rom-ldap 0.2.2

data/lib/rom/ldap/message_queue.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module ROM
+  module LDAP
+    MessageQueue = Hash.new { |hash, key| hash[key] = [] }
+  end
+end

data/lib/rom/ldap/oid.rb

@@ -0,0 +1,101 @@
+# frozen_string_literal: true
+
+# rubocop:disable Layout/HashAlignment
+
+module ROM
+  module LDAP
+    # LDAP OID hash map
+    #
+    # @see http://oid-info.com/get/{{OID}}
+    # @see https://ldap.com/ldap-oid-reference-guide/
+    # @see http://ldapwiki.com/wiki/LDAP%20Extensions%20and%20Controls%20Listing
+    #
+    # @return [Hash]
+    #
+    # @api private
+    #
+    OID = {
+      matched_values:                   '1.2.826.0.1.3344810.2.3',
+      paged_results:                    '1.2.840.113556.1.4.319',
+      show_deleted:                     '1.2.840.113556.1.4.417',
+      sort_request:                     '1.2.840.113556.1.4.473',
+      sort_response:                    '1.2.840.113556.1.4.474',
+      crossdom_move_target:             '1.2.840.113556.1.4.521',
+      search_notification:              '1.2.840.113556.1.4.528',
+      lazy_commit:                      '1.2.840.113556.1.4.619',
+      sd_flags:                         '1.2.840.113556.1.4.801',
+      matching_rule_bit_and:            '1.2.840.113556.1.4.803',
+      matching_rule_bit_or:             '1.2.840.113556.1.4.804',
+      delete_tree:                      '1.2.840.113556.1.4.805',
+      directory_sync:                   '1.2.840.113556.1.4.841',
+      verify_name:                      '1.2.840.113556.1.4.1338',
+      domain_scope:                     '1.2.840.113556.1.4.1339',
+      search_options:                   '1.2.840.113556.1.4.1340',
+      permissive_modify:                '1.2.840.113556.1.4.1413',
+      fast_concurrent_bind:             '1.2.840.113556.1.4.1781',
+      matching_rule_in_chain:           '1.2.840.113556.1.4.1941',
+      server_policy_hints:              '1.2.840.113556.1.4.2239',
+      cancel_operation:                 '1.3.6.1.1.8',
+      assertion:                        '1.3.6.1.1.12',
+      pre_read:                         '1.3.6.1.1.13.1',
+      post_read:                        '1.3.6.1.1.13.2',
+      modify_increment:                 '1.3.6.1.1.14',
+      transaction_start_request:        '1.3.6.1.1.21.1',
+      transaction_spec_request:         '1.3.6.1.1.21.2',
+      transaction_end_request:          '1.3.6.1.1.21.3',
+      dont_use_copy:                    '1.3.6.1.1.22',
+      password_policy_request:          '1.3.6.1.4.1.42.2.27.8.5.1',
+      get_effective_rights_request:     '1.3.6.1.4.1.42.2.27.9.5.2',
+      account_usable_request:           '1.3.6.1.4.1.42.2.27.9.5.8',
+      apple_oid_prefix:                 '1.3.6.1.4.1.63',
+      notice_of_disconnection:          '1.3.6.1.4.1.1466.20036',
+      start_tls:                        '1.3.6.1.4.1.1466.20037',
+      ns_transmitted:                   '1.3.6.1.4.1.1466.29539.12',
+      dynamic_refresh:                  '1.3.6.1.4.1.1466.101.119.1',
+      all_operational_attributes:       '1.3.6.1.4.1.4203.1.5.1',
+      oc_ad_lists:                      '1.3.6.1.4.1.4203.1.5.2',
+      true_false_filters:               '1.3.6.1.4.1.4203.1.5.3',
+      language_tag_options:             '1.3.6.1.4.1.4203.1.5.4',
+      language_range_options:           '1.3.6.1.4.1.4203.1.5.5',
+      sync_request:                     '1.3.6.1.4.1.4203.1.9.1.1',
+      sync_state:                       '1.3.6.1.4.1.4203.1.9.1.2',
+      sync_done:                        '1.3.6.1.4.1.4203.1.9.1.3',
+      sync_info_message:                '1.3.6.1.4.1.4203.1.9.1.4',
+      subentries:                       '1.3.6.1.4.1.4203.1.10.1',
+      password_modify:                  '1.3.6.1.4.1.4203.1.11.1',
+      val_sort:                         '1.3.6.1.4.1.4203.666.5.14',
+      dereference:                      '1.3.6.1.4.1.4203.666.5.16',
+      cascade:                          '1.3.6.1.4.1.18060.0.0.1',
+      launch_diagnostic_ui_request:     '1.3.6.1.4.1.18060.0.1.1',
+      launch_diagnostic_ui_response:    '1.3.6.1.4.1.18060.0.1.2',
+      graceful_shutdown_request:        '1.3.6.1.4.1.18060.0.1.3',
+      graceful_shutdown_response:       '1.3.6.1.4.1.18060.0.1.4',
+      graceful_disconnect:              '1.3.6.1.4.1.18060.0.1.5',
+      stored_procedure_request:         '1.3.6.1.4.1.18060.0.1.6',
+      stored_procedure_response:        '1.3.6.1.4.1.18060.0.1.7',
+      create_grouping_request:          '2.16.840.1.113719.1.27.103.1',
+      create_grouping_response:         '2.16.840.1.113719.1.27.103.1',
+      end_grouping_request:             '2.16.840.1.113719.1.27.103.2',
+      end_grouping_response:            '2.16.840.1.113719.1.27.103.2',
+      grouping:                         '2.16.840.1.113719.1.27.103.7',
+      transaction_grouping:             '2.16.840.1.113719.1.27.103.8',
+      manage_dsa_it:                    '2.16.840.1.113730.3.4.2',
+      persistent_search:                '2.16.840.1.113730.3.4.3',
+      netscape_password_expired:        '2.16.840.1.113730.3.4.4',
+      netscape_password_expiring:       '2.16.840.1.113730.3.4.5',
+      entry_change_notification:        '2.16.840.1.113730.3.4.7',
+      virtual_list_view_request:        '2.16.840.1.113730.3.4.9',
+      virtual_list_view_response:       '2.16.840.1.113730.3.4.10',
+      proxied_authorization_v1:         '2.16.840.1.113730.3.4.12',
+      replication_update_information:   '2.16.840.1.113730.3.4.13',
+      search_on_specific_database:      '2.16.840.1.113730.3.4.14',
+      authentication_response:          '2.16.840.1.113730.3.4.15',
+      authentication_identity_request:  '2.16.840.1.113730.3.4.16',
+      real_attribute_only_request:      '2.16.840.1.113730.3.4.17',
+      proxied_authorization_v2:         '2.16.840.1.113730.3.4.18',
+      virtual_attributes_only_request:  '2.16.840.1.113730.3.4.19'
+    }.freeze
+  end
+end
+
+# rubocop:enable Layout/HashAlignment

data/lib/rom/ldap/parsers/abstract_syntax.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+require 'rom/ldap/expression'
+
+module ROM
+  module LDAP
+    module Parsers
+      #
+      # Parses and AST into and Expression/RFC filter
+      #
+      # @api private
+      class AbstractSyntax
+
+        extend Initializer
+
+        param :ast, type: Types::Strict::Array
+
+        param :attributes, type: Types.Array(Types::Hash)
+
+        def call
+          case ast.size
+
+          # Join or negate expression
+          when 2
+            constructor, part = ast
+
+            expressions =
+              if constructor.eql?(:con_not)
+                [express(part)]
+              else
+                part.map(&method(:express))
+              end
+
+            Expression.new(op: constructor, exps: expressions)
+
+          # Create expression
+          when 3
+            operator, attribute, value = ast
+
+            Expression.new(
+              op: operator,
+              field: decode_attribute(attribute),
+              value: decode_value(value)
+            )
+          end
+        end
+
+        private
+
+        # Express a nested AST
+        #
+        # @api private
+        def express(ast_part)
+          self.class.new(ast_part, attributes).call
+        end
+
+        def decode_attribute(name)
+          attr = attributes.find { |a| a[:name].eql?(name) }
+          attr ? attr[:canonical] : name
+        end
+
+        # Check VALUES_MAP for encoded values otherwise return input.
+        #
+        # @param sym [Symbol,String] possible special value
+        #
+        # @return [String] "*", "TRUE", "FALSE"
+        #
+        def decode_value(sym)
+          VALUES_MAP.fetch(sym, sym)
+        end
+
+        # @param sym [Symbol] encoded version
+        #
+        # @return [Symbol,String]
+        #
+        def decode_constructor(sym)
+          CONSTRUCTORS.fetch(sym, :unknown_constructor)
+        end
+
+        # @param sym [Symbol] encoded version
+        #
+        # @return [Symbol,String]
+        #
+        def decode_operator(sym)
+          OPERATORS.fetch(sym, :'???')
+        end
+
+      end
+    end
+  end
+end

data/lib/rom/ldap/parsers/attribute.rb

@@ -0,0 +1,290 @@
+# frozen_string_literal: true
+
+module ROM
+  module LDAP
+    module Parsers
+      #
+      # RFC4512 - 4.1.2.  Attribute Types
+      #
+      # @see https://tools.ietf.org/html/rfc4512#section-4.1.2
+      #
+      # Attribute Type definitions are written according to the ABNF:
+      #
+      #      AttributeTypeDescription = LPAREN WSP
+      #          numericoid                    ; object identifier
+      #          [ SP "NAME" SP qdescrs ]      ; short names (descriptors)
+      #          [ SP "DESC" SP qdstring ]     ; description
+      #          [ SP "OBSOLETE" ]             ; not active
+      #          [ SP "SUP" SP oid ]           ; supertype
+      #          [ SP "EQUALITY" SP oid ]      ; equality matching rule
+      #          [ SP "ORDERING" SP oid ]      ; ordering matching rule
+      #          [ SP "SUBSTR" SP oid ]        ; substrings matching rule
+      #          [ SP "SYNTAX" SP noidlen ]    ; value syntax
+      #          [ SP "SINGLE-VALUE" ]         ; single-value
+      #          [ SP "COLLECTIVE" ]           ; collective
+      #          [ SP "NO-USER-MODIFICATION" ] ; not user modifiable
+      #          [ SP "USAGE" SP usage ]       ; usage
+      #          extensions WSP RPAREN         ; extensions
+      #
+      #      usage = "userApplications"     /  ; user
+      #              "directoryOperation"   /  ; directory operational
+      #              "distributedOperation" /  ; DSA-shared operational
+      #              "dSAOperation"            ; DSA-specific operational
+      #
+      #    where:
+      #      <numericoid> is object identifier assigned to this attribute type;
+      #      NAME <qdescrs> are short names (descriptors) identifying this
+      #          attribute type;
+      #      DESC <qdstring> is a short descriptive string;
+      #      OBSOLETE indicates this attribute type is not active;
+      #      SUP oid specifies the direct supertype of this type;
+      #      EQUALITY, ORDERING, and SUBSTR provide the oid of the equality,
+      #          ordering, and substrings matching rules, respectively;
+      #      SYNTAX identifies value syntax by object identifier and may suggest
+      #          a minimum upper bound;
+      #      SINGLE-VALUE indicates attributes of this type are restricted to a
+      #          single value;
+      #      COLLECTIVE indicates this attribute type is collective
+      #          [X.501][RFC3671];
+      #      NO-USER-MODIFICATION indicates this attribute type is not user
+      #          modifiable;
+      #      USAGE indicates the application of this attribute type; and
+      #      <extensions> describe extensions.
+      #
+      #
+      # @param attribute [String]
+      #   "( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
+      #   DESC 'RFC1274: user identifier' EQUALITY caseIgnoreMatch
+      #   SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+      #   USAGE userApplications X-SCHEMA 'core' )"
+      #
+      # @return [Array<Hash>] Alternative names return multiple hashes
+      #
+      # @example
+      #   Parsers::Attribute.new("( NAME cn....)").call
+      #
+      # @api private
+      class Attribute
+
+        extend Initializer
+
+        param :attribute, type: Types::Strict::String, reader: :private
+
+        def call
+          Array(canonical_names).map do |original_name|
+            {
+              name:         LDAP.formatter[original_name],
+              definition:   attribute,
+              canonical:    original_name,
+              description:  description,
+              oid:          attribute_oid,
+              syntax:       syntax_oid,
+              single:       single_value?,
+              editable:     editable?,
+              schema:       schema,
+              draft:        draft,
+
+              # super_type: [ SP "SUP" SP oid ]
+              # collective: [ SP "COLLECTIVE" ]
+
+              rules: {
+                approx:           approx_matcher,
+                equality:         equality_matcher,
+                substr:           sub_string_rule,
+                ordering:         ordering_rule,
+                min_value_count:  min_value_count,
+                max_value_count:  max_value_count,
+                min_value_length: min_value_length,
+                max_value_length: max_value_length,
+                min_int_value:    min_int_value,
+                max_int_value:    max_int_value,
+                allowed_value:    allowed_value
+              }
+            }
+          end
+        end
+
+        private
+
+        # short names (descriptors)
+        #
+        # @return [Array<String>] => ['uid', 'userid']
+        #
+        def canonical_names
+          if attribute[/NAME '(\S+)'/]
+            Regexp.last_match(1)
+          elsif attribute[/NAME \( '(\S+)' '(\S+)' \)/]
+            [Regexp.last_match(1), Regexp.last_match(2)]
+          end
+        end
+
+        # numericoid
+        #
+        # @return [String]
+        #
+        def attribute_oid
+          attribute[/^\( ([\d\.]*)/, 1]
+        end
+
+        # @return [Boolean]
+        #
+        def editable?
+          modifiable? and public?
+        end
+
+        # not user modifiable
+        #
+        # @return [Boolean]
+        #
+        def modifiable?
+          attribute.scan(/NO-USER-MODIFICATION/).none?
+        end
+
+        # value syntax
+        #
+        # @return [String]
+        #
+        def syntax_oid
+          attribute[/SYNTAX (\S+)/, 1].to_s.tr("'", '')
+        end
+
+        # userApplications
+        #
+        # @return [Boolean]
+        #
+        def public?
+          attribute[/USAGE (\S+)/, 1] == 'userApplications'
+        end
+
+        # directoryOperation
+        # distributedOperation
+        # dSAOperation
+        #
+        # @return [Boolean]
+        #
+        def private?
+          attribute[/USAGE (\S+)/, 1] != 'userApplications'
+        end
+
+        # An optional human-readable description, which should be enclosed in single quotation marks.
+        #
+        # @return [String]
+        #
+        def description
+          attribute[/DESC '(.+)' [A-Z]+\s/, 1]
+        end
+
+        # ordering matching rule
+        #
+        # @return [String]
+        #
+        def ordering_rule
+          attribute[/ORDERING (\S+)/, 1]
+        end
+
+        # @return [String]
+        #
+        def sub_string_rule
+          attribute[/SUBSTR (\S+)/, 1]
+        end
+
+        # single-value
+        #
+        # @return [Boolean]
+        #
+        def single_value?
+          attribute.scan(/SINGLE-VALUE/).any?
+        end
+
+        # @return [String]
+        #
+        def equality_matcher
+          attribute[/EQUALITY (\S+)/, 1]
+        end
+
+        # ================================
+        #
+        # Extended Attribute Flags
+        #
+        # ================================
+
+        # Provides information about where the attribute type is defined,
+        #   either by a particular RFC or Internet Draft or within the project.
+        #
+        def draft
+          attribute[/X-ORIGIN '(\S+)'/, 1]
+        end
+
+        # @return [String] Name of defining schema
+        #
+        def schema
+          attribute[/X-SCHEMA '(\S+)'/, 1]
+        end
+
+        # Indicates which approximate matching rule should be used for the attribute type. If this is specified, then its value should be the name or OID of a registered approximate matching rule.
+        # Specifies the name or OID of the approximate matching rule that should be
+        #   used in conjunction with the specified attribute Type.
+        #
+        # @see https://ldapwiki.com/wiki/ApproxMatch
+        #
+        def approx_matcher
+          attribute[/X-APPROX (\S+)/, 1]
+        end
+
+        # Specifies the set of values that attributes of that type will be allowed to have.
+        #
+        def allowed_value
+          attribute[/X-ALLOWED-VALUE (\S+)/, 1]
+        end
+
+        # Provides one or more regular expressions that describe acceptable values for the associated attribute.
+        # Values will only be allowed if they match at least one of the regular expressions.
+        #
+        def value_regex
+          attribute[/X-VALUE-REGEX (\S+)/, 1]
+        end
+
+        # Specifies the minimum number of characters that values of the associated
+        #   attribute are permitted to have.
+        #
+        def min_value_length
+          attribute[/X-MIN-VALUE-LENGTH (\d+)/, 1].to_i
+        end
+
+        # Specifies the maximum number of characters that values of the associated
+        #   attribute are permitted to have.
+        #
+        def max_value_length
+          attribute[/X-MAX-VALUE-LENGTH (\d+)/, 1].to_i
+        end
+
+        # Specifies the minimum integer value that may be assigned to the associated attribute.
+        #
+        def min_int_value
+          attribute[/X-MIN-INT-VALUE (\d+)/, 1].to_i
+        end
+
+        # Specifies the maximum integer value that may be assigned to the associated attribute.
+        #
+        def max_int_value
+          attribute[/X-MAX-INT-VALUE (\d+)/, 1].to_i
+        end
+
+        # Specifies the minimum number of values that the attribute is allowed
+        #   to have in any entry.
+        #
+        def min_value_count
+          attribute[/X-MIN-VALUE-COUNT (\d+)/, 1].to_i
+        end
+
+        # Specifies the maximum number of values that the attribute is allowed
+        #   to have in any entry.
+        #
+        def max_value_count
+          attribute[/X-MAX-VALUE-COUNT (\d+)/, 1].to_i
+        end
+
+      end
+    end
+  end
+end