powerhome-activeldap 3.2.3

data/lib/active_ldap/adapter/ldap_ext.rb

@@ -0,0 +1,105 @@
+require 'ldap'
+require 'ldap/ldif'
+require 'ldap/schema'
+
+module LDAP
+  unless const_defined?(:LDAP_OPT_ERROR_NUMBER)
+    LDAP_OPT_ERROR_NUMBER = 0x0031
+  end
+
+  class Mod
+    unless instance_method(:to_s).arity.zero?
+      alias_method :original_to_s, :to_s
+      def to_s
+        inspect
+      end
+    end
+
+    alias_method :_initialize, :initialize
+    def initialize(op, type, vals)
+      if (VERSION.split(/\./).collect {|x| x.to_i} <=> [0, 9, 7]) <= 0
+        @op, @type, @vals = op, type, vals # to protect from GC
+      end
+      _initialize(op, type, vals)
+    end
+  end
+
+  IMPLEMENT_SPECIFIC_ERRORS = {}
+  {
+    0x51 => "SERVER_DOWN",
+    0x52 => "LOCAL_ERROR",
+    0x53 => "ENCODING_ERROR",
+    0x54 => "DECODING_ERROR",
+    0x55 => "TIMEOUT",
+    0x56 => "AUTH_UNKNOWN",
+    0x57 => "FILTER_ERROR",
+    0x58 => "USER_CANCELLED",
+    0x59 => "PARAM_ERROR",
+    0x5a => "NO_MEMORY",
+
+    0x5b => "CONNECT_ERROR",
+    0x5c => "NOT_SUPPORTED",
+    0x5d => "CONTROL_NOT_FOUND",
+    0x5e => "NO_RESULTS_RETURNED",
+    0x5f => "MORE_RESULTS_TO_RETURN",
+    0x60 => "CLIENT_LOOP",
+    0x61 => "REFERRAL_LIMIT_EXCEEDED",
+  }.each do |code, name|
+    IMPLEMENT_SPECIFIC_ERRORS[code] =
+      ActiveLdap::LdapError.define(code, name, self)
+  end
+
+  class Conn
+    begin
+      instance_method(:search_ext)
+      @@have_search_ext = true
+    rescue NameError
+      @@have_search_ext = false
+    end
+
+    def search_with_limit(base, scope, filter, attributes, limit, &block)
+      if @@have_search_ext
+        search_ext(base, scope, filter, attributes,
+                   false, nil, nil, 0, 0, limit || 0, &block)
+      else
+        i = 0
+        search(base, scope, filter, attributes) do |entry|
+          i += 1
+          block.call(entry)
+          break if limit and limit <= i
+        end
+      end
+    end
+
+    def failed?
+      not error_code.zero?
+    end
+
+    def error_code
+      code = err
+      code = get_option(LDAP_OPT_ERROR_NUMBER) if code.zero?
+      code
+    end
+
+    def error_message
+      if failed?
+        LDAP.err2string(error_code)
+      else
+        nil
+      end
+    end
+
+    def assert_error_code
+      return unless failed?
+      code = error_code
+      message = error_message
+      klass = ActiveLdap::LdapError::ERRORS[code]
+      klass ||= IMPLEMENT_SPECIFIC_ERRORS[code]
+      if klass.nil? and message == "Can't contact LDAP server"
+        klass = ActiveLdap::ConnectionError
+      end
+      klass ||= ActiveLdap::LdapError
+      raise klass, message
+    end
+  end
+end

data/lib/active_ldap/adapter/net_ldap.rb

@@ -0,0 +1,309 @@
+require 'digest/md5'
+
+require 'active_ldap/adapter/base'
+
+module ActiveLdap
+  module Adapter
+    class Base
+      class << self
+        def net_ldap_connection(options)
+          require 'active_ldap/adapter/net_ldap_ext'
+          NetLdap.new(options)
+        end
+      end
+    end
+
+    class NetLdap < Base
+      METHOD = {
+        :ssl => :simple_tls,
+        :tls => :start_tls,
+        :plain => nil,
+      }
+
+      def connect(options={})
+        super do |host, port, method|
+          config = {
+            :host => host,
+            :port => port,
+          }
+          config[:encryption] = {:method => method} if method
+          begin
+            uri = construct_uri(host, port, method == :simple_tls)
+            with_start_tls = method == :start_tls
+            info = {:uri => uri, :with_start_tls => with_start_tls}
+            [log("connect", info) {Net::LDAP::Connection.new(config)},
+             uri, with_start_tls]
+          rescue Net::LDAP::LdapError
+            raise ConnectionError, $!.message
+          end
+        end
+      end
+
+      def unbind(options={})
+        super do
+          log("unbind") do
+            @connection.close # Net::LDAP doesn't implement unbind.
+          end
+        end
+      end
+
+      def bind(options={})
+        begin
+          super
+        rescue Net::LDAP::LdapError
+          raise AuthenticationError, $!.message
+        end
+      end
+
+      def bind_as_anonymous(options={})
+        super do
+          execute(:bind, {:name => "bind: anonymous"}, {:method => :anonymous})
+          true
+        end
+      end
+
+      def search(options={})
+        super(options) do |base, scope, filter, attrs, limit|
+          args = {
+            :base => base,
+            :scope => scope,
+            :filter => filter,
+            :attributes => attrs,
+            :size => limit,
+          }
+          info = {
+            :base => base, :scope => scope_name(scope),
+            :filter => filter, :attributes => attrs, :limit => limit
+          }
+          execute(:search, info, args) do |entry|
+            attributes = {}
+            entry.original_attribute_names.each do |name|
+              value = entry[name]
+              attributes[name] = value if value
+            end
+            yield([entry.dn, attributes])
+          end
+        end
+      end
+
+      def delete(targets, options={})
+        super do |target|
+          args = {:dn => target}
+          info = args.dup
+          execute(:delete, info, args)
+        end
+      end
+
+      def add(dn, entries, options={})
+        super do |_dn, _entries|
+          attributes = {}
+          _entries.each do |type, key, attrs|
+            attrs.each do |name, values|
+              attributes[name] = values
+            end
+          end
+          args = {:dn => _dn, :attributes => attributes}
+          info = args.dup
+          execute(:add, info, args)
+        end
+      end
+
+      def modify(dn, entries, options={})
+        super do |_dn, _entries|
+          info = {:dn => _dn, :attributes => _entries}
+          execute(:modify, info,
+                  :dn => _dn,
+                  :operations => parse_entries(_entries))
+        end
+      end
+
+      def modify_rdn(dn, new_rdn, delete_old_rdn, new_superior, options={})
+        super do |_dn, _new_rdn, _delete_old_rdn, _new_superior|
+          if _new_superior
+            raise NotImplemented.new(_("modify RDN with new superior"))
+          end
+          info = {
+            :name => "modify: RDN",
+            :dn => _dn,
+            :new_rdn => _new_rdn,
+            :new_superior => _new_superior,
+            :delete_old_rdn => _delete_old_rdn
+          }
+          execute(:rename, info,
+                  :olddn => _dn,
+                  :newrdn => _new_rdn,
+                  :delete_attributes => _delete_old_rdn)
+        end
+      end
+
+      private
+      def execute(method, info=nil, *args, &block)
+        name = (info || {}).delete(:name) || method
+        result = log(name, info) do
+          begin
+            @connection.send(method, *args, &block)
+          rescue Errno::EPIPE
+            raise ConnectionError, "#{$!.class}: #{$!.message}"
+          end
+        end
+        message = nil
+        if result.is_a?(Hash)
+          message = result[:errorMessage]
+          result = result[:resultCode]
+        end
+        unless result.zero?
+          klass = LdapError::ERRORS[result]
+          klass ||= LdapError
+          return if klass == LdapError::SizeLimitExceeded
+          message = [Net::LDAP.result2string(result), message].compact.join(": ")
+          raise klass, message
+        end
+      end
+
+      def ensure_method(method)
+        method ||= "plain"
+        normalized_method = method.to_s.downcase.to_sym
+        return METHOD[normalized_method] if METHOD.has_key?(normalized_method)
+
+        available_methods = METHOD.keys.collect {|m| m.inspect}.join(", ")
+        format = _("%s is not one of the available connect methods: %s")
+        raise ConfigurationError, format % [method.inspect, available_methods]
+      end
+
+      def ensure_scope(scope)
+        scope_map = {
+          :base => Net::LDAP::SearchScope_BaseObject,
+          :sub => Net::LDAP::SearchScope_WholeSubtree,
+          :one => Net::LDAP::SearchScope_SingleLevel,
+        }
+        value = scope_map[scope || :sub]
+        if value.nil?
+          available_scopes = scope_map.keys.inspect
+          format = _("%s is not one of the available LDAP scope: %s")
+          raise ArgumentError, format % [scope.inspect, available_scopes]
+        end
+        value
+      end
+
+      def scope_name(scope)
+        {
+          Net::LDAP::SearchScope_BaseObject => :base,
+          Net::LDAP::SearchScope_WholeSubtree => :sub,
+          Net::LDAP::SearchScope_SingleLevel => :one,
+        }[scope]
+      end
+
+      def sasl_bind(bind_dn, options={})
+        super do |_bind_dn, mechanism, quiet|
+          normalized_mechanism = mechanism.downcase.gsub(/-/, '_')
+          sasl_bind_setup = "sasl_bind_setup_#{normalized_mechanism}"
+          next unless respond_to?(sasl_bind_setup, true)
+          initial_credential, challenge_response =
+            send(sasl_bind_setup, _bind_dn, options)
+          args = {
+            :method => :sasl,
+            :initial_credential => initial_credential,
+            :mechanism => mechanism,
+            :challenge_response => challenge_response,
+          }
+          info = {
+            :name => "bind: SASL", :dn => _bind_dn, :mechanism => mechanism,
+          }
+          execute(:bind, info, args)
+          true
+        end
+      end
+
+      def sasl_bind_setup_digest_md5(bind_dn, options)
+        initial_credential = ""
+        nonce_count = 1
+        challenge_response = Proc.new do |cred|
+          params = parse_sasl_digest_md5_credential(cred)
+          qops = params["qop"].split(/,/)
+          unless qops.include?("auth")
+            raise ActiveLdap::AuthenticationError,
+                  _("unsupported qops: %s") % qops.inspect
+          end
+          qop = "auth"
+          server = @connection.instance_variable_get("@conn").addr[2]
+          realm = params['realm']
+          uri = "ldap/#{server}"
+          nc = "%08x" % nonce_count
+          nonce = params["nonce"]
+          cnonce = generate_client_nonce
+          requests = {
+            :username => bind_dn.inspect,
+            :realm => realm.inspect,
+            :nonce => nonce.inspect,
+            :cnonce => cnonce.inspect,
+            :nc => nc,
+            :qop => qop,
+            :maxbuf => "65536",
+            "digest-uri" => uri.inspect,
+          }
+          a1 = "#{bind_dn}:#{realm}:#{password(cred, options)}"
+          a1 = "#{Digest::MD5.digest(a1)}:#{nonce}:#{cnonce}"
+          ha1 = Digest::MD5.hexdigest(a1)
+          a2 = "AUTHENTICATE:#{uri}"
+          ha2 = Digest::MD5.hexdigest(a2)
+          response = "#{ha1}:#{nonce}:#{nc}:#{cnonce}:#{qop}:#{ha2}"
+          requests["response"] = Digest::MD5.hexdigest(response)
+          nonce_count += 1
+          requests.collect do |key, value|
+            "#{key}=#{value}"
+          end.join(",")
+        end
+        [initial_credential, challenge_response]
+      end
+
+      def parse_sasl_digest_md5_credential(cred)
+        params = {}
+        cred.scan(/(\w+)=(\"?)(.+?)\2(?:,|$)/) do |name, sep, value|
+          params[name] = value
+        end
+        params
+      end
+
+      CHARS = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
+      def generate_client_nonce(size=32)
+        nonce = ""
+        size.times do |i|
+          nonce << CHARS[rand(CHARS.size)]
+        end
+        nonce
+      end
+
+      def simple_bind(bind_dn, options={})
+        super do |_bind_dn, password|
+          args = {
+            :method => :simple,
+            :username => _bind_dn,
+            :password => password,
+          }
+          execute(:bind, {:dn => _bind_dn}, args)
+          true
+        end
+      end
+
+      def parse_entries(entries)
+        result = []
+        entries.each do |type, key, attributes|
+          mod_type = ensure_mod_type(type)
+          attributes.each do |name, values|
+            result << [mod_type, name, values]
+          end
+        end
+        result
+      end
+
+      def ensure_mod_type(type)
+        case type
+        when :replace, :add, :delete
+          type
+        else
+          raise ArgumentError, _("unknown type: %s") % type
+        end
+      end
+    end
+  end
+end

data/lib/active_ldap/adapter/net_ldap_ext.rb

@@ -0,0 +1,23 @@
+require 'net/ldap'
+
+module Net
+  class LDAP
+    class Entry
+      alias initialize_without_original_attribute_names initialize
+      def initialize(*args)
+        @original_attribute_names = []
+        initialize_without_original_attribute_names(*args)
+      end
+
+      alias aset_without_original_attribute_names []=
+      def []=(name, value)
+        @original_attribute_names << name
+        aset_without_original_attribute_names(name, value)
+      end
+
+      def original_attribute_names
+        @original_attribute_names.compact.uniq
+      end
+    end
+  end
+end

data/lib/active_ldap/association/belongs_to.rb

@@ -0,0 +1,47 @@
+require 'active_ldap/association/proxy'
+
+module ActiveLdap
+  module Association
+    class BelongsTo < Proxy
+      def replace(entry)
+        if entry.nil?
+          @target = @owner[@options[:foreign_key_name]] = nil
+        else
+          @target = (Proxy === entry ? entry.target : entry)
+          infect_connection(@target)
+          unless entry.new_entry?
+            @owner[@options[:foreign_key_name]] = entry[primary_key]
+          end
+          @updated = true
+        end
+
+        loaded
+        entry
+      end
+
+      def updated?
+        @updated
+      end
+
+      private
+      def have_foreign_key?
+        not @owner[@options[:foreign_key_name]].nil?
+      end
+
+      def find_target
+        value = @owner[@options[:foreign_key_name]]
+        raise EntryNotFound if value.nil?
+        key = primary_key
+        if key == "dn"
+          result = foreign_class.find(value, find_options)
+        else
+          filter = {key => value}
+          options = find_options(:filter => filter, :limit => 1)
+          result = foreign_class.find(:all, options).first
+        end
+        raise EntryNotFound if result.nil?
+        result
+      end
+    end
+  end
+end