rubinius-net-ldap 0.11

data/lib/net/ldap/instrumentation.rb

@@ -0,0 +1,23 @@
+module Net::LDAP::Instrumentation
+  attr_reader :instrumentation_service
+  private     :instrumentation_service
+
+  # Internal: Instrument a block with the defined instrumentation service.
+  #
+  # Yields the event payload if a block is given.
+  #
+  # Skips instrumentation if no service is set.
+  #
+  # Returns the return value of the block.
+  def instrument(event, payload = {})
+    payload = (payload || {}).dup
+    if instrumentation_service
+      instrumentation_service.instrument(event, payload) do |payload|
+        payload[:result] = yield(payload) if block_given?
+      end
+    else
+      yield(payload) if block_given?
+    end
+  end
+  private :instrument
+end

data/lib/net/ldap/password.rb

@@ -0,0 +1,38 @@
+# -*- ruby encoding: utf-8 -*-
+require 'digest/sha1'
+require 'digest/md5'
+require 'base64'
+require 'securerandom'
+
+class Net::LDAP::Password
+  class << self
+    # Generate a password-hash suitable for inclusion in an LDAP attribute.
+    # Pass a hash type as a symbol (:md5, :sha, :ssha) and a plaintext
+    # password. This function will return a hashed representation.
+    #
+    #--
+    # STUB: This is here to fulfill the requirements of an RFC, which
+    # one?
+    #
+    # TODO:
+    # * maybe salted-md5
+    # * Should we provide sha1 as a synonym for sha1? I vote no because then
+    #   should you also provide ssha1 for symmetry?
+    #
+    attribute_value = ""
+    def generate(type, str)
+      case type
+      when :md5
+         attribute_value = '{MD5}' + Base64.encode64(Digest::MD5.digest(str)).chomp!
+      when :sha
+         attribute_value = '{SHA}' + Base64.encode64(Digest::SHA1.digest(str)).chomp!
+      when :ssha
+         salt = SecureRandom.random_bytes(16)
+         attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
+      else
+         raise Net::LDAP::HashTypeUnsupportedError, "Unsupported password-hash type (#{type})"
+      end
+      return attribute_value
+    end
+  end
+end

data/lib/net/ldap/pdu.rb

@@ -0,0 +1,297 @@
+# -*- ruby encoding: utf-8 -*-
+require 'ostruct'
+
+##
+# Defines the Protocol Data Unit (PDU) for LDAP. An LDAP PDU always looks
+# like a BER SEQUENCE with at least two elements: an INTEGER message ID
+# number and an application-specific SEQUENCE. Some LDAPv3 packets also
+# include an optional third element, a sequence of "controls" (see RFC 2251
+# section 4.1.12 for more information).
+#
+# The application-specific tag in the sequence tells us what kind of packet
+# it is, and each kind has its own format, defined in RFC-1777.
+#
+# Observe that many clients (such as ldapsearch) do not necessarily enforce
+# the expected application tags on received protocol packets. This
+# implementation does interpret the RFC strictly in this regard, and it
+# remains to be seen whether there are servers out there that will not work
+# well with our approach.
+#
+# Currently, we only support controls on SearchResult.
+#
+# http://tools.ietf.org/html/rfc4511#section-4.1.1
+# http://tools.ietf.org/html/rfc4511#section-4.1.9
+class Net::LDAP::PDU
+  class Error < RuntimeError; end
+
+  # http://tools.ietf.org/html/rfc4511#section-4.2
+  BindRequest = 0
+  # http://tools.ietf.org/html/rfc4511#section-4.2.2
+  BindResult = 1
+  # http://tools.ietf.org/html/rfc4511#section-4.3
+  UnbindRequest = 2
+  # http://tools.ietf.org/html/rfc4511#section-4.5.1
+  SearchRequest = 3
+  # http://tools.ietf.org/html/rfc4511#section-4.5.2
+  SearchReturnedData = 4
+  SearchResult = 5
+  # see also SearchResultReferral (19)
+  # http://tools.ietf.org/html/rfc4511#section-4.6
+  ModifyRequest  = 6
+  ModifyResponse = 7
+  # http://tools.ietf.org/html/rfc4511#section-4.7
+  AddRequest = 8
+  AddResponse = 9
+  # http://tools.ietf.org/html/rfc4511#section-4.8
+  DeleteRequest = 10
+  DeleteResponse = 11
+  # http://tools.ietf.org/html/rfc4511#section-4.9
+  ModifyRDNRequest  = 12
+  ModifyRDNResponse = 13
+  # http://tools.ietf.org/html/rfc4511#section-4.10
+  CompareRequest = 14
+  CompareResponse = 15
+  # http://tools.ietf.org/html/rfc4511#section-4.11
+  AbandonRequest = 16
+  # http://tools.ietf.org/html/rfc4511#section-4.5.2
+  SearchResultReferral = 19
+  # http://tools.ietf.org/html/rfc4511#section-4.12
+  ExtendedRequest = 23
+  ExtendedResponse = 24
+  # unused: http://tools.ietf.org/html/rfc4511#section-4.13
+  IntermediateResponse = 25
+
+  ##
+  # The LDAP packet message ID.
+  attr_reader :message_id
+  alias_method :msg_id, :message_id
+
+  ##
+  # The application protocol format tag.
+  attr_reader :app_tag
+
+  attr_reader :search_entry
+  attr_reader :search_referrals
+  attr_reader :search_parameters
+  attr_reader :bind_parameters
+
+  ##
+  # Returns RFC-2251 Controls if any.
+  attr_reader :ldap_controls
+  alias_method :result_controls, :ldap_controls
+  # Messy. Does this functionality belong somewhere else?
+
+  def initialize(ber_object)
+    begin
+      @message_id = ber_object[0].to_i
+      # Grab the bottom five bits of the identifier so we know which type of
+      # PDU this is.
+      #
+      # This is safe enough in LDAP-land, but it is recommended that other
+      # approaches be taken for other protocols in the case that there's an
+      # app-specific tag that has both primitive and constructed forms.
+      @app_tag = ber_object[1].ber_identifier & 0x1f
+      @ldap_controls = []
+    rescue Exception => ex
+      raise Net::LDAP::PDU::Error, "LDAP PDU Format Error: #{ex.message}"
+    end
+
+    case @app_tag
+    when BindResult
+      parse_bind_response(ber_object[1])
+    when SearchReturnedData
+      parse_search_return(ber_object[1])
+    when SearchResultReferral
+      parse_search_referral(ber_object[1])
+    when SearchResult
+      parse_ldap_result(ber_object[1])
+    when ModifyResponse
+      parse_ldap_result(ber_object[1])
+    when AddResponse
+      parse_ldap_result(ber_object[1])
+    when DeleteResponse
+      parse_ldap_result(ber_object[1])
+    when ModifyRDNResponse
+      parse_ldap_result(ber_object[1])
+    when SearchRequest
+      parse_ldap_search_request(ber_object[1])
+    when BindRequest
+      parse_bind_request(ber_object[1])
+    when UnbindRequest
+      parse_unbind_request(ber_object[1])
+    when ExtendedResponse
+      parse_ldap_result(ber_object[1])
+    else
+      raise LdapPduError.new("unknown pdu-type: #{@app_tag}")
+    end
+
+    parse_controls(ber_object[2]) if ber_object[2]
+  end
+
+  ##
+  # Returns a hash which (usually) defines the members :resultCode,
+  # :errorMessage, and :matchedDN. These values come directly from an LDAP
+  # response packet returned by the remote peer. Also see #result_code.
+  def result
+    @ldap_result || {}
+  end
+
+  def error_message
+    result[:errorMessage] || ""
+  end
+
+  ##
+  # This returns an LDAP result code taken from the PDU, but it will be nil
+  # if there wasn't a result code. That can easily happen depending on the
+  # type of packet.
+  def result_code(code = :resultCode)
+    @ldap_result and @ldap_result[code]
+  end
+
+  def status
+    Net::LDAP::ResultCodesNonError.include?(result_code) ? :success : :failure
+  end
+
+  def success?
+    status == :success
+  end
+
+  def failure?
+    !success?
+  end
+
+  ##
+  # Return serverSaslCreds, which are only present in BindResponse packets.
+  #--
+  # Messy. Does this functionality belong somewhere else? We ought to
+  # refactor the accessors of this class before they get any kludgier.
+  def result_server_sasl_creds
+    @ldap_result && @ldap_result[:serverSaslCreds]
+  end
+
+  def parse_ldap_result(sequence)
+    sequence.length >= 3 or raise Net::LDAP::PDU::Error, "Invalid LDAP result length."
+    @ldap_result = {
+      :resultCode => sequence[0],
+      :matchedDN => sequence[1],
+      :errorMessage => sequence[2]
+    }
+    parse_search_referral(sequence[3]) if @ldap_result[:resultCode] == Net::LDAP::ResultCodeReferral
+  end
+  private :parse_ldap_result
+
+  ##
+  # A Bind Response may have an additional field, ID [7], serverSaslCreds,
+  # per RFC 2251 pgh 4.2.3.
+  def parse_bind_response(sequence)
+    sequence.length >= 3 or raise Net::LDAP::PDU::Error, "Invalid LDAP Bind Response length."
+    parse_ldap_result(sequence)
+    @ldap_result[:serverSaslCreds] = sequence[3] if sequence.length >= 4
+    @ldap_result
+  end
+  private :parse_bind_response
+
+  # Definition from RFC 1777 (we're handling application-4 here).
+  #
+  # Search Response ::=
+  #   CHOICE {
+  #     entry      [APPLICATION 4] SEQUENCE {
+  #                  objectName     LDAPDN,
+  #                  attributes     SEQUENCE OF SEQUENCE {
+  #                    AttributeType,
+  #                    SET OF AttributeValue
+  #                  }
+  #                },
+  #     resultCode [APPLICATION 5] LDAPResult
+  #   }
+  #
+  # We concoct a search response that is a hash of the returned attribute
+  # values.
+  #
+  # NOW OBSERVE CAREFULLY: WE ARE DOWNCASING THE RETURNED ATTRIBUTE NAMES.
+  #
+  # This is to make them more predictable for user programs, but it may not
+  # be a good idea. Maybe this should be configurable.
+  def parse_search_return(sequence)
+    sequence.length >= 2 or raise Net::LDAP::PDU::Error, "Invalid Search Response length."
+    @search_entry = Net::LDAP::Entry.new(sequence[0])
+    sequence[1].each { |seq| @search_entry[seq[0]] = seq[1] }
+  end
+  private :parse_search_return
+
+  ##
+  # A search referral is a sequence of one or more LDAP URIs. Any number of
+  # search-referral replies can be returned by the server, interspersed with
+  # normal replies in any order.
+  #--
+  # Until I can think of a better way to do this, we'll return the referrals
+  # as an array. It'll be up to higher-level handlers to expose something
+  # reasonable to the client.
+  def parse_search_referral(uris)
+    @search_referrals = uris
+  end
+  private :parse_search_referral
+
+  ##
+  # Per RFC 2251, an LDAP "control" is a sequence of tuples, each consisting
+  # of an OID, a boolean criticality flag defaulting FALSE, and an OPTIONAL
+  # Octet String. If only two fields are given, the second one may be either
+  # criticality or data, since criticality has a default value. Someday we
+  # may want to come back here and add support for some of more-widely used
+  # controls. RFC-2696 is a good example.
+  def parse_controls(sequence)
+    @ldap_controls = sequence.map do |control|
+      o = OpenStruct.new
+      o.oid, o.criticality, o.value = control[0], control[1], control[2]
+      if o.criticality and o.criticality.is_a?(String)
+        o.value = o.criticality
+        o.criticality = false
+      end
+      o
+    end
+  end
+  private :parse_controls
+
+  # (provisional, must document)
+  def parse_ldap_search_request(sequence)
+    s = OpenStruct.new
+    s.base_object, s.scope, s.deref_aliases, s.size_limit, s.time_limit,
+      s.types_only, s.filter, s.attributes = sequence
+    @search_parameters = s
+  end
+  private :parse_ldap_search_request
+
+  # (provisional, must document)
+  def parse_bind_request sequence
+    s = OpenStruct.new
+    s.version, s.name, s.authentication = sequence
+    @bind_parameters = s
+  end
+  private :parse_bind_request
+
+  # (provisional, must document)
+  # UnbindRequest has no content so this is a no-op.
+  def parse_unbind_request(sequence)
+    nil
+  end
+  private :parse_unbind_request
+end
+
+module Net
+  ##
+  # Handle renamed constants Net::LdapPdu (Net::LDAP::PDU) and
+  # Net::LdapPduError (Net::LDAP::PDU::Error).
+  def self.const_missing(name) #:nodoc:
+    case name.to_s
+    when "LdapPdu"
+      warn "Net::#{name} has been deprecated. Use Net::LDAP::PDU instead."
+      Net::LDAP::PDU
+    when "LdapPduError"
+      warn "Net::#{name} has been deprecated. Use Net::LDAP::PDU::Error instead."
+      Net::LDAP::PDU::Error
+    when 'LDAP'
+    else
+      super
+    end
+  end
+end # module Net

data/lib/net/ldap/version.rb

@@ -0,0 +1,5 @@
+module Net
+  class LDAP
+    VERSION = "0.11"
+  end
+end

data/lib/net/snmp.rb

@@ -0,0 +1,264 @@
+# -*- ruby encoding: utf-8 -*-
+require 'net/ldap/version'
+
+# :stopdoc:
+module Net
+  class SNMP
+    VERSION = Net::LDAP::VERSION
+    AsnSyntax = Net::BER.compile_syntax({
+      :application => {
+        :primitive => {
+          1 => :integer,  # Counter32, (RFC2578 sec 2)
+          2 => :integer,  # Gauge32 or Unsigned32, (RFC2578 sec 2)
+          3 => :integer  # TimeTicks32, (RFC2578 sec 2)
+        },
+        :constructed => {}
+      },
+      :context_specific => {
+        :primitive => {},
+        :constructed => {
+          0 => :array,  # GetRequest PDU (RFC1157 pgh 4.1.2)
+          1 => :array,  # GetNextRequest PDU (RFC1157 pgh 4.1.3)
+          2 => :array    # GetResponse PDU (RFC1157 pgh 4.1.4)
+        }
+      }
+    })
+
+    # SNMP 32-bit counter.
+    # Defined in RFC1155 (Structure of Mangement Information), section 6.
+    # A 32-bit counter is an ASN.1 application [1] implicit unsigned integer
+    # with a range from 0 to 2^^32 - 1.
+    class Counter32
+      def initialize value
+        @value = value
+      end
+      def to_ber
+        @value.to_ber_application(1)
+      end
+    end
+
+    # SNMP 32-bit gauge.
+    # Defined in RFC1155 (Structure of Mangement Information), section 6.
+    # A 32-bit counter is an ASN.1 application [2] implicit unsigned integer.
+    # This is also indistinguishable from Unsigned32. (Need to alias them.)
+    class Gauge32
+      def initialize value
+        @value = value
+      end
+      def to_ber
+        @value.to_ber_application(2)
+      end
+    end
+
+    # SNMP 32-bit timer-ticks.
+    # Defined in RFC1155 (Structure of Mangement Information), section 6.
+    # A 32-bit counter is an ASN.1 application [3] implicit unsigned integer.
+    class TimeTicks32
+      def initialize value
+        @value = value
+      end
+      def to_ber
+        @value.to_ber_application(3)
+      end
+    end
+  end
+
+  class SnmpPdu
+    class Error < StandardError; end
+    PduTypes = [
+      :get_request,
+      :get_next_request,
+      :get_response,
+      :set_request,
+      :trap
+    ]
+    ErrorStatusCodes = { # Per RFC1157, pgh 4.1.1
+      0 => "noError",
+      1 => "tooBig",
+      2 => "noSuchName",
+      3 => "badValue",
+      4 => "readOnly",
+      5 => "genErr"
+    }
+
+    class << self
+      def parse ber_object
+        n = new
+        n.send :parse, ber_object
+        n
+      end
+    end
+
+    attr_reader :version, :community, :pdu_type, :variables, :error_status
+    attr_accessor :request_id, :error_index
+
+    def initialize args={}
+      @version = args[:version] || 0
+      @community = args[:community] || "public"
+      @pdu_type = args[:pdu_type] # leave nil unless specified; there's no reasonable default value.
+      @error_status = args[:error_status] || 0
+      @error_index = args[:error_index] || 0
+      @variables = args[:variables] || []
+    end
+
+    #--
+    def parse ber_object
+      begin
+        parse_ber_object ber_object
+      rescue Error
+        # Pass through any SnmpPdu::Error instances
+        raise $!
+      rescue
+        # Wrap any basic parsing error so it becomes a PDU-format error
+        raise Error.new( "snmp-pdu format error" )
+      end
+    end
+    private :parse
+
+    def parse_ber_object ber_object
+      send :version=, ber_object[0].to_i
+      send :community=, ber_object[1].to_s
+
+      data = ber_object[2]
+      case (app_tag = data.ber_identifier & 31)
+      when 0
+        send :pdu_type=, :get_request
+        parse_get_request data
+      when 1
+        send :pdu_type=, :get_next_request
+        # This PDU is identical to get-request except for the type.
+        parse_get_request data
+      when 2
+        send :pdu_type=, :get_response
+        # This PDU is identical to get-request except for the type,
+        # the error_status and error_index values are meaningful,
+        # and the fact that the variable bindings will be non-null.
+        parse_get_response data
+      else
+        raise Error.new( "unknown snmp-pdu type: #{app_tag}" )
+      end
+    end
+    private :parse_ber_object
+
+    #--
+    # Defined in RFC1157, pgh 4.1.2.
+    def parse_get_request data
+      send :request_id=, data[0].to_i
+      # data[1] is error_status, always zero.
+      # data[2] is error_index, always zero.
+      send :error_status=, 0
+      send :error_index=, 0
+      data[3].each do |n,v|
+        # A variable-binding, of which there may be several,
+        # consists of an OID and a BER null.
+        # We're ignoring the null, we might want to verify it instead.
+        unless v.is_a?(Net::BER::BerIdentifiedNull)
+            raise Error.new(" invalid variable-binding in get-request" )
+        end
+        add_variable_binding n, nil
+      end
+    end
+    private :parse_get_request
+
+    #--
+    # Defined in RFC1157, pgh 4.1.4
+    def parse_get_response data
+      send :request_id=, data[0].to_i
+      send :error_status=, data[1].to_i
+      send :error_index=, data[2].to_i
+      data[3].each do |n,v|
+        # A variable-binding, of which there may be several,
+        # consists of an OID and a BER null.
+        # We're ignoring the null, we might want to verify it instead.
+        add_variable_binding n, v
+      end
+    end
+    private :parse_get_response
+
+
+    def version= ver
+      unless [0,2].include?(ver)
+        raise Error.new("unknown snmp-version: #{ver}")
+      end
+      @version = ver
+    end
+
+    def pdu_type= t
+      unless PduTypes.include?(t)
+        raise Error.new("unknown pdu-type: #{t}")
+      end
+      @pdu_type = t
+    end
+
+    def error_status= es
+      unless ErrorStatusCodes.has_key?(es)
+        raise Error.new("unknown error-status: #{es}")
+      end
+      @error_status = es
+    end
+
+    def community= c
+      @community = c.to_s
+    end
+
+    #--
+    # Syntactic sugar
+    def add_variable_binding name, value=nil
+      @variables ||= []
+      @variables << [name, value]
+    end
+
+    def to_ber_string
+      [
+        version.to_ber,
+        community.to_ber,
+        pdu_to_ber_string,
+      ].to_ber_sequence
+    end
+
+    #--
+    # Helper method that returns a PDU payload in BER form,
+    # depending on the PDU type.
+    def pdu_to_ber_string
+      case pdu_type
+      when :get_request
+        [
+          request_id.to_ber,
+          error_status.to_ber,
+          error_index.to_ber,
+          [
+            @variables.map {|n,v|
+              [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence
+            }
+          ].to_ber_sequence
+        ].to_ber_contextspecific(0)
+      when :get_next_request
+        [
+          request_id.to_ber,
+          error_status.to_ber,
+          error_index.to_ber,
+          [
+            @variables.map {|n,v|
+              [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence
+            }
+          ].to_ber_sequence
+        ].to_ber_contextspecific(1)
+      when :get_response
+        [
+          request_id.to_ber,
+          error_status.to_ber,
+          error_index.to_ber,
+          [
+            @variables.map {|n,v|
+              [n.to_ber_oid, v.to_ber].to_ber_sequence
+            }
+          ].to_ber_sequence
+        ].to_ber_contextspecific(2)
+      else
+        raise Error.new( "unknown pdu-type: #{pdu_type}" )
+      end
+    end
+    private :pdu_to_ber_string
+  end
+end
+# :startdoc: