net::LDAP::DN.new('cn =  \ James , ou  =  "Comp\28ny"  ')
-    assert_equal ['cn',' James','ou','Comp(ny'], dn.to_a
+    assert_equal ['cn', ' James', 'ou', 'Comp(ny'], dn.to_a
   end
   def test_to_a_hash_symbol
     dn = Net::LDAP::DN.new('1.23.4=  #A3B4D5  ,ou=Company')
-    assert_equal ['1.23.4','#A3B4D5','ou','Company'], dn.to_a
+    assert_equal ['1.23.4', '#A3B4D5', 'ou', 'Company'], dn.to_a
   end
   # TODO: raise a more specific exception than RuntimeError

data/test/test_filter.rb CHANGED

@@ -13,11 +13,11 @@ class TestFilter < Test::Unit::TestCase
   end
   def test_invalid_filter
-    assert_raises(Net::LDAP::OperatorError) {
+    assert_raises(Net::LDAP::OperatorError) do
       # This test exists to prove that our constructor blocks unknown filter
       # types. All filters must be constructed using helpers.
       Filter.__send__(:new, :xx, nil, nil)
-    }
+    end
   end
   def test_to_s
@@ -144,7 +144,7 @@ class TestFilterRSpec < Test::Unit::TestCase
     '(:dn:2.4.8.10:=Dino)',
     '(cn:dn:1.2.3.4.5:=John Smith)',
     '(sn:dn:2.4.6.8.10:=Barbara Jones)',
-    '(&(sn:dn:2.4.6.8.10:=Barbara Jones))'
+    '(&(sn:dn:2.4.6.8.10:=Barbara Jones))',
   ].each_with_index do |filter_str, index|
     define_method "test_decode_filter_#{index}" do
       filter = Net::LDAP::Filter.from_rfc2254(filter_str)
@@ -195,7 +195,7 @@ class TestFilterRSpec < Test::Unit::TestCase
       "foo" "\\2A\\5C" "bar",
       "foo" "\\2a\\5c" "bar",
       "foo" "\\2A\\5c" "bar",
-      "foo" "\\2a\\5C" "bar"
+      "foo" "\\2a\\5C" "bar",
     ].each do |escaped|
       # unescapes escaped characters
       filter = Net::LDAP::Filter.eq("objectclass", "#{escaped}*#{escaped}*#{escaped}")