rbmk 0.1.0.a → 0.1.0.b

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 915c433f207ea0656ded0512c10507183ba35211
-  data.tar.gz: 8ee0b1ef7c46e215b298783d0597dd6d085368f0
+  metadata.gz: e1099ee731e3c1c408f0489dd03bc02e6a5256e3
+  data.tar.gz: a9e3cec5e9f6899f7883d20e790f61b953d90ddc
 SHA512:
-  metadata.gz: 9fe9a3bce2171a3b8466f6034d0569ccbb691fe2aee9a161b2ffed4d5695e9bbd68e7b8662d71284a01952cca1c6bbafee621a5f914f589918c3edb915ad359c
-  data.tar.gz: 8fa2b7a9794a4a6bbfb8d25b279445c87a4d20d8936e70fd57c292cd808895bc44e7dcde0eaf14f495c6d2d700b5067dbe57ed1ab1c276c2ad2d20680edbfd7a
+  metadata.gz: 23278488b01fdbb876067fd2dd64e14038aafb6657d13769f22d9392f1cdc4e9ba9a0f20d905fb8adc6c61b19ee7d248ecfdf0f030d48ee660dc10f4a3b38813
+  data.tar.gz: 2a3b4d58d04c4635fdcc575b839a22eb77831978472a4c52ab85817125e99b2594f24076ac083ce9d2917c9ce3eb58002c47c3bd0d77bba0aa72dea7ac4283cd

data/examples/rbmk.rb

@@ -18,26 +18,22 @@ module RBMK::Logger
 	def self.level; ::Logger::DEBUG end
 end
 
-# The magic! You can transform the found entries here
+# The magic! You can transform the LDAP operations
 #
-module RBMK
+module RBMK::Transform
+
 	# For example, we can add a fooBar attribute to any resulting object
 	#
-	def self.hack_entries entries
+	def self.entries entries
 		entries.map do |entry|
 			entry.merge 'fooBar' => 'baz'
 		end
 	end
 
-	# In this example we drop fooBar attribute from anywhere in the search
+	# In this example we override atrributes in the request so that all of them are requested all the time
 	#
-	def self.hack_filter filter
-		op = filter.shift
-		case op
-			when :true, :false, :undef then [op]
-			when :not,  :and,   :or    then [op] + filter.map { |sf| hack_filter sf }.compact
-			else (filter.first =~ /\Afoobar\z/i) ? nil : [op] + filter
-		end
+	def self.search opts
+		opts.merge attrs: ['*', '+']
 	end
 
 end

data/lib/rbmk/operation.rb

@@ -18,19 +18,20 @@ end
 
 
 class LDAP::Server::Filter
-	def self.to_rfc filter
-		raise ArgumentError, 'Array expected' unless filter.is_a? Array
-		raise ArgumentError, 'Filter is empty' if filter.empty?
+	def self.to_rfc preserved_filter
+		raise ArgumentError, 'Array expected' unless preserved_filter.is_a? Array
+		raise ArgumentError, 'Filter is empty' if preserved_filter.empty?
+		filter = preserved_filter.clone
 		op = filter.shift
 		res = case op
 			when :not then
-				raise 'Empty subfilter' if (sf = to_rfc filter).empty?
+				raise 'Empty subfilter' if (sf = send(__method__, filter)).empty?
 				'!%s' % sf
 			when :and then
-				raise 'Empty subfilter' if (sf = filter.map { |f| to_rfc(f) }.join).empty?
+				raise 'Empty subfilter' if (sf = filter.map { |f| send(__method__, f) }.join).empty?
 				'&%s' % sf
 			when :or
-				raise 'Empty subfilter' if (sf = filter.map { |f| to_rfc(f) }.join).empty?
+				raise 'Empty subfilter' if (sf = filter.map { |f| send(__method__, f) }.join).empty?
 				'!%s' % sf
 
 			when :true       then 'objectClass=*'
@@ -57,7 +58,7 @@ end
 
 
 
-require 'rbmk'
+require 'rbmk/transform'
 module RBMK
 class Operation < LDAP::Server::Operation
 
@@ -143,27 +144,43 @@ class Operation < LDAP::Server::Operation
 	end
 
 
-
+	# --------------------------------------------------------------------------
 	# Okay, now the actual code
 	#
+	def initialize conn, mid
+		super conn, mid
+		@orig = {}
+		@transformed = {}
+	end
+
 	def simple_bind version, dn, password
-		RBMK.context[:binddn] = {orig: dn}
-		version, dn, password = transformed(simple_bind: [version, dn, password])
-		RBMK.context[:binddn][:hacked] = dn
-		$log.info sprintf('Bind v%i, dn: %p -> %p', version, RBMK.context[:binddn][:orig], RBMK.context[:binddn][:hacked])
-		@server.bind version, dn, password
+		orig = {version: version, dn: dn, password: password}
+		opts = transformed __method__ => orig.clone
+		$log.info sprintf('Bind version: %s, dn: %s',
+			log_chunk(orig, opts, '%i', :version),
+			log_chunk(orig, opts, '%p', :dn)
+		)
+		@server.bind *opts.values_at(:version, :dn, :password)
 	rescue LDAP::ResultError
 		$!.log_debug
 		raise $!
 	end
 
-	def search basedn, scope, deref, filter
-		RBMK.context[:filter] = {orig: filter, hacked: transformed(filter: filter)}
-		filter = LDAP::Server::Filter.to_rfc RBMK.context[:filter][:hacked]
-		$log.info sprintf('Search %p from %p, scope: %i, deref: %i, attrs: %p, no_values: %s, max: %i', filter, basedn, scope, deref, @attributes, @typesOnly, (@sizelimit.to_i rescue 0))
-		entries = @server.ldap.search_ext2 basedn, scope, filter, ['*', '+'], @typesOnly, nil, nil, 0, 0, (@sizelimit.to_i rescue 0)
-#require 'pp'
-#pp entries
+	def search base, scope, deref, filter
+		orig = {filter_array: filter, base: base, scope: scope, deref: deref, attrs: @attributes, vals: (not @typesOnly), limit: (@sizelimit.to_i rescue 0)}
+		opts = transformed __method__ => orig.clone
+		orig[:filter_string] = LDAP::Server::Filter.to_rfc orig[:filter_array]
+		opts[:filter_string] = LDAP::Server::Filter.to_rfc opts[:filter_array]
+		$log.info sprintf('Search %s from %s, scope: %s, deref: %s, attrs: %s, vals: %s, limit: %s',
+			log_chunk(orig, opts, '%p', :filter_string),
+			log_chunk(orig, opts, '%p', :base),
+			log_chunk(orig, opts, '%i', :scope),
+			log_chunk(orig, opts, '%i', :deref),
+			log_chunk(orig, opts, '%p', :attrs),
+			log_chunk(orig, opts, '%s', :vals),
+			log_chunk(orig, opts, '%i', :limit),
+		)
+		entries = @server.ldap.search_ext2(*opts.values_at(:base, :scope, :filter_string, :attrs), (not opts[:vals]), nil, nil, 0, 0, opts[:limit])
 		transformed(entries: entries).each { |entry| send_SearchResultEntry entry.delete('dn').first, entry }
 	rescue LDAP::ResultError
 		@server.handle_ldap_error
@@ -171,9 +188,24 @@ class Operation < LDAP::Server::Operation
 
 protected
 
+	def log_chunk orig, transformed, format, key
+		if orig[key] === transformed[key] then
+			format % orig[key]
+		else
+			sprintf "(#{format} -> #{format})", orig[key], transformed[key]
+		end
+	rescue
+		p orig, transformed, format, key
+		raise $!
+	end
+
 	def transformed spec
 		raise ArgumentError.new('Please provide a hash with exactly one key.') unless (spec.is_a? Hash) and (1 == spec.count)
-		spec.each { |type, object| return RBMK.send "hack_#{type}".to_sym, object }
+		spec.each do |type, object|
+			@orig[type] = object
+			transformed = RBMK::Transform.send type, object
+			return @transformed[type] = transformed
+		end
 	rescue
 		$!.log
 		object

data/lib/rbmk/transform.rb

@@ -0,0 +1,33 @@
+module RBMK
+module Transform
+
+	# Patch this method to transform incoming bind data.
+	# Expect a hash with these keys:
+	# :version              LDAP protocol version; should probably be 3
+	# :dn                   Bind DN; like a "username"
+	# :password             Cleartext! Verrrry sensitive!
+	def self.simple_bind opts
+		opts
+	end
+
+	# Patch this method to transform incoming search parameters.
+	# Expect a hash with these keys:
+	# :base                 Search base DN
+	# :scope                0 is base, 1 is onelevel, 2 is subtree
+	# :deref                whether to follow aliases (no time to explain, read more otherwhere)
+	# :filter_array         IMPORTANT: this is a parsed filter from Ldap::Server as an array-tree
+	# :attrs                Attributes to be included in resulting objects
+	# :vals                 Whether to include values at all
+	# :limit                Search will not return more than this amount of objects
+	def self.search opts
+		opts
+	end
+
+	# Patch this method to transform outbound found entries.
+	# Expect an array of hashes, each of which MUST have a 'dn' key
+	def self.found entries
+		entries
+	end
+
+end
+end

data/lib/rbmk/version.rb

@@ -1,4 +1,4 @@
 module RBMK
-	VERSION = '0.1.0.a'
-	CODENAME = 'plan b'
+	VERSION = '0.1.0.b'
+	CODENAME = 'break the black ice'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rbmk
 version: !ruby/object:Gem::Version
-  version: 0.1.0.a
+  version: 0.1.0.b
 platform: ruby
 authors:
 - stronny red
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-11-23 00:00:00.000000000 Z
+date: 2015-11-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: ruby-ldap
@@ -55,13 +55,13 @@ files:
 - README.md
 - bin/rbmk
 - examples/rbmk.rb
-- lib/rbmk.rb
 - lib/rbmk/exception.rb
 - lib/rbmk/logger.rb
 - lib/rbmk/operation.rb
 - lib/rbmk/peer.rb
 - lib/rbmk/server.rb
 - lib/rbmk/signal.rb
+- lib/rbmk/transform.rb
 - lib/rbmk/upstream.rb
 - lib/rbmk/version.rb
 - lib/rbmk/worker.rb

data/lib/rbmk.rb

@@ -1,26 +0,0 @@
-module RBMK
-
-	def self.context
-		@context ||= {}
-	end
-
-	# Patch this method to hack incoming bind data
-	#
-	def self.hack_simple_bind data
-#		version, dn, password = data
-		data
-	end
-
-	# Patch this method to hack incoming search filters
-	#
-	def self.hack_filter filter
-		filter
-	end
-
-	# Patch this method to hack outbound found entries
-	#
-	def self.hack_entries entries
-		entries
-	end
-
-end