RubyGems - net-ldap - Versions diffs - 0.3.1 → 0.17.0 - Mend

net-ldap 0.3.1 → 0.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

checksums.yaml +7 -0
data/Contributors.rdoc +4 -0
data/Hacking.rdoc +3 -8
data/History.rdoc +181 -0
data/README.rdoc +44 -12
data/lib/net-ldap.rb +1 -1
data/lib/net/ber.rb +41 -7
data/lib/net/ber/ber_parser.rb +21 -7
data/lib/net/ber/core_ext.rb +11 -18
data/lib/net/ber/core_ext/array.rb +14 -0
data/lib/net/ber/core_ext/integer.rb +74 -0
data/lib/net/ber/core_ext/string.rb +24 -4
data/lib/net/ber/core_ext/true_class.rb +2 -3
data/lib/net/ldap.rb +441 -639
data/lib/net/ldap/auth_adapter.rb +29 -0
data/lib/net/ldap/auth_adapter/gss_spnego.rb +41 -0
data/lib/net/ldap/auth_adapter/sasl.rb +62 -0
data/lib/net/ldap/auth_adapter/simple.rb +34 -0
data/lib/net/ldap/connection.rb +716 -0
data/lib/net/ldap/dataset.rb +23 -9
data/lib/net/ldap/dn.rb +13 -14
data/lib/net/ldap/entry.rb +27 -9
data/lib/net/ldap/error.rb +49 -0
data/lib/net/ldap/filter.rb +58 -32
data/lib/net/ldap/instrumentation.rb +23 -0
data/lib/net/ldap/password.rb +23 -14
data/lib/net/ldap/pdu.rb +70 -6
data/lib/net/ldap/version.rb +5 -0
data/lib/net/snmp.rb +237 -241
metadata +71 -116
data/.autotest +0 -11
data/.gemtest +0 -0
data/.rspec +0 -2
data/Manifest.txt +0 -49
data/Rakefile +0 -74
data/autotest/discover.rb +0 -1
data/lib/net/ber/core_ext/bignum.rb +0 -22
data/lib/net/ber/core_ext/fixnum.rb +0 -66
data/net-ldap.gemspec +0 -58
data/spec/integration/ssl_ber_spec.rb +0 -36
data/spec/spec.opts +0 -2
data/spec/spec_helper.rb +0 -5
data/spec/unit/ber/ber_spec.rb +0 -109
data/spec/unit/ber/core_ext/string_spec.rb +0 -51
data/spec/unit/ldap/dn_spec.rb +0 -80
data/spec/unit/ldap/entry_spec.rb +0 -51
data/spec/unit/ldap/filter_spec.rb +0 -84
data/spec/unit/ldap_spec.rb +0 -48
data/test/common.rb +0 -3
data/test/test_entry.rb +0 -59
data/test/test_filter.rb +0 -122
data/test/test_ldap_connection.rb +0 -24
data/test/test_ldif.rb +0 -79
data/test/test_password.rb +0 -17
data/test/test_rename.rb +0 -77
data/test/test_snmp.rb +0 -114
data/test/testdata.ldif +0 -101
data/testserver/ldapserver.rb +0 -210
data/testserver/testdata.ldif +0 -101

data/lib/net/ldap/dataset.rb CHANGED Viewed

@@ -1,14 +1,18 @@
+require_relative 'entry'
 # -*- ruby encoding: utf-8 -*-
 ##
 # An LDAP Dataset. Used primarily as an intermediate format for converting
 # to and from LDIF strings and Net::LDAP::Entry objects.
 class Net::LDAP::Dataset < Hash
   ##
-  # Dataset object comments.
-  attr_reader :comments
+  # Dataset object version, comments.
+  attr_accessor :version
+  attr_reader   :comments
   def initialize(*args, &block) # :nodoc:
     super
+    @version  = nil
     @comments = []
   end
@@ -17,11 +21,17 @@ class Net::LDAP::Dataset < Hash
   # entries.
   def to_ldif
     ary = []
+    if version
+      ary << "version: #{version}"
+      ary << ""
+    end
     ary += @comments unless @comments.empty?
     keys.sort.each do |dn|
       ary << "dn: #{dn}"
-      attributes = self[dn].keys.map { |attr| attr.to_s }.sort
+      attributes = self[dn].keys.map(&:to_s).sort
       attributes.each do |attr|
         self[dn][attr.to_sym].each do |value|
           if attr == "userpassword" or value_is_binary?(value)
@@ -95,7 +105,7 @@ class Net::LDAP::Dataset < Hash
     # with the conversion of
     def from_entry(entry)
       dataset = Net::LDAP::Dataset.new
-      hash = { }
+      hash = {}
       entry.each_attribute do |attribute, value|
         next if attribute == :dn
         hash[attribute] = value
@@ -125,9 +135,15 @@ class Net::LDAP::Dataset < Hash
           if line =~ /^#/
             ds.comments << line
             yield :comment, line if block_given?
-          elsif line =~ /^dn:[\s]*/i
-            dn = $'
-            ds[dn] = Hash.new { |k,v| k[v] = [] }
+          elsif line =~ /^version:[\s]*([0-9]+)$/i
+            ds.version = $1
+            yield :version, line if block_given?
+          elsif line =~ /^dn:([\:]?)[\s]*/i
+            # $1 is a colon if the dn-value is base-64 encoded
+            # $' is the dn-value
+            # Avoid the Base64 class because not all Ruby versions have it.
+            dn = ($1 == ":") ? $'.unpack('m').shift : $'
+            ds[dn] = Hash.new { |k, v| k[v] = [] }
             yield :dn, dn if block_given?
           elsif line.empty?
             dn = nil
@@ -150,5 +166,3 @@ class Net::LDAP::Dataset < Hash
     end
   end
 end
-require 'net/ldap/entry' unless defined? Net::LDAP::Entry

data/lib/net/ldap/dn.rb CHANGED Viewed

@@ -57,19 +57,19 @@ class Net::LDAP::DN
           state = :key_oid
           key << char
         when ' ' then state = :key
-        else raise "DN badly formed"
+        else raise Net::LDAP::InvalidDNError, "DN badly formed"
         end
       when :key_normal then
         case char
         when '=' then state = :value
         when 'a'..'z', 'A'..'Z', '0'..'9', '-', ' ' then key << char
-        else raise "DN badly formed"
+        else raise Net::LDAP::InvalidDNError, "DN badly formed"
         end
       when :key_oid then
         case char
         when '=' then state = :value
         when '0'..'9', '.', ' ' then key << char
-        else raise "DN badly formed"
+        else raise Net::LDAP::InvalidDNError, "DN badly formed"
         end
       when :value then
         case char
@@ -110,7 +110,7 @@ class Net::LDAP::DN
         when '0'..'9', 'a'..'f', 'A'..'F' then
           state = :value_normal
           value << "#{hex_buffer}#{char}".to_i(16).chr
-        else raise "DN badly formed"
+        else raise Net::LDAP::InvalidDNError, "DN badly formed"
         end
       when :value_quoted then
         case char
@@ -132,7 +132,7 @@ class Net::LDAP::DN
         when '0'..'9', 'a'..'f', 'A'..'F' then
           state = :value_quoted
           value << "#{hex_buffer}#{char}".to_i(16).chr
-        else raise "DN badly formed"
+        else raise Net::LDAP::InvalidDNError, "DN badly formed"
         end
       when :value_hexstring then
         case char
@@ -145,14 +145,14 @@ class Net::LDAP::DN
           yield key.string.strip, value.string.rstrip
           key = StringIO.new
           value = StringIO.new;
-        else raise "DN badly formed"
+        else raise Net::LDAP::InvalidDNError, "DN badly formed"
         end
       when :value_hexstring_hex then
         case char
         when '0'..'9', 'a'..'f', 'A'..'F' then
           state = :value_hexstring
           value << char
-        else raise "DN badly formed"
+        else raise Net::LDAP::InvalidDNError, "DN badly formed"
         end
       when :value_end then
         case char
@@ -162,18 +162,17 @@ class Net::LDAP::DN
           yield key.string.strip, value.string.rstrip
           key = StringIO.new
           value = StringIO.new;
-        else raise "DN badly formed"
+        else raise Net::LDAP::InvalidDNError, "DN badly formed"
         end
-      else raise "Fell out of state machine"
+      else raise Net::LDAP::InvalidDNError, "Fell out of state machine"
       end
     end
     # Last pair
-    if [:value, :value_normal, :value_hexstring, :value_end].include? state
-      yield key.string.strip, value.string.rstrip
-    else
-      raise "DN badly formed"
-    end
+    raise Net::LDAP::InvalidDNError, "DN badly formed" unless
+      [:value, :value_normal, :value_hexstring, :value_end].include? state
+    yield key.string.strip, value.string.rstrip
   end
   ##

data/lib/net/ldap/entry.rb CHANGED Viewed

@@ -1,3 +1,5 @@
+require_relative 'dataset'
 # -*- ruby encoding: utf-8 -*-
 ##
 # Objects of this class represent individual entries in an LDAP directory.
@@ -71,7 +73,7 @@ class Net::LDAP::Entry
       return nil if ds.empty?
-      raise Net::LDAP::LdapError, "Too many LDIF entries" unless ds.size == 1
+      raise Net::LDAP::EntryOverflowError, "Too many LDIF entries" unless ds.size == 1
       entry = ds.to_entries.first
@@ -113,6 +115,14 @@ class Net::LDAP::Entry
     @myhash[name] || []
   end
+  ##
+  # Read the first value for the provided attribute. The attribute name
+  # is canonicalized prior to reading. Returns nil if the attribute does
+  # not exist.
+  def first(name)
+    self[name].first
+  end
   ##
   # Returns the first distinguished name (dn) of the Entry as a \String.
   def dn
@@ -125,6 +135,13 @@ class Net::LDAP::Entry
     @myhash.keys
   end
+  ##
+  # Creates a duplicate of the internal Hash containing the attributes
+  # of the entry.
+  def to_h
+    @myhash.dup
+  end
   ##
   # Accesses each of the attributes present in the Entry.
   #
@@ -132,11 +149,10 @@ class Net::LDAP::Entry
   # arguments to the block: a Symbol giving the name of the attribute, and a
   # (possibly empty) \Array of data values.
   def each # :yields: attribute-name, data-values-array
-    if block_given?
-      attribute_names.each {|a|
-        attr_name,values = a,self[a]
-        yield attr_name, values
-      }
+    return unless block_given?
+    attribute_names.each do|a|
+      attr_name, values = a, self[a]
+      yield attr_name, values
     end
   end
   alias_method :each_attribute, :each
@@ -147,7 +163,7 @@ class Net::LDAP::Entry
     Net::LDAP::Dataset.from_entry(self).to_ldif_string
   end
-  def respond_to?(sym) #:nodoc:
+  def respond_to?(sym, include_all = false) #:nodoc:
     return true if valid_attribute?(self.class.attribute_name(sym))
     return super
   end
@@ -180,6 +196,8 @@ class Net::LDAP::Entry
     sym.to_s[-1] == ?=
   end
   private :setter?
-end # class Entry
-require 'net/ldap/dataset' unless defined? Net::LDAP::Dataset
+  def ==(other)
+    other.instance_of?(self.class) && @myhash == other.to_h
+  end
+end # class Entry

data/lib/net/ldap/error.rb ADDED Viewed

@@ -0,0 +1,49 @@
+class Net::LDAP
+  class Error < StandardError; end
+  class AlreadyOpenedError < Error; end
+  class SocketError < Error; end
+  class ConnectionError < Error
+    def self.new(errors)
+      error = errors.first.first
+      if errors.size == 1
+        return error if error.is_a? Errno::ECONNREFUSED
+        return Net::LDAP::Error.new(error.message)
+      end
+      super
+    end
+    def initialize(errors)
+      message = "Unable to connect to any given server: \n  #{errors.map { |e, h, p| "#{e.class}: #{e.message} (#{h}:#{p})" }.join("\n  ")}"
+      super(message)
+    end
+  end
+  class NoOpenSSLError < Error; end
+  class NoStartTLSResultError < Error; end
+  class NoSearchBaseError < Error; end
+  class StartTLSError < Error; end
+  class EncryptionUnsupportedError < Error; end
+  class EncMethodUnsupportedError < Error; end
+  class AuthMethodUnsupportedError < Error; end
+  class BindingInformationInvalidError < Error; end
+  class NoBindResultError < Error; end
+  class SASLChallengeOverflowError < Error; end
+  class SearchSizeInvalidError < Error; end
+  class SearchScopeInvalidError < Error; end
+  class ResponseTypeInvalidError < Error; end
+  class ResponseMissingOrInvalidError < Error; end
+  class EmptyDNError < Error; end
+  class InvalidDNError < Error; end
+  class HashTypeUnsupportedError < Error; end
+  class OperatorError < Error; end
+  class SubstringFilterError < Error; end
+  class SearchFilterError < Error; end
+  class BERInvalidError < Error; end
+  class SearchFilterTypeUnknownError < Error; end
+  class BadAttributeError < Error; end
+  class FilterTypeUnknownError < Error; end
+  class FilterSyntaxInvalidError < Error; end
+  class EntryOverflowError < Error; end
+end

data/lib/net/ldap/filter.rb CHANGED Viewed

@@ -23,11 +23,11 @@
 class Net::LDAP::Filter
   ##
   # Known filter types.
-  FilterTypes = [ :ne, :eq, :ge, :le, :and, :or, :not, :ex ]
+  FilterTypes = [:ne, :eq, :ge, :le, :and, :or, :not, :ex, :bineq]
   def initialize(op, left, right) #:nodoc:
     unless FilterTypes.include?(op)
-      raise Net::LDAP::LdapError, "Invalid or unsupported operator #{op.inspect} in LDAP Filter."
+      raise Net::LDAP::OperatorError, "Invalid or unsupported operator #{op.inspect} in LDAP Filter."
     end
     @op = op
     @left = left
@@ -65,6 +65,23 @@ class Net::LDAP::Filter
       new(:eq, attribute, value)
     end
+    ##
+    # Creates a Filter object indicating a binary comparison.
+    # this prevents the search data from being forced into a UTF-8 string.
+    #
+    # This is primarily used for Microsoft Active Directory to compare
+    # GUID values.
+    #
+    #    # for guid represented as hex charecters
+    #    guid = "6a31b4a12aa27a41aca9603f27dd5116"
+    #    guid_bin = [guid].pack("H*")
+    #    f = Net::LDAP::Filter.bineq("objectGUID", guid_bin)
+    #
+    # This filter does not perform any escaping.
+    def bineq(attribute, value)
+      new(:bineq, attribute, value)
+    end
     ##
     # Creates a Filter object indicating extensible comparison. This Filter
     # object is currently considered EXPERIMENTAL.
@@ -225,7 +242,7 @@ class Net::LDAP::Filter
     # http://tools.ietf.org/html/rfc4515 lists these exceptions from UTF1
     # charset for filters. All of the following must be escaped in any normal
-    # string using a single backslash ('\') as escape.
+    # string using a single backslash ('\') as escape.
     #
     ESCAPES = {
       "\0" => '00', # NUL            = %x00 ; null character
@@ -234,10 +251,10 @@ class Net::LDAP::Filter
       ')'  => '29', # RPARENS        = %x29 ; right parenthesis (")")
       '\\' => '5C', # ESC            = %x5C ; esc (or backslash) ("\")
     }
-    # Compiled character class regexp using the keys from the above hash.
+    # Compiled character class regexp using the keys from the above hash.
     ESCAPE_RE = Regexp.new(
-      "[" +
-      ESCAPES.keys.map { |e| Regexp.escape(e) }.join +
+      "[" +
+      ESCAPES.keys.map { |e| Regexp.escape(e) }.join +
       "]")
     ##
@@ -270,18 +287,18 @@ class Net::LDAP::Filter
       when 0xa4 # context-specific constructed 4, "substring"
         str = ""
         final = false
-        ber.last.each { |b|
+        ber.last.each do |b|
           case b.ber_identifier
           when 0x80 # context-specific primitive 0, SubstringFilter "initial"
-            raise Net::LDAP::LdapError, "Unrecognized substring filter; bad initial value." if str.length > 0
-            str += b
+            raise Net::LDAP::SubstringFilterError, "Unrecognized substring filter; bad initial value." if str.length > 0
+            str += escape(b)
           when 0x81 # context-specific primitive 0, SubstringFilter "any"
-            str += "*#{b}"
+            str += "*#{escape(b)}"
           when 0x82 # context-specific primitive 0, SubstringFilter "final"
-            str += "*#{b}"
+            str += "*#{escape(b)}"
             final = true
           end
-        }
+        end
         str += "*" unless final
         eq(ber.first.to_s, str)
       when 0xa5 # context-specific constructed 5, "greaterOrEqual"
@@ -292,9 +309,9 @@ class Net::LDAP::Filter
         # call to_s to get rid of the BER-identifiedness of the incoming string.
         present?(ber.to_s)
       when 0xa9 # context-specific constructed 9, "extensible comparison"
-        raise Net::LDAP::LdapError, "Invalid extensible search filter, should be at least two elements" if ber.size<2
-        # Reassembles the extensible filter parts
+        raise Net::LDAP::SearchFilterError, "Invalid extensible search filter, should be at least two elements" if ber.size < 2
+        # Reassembles the extensible filter parts
         # (["sn", "2.4.6.8.10", "Barbara Jones", '1'])
         type = value = dn = rule = nil
         ber.each do |element|
@@ -310,10 +327,10 @@ class Net::LDAP::Filter
         attribute << type if type
         attribute << ":#{dn}" if dn
         attribute << ":#{rule}" if rule
         ex(attribute, value)
       else
-        raise Net::LDAP::LdapError, "Invalid BER tag-value (#{ber.ber_identifier}) in search filter."
+        raise Net::LDAP::BERInvalidError, "Invalid BER tag-value (#{ber.ber_identifier}) in search filter."
       end
     end
@@ -340,7 +357,7 @@ class Net::LDAP::Filter
       when 0xa3 # equalityMatch. context-specific constructed 3.
         eq(obj[0], obj[1])
       else
-        raise Net::LDAP::LdapError, "Unknown LDAP search-filter type: #{obj.ber_identifier}"
+        raise Net::LDAP::SearchFilterTypeUnknownError, "Unknown LDAP search-filter type: #{obj.ber_identifier}"
       end
     end
   end
@@ -397,7 +414,7 @@ class Net::LDAP::Filter
     case @op
     when :ne
       "!(#{@left}=#{@right})"
-    when :eq
+    when :eq, :bineq
       "#{@left}=#{@right}"
     when :ex
       "#{@left}:=#{@right}"
@@ -473,7 +490,7 @@ class Net::LDAP::Filter
     when :eq
       if @right == "*" # presence test
         @left.to_s.to_ber_contextspecific(7)
-      elsif @right =~ /[*]/ # substring
+      elsif @right.to_s =~ /[*]/ # substring
         # Parsing substrings is a little tricky. We use String#split to
         # break a string into substrings delimited by the * (star)
         # character. But we also need to know whether there is a star at the
@@ -490,17 +507,17 @@ class Net::LDAP::Filter
           first = nil
           ary.shift
         else
-          first = ary.shift.to_ber_contextspecific(0)
+          first = unescape(ary.shift).to_ber_contextspecific(0)
         end
         if ary.last.empty?
           last = nil
           ary.pop
         else
-          last = ary.pop.to_ber_contextspecific(2)
+          last = unescape(ary.pop).to_ber_contextspecific(2)
         end
-        seq = ary.map { |e| e.to_ber_contextspecific(1) }
+        seq = ary.map { |e| unescape(e).to_ber_contextspecific(1) }
         seq.unshift first if first
         seq.push last if last
@@ -508,11 +525,14 @@ class Net::LDAP::Filter
       else # equality
         [@left.to_s.to_ber, unescape(@right).to_ber].to_ber_contextspecific(3)
       end
+    when :bineq
+      # make sure data is not forced to UTF-8
+      [@left.to_s.to_ber, unescape(@right).to_ber_bin].to_ber_contextspecific(3)
     when :ex
       seq = []
       unless @left =~ /^([-;\w]*)(:dn)?(:(\w+|[.\w]+))?$/
-        raise Net::LDAP::LdapError, "Bad attribute #{@left}"
+        raise Net::LDAP::BadAttributeError, "Bad attribute #{@left}"
       end
       type, dn, rule = $1, $2, $4
@@ -530,10 +550,10 @@ class Net::LDAP::Filter
       [self.class.eq(@left, @right).to_ber].to_ber_contextspecific(2)
     when :and
       ary = [@left.coalesce(:and), @right.coalesce(:and)].flatten
-      ary.map {|a| a.to_ber}.to_ber_contextspecific(0)
+      ary.map(&:to_ber).to_ber_contextspecific(0)
     when :or
       ary = [@left.coalesce(:or), @right.coalesce(:or)].flatten
-      ary.map {|a| a.to_ber}.to_ber_contextspecific(1)
+      ary.map(&:to_ber).to_ber_contextspecific(1)
     when :not
       [@left.to_ber].to_ber_contextspecific(2)
     end
@@ -619,15 +639,21 @@ class Net::LDAP::Filter
         l = entry[@left] and l = Array(l) and l.index(@right)
       end
     else
-      raise Net::LDAP::LdapError, "Unknown filter type in match: #{@op}"
+      raise Net::LDAP::FilterTypeUnknownError, "Unknown filter type in match: #{@op}"
     end
   end
   ##
   # Converts escaped characters (e.g., "\\28") to unescaped characters
-  # ("(").
+  # @note slawson20170317: Don't attempt to unescape 16 byte binary data which we assume are objectGUIDs
+  # The binary form of 5936AE79-664F-44EA-BCCB-5C39399514C6 triggers a BINARY -> UTF-8 conversion error
   def unescape(right)
-    right.gsub(/\\([a-fA-F\d]{2})/) { [$1.hex].pack("U") }
+    right = right.to_s
+    if right.length == 16 && right.encoding == Encoding::BINARY
+      right
+    else
+      right.to_s.gsub(/\\([a-fA-F\d]{2})/) { [$1.hex].pack("U") }
+    end
   end
   private :unescape
@@ -652,7 +678,7 @@ class Net::LDAP::Filter
     def initialize(str)
       require 'strscan' # Don't load strscan until we need it.
       @filter = parse(StringScanner.new(str))
-      raise Net::LDAP::LdapError, "Invalid filter syntax." unless @filter
+      raise Net::LDAP::FilterSyntaxInvalidError, "Invalid filter syntax." unless @filter
     end
     ##
@@ -729,11 +755,11 @@ class Net::LDAP::Filter
     # This parses a given expression inside of parentheses.
     def parse_filter_branch(scanner)
       scanner.scan(/\s*/)
-      if token = scanner.scan(/[-\w:.]*[\w]/)
+      if token = scanner.scan(/[-\w:.;]*[\w]/)
         scanner.scan(/\s*/)
         if op = scanner.scan(/<=|>=|!=|:=|=/)
           scanner.scan(/\s*/)
-          if value = scanner.scan(/(?:[-\w*.+@=,#\$%&!'\s]|\\[a-fA-F\d]{2})+/)
+          if value = scanner.scan(/(?:[-\[\]{}\w*.+\/:@=,#\$%&!'^~\s\xC3\x80-\xCA\xAF]|[^\x00-\x7F]|\\[a-fA-F\d]{2})+/u)
             # 20100313 AZ: Assumes that "(uid=george*)" is the same as
             # "(uid=george* )". The standard doesn't specify, but I can find
             # no examples that suggest otherwise.