net-ldap 0.3.1 → 0.5.1

data/lib/net/ldap/filter.rb

@@ -23,7 +23,7 @@
 class Net::LDAP::Filter
   ##
   # Known filter types.
-  FilterTypes = [ :ne, :eq, :ge, :le, :and, :or, :not, :ex ]
+  FilterTypes = [ :ne, :eq, :ge, :le, :and, :or, :not, :ex, :bineq ]
 
   def initialize(op, left, right) #:nodoc:
     unless FilterTypes.include?(op)
@@ -65,6 +65,23 @@ class Net::LDAP::Filter
       new(:eq, attribute, value)
     end
 
+		##
+		# Creates a Filter object indicating a binary comparison.
+		# this prevents the search data from being forced into a UTF-8 string.
+		#
+		# This is primarily used for Microsoft Active Directory to compare
+		# GUID values.
+		#
+		#    # for guid represented as hex charecters
+		#    guid = "6a31b4a12aa27a41aca9603f27dd5116"
+		#    guid_bin = [guid].pack("H*")
+		#    f = Net::LDAP::Filter.bineq("objectGUID", guid_bin)
+		#
+		# This filter does not perform any escaping.
+		def bineq(attribute, value)
+			new(:bineq, attribute, value)
+		end
+
     ##
     # Creates a Filter object indicating extensible comparison. This Filter
     # object is currently considered EXPERIMENTAL.
@@ -274,11 +291,11 @@ class Net::LDAP::Filter
           case b.ber_identifier
           when 0x80 # context-specific primitive 0, SubstringFilter "initial"
             raise Net::LDAP::LdapError, "Unrecognized substring filter; bad initial value." if str.length > 0
-            str += b
+            str += escape(b)
           when 0x81 # context-specific primitive 0, SubstringFilter "any"
-            str += "*#{b}"
+            str += "*#{escape(b)}"
           when 0x82 # context-specific primitive 0, SubstringFilter "final"
-            str += "*#{b}"
+            str += "*#{escape(b)}"
             final = true
           end
         }
@@ -399,6 +416,8 @@ class Net::LDAP::Filter
       "!(#{@left}=#{@right})"
     when :eq
       "#{@left}=#{@right}"
+		when :bineq
+			"#{@left}=#{@right}"
     when :ex
       "#{@left}:=#{@right}"
     when :ge
@@ -490,17 +509,17 @@ class Net::LDAP::Filter
           first = nil
           ary.shift
         else
-          first = ary.shift.to_ber_contextspecific(0)
+          first = unescape(ary.shift).to_ber_contextspecific(0)
         end
 
         if ary.last.empty?
           last = nil
           ary.pop
         else
-          last = ary.pop.to_ber_contextspecific(2)
+          last = unescape(ary.pop).to_ber_contextspecific(2)
         end
 
-        seq = ary.map { |e| e.to_ber_contextspecific(1) }
+        seq = ary.map { |e| unescape(e).to_ber_contextspecific(1) }
         seq.unshift first if first
         seq.push last if last
 
@@ -508,6 +527,9 @@ class Net::LDAP::Filter
       else # equality
         [@left.to_s.to_ber, unescape(@right).to_ber].to_ber_contextspecific(3)
       end
+		when :bineq
+			# make sure data is not forced to UTF-8
+			[@left.to_s.to_ber, unescape(@right).to_ber_bin].to_ber_contextspecific(3)
     when :ex
       seq = []
 
@@ -733,7 +755,7 @@ class Net::LDAP::Filter
         scanner.scan(/\s*/)
         if op = scanner.scan(/<=|>=|!=|:=|=/)
           scanner.scan(/\s*/)
-          if value = scanner.scan(/(?:[-\w*.+@=,#\$%&!'\s]|\\[a-fA-F\d]{2})+/)
+          if value = scanner.scan(/(?:[-\w*.+@=,#\$%&!'\s\xC3\x80-\xCA\xAF]|[^\x00-\x7F]|\\[a-fA-F\d]{2})+/u)
             # 20100313 AZ: Assumes that "(uid=george*)" is the same as
             # "(uid=george* )". The standard doesn't specify, but I can find
             # no examples that suggest otherwise.

data/lib/net/ldap/password.rb

@@ -1,31 +1,37 @@
 # -*- ruby encoding: utf-8 -*-
 require 'digest/sha1'
 require 'digest/md5'
+require 'base64'
 
 class Net::LDAP::Password
   class << self
     # Generate a password-hash suitable for inclusion in an LDAP attribute.
-    # Pass a hash type (currently supported: :md5 and :sha) and a plaintext
+    # Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext
     # password. This function will return a hashed representation.
     #
     #--
     # STUB: This is here to fulfill the requirements of an RFC, which
     # one?
     #
-    # TODO, gotta do salted-sha and (maybe)salted-md5. Should we provide
-    # sha1 as a synonym for sha1? I vote no because then should you also
-    # provide ssha1 for symmetry?
+    # TODO:
+    # * maybe salted-md5
+    # * Should we provide sha1 as a synonym for sha1? I vote no because then
+    #   should you also provide ssha1 for symmetry?
+    #
+    attribute_value = ""
     def generate(type, str)
-      digest, digest_name = case type
-                            when :md5
-                              [Digest::MD5.new, 'MD5']
-                            when :sha
-                              [Digest::SHA1.new, 'SHA']
-                            else
-                              raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
-                            end
-      digest << str.to_s
-      return "{#{digest_name}}#{[digest.digest].pack('m').chomp }"
+       case type
+         when :md5
+            attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp! 
+         when :sha
+            attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp! 
+         when :ssha
+            srand; salt = (rand * 1000).to_i.to_s 
+            attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
+         else
+            raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})"
+         end
+      return attribute_value
     end
   end
 end

data/lib/net/ldap/pdu.rb

@@ -112,6 +112,10 @@ class Net::LDAP::PDU
     @ldap_result || {}
   end
 
+  def error_message
+    result[:errorMessage] || ""
+  end
+
   ##
   # This returns an LDAP result code taken from the PDU, but it will be nil
   # if there wasn't a result code. That can easily happen depending on the
@@ -120,6 +124,18 @@ class Net::LDAP::PDU
     @ldap_result and @ldap_result[code]
   end
 
+  def status
+    result_code == 0 ? :success : :failure
+  end
+
+  def success?
+    status == :success
+  end
+
+  def failure?
+    !success?
+  end
+
   ##
   # Return serverSaslCreds, which are only present in BindResponse packets.
   #--

data/lib/net/ldap/version.rb

@@ -0,0 +1,5 @@
+module Net
+  class LDAP
+    VERSION = "0.5.1"
+  end
+end

data/lib/net/snmp.rb

@@ -1,8 +1,10 @@
 # -*- ruby encoding: utf-8 -*-
+require 'net/ldap/version'
+
 # :stopdoc:
 module Net
     class SNMP
-      VERSION = '0.3.1'
+      VERSION = Net::LDAP::VERSION
 
 	AsnSyntax = Net::BER.compile_syntax({
 	    :application => {

data/net-ldap.gemspec

@@ -1,11 +1,16 @@
 # -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'net/ldap/version'
+
 Gem::Specification.new do |s|
   s.name = %q{net-ldap}
-  s.version = "0.3.1"
+  s.version = Net::LDAP::VERSION
+  s.license = "MIT"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
-  s.authors = ["Francis Cianfrocca", "Emiel van de Laar", "Rory O'Connell", "Kaspar Schiess", "Austin Ziegler"]
-  s.date = %q{2011-03-17}
+  s.authors = ["Francis Cianfrocca", "Emiel van de Laar", "Rory O'Connell", "Kaspar Schiess", "Austin Ziegler", "Michael Schaarschmidt"]
+  s.date = %q{2012-02-28}
   s.description = %q{Net::LDAP for Ruby (also called net-ldap) implements client access for the
 Lightweight Directory Access Protocol (LDAP), an IETF standard protocol for
 accessing distributed directory services. Net::LDAP is written completely in
@@ -14,12 +19,12 @@ subset of server features as well.
 
 Net::LDAP has been tested against modern popular LDAP servers including
 OpenLDAP and Active Directory. The current release is mostly compliant with
-earlier versions of the IETF LDAP RFCs (2251–2256, 2829–2830, 3377, and 3771).
+earlier versions of the IETF LDAP RFCs (2251-2256, 2829-2830, 3377, and 3771).
 Our roadmap for Net::LDAP 1.0 is to gain full <em>client</em> compliance with
-the most recent LDAP RFCs (4510–4519, plutions of 4520–4532).}
+the most recent LDAP RFCs (4510-4519, plutions of 4520-4532).}
   s.email = ["blackhedd@rubyforge.org", "gemiel@gmail.com", "rory.ocon@gmail.com", "kaspar.schiess@absurd.li", "austin@rubyforge.org"]
   s.extra_rdoc_files = ["Manifest.txt", "Contributors.rdoc", "Hacking.rdoc", "History.rdoc", "License.rdoc", "README.rdoc"]
-  s.files = [".autotest", ".rspec", "Contributors.rdoc", "Hacking.rdoc", "History.rdoc", "License.rdoc", "Manifest.txt", "README.rdoc", "Rakefile", "autotest/discover.rb", "lib/net-ldap.rb", "lib/net/ber.rb", "lib/net/ber/ber_parser.rb", "lib/net/ber/core_ext.rb", "lib/net/ber/core_ext/array.rb", "lib/net/ber/core_ext/bignum.rb", "lib/net/ber/core_ext/false_class.rb", "lib/net/ber/core_ext/fixnum.rb", "lib/net/ber/core_ext/string.rb", "lib/net/ber/core_ext/true_class.rb", "lib/net/ldap.rb", "lib/net/ldap/dataset.rb", "lib/net/ldap/dn.rb", "lib/net/ldap/entry.rb", "lib/net/ldap/filter.rb", "lib/net/ldap/password.rb", "lib/net/ldap/pdu.rb", "lib/net/snmp.rb", "net-ldap.gemspec", "spec/integration/ssl_ber_spec.rb", "spec/spec.opts", "spec/spec_helper.rb", "spec/unit/ber/ber_spec.rb", "spec/unit/ber/core_ext/string_spec.rb", "spec/unit/ldap/dn_spec.rb", "spec/unit/ldap/entry_spec.rb", "spec/unit/ldap/filter_spec.rb", "spec/unit/ldap_spec.rb", "test/common.rb", "test/test_entry.rb", "test/test_filter.rb", "test/test_ldap_connection.rb", "test/test_ldif.rb", "test/test_password.rb", "test/test_rename.rb", "test/test_snmp.rb", "test/testdata.ldif", "testserver/ldapserver.rb", "testserver/testdata.ldif"]
+  s.files = [".autotest", ".rspec", "Contributors.rdoc", "Hacking.rdoc", "History.rdoc", "License.rdoc", "Manifest.txt", "README.rdoc", "Rakefile", "autotest/discover.rb", "lib/net-ldap.rb", "lib/net/ber.rb", "lib/net/ber/ber_parser.rb", "lib/net/ber/core_ext.rb", "lib/net/ber/core_ext/array.rb", "lib/net/ber/core_ext/bignum.rb", "lib/net/ber/core_ext/false_class.rb", "lib/net/ber/core_ext/fixnum.rb", "lib/net/ber/core_ext/string.rb", "lib/net/ber/core_ext/true_class.rb", "lib/net/ldap.rb", "lib/net/ldap/dataset.rb", "lib/net/ldap/dn.rb", "lib/net/ldap/entry.rb", "lib/net/ldap/filter.rb", "lib/net/ldap/password.rb", "lib/net/ldap/pdu.rb", "lib/net/snmp.rb", "net-ldap.gemspec", "spec/integration/ssl_ber_spec.rb", "spec/spec.opts", "spec/spec_helper.rb", "spec/unit/ber/ber_spec.rb", "spec/unit/ber/core_ext/string_spec.rb", "spec/unit/ldap/dn_spec.rb", "spec/unit/ldap/entry_spec.rb", "spec/unit/ldap/filter_spec.rb", "spec/unit/ldap_spec.rb", "test/common.rb", "test/test_entry.rb", "test/test_filter.rb", "test/test_ldap_connection.rb", "test/test_ldif.rb", "test/test_password.rb", "test/test_rename.rb", "test/test_snmp.rb", "test/testdata.ldif", "testserver/ldapserver.rb", "testserver/testdata.ldif", "lib/net/ldap/version.rb"]
   s.homepage = %q{http://github.com.org/ruby-ldap/ruby-net-ldap}
   s.rdoc_options = ["--main", "README.rdoc"]
   s.require_paths = ["lib"]
@@ -36,14 +41,14 @@ the most recent LDAP RFCs (4510–4519, plutions of 4520–4532).}
       s.add_development_dependency(%q<hoe-git>, ["~> 1"])
       s.add_development_dependency(%q<hoe-gemspec>, ["~> 1"])
       s.add_development_dependency(%q<metaid>, ["~> 1"])
-      s.add_development_dependency(%q<flexmock>, ["~> 0.9.0"])
+      s.add_development_dependency(%q<flexmock>, [">= 1.3.0"])
       s.add_development_dependency(%q<rspec>, ["~> 2.0"])
       s.add_development_dependency(%q<hoe>, [">= 2.9.1"])
     else
       s.add_dependency(%q<hoe-git>, ["~> 1"])
       s.add_dependency(%q<hoe-gemspec>, ["~> 1"])
       s.add_dependency(%q<metaid>, ["~> 1"])
-      s.add_dependency(%q<flexmock>, ["~> 0.9.0"])
+      s.add_dependency(%q<flexmock>, [">= 1.3.0"])
       s.add_dependency(%q<rspec>, ["~> 2.0"])
       s.add_dependency(%q<hoe>, [">= 2.9.1"])
     end
@@ -51,7 +56,7 @@ the most recent LDAP RFCs (4510–4519, plutions of 4520–4532).}
     s.add_dependency(%q<hoe-git>, ["~> 1"])
     s.add_dependency(%q<hoe-gemspec>, ["~> 1"])
     s.add_dependency(%q<metaid>, ["~> 1"])
-    s.add_dependency(%q<flexmock>, ["~> 0.9.0"])
+    s.add_dependency(%q<flexmock>, [">= 1.3.0"])
     s.add_dependency(%q<rspec>, ["~> 2.0"])
     s.add_dependency(%q<hoe>, [">= 2.9.1"])
   end

data/spec/unit/ber/ber_spec.rb

@@ -84,9 +84,14 @@ describe "BER encoding of" do
       it "should properly encode strings encodable as UTF-8" do
         "teststring".encode("US-ASCII").to_ber.should == "\x04\nteststring"
       end
-      it "should fail on strings that can not be converted to UTF-8" do
+			it "should properly encode binary data strings using to_ber_bin" do
+				# This is used for searching for GUIDs in Active Directory
+				["6a31b4a12aa27a41aca9603f27dd5116"].pack("H*").to_ber_bin.should == 
+					"\x04\x10" + "j1\xB4\xA1*\xA2zA\xAC\xA9`?'\xDDQ\x16"
+			end
+      it "should not fail on strings that can not be converted to UTF-8" do
         error = Encoding::UndefinedConversionError
-        lambda {"\x81".to_ber }.should raise_exception(error)
+        lambda {"\x81".to_ber }.should_not raise_exception(error)
       end
     end
   end
@@ -107,3 +112,30 @@ describe "BER decoding of" do
     end 
   end
 end
+
+describe Net::BER::BerIdentifiedString do
+  describe "initialize" do
+    subject { Net::BER::BerIdentifiedString.new(data) }
+
+    context "binary data" do
+      let(:data) { ["6a31b4a12aa27a41aca9603f27dd5116"].pack("H*").force_encoding("ASCII-8BIT") }
+
+      its(:valid_encoding?) { should be_true }
+      specify { subject.encoding.name.should == "ASCII-8BIT" }
+    end
+
+    context "ascii data in UTF-8" do
+      let(:data) { "some text".force_encoding("UTF-8") }
+
+      its(:valid_encoding?) { should be_true }
+      specify { subject.encoding.name.should == "UTF-8" }
+    end
+
+    context "UTF-8 data in UTF-8" do
+      let(:data) { ["e4b8ad"].pack("H*").force_encoding("UTF-8") }
+      
+      its(:valid_encoding?) { should be_true }
+      specify { subject.encoding.name.should == "UTF-8" }
+    end
+  end
+end

data/spec/unit/ber/core_ext/array_spec.rb

@@ -0,0 +1,24 @@
+require 'spec_helper'
+require 'metaid'
+
+describe Array, "when extended with BER core extensions" do
+
+  it "should correctly convert a control code array" do
+    control_codes = []
+    control_codes << ['1.2.3'.to_ber, true.to_ber].to_ber_sequence
+    control_codes << ['1.7.9'.to_ber, false.to_ber].to_ber_sequence
+    control_codes = control_codes.to_ber_sequence
+    res = [['1.2.3', true],['1.7.9',false]].to_ber_control
+    res.should eq(control_codes)
+  end
+
+  it "should wrap the array in another array if a nested array is not passed" do
+    result1 = ['1.2.3', true].to_ber_control
+    result2 = [['1.2.3', true]].to_ber_control
+    result1.should eq(result2)
+  end
+
+  it "should return an empty string if an empty array is passed" do
+    [].to_ber_control.should be_empty
+  end
+end

data/spec/unit/ldap/filter_parser_spec.rb

@@ -0,0 +1,20 @@
+# encoding: utf-8
+require 'spec_helper'
+
+describe Net::LDAP::Filter::FilterParser do
+
+  describe "#parse" do
+    context "Given ASCIIs as filter string" do
+      let(:filter_string) { "(cn=name)" }
+      specify "should generate filter object" do
+        expect(Net::LDAP::Filter::FilterParser.parse(filter_string)).to be_a Net::LDAP::Filter
+      end
+    end
+    context "Given string including multibyte chars as filter string" do
+      let(:filter_string) { "(cn=名前)" }
+      specify "should generate filter object" do
+        expect(Net::LDAP::Filter::FilterParser.parse(filter_string)).to be_a Net::LDAP::Filter
+      end
+    end
+  end
+end

data/spec/unit/ldap/filter_spec.rb

@@ -81,4 +81,35 @@ describe Net::LDAP::Filter do
       Net::LDAP::Filter.escape("\0*()\\").should == "\\00\\2A\\28\\29\\5C"
     end 
   end
+
+  context 'with a well-known BER string' do
+    ber = "\xa4\x2d" \
+      "\x04\x0b" "objectclass" \
+      "\x30\x1e" \
+      "\x80\x08" "foo" "*\\" "bar" \
+      "\x81\x08" "foo" "*\\" "bar" \
+      "\x82\x08" "foo" "*\\" "bar"
+
+    describe "<- .to_ber" do
+      [
+        "foo" "\\2A\\5C" "bar",
+        "foo" "\\2a\\5c" "bar",
+        "foo" "\\2A\\5c" "bar",
+        "foo" "\\2a\\5C" "bar"
+      ].each do |escaped|
+        it 'unescapes escaped characters' do
+          filter = Net::LDAP::Filter.eq("objectclass", "#{escaped}*#{escaped}*#{escaped}")
+          filter.to_ber.should == ber
+        end
+      end
+    end
+
+    describe '<- .parse_ber' do
+      it 'escapes characters' do
+        escaped = Net::LDAP::Filter.escape("foo" "*\\" "bar")
+        filter = Net::LDAP::Filter.parse_ber(ber.read_ber(Net::LDAP::AsnSyntax))
+        filter.to_s.should == "(objectclass=#{escaped}*#{escaped}*#{escaped})"
+      end
+    end
+  end
 end

data/spec/unit/ldap/search_spec.rb

@@ -0,0 +1,35 @@
+# -*- ruby encoding: utf-8 -*-
+
+describe Net::LDAP, "search method" do
+  class FakeConnection
+    def search(args)
+      OpenStruct.new(:result_code => 1, :message => "error", :success? => false)
+    end
+  end
+
+  before(:each) do
+    @connection = Net::LDAP.new
+    @connection.instance_variable_set(:@open_connection, FakeConnection.new)
+  end
+
+  context "when :return_result => true" do
+    it "should return nil upon error" do
+      result_set = @connection.search(:return_result => true)
+      result_set.should be_nil
+    end
+  end
+
+  context "when :return_result => false" do
+    it "should return false upon error" do
+      result = @connection.search(:return_result => false)
+      result.should be_false
+    end
+  end
+
+  context "When :return_result is not given" do
+    it "should return nil upon error" do
+      result_set = @connection.search
+      result_set.should be_nil
+    end
+  end
+end

data/spec/unit/ldap_spec.rb

@@ -7,11 +7,11 @@ describe Net::LDAP::Connection do
         flexmock(TCPSocket).
           should_receive(:new).and_raise(Errno::ECONNREFUSED)
       end
-      
+
       it "should raise LdapError" do
         lambda {
           Net::LDAP::Connection.new(
-            :server => 'test.mocked.com', 
+            :server => 'test.mocked.com',
             :port   => 636)
         }.should raise_error(Net::LDAP::LdapError)
       end
@@ -21,11 +21,11 @@ describe Net::LDAP::Connection do
         flexmock(TCPSocket).
           should_receive(:new).and_raise(SocketError)
       end
-      
+
       it "should raise LdapError" do
         lambda {
           Net::LDAP::Connection.new(
-            :server => 'test.mocked.com', 
+            :server => 'test.mocked.com',
             :port   => 636)
         }.should raise_error(Net::LDAP::LdapError)
       end
@@ -35,14 +35,44 @@ describe Net::LDAP::Connection do
         flexmock(TCPSocket).
           should_receive(:new).and_raise(NameError)
       end
-      
+
       it "should rethrow the exception" do
         lambda {
           Net::LDAP::Connection.new(
-            :server => 'test.mocked.com', 
+            :server => 'test.mocked.com',
             :port   => 636)
         }.should raise_error(NameError)
       end
     end
   end
-end
+
+  context "populate error messages" do
+    before do
+      @tcp_socket = flexmock(:connection)
+      @tcp_socket.should_receive(:write)
+      flexmock(TCPSocket).should_receive(:new).and_return(@tcp_socket)
+    end
+
+    subject { Net::LDAP::Connection.new(:server => 'test.mocked.com', :port => 636) }
+
+    it "should get back error messages if operation fails" do
+      ber = Net::BER::BerIdentifiedArray.new([53, "", "The provided password value was rejected by a password validator:  The provided password did not contain enough characters from the character set 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.  The minimum number of characters from that set that must be present in user passwords is 1"])
+      ber.ber_identifier = 7
+      @tcp_socket.should_receive(:read_ber).and_return([2, ber])
+
+      result = subject.modify(:dn => "1", :operations => [[:replace, "mail", "something@sothsdkf.com"]])
+      result.should be_failure
+      result.error_message.should == "The provided password value was rejected by a password validator:  The provided password did not contain enough characters from the character set 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'.  The minimum number of characters from that set that must be present in user passwords is 1"
+    end
+
+    it "shouldn't get back error messages if operation succeeds" do
+      ber = Net::BER::BerIdentifiedArray.new([0, "", ""])
+      ber.ber_identifier = 7
+      @tcp_socket.should_receive(:read_ber).and_return([2, ber])
+
+      result = subject.modify(:dn => "1", :operations => [[:replace, "mail", "something@sothsdkf.com"]])
+      result.should be_success
+      result.error_message.should == ""
+    end
+  end
+end