rubinius-net-ldap 0.11

data/test/test_ldif.rb

@@ -0,0 +1,104 @@
+# $Id: testldif.rb 61 2006-04-18 20:55:55Z blackhedd $
+
+require File.expand_path('../test_helper', __FILE__)
+
+require 'digest/sha1'
+require 'base64'
+
+class TestLdif < Test::Unit::TestCase
+  TestLdifFilename = "#{File.dirname(__FILE__)}/testdata.ldif"
+
+  def test_empty_ldif
+    ds = Net::LDAP::Dataset.read_ldif(StringIO.new)
+    assert_equal(true, ds.empty?)
+  end
+
+  def test_ldif_with_version
+    io = StringIO.new("version: 1")
+    ds = Net::LDAP::Dataset.read_ldif(io)
+    assert_equal "1", ds.version
+  end
+
+  def test_ldif_with_comments
+    str = ["# Hello from LDIF-land", "# This is an unterminated comment"]
+    io = StringIO.new(str[0] + "\r\n" + str[1])
+    ds = Net::LDAP::Dataset::read_ldif(io)
+    assert_equal(str, ds.comments)
+  end
+
+  def test_ldif_with_password
+    psw = "goldbricks"
+    hashed_psw = "{SHA}" + Base64::encode64(Digest::SHA1.digest(psw)).chomp
+
+    ldif_encoded = Base64::encode64(hashed_psw).chomp
+    ds = Net::LDAP::Dataset::read_ldif(StringIO.new("dn: Goldbrick\r\nuserPassword:: #{ldif_encoded}\r\n\r\n"))
+    recovered_psw = ds["Goldbrick"][:userpassword].shift
+    assert_equal(hashed_psw, recovered_psw)
+  end
+
+  def test_ldif_with_continuation_lines
+    ds = Net::LDAP::Dataset::read_ldif(StringIO.new("dn: abcdefg\r\n hijklmn\r\n\r\n"))
+    assert_equal(true, ds.has_key?("abcdefghijklmn"))
+  end
+
+  def test_ldif_with_continuation_lines_and_extra_whitespace
+    ds1 = Net::LDAP::Dataset::read_ldif(StringIO.new("dn: abcdefg\r\n   hijklmn\r\n\r\n"))
+    assert_equal(true, ds1.has_key?("abcdefg  hijklmn"))
+    ds2 = Net::LDAP::Dataset::read_ldif(StringIO.new("dn: abcdefg\r\n hij  klmn\r\n\r\n"))
+    assert_equal(true, ds2.has_key?("abcdefghij  klmn"))
+  end
+
+  def test_ldif_tab_is_not_continuation
+    ds = Net::LDAP::Dataset::read_ldif(StringIO.new("dn: key\r\n\tnotcontinued\r\n\r\n"))
+    assert_equal(true, ds.has_key?("key"))
+  end
+
+  def test_ldif_with_base64_dn
+    str = "dn:: Q049QmFzZTY0IGRuIHRlc3QsT1U9VGVzdCxPVT1Vbml0cyxEQz1leGFtcGxlLERDPWNvbQ==\r\n\r\n"
+    ds = Net::LDAP::Dataset::read_ldif(StringIO.new(str))
+    assert_equal(true, ds.has_key?("CN=Base64 dn test,OU=Test,OU=Units,DC=example,DC=com"))
+  end
+
+  def test_ldif_with_base64_dn_and_continuation_lines
+    str = "dn:: Q049QmFzZTY0IGRuIHRlc3Qgd2l0aCBjb250aW51YXRpb24gbGluZSxPVT1UZXN0LE9VPVVua\r\n XRzLERDPWV4YW1wbGUsREM9Y29t\r\n\r\n"
+    ds = Net::LDAP::Dataset::read_ldif(StringIO.new(str))
+    assert_equal(true, ds.has_key?("CN=Base64 dn test with continuation line,OU=Test,OU=Units,DC=example,DC=com"))
+  end
+
+  # TODO, INADEQUATE. We need some more tests
+  # to verify the content.
+  def test_ldif
+    File.open(TestLdifFilename, "r") {|f|
+      ds = Net::LDAP::Dataset::read_ldif(f)
+      assert_equal(13, ds.length)
+    }
+  end
+
+  # Must test folded lines and base64-encoded lines as well as normal ones.
+  def test_to_ldif
+    data = File.open(TestLdifFilename, "rb") { |f| f.read }
+    io = StringIO.new(data)
+
+    # added .lines to turn to array because 1.9 doesn't have
+    # .grep on basic strings
+    entries = data.lines.grep(/^dn:\s*/) { $'.chomp }
+    dn_entries = entries.dup
+
+    ds = Net::LDAP::Dataset::read_ldif(io) { |type, value|
+      case type
+      when :dn
+        assert_equal(dn_entries.first, value)
+        dn_entries.shift
+      end
+    }
+    assert_equal(entries.size, ds.size)
+    assert_equal(entries.sort, ds.to_ldif.grep(/^dn:\s*/) { $'.chomp })
+  end
+
+  def test_to_ldif_with_version
+    ds = Net::LDAP::Dataset.new
+    ds.version = "1"
+
+    assert_equal "version: 1", ds.to_ldif_string.chomp
+  end
+end

data/test/test_password.rb

@@ -0,0 +1,10 @@
+# $Id: testpsw.rb 72 2006-04-24 21:58:14Z blackhedd $
+
+require File.expand_path('../test_helper', __FILE__)
+
+class TestPassword < Test::Unit::TestCase
+  def test_psw
+    assert_equal("{MD5}xq8jwrcfibi0sZdZYNkSng==", Net::LDAP::Password.generate( :md5, "cashflow" ))
+    assert_equal("{SHA}YE4eGkN4BvwNN1f5R7CZz0kFn14=", Net::LDAP::Password.generate( :sha, "cashflow" ))
+  end
+end

data/test/test_rename.rb

@@ -0,0 +1,77 @@
+require File.expand_path('../test_helper', __FILE__)
+
+# Commented out since it assumes you have a live LDAP server somewhere. This
+# will be migrated to the integration specs, as soon as they are ready.
+=begin
+class TestRename < Test::Unit::TestCase
+  HOST= '10.10.10.71'
+  PORT = 389
+  BASE = "o=test"
+  AUTH = { :method => :simple, :username => "cn=testadmin,#{BASE}", :password => 'password' }
+  BASIC_USER = "cn=jsmith,ou=sales,#{BASE}"
+  RENAMED_USER = "cn=jbrown,ou=sales,#{BASE}"
+  MOVED_USER = "cn=jsmith,ou=marketing,#{BASE}"
+  RENAMED_MOVED_USER = "cn=jjones,ou=marketing,#{BASE}"
+
+  def setup
+    # create the entries we're going to manipulate
+    Net::LDAP::open(:host => HOST, :port => PORT, :auth => AUTH) do |ldap|
+      if ldap.add(:dn => "ou=sales,#{BASE}", :attributes => { :ou => "sales", :objectclass => "organizationalUnit" })
+        puts "Add failed: #{ldap.get_operation_result.message} - code: #{ldap.get_operation_result.code}"
+      end
+      ldap.add(:dn => "ou=marketing,#{BASE}", :attributes => { :ou => "marketing", :objectclass => "organizationalUnit" })
+      ldap.add(:dn => BASIC_USER, :attributes => { :cn => "jsmith", :objectclass => "inetOrgPerson", :sn => "Smith" })
+    end
+  end
+
+  def test_rename_entry
+    dn = nil
+    Net::LDAP::open(:host => HOST, :port => PORT, :auth => AUTH) do |ldap|
+      ldap.rename(:olddn => BASIC_USER, :newrdn => "cn=jbrown")
+
+      ldap.search(:base => RENAMED_USER) do |entry|
+        dn = entry.dn
+      end
+    end
+    assert_equal(RENAMED_USER, dn)
+  end
+
+  def test_move_entry
+    dn = nil
+    Net::LDAP::open(:host => HOST, :port => PORT, :auth => AUTH) do |ldap|
+      ldap.rename(:olddn => BASIC_USER, :newrdn => "cn=jsmith", :new_superior => "ou=marketing,#{BASE}")
+
+      ldap.search(:base => MOVED_USER) do |entry|
+        dn = entry.dn
+      end
+    end
+    assert_equal(MOVED_USER, dn)
+  end
+
+  def test_move_and_rename_entry
+    dn = nil
+    Net::LDAP::open(:host => HOST, :port => PORT, :auth => AUTH) do |ldap|
+      ldap.rename(:olddn => BASIC_USER, :newrdn => "cn=jjones", :new_superior => "ou=marketing,#{BASE}")
+
+      ldap.search(:base => RENAMED_MOVED_USER) do |entry|
+        dn = entry.dn
+      end
+    end
+    assert_equal(RENAMED_MOVED_USER, dn)
+  end
+
+  def teardown
+    # delete the entries
+    # note: this doesn't always completely clear up on eDirectory as objects get locked while
+    # the rename/move is being completed on the server and this prevents the delete from happening
+    Net::LDAP::open(:host => HOST, :port => PORT, :auth => AUTH) do |ldap|
+      ldap.delete(:dn => BASIC_USER)
+      ldap.delete(:dn => RENAMED_USER)
+      ldap.delete(:dn => MOVED_USER)
+      ldap.delete(:dn => RENAMED_MOVED_USER)
+      ldap.delete(:dn => "ou=sales,#{BASE}")
+      ldap.delete(:dn => "ou=marketing,#{BASE}")
+    end
+  end
+end
+=end

data/test/test_search.rb

@@ -0,0 +1,39 @@
+# -*- ruby encoding: utf-8 -*-
+require File.expand_path('../test_helper', __FILE__)
+
+class TestSearch < Test::Unit::TestCase
+  class FakeConnection
+    def search(args)
+      OpenStruct.new(:result_code => Net::LDAP::ResultCodeOperationsError, :message => "error", :success? => false)
+    end
+  end
+
+  def setup
+    @service = MockInstrumentationService.new
+    @connection = Net::LDAP.new :instrumentation_service => @service
+    @connection.instance_variable_set(:@open_connection, FakeConnection.new)
+  end
+
+  def test_true_result
+    assert_nil @connection.search(:return_result => true)
+  end
+
+  def test_false_result
+    assert !@connection.search(:return_result => false)
+  end
+
+  def test_no_result
+    assert_nil @connection.search
+  end
+
+  def test_instrumentation_publishes_event
+    events = @service.subscribe "search.net_ldap"
+
+    @connection.search(:filter => "test")
+
+    payload, result = events.pop
+    assert payload.has_key?(:result)
+    assert payload.has_key?(:filter)
+    assert_equal "test", payload[:filter]
+  end
+end

data/test/test_snmp.rb

@@ -0,0 +1,119 @@
+# $Id: testsnmp.rb 231 2006-12-21 15:09:29Z blackhedd $
+
+require File.expand_path('../test_helper', __FILE__)
+require 'net/snmp'
+
+class TestSnmp < Test::Unit::TestCase
+  def self.raw_string(s)
+    # Conveniently, String#b only needs to be called when it exists
+    s.respond_to?(:b) ? s.b : s
+  end
+
+  SnmpGetRequest = raw_string("0'\002\001\000\004\006public\240\032\002\002?*\002\001\000\002\001\0000\0160\f\006\b+\006\001\002\001\001\001\000\005\000")
+  SnmpGetResponse = raw_string("0+\002\001\000\004\006public\242\036\002\002'\017\002\001\000\002\001\0000\0220\020\006\b+\006\001\002\001\001\001\000\004\004test")
+
+  SnmpGetRequestXXX = raw_string("0'\002\001\000\004\006xxxxxx\240\032\002\002?*\002\001\000\002\001\0000\0160\f\006\b+\006\001\002\001\001\001\000\005\000")
+
+  def test_invalid_packet
+    data = "xxxx"
+    assert_raise(Net::BER::BerError) {
+ary = data.read_ber(Net::SNMP::AsnSyntax)
+    }
+  end
+
+  # The method String#read_ber! added by Net::BER consumes a well-formed BER
+  # object from the head of a string. If it doesn't find a complete,
+  # well-formed BER object, it returns nil and leaves the string unchanged.
+  # If it finds an object, it returns the object and removes it from the
+  # head of the string. This is good for handling partially-received data
+  # streams, such as from network connections.
+  def _test_consume_string
+    data = "xxx"
+    assert_equal(nil, data.read_ber!)
+    assert_equal("xxx", data)
+
+    data = SnmpGetRequest + "!!!"
+    ary = data.read_ber!(Net::SNMP::AsnSyntax)
+    assert_equal("!!!", data)
+    assert ary.is_a?(Array)
+    assert ary.is_a?(Net::BER::BerIdentifiedArray)
+  end
+
+  def test_weird_packet
+    assert_raise(Net::SnmpPdu::Error) {
+Net::SnmpPdu.parse("aaaaaaaaaaaaaa")
+    }
+  end
+
+  def test_get_request
+    data = SnmpGetRequest.dup
+    pkt = data.read_ber(Net::SNMP::AsnSyntax)
+    assert pkt.is_a?(Net::BER::BerIdentifiedArray)
+    assert_equal(48, pkt.ber_identifier) # Constructed [0], signifies GetRequest
+
+    pdu = Net::SnmpPdu.parse(pkt)
+    assert_equal(:get_request, pdu.pdu_type)
+    assert_equal(16170, pdu.request_id) # whatever was in the test data. 16170 is not magic.
+    assert_equal([[[1, 3, 6, 1, 2, 1, 1, 1, 0], nil]], pdu.variables)
+
+    assert_equal(pdu.to_ber_string, SnmpGetRequest)
+  end
+
+  def test_empty_pdu
+    pdu = Net::SnmpPdu.new
+    assert_raise(Net::SnmpPdu::Error) { pdu.to_ber_string }
+  end
+
+  def test_malformations
+    pdu = Net::SnmpPdu.new
+    pdu.version = 0
+    pdu.version = 2
+    assert_raise(Net::SnmpPdu::Error) { pdu.version = 100 }
+
+    pdu.pdu_type = :get_request
+    pdu.pdu_type = :get_next_request
+    pdu.pdu_type = :get_response
+    pdu.pdu_type = :set_request
+    pdu.pdu_type = :trap
+    assert_raise(Net::SnmpPdu::Error) { pdu.pdu_type = :something_else }
+  end
+
+  def test_make_response
+    pdu = Net::SnmpPdu.new
+    pdu.version = 0
+    pdu.community = "public"
+    pdu.pdu_type = :get_response
+    pdu.request_id = 9999
+    pdu.error_status = 0
+    pdu.error_index = 0
+    pdu.add_variable_binding [1, 3, 6, 1, 2, 1, 1, 1, 0], "test"
+
+    assert_equal(SnmpGetResponse, pdu.to_ber_string)
+  end
+
+  def test_make_bad_response
+    pdu = Net::SnmpPdu.new
+    assert_raise(Net::SnmpPdu::Error) {pdu.to_ber_string}
+    pdu.pdu_type = :get_response
+    pdu.request_id = 999
+    pdu.to_ber_string
+    # Not specifying variables doesn't create an error. (Maybe it should?)
+  end
+
+  def test_snmp_integers
+    c32 = Net::SNMP::Counter32.new(100)
+    assert_equal("A\001d", c32.to_ber)
+    g32 = Net::SNMP::Gauge32.new(100)
+    assert_equal("B\001d", g32.to_ber)
+    t32 = Net::SNMP::TimeTicks32.new(100)
+    assert_equal("C\001d", t32.to_ber)
+  end
+
+  def test_community
+    data = SnmpGetRequestXXX.dup
+    ary = data.read_ber(Net::SNMP::AsnSyntax)
+    pdu = Net::SnmpPdu.parse(ary)
+    assert_equal("xxxxxx", pdu.community)
+  end
+
+end

data/test/test_ssl_ber.rb

@@ -0,0 +1,40 @@
+require File.expand_path('../test_helper', __FILE__)
+require 'timeout'
+
+class TestSSLBER < Test::Unit::TestCase
+  # Transmits str to @to and reads it back from @from.
+  #
+  def transmit(str)
+    Timeout::timeout(1) do
+      @to.write(str)
+      @to.close
+
+      @from.read
+    end
+  end
+
+  def setup
+    @from, @to = IO.pipe
+
+    # The production code operates on sockets, which do need #connect called
+    # on them to work. Pipes are more robust for this test, so we'll skip
+    # the #connect call since it fails.
+    #
+    # TODO: Replace test with real socket
+    # https://github.com/ruby-ldap/ruby-net-ldap/pull/121#discussion_r18746386
+    flexmock(OpenSSL::SSL::SSLSocket).
+      new_instances.should_receive(:connect => nil)
+
+    @to   = Net::LDAP::Connection.wrap_with_ssl(@to)
+    @from = Net::LDAP::Connection.wrap_with_ssl(@from)
+  end
+
+  def test_transmit_strings
+    assert_equal "foo", transmit("foo")
+  end
+
+  def test_transmit_ber_encoded_numbers
+    @to.write 1234.to_ber
+    assert_equal 1234, @from.read_ber
+  end
+end

data/test/testdata.ldif

@@ -0,0 +1,101 @@
+# $Id: testdata.ldif 50 2006-04-17 17:57:33Z blackhedd $
+#
+# This is test-data for an LDAP server in LDIF format.
+#
+dn: dc=bayshorenetworks,dc=com
+objectClass: dcObject
+objectClass: organization
+o: Bayshore Networks LLC
+dc: bayshorenetworks
+
+dn: cn=Manager,dc=bayshorenetworks,dc=com
+objectClass: organizationalrole
+cn: Manager
+
+dn: ou=people,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: people
+
+dn: ou=privileges,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: privileges
+
+dn: ou=roles,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: roles
+
+dn: ou=office,dc=bayshorenetworks,dc=com
+objectClass: organizationalunit
+ou: office
+
+dn: mail=nogoodnik@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
+cn: Bob Fosse
+mail: nogoodnik@steamheat.net
+sn: Fosse
+ou: people
+objectClass: top
+objectClass: inetorgperson
+objectClass: authorizedperson
+hasAccessRole: uniqueIdentifier=engineer,ou=roles
+hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
+hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
+hasAccessRole: uniqueIdentifier=brandplace_logging_user,ou=roles
+hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
+hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
+hasAccessRole: uniqueIdentifier=bayshore_eagle_user,ou=roles
+hasAccessRole: uniqueIdentifier=bayshore_eagle_superuser,ou=roles
+hasAccessRole: uniqueIdentifier=kledaras_user,ou=roles
+
+dn: mail=elephant@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
+cn: Gwen Verdon
+mail: elephant@steamheat.net
+sn: Verdon
+ou: people
+objectClass: top
+objectClass: inetorgperson
+objectClass: authorizedperson
+hasAccessRole: uniqueIdentifier=brandplace_report_user,ou=roles
+hasAccessRole: uniqueIdentifier=engineer,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
+hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ldapadmin,ou=roles
+
+dn: uniqueIdentifier=engineering,ou=privileges,dc=bayshorenetworks,dc=com
+uniqueIdentifier: engineering
+ou: privileges
+objectClass: accessPrivilege
+
+dn: uniqueIdentifier=engineer,ou=roles,dc=bayshorenetworks,dc=com
+uniqueIdentifier: engineer
+ou: roles
+objectClass: accessRole
+hasAccessPrivilege: uniqueIdentifier=engineering,ou=privileges
+
+dn: uniqueIdentifier=ldapadmin,ou=roles,dc=bayshorenetworks,dc=com
+uniqueIdentifier: ldapadmin
+ou: roles
+objectClass: accessRole
+
+dn: uniqueIdentifier=ldapsuperadmin,ou=roles,dc=bayshorenetworks,dc=com
+uniqueIdentifier: ldapsuperadmin
+ou: roles
+objectClass: accessRole
+
+dn: mail=catperson@steamheat.net,ou=people,dc=bayshorenetworks,dc=com
+cn: Sid Sorokin
+mail: catperson@steamheat.net
+sn: Sorokin
+ou: people
+objectClass: top
+objectClass: inetorgperson
+objectClass: authorizedperson
+hasAccessRole: uniqueIdentifier=engineer,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_elephant_user,ou=roles
+hasAccessRole: uniqueIdentifier=ldapsuperadmin,ou=roles
+hasAccessRole: uniqueIdentifier=ogilvy_eagle_user,ou=roles
+hasAccessRole: uniqueIdentifier=greenplug_user,ou=roles
+hasAccessRole: uniqueIdentifier=workorder_user,ou=roles
+