rbmk 0.1.0.e → 0.1.0.f
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +9 -6
- data/lib/rbmk/operation.rb +31 -3
- data/lib/rbmk/upstream.rb +8 -0
- data/lib/rbmk/version.rb +2 -2
- data/lib/rbmk/worker.rb +12 -4
- metadata +2 -3
- data/lib/rbmk/transform.rb +0 -33
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4a9fe23cdd871dc29c2b27b382447760405f9cfd
|
4
|
+
data.tar.gz: 67ace7b3fb768cdbdd5f94c88d12c3a41701589b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: dc2e38454e716b8fb019432ae234b6bcd2f9f539b048f8c20f56eb5d7d9adfea75e758a104b7516a105638051ac03f0ec6b4e8488f90d1f3ae4d95e27d0dda97
|
7
|
+
data.tar.gz: 4b2c8c96bd9122f75860826f872450eb12b338688d096e2e45b38197b1e8236d79c4aea0e48bad090c75057afb08ac6b175092aeffce30846f3e9c83965b6e10
|
data/README.md
CHANGED
@@ -9,8 +9,8 @@ LDAP is very rigid and static in its nature and although OpenLDAP provides some
|
|
9
9
|
very helpful overlays, it is far from enough.
|
10
10
|
[//]: # (DESCRIPTION STOP)
|
11
11
|
|
12
|
-
CAUTION
|
13
|
-
|
12
|
+
☢ CAUTION ☢
|
13
|
+
-----------
|
14
14
|
Like its name suggests, `rbmk` is somewhat powerful, but is not very stable.
|
15
15
|
Expect random meltdowns! Please, **NEVER** run it as superuser. LDAP gems
|
16
16
|
that it uses are surprisingly feature-rich, but are not quite polished yet.
|
@@ -22,7 +22,10 @@ LIMITATIONS
|
|
22
22
|
-----------
|
23
23
|
* This proxy is read-only, by design.
|
24
24
|
* This script does not detach from its terminal, again by design.
|
25
|
+
* Only simple binds, at least until I actually need SASL myself.
|
26
|
+
* No TLS for now, but maybe someday.
|
25
27
|
* Only tested with MRI 2.2, but will likely work with anything 1.9+.
|
28
|
+
* Well, maybe not anything, as it uses [ruby-ldap](https://github.com/bearded/ruby-ldap) (a C extension).
|
26
29
|
|
27
30
|
INSTALL
|
28
31
|
-------
|
@@ -32,8 +35,8 @@ RUN
|
|
32
35
|
---
|
33
36
|
As this script is not a daemon, you have two easy options besides anything
|
34
37
|
you may invent yourself:
|
35
|
-
|
36
|
-
|
38
|
+
* use any supervisor that are plenty nowadays: `supervisord`, `bluepill` etc.
|
39
|
+
* or just run it inside a `tmux` session and leave it there.
|
37
40
|
|
38
41
|
USAGE
|
39
42
|
-----
|
@@ -42,5 +45,5 @@ USAGE
|
|
42
45
|
CONFIGURATION
|
43
46
|
-------------
|
44
47
|
Upon its invocation `rbmk` evals its first argument and thus is configured
|
45
|
-
by your Ruby code inside that file. Please refer to `examples/rbmk.rb` for
|
46
|
-
configuration file.
|
48
|
+
by your Ruby code inside that file. Please refer to `examples/rbmk.rb` for
|
49
|
+
an example configuration file.
|
data/lib/rbmk/operation.rb
CHANGED
@@ -58,7 +58,6 @@ end
|
|
58
58
|
|
59
59
|
|
60
60
|
|
61
|
-
require 'rbmk/transform'
|
62
61
|
module RBMK
|
63
62
|
class Operation < LDAP::Server::Operation
|
64
63
|
|
@@ -148,10 +147,11 @@ class Operation < LDAP::Server::Operation
|
|
148
147
|
# Okay, now the actual code
|
149
148
|
#
|
150
149
|
attr_reader :server, :orig, :transformed
|
151
|
-
def initialize conn, mid
|
150
|
+
def initialize conn, mid, worker
|
152
151
|
super conn, mid
|
153
152
|
@orig = {}
|
154
153
|
@transformed = {}
|
154
|
+
@worker = worker
|
155
155
|
end
|
156
156
|
|
157
157
|
def simple_bind version, dn, password
|
@@ -205,11 +205,39 @@ protected
|
|
205
205
|
|
206
206
|
def transformed type, object
|
207
207
|
@orig[type] = object
|
208
|
-
@transformed[type] =
|
208
|
+
@transformed[type] = send 'transformed_%s' % type, object
|
209
209
|
rescue
|
210
210
|
$!.log
|
211
211
|
object
|
212
212
|
end
|
213
213
|
|
214
|
+
# Patch this method to transform incoming bind data.
|
215
|
+
# Expect a hash with these keys:
|
216
|
+
# :version LDAP protocol version; should probably be 3
|
217
|
+
# :dn Bind DN; like a "username"
|
218
|
+
# :password Cleartext! Verrrry sensitive!
|
219
|
+
def transformed_simple_bind opts
|
220
|
+
opts
|
221
|
+
end
|
222
|
+
|
223
|
+
# Patch this method to transform incoming search parameters.
|
224
|
+
# Expect a hash with these keys:
|
225
|
+
# :base Search base DN
|
226
|
+
# :scope 0 is base, 1 is onelevel, 2 is subtree
|
227
|
+
# :deref whether to follow aliases (no time to explain, read more otherwhere)
|
228
|
+
# :filter_array IMPORTANT: this is a parsed filter from Ldap::Server as an array-tree
|
229
|
+
# :attrs Attributes to be included in resulting objects
|
230
|
+
# :vals Whether to include values at all
|
231
|
+
# :limit Search will not return more than this amount of objects
|
232
|
+
def transformed_search opts
|
233
|
+
opts
|
234
|
+
end
|
235
|
+
|
236
|
+
# Patch this method to transform outbound found entries.
|
237
|
+
# Expect an array of hashes, each of which MUST have a 'dn' key
|
238
|
+
def transformed_entries entries
|
239
|
+
entries
|
240
|
+
end
|
241
|
+
|
214
242
|
end
|
215
243
|
end
|
data/lib/rbmk/upstream.rb
CHANGED
@@ -55,6 +55,14 @@ class Upstream
|
|
55
55
|
handle_ldap_error
|
56
56
|
end
|
57
57
|
|
58
|
+
def unbind
|
59
|
+
@ldap.unbind
|
60
|
+
end
|
61
|
+
|
62
|
+
def search opts, &block
|
63
|
+
self.class.send __method__, @ldap, opts, &block
|
64
|
+
end
|
65
|
+
|
58
66
|
def handle_ldap_error
|
59
67
|
stderr = from_stderr { @ldap.perror 'LDAP' } # WHY U NO?
|
60
68
|
message = stderr.match(/additional info:(.*)$/)[1].strip rescue nil # Seriously, how hard can it be to expose a server's message?
|
data/lib/rbmk/version.rb
CHANGED
data/lib/rbmk/worker.rb
CHANGED
@@ -6,14 +6,17 @@ class Worker
|
|
6
6
|
def self.hire peer, upstream; new(peer, upstream).serve end
|
7
7
|
|
8
8
|
def initialize peer, upstream
|
9
|
-
upstream
|
9
|
+
@upstream = upstream
|
10
|
+
@upstream.mktemp
|
10
11
|
@peer = peer
|
11
12
|
@conn = LDAP::Server::Connection.new @peer.socket,
|
12
|
-
server: upstream,
|
13
|
+
server: @upstream,
|
13
14
|
logger: $log,
|
14
15
|
operation_class: RBMK::Operation,
|
15
|
-
|
16
|
-
|
16
|
+
operation_args: [self],
|
17
|
+
schema: @upstream.schema,
|
18
|
+
namingContexts: @upstream.root_dse['namingContexts']
|
19
|
+
user_init
|
17
20
|
end
|
18
21
|
|
19
22
|
def serve
|
@@ -22,5 +25,10 @@ class Worker
|
|
22
25
|
@peer.close
|
23
26
|
end
|
24
27
|
|
28
|
+
protected
|
29
|
+
|
30
|
+
# Patch this method to implement your additional worker init actions
|
31
|
+
def user_init; end
|
32
|
+
|
25
33
|
end
|
26
34
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rbmk
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.0.
|
4
|
+
version: 0.1.0.f
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- stronny red
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-11-
|
11
|
+
date: 2015-11-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: ruby-ldap
|
@@ -60,7 +60,6 @@ files:
|
|
60
60
|
- lib/rbmk/operation.rb
|
61
61
|
- lib/rbmk/peer.rb
|
62
62
|
- lib/rbmk/server.rb
|
63
|
-
- lib/rbmk/transform.rb
|
64
63
|
- lib/rbmk/upstream.rb
|
65
64
|
- lib/rbmk/version.rb
|
66
65
|
- lib/rbmk/worker.rb
|
data/lib/rbmk/transform.rb
DELETED
@@ -1,33 +0,0 @@
|
|
1
|
-
module RBMK
|
2
|
-
module Transform
|
3
|
-
|
4
|
-
# Patch this method to transform incoming bind data.
|
5
|
-
# Expect a hash with these keys:
|
6
|
-
# :version LDAP protocol version; should probably be 3
|
7
|
-
# :dn Bind DN; like a "username"
|
8
|
-
# :password Cleartext! Verrrry sensitive!
|
9
|
-
def self.simple_bind opts, op
|
10
|
-
opts
|
11
|
-
end
|
12
|
-
|
13
|
-
# Patch this method to transform incoming search parameters.
|
14
|
-
# Expect a hash with these keys:
|
15
|
-
# :base Search base DN
|
16
|
-
# :scope 0 is base, 1 is onelevel, 2 is subtree
|
17
|
-
# :deref whether to follow aliases (no time to explain, read more otherwhere)
|
18
|
-
# :filter_array IMPORTANT: this is a parsed filter from Ldap::Server as an array-tree
|
19
|
-
# :attrs Attributes to be included in resulting objects
|
20
|
-
# :vals Whether to include values at all
|
21
|
-
# :limit Search will not return more than this amount of objects
|
22
|
-
def self.search opts, op
|
23
|
-
opts
|
24
|
-
end
|
25
|
-
|
26
|
-
# Patch this method to transform outbound found entries.
|
27
|
-
# Expect an array of hashes, each of which MUST have a 'dn' key
|
28
|
-
def self.found entries, op
|
29
|
-
entries
|
30
|
-
end
|
31
|
-
|
32
|
-
end
|
33
|
-
end
|