ruby-activeldap 0.8.2 → 0.8.3
Sign up to get free protection for your applications and to get access to all the features.
- data/test/test_adapter.rb +17 -0
- data/test/test_associations.rb +19 -0
- data/test/test_attributes.rb +2 -1
- data/test/test_base.rb +28 -1
- data/test/test_base_per_instance.rb +2 -1
- data/test/test_callback.rb +2 -2
- data/test/test_connection.rb +2 -1
- data/test/test_connection_per_dn.rb +81 -0
- data/test/test_dn.rb +3 -2
- data/test/test_find.rb +35 -1
- data/test/test_object_class.rb +12 -1
- data/test/test_reflection.rb +16 -10
- data/test/test_schema.rb +141 -2
- data/test/test_user.rb +14 -4
- metadata +7 -104
- data/CHANGES +0 -397
- data/COPYING +0 -340
- data/LICENSE +0 -58
- data/Manifest.txt +0 -99
- data/README +0 -85
- data/Rakefile +0 -70
- data/TODO +0 -23
- data/benchmark/bench-al.rb +0 -152
- data/examples/config.yaml.example +0 -5
- data/examples/example.der +0 -0
- data/examples/example.jpg +0 -0
- data/examples/groupadd +0 -41
- data/examples/groupdel +0 -35
- data/examples/groupls +0 -49
- data/examples/groupmod +0 -42
- data/examples/lpasswd +0 -55
- data/examples/objects/group.rb +0 -13
- data/examples/objects/ou.rb +0 -4
- data/examples/objects/user.rb +0 -20
- data/examples/ouadd +0 -38
- data/examples/useradd +0 -45
- data/examples/useradd-binary +0 -50
- data/examples/userdel +0 -34
- data/examples/userls +0 -50
- data/examples/usermod +0 -42
- data/examples/usermod-binary-add +0 -47
- data/examples/usermod-binary-add-time +0 -51
- data/examples/usermod-binary-del +0 -48
- data/examples/usermod-lang-add +0 -43
- data/lib/active_ldap.rb +0 -964
- data/lib/active_ldap/adapter/base.rb +0 -461
- data/lib/active_ldap/adapter/ldap.rb +0 -232
- data/lib/active_ldap/adapter/ldap_ext.rb +0 -69
- data/lib/active_ldap/adapter/net_ldap.rb +0 -288
- data/lib/active_ldap/adapter/net_ldap_ext.rb +0 -29
- data/lib/active_ldap/association/belongs_to.rb +0 -40
- data/lib/active_ldap/association/belongs_to_many.rb +0 -39
- data/lib/active_ldap/association/collection.rb +0 -80
- data/lib/active_ldap/association/has_many.rb +0 -40
- data/lib/active_ldap/association/has_many_wrap.rb +0 -55
- data/lib/active_ldap/association/proxy.rb +0 -89
- data/lib/active_ldap/associations.rb +0 -162
- data/lib/active_ldap/attributes.rb +0 -203
- data/lib/active_ldap/base.rb +0 -1510
- data/lib/active_ldap/callbacks.rb +0 -19
- data/lib/active_ldap/command.rb +0 -46
- data/lib/active_ldap/configuration.rb +0 -106
- data/lib/active_ldap/connection.rb +0 -142
- data/lib/active_ldap/distinguished_name.rb +0 -246
- data/lib/active_ldap/ldap_error.rb +0 -74
- data/lib/active_ldap/object_class.rb +0 -74
- data/lib/active_ldap/schema.rb +0 -299
- data/lib/active_ldap/timeout.rb +0 -75
- data/lib/active_ldap/timeout_stub.rb +0 -17
- data/lib/active_ldap/user_password.rb +0 -92
- data/lib/active_ldap/validations.rb +0 -76
- data/rails/plugin/active_ldap/README +0 -54
- data/rails/plugin/active_ldap/generators/scaffold_al/scaffold_al_generator.rb +0 -7
- data/rails/plugin/active_ldap/generators/scaffold_al/templates/ldap.yml +0 -21
- data/rails/plugin/active_ldap/init.rb +0 -12
- data/test/TODO +0 -2
- data/test/al-test-utils.rb +0 -381
- data/test/command.rb +0 -62
- data/test/config.yaml.sample +0 -6
- data/test/run-test.rb +0 -29
- data/test/test-unit-ext.rb +0 -2
- data/test/test-unit-ext/always-show-result.rb +0 -28
- data/test/test-unit-ext/priority.rb +0 -163
@@ -1,17 +0,0 @@
|
|
1
|
-
require 'timeout'
|
2
|
-
|
3
|
-
module Timeout
|
4
|
-
# STUB
|
5
|
-
def Timeout.alarm(sec, exception=Timeout::Error, &block)
|
6
|
-
return block.call
|
7
|
-
end
|
8
|
-
end # Timeout
|
9
|
-
|
10
|
-
if __FILE__ == $0
|
11
|
-
require 'time'
|
12
|
-
Timeout.alarm(2) do
|
13
|
-
loop do
|
14
|
-
p Time.now
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
@@ -1,92 +0,0 @@
|
|
1
|
-
require 'English'
|
2
|
-
require 'base64'
|
3
|
-
require 'md5'
|
4
|
-
require 'sha1'
|
5
|
-
|
6
|
-
module ActiveLdap
|
7
|
-
module UserPassword
|
8
|
-
module_function
|
9
|
-
def valid?(password, hashed_password)
|
10
|
-
unless /^\{([A-Z][A-Z\d]+)\}/ =~ hashed_password
|
11
|
-
raise ArgumentError, "Invalid hashed password"
|
12
|
-
end
|
13
|
-
type = $1
|
14
|
-
hashed_password_without_type = $POSTMATCH
|
15
|
-
normalized_type = type.downcase
|
16
|
-
unless respond_to?(normalized_type)
|
17
|
-
raise ArgumentError, "Unknown Hash type #{type}"
|
18
|
-
end
|
19
|
-
salt_extractor = "extract_salt_for_#{normalized_type}"
|
20
|
-
if respond_to?(salt_extractor)
|
21
|
-
salt = send(salt_extractor, hashed_password_without_type)
|
22
|
-
if salt.nil?
|
23
|
-
raise ArgumentError, "Can't extract salt from hashed password"
|
24
|
-
end
|
25
|
-
generated_password = send(normalized_type, password, salt)
|
26
|
-
else
|
27
|
-
generated_password = send(normalized_type, password)
|
28
|
-
end
|
29
|
-
hashed_password == generated_password
|
30
|
-
end
|
31
|
-
|
32
|
-
def crypt(password, salt=nil)
|
33
|
-
salt ||= "$1$#{Salt.generate(8)}"
|
34
|
-
"{CRYPT}#{password.crypt(salt)}"
|
35
|
-
end
|
36
|
-
|
37
|
-
def extract_salt_for_crypt(crypted_password)
|
38
|
-
if /^\$1\$/ =~ crypted_password
|
39
|
-
$MATCH + $POSTMATCH[0, 8].sub(/\$.*/, '') + "$"
|
40
|
-
else
|
41
|
-
crypted_password[0, 2]
|
42
|
-
end
|
43
|
-
end
|
44
|
-
|
45
|
-
def md5(password)
|
46
|
-
"{MD5}#{Base64.encode64(MD5.md5(password).digest).chomp}"
|
47
|
-
end
|
48
|
-
|
49
|
-
def smd5(password, salt=nil)
|
50
|
-
if salt and salt.size != 4
|
51
|
-
raise ArgumentError.new("salt size must be == 4")
|
52
|
-
end
|
53
|
-
salt ||= Salt.generate(4)
|
54
|
-
md5_hash_with_salt = "#{MD5.md5(password + salt).digest}#{salt}"
|
55
|
-
"{SMD5}#{Base64.encode64(md5_hash_with_salt).chomp}"
|
56
|
-
end
|
57
|
-
|
58
|
-
def extract_salt_for_smd5(smd5ed_password)
|
59
|
-
Base64.decode64(smd5ed_password)[-4, 4]
|
60
|
-
end
|
61
|
-
|
62
|
-
def sha(password)
|
63
|
-
"{SHA}#{Base64.encode64(SHA1.sha1(password).digest).chomp}"
|
64
|
-
end
|
65
|
-
|
66
|
-
def ssha(password, salt=nil)
|
67
|
-
if salt and salt.size != 4
|
68
|
-
raise ArgumentError.new("salt size must be == 4")
|
69
|
-
end
|
70
|
-
salt ||= Salt.generate(4)
|
71
|
-
sha1_hash_with_salt = "#{SHA1.sha1(password + salt).digest}#{salt}"
|
72
|
-
"{SSHA}#{Base64.encode64(sha1_hash_with_salt).chomp}"
|
73
|
-
end
|
74
|
-
|
75
|
-
def extract_salt_for_ssha(sshaed_password)
|
76
|
-
extract_salt_for_smd5(sshaed_password)
|
77
|
-
end
|
78
|
-
|
79
|
-
module Salt
|
80
|
-
CHARS = ['.', '/', '0'..'9', 'A'..'Z', 'a'..'z'].collect do |x|
|
81
|
-
x.to_a
|
82
|
-
end.flatten
|
83
|
-
|
84
|
-
module_function
|
85
|
-
def generate(length)
|
86
|
-
salt = ""
|
87
|
-
length.times {salt << CHARS[rand(CHARS.length)]}
|
88
|
-
salt
|
89
|
-
end
|
90
|
-
end
|
91
|
-
end
|
92
|
-
end
|
@@ -1,76 +0,0 @@
|
|
1
|
-
require 'active_record/validations'
|
2
|
-
|
3
|
-
module ActiveLdap
|
4
|
-
module Validations
|
5
|
-
def self.append_features(base)
|
6
|
-
super
|
7
|
-
|
8
|
-
base.class_eval do
|
9
|
-
alias_method :new_record?, :new_entry?
|
10
|
-
include ActiveRecord::Validations
|
11
|
-
|
12
|
-
validate :validate_required_values
|
13
|
-
|
14
|
-
class << self
|
15
|
-
def evaluate_condition_with_active_ldap_support(condition, entry)
|
16
|
-
evaluate_condition_without_active_ldap_support(condition, entry)
|
17
|
-
rescue ActiveRecord::ActiveRecordError
|
18
|
-
raise Error, $!.message
|
19
|
-
end
|
20
|
-
alias_method_chain :evaluate_condition, :active_ldap_support
|
21
|
-
end
|
22
|
-
|
23
|
-
def save_with_active_ldap_support!
|
24
|
-
save_without_active_ldap_support!
|
25
|
-
rescue ActiveRecord::RecordInvalid
|
26
|
-
raise EntryInvalid, $!.message
|
27
|
-
end
|
28
|
-
alias_method_chain :save!, :active_ldap_support
|
29
|
-
|
30
|
-
def valid?
|
31
|
-
ensure_apply_object_class
|
32
|
-
super
|
33
|
-
end
|
34
|
-
|
35
|
-
# validate_required_values
|
36
|
-
#
|
37
|
-
# Basic validation:
|
38
|
-
# - Verify that every 'MUST' specified in the schema has a value defined
|
39
|
-
def validate_required_values
|
40
|
-
logger.debug {"stub: validate_required_values called"}
|
41
|
-
|
42
|
-
# Make sure all MUST attributes have a value
|
43
|
-
@musts.each do |object_class, attributes|
|
44
|
-
attributes.each do |required_attribute|
|
45
|
-
# Normalize to ensure we catch schema problems
|
46
|
-
real_name = to_real_attribute_name(required_attribute, true)
|
47
|
-
raise UnknownAttribute.new(required_attribute) if real_name.nil?
|
48
|
-
# # Set default if it wasn't yet set.
|
49
|
-
# @data[real_name] ||= [] # need?
|
50
|
-
value = @data[real_name] || []
|
51
|
-
# Check for missing requirements.
|
52
|
-
if value.empty?
|
53
|
-
aliases = schema.attribute_aliases(real_name) - [real_name]
|
54
|
-
message = "is required attribute "
|
55
|
-
unless aliases.empty?
|
56
|
-
message << "(aliases: #{aliases.join(', ')}) "
|
57
|
-
end
|
58
|
-
message << "by objectClass '#{object_class}'"
|
59
|
-
errors.add(real_name, message)
|
60
|
-
end
|
61
|
-
end
|
62
|
-
end
|
63
|
-
logger.debug {"stub: validate_required_values finished"}
|
64
|
-
end
|
65
|
-
|
66
|
-
private
|
67
|
-
def run_validations_with_active_ldap_support(validation_method)
|
68
|
-
run_validations_without_active_ldap_support(validation_method)
|
69
|
-
rescue ActiveRecord::ActiveRecordError
|
70
|
-
raise Error, $!.message
|
71
|
-
end
|
72
|
-
alias_method_chain :run_validations, :active_ldap_support
|
73
|
-
end
|
74
|
-
end
|
75
|
-
end
|
76
|
-
end
|
@@ -1,54 +0,0 @@
|
|
1
|
-
= ActiveLdap plugin for Ruby on Rails
|
2
|
-
|
3
|
-
== Setup
|
4
|
-
|
5
|
-
You need to write RAILS_ROOT/config/ldap.yml like the following:
|
6
|
-
|
7
|
-
development:
|
8
|
-
host: 127.0.0.1
|
9
|
-
port: 389
|
10
|
-
base: dc=devel,dc=local,dc=net
|
11
|
-
bind_dn: cn=admin,dc=local,dc=net
|
12
|
-
password: secret
|
13
|
-
|
14
|
-
test:
|
15
|
-
host: 127.0.0.1
|
16
|
-
port: 389
|
17
|
-
base: dc=test,dc=local,dc=net
|
18
|
-
bind_dn: cn=admin,dc=local,dc=net
|
19
|
-
password: secret
|
20
|
-
|
21
|
-
production:
|
22
|
-
host: 127.0.0.1
|
23
|
-
port: 389
|
24
|
-
base: dc=production,dc=local,dc=net
|
25
|
-
bind_dn: cn=admin,dc=local,dc=net
|
26
|
-
password: secret
|
27
|
-
|
28
|
-
== Model
|
29
|
-
|
30
|
-
Here is some examples.
|
31
|
-
|
32
|
-
app/model/member.rb:
|
33
|
-
class Member < ActiveLdap::Base
|
34
|
-
ldap_mapping :dn_attribute => 'uid',
|
35
|
-
:classes => ['person', 'posixAccount']
|
36
|
-
belongs_to :primary_group, :class => "Group",
|
37
|
-
:foreign_key => "gidNumber", :primary_key => "gidNumber"
|
38
|
-
belongs_to :groups, :many => 'memberUid'
|
39
|
-
end
|
40
|
-
|
41
|
-
app/model/group.rb:
|
42
|
-
class Group < ActiveLdap::Base
|
43
|
-
ldap_mapping :dn_attribute => "cn", :classes => ['posixGroup']
|
44
|
-
has_many :members, :wrap => "memberUid"
|
45
|
-
has_many :primary_members,
|
46
|
-
:foreign_key => 'gidNumber',
|
47
|
-
:primary_key => 'gidNumber'
|
48
|
-
end
|
49
|
-
|
50
|
-
app/model/ou.rb:
|
51
|
-
class Ou < ActiveLdap::Base
|
52
|
-
ldap_mapping :prefix => "",
|
53
|
-
:classes => ["top", "organizationalUnit"]
|
54
|
-
end
|
@@ -1,21 +0,0 @@
|
|
1
|
-
development:
|
2
|
-
host: 127.0.0.1
|
3
|
-
port: 389
|
4
|
-
base: dc=devel,dc=local,dc=net
|
5
|
-
bind_dn: cn=admin,dc=local,dc=net
|
6
|
-
password: secret
|
7
|
-
|
8
|
-
test:
|
9
|
-
host: 127.0.0.1
|
10
|
-
port: 389
|
11
|
-
base: dc=test,dc=local,dc=net
|
12
|
-
bind_dn: cn=admin,dc=local,dc=net
|
13
|
-
password: secret
|
14
|
-
|
15
|
-
production:
|
16
|
-
host: 127.0.0.1
|
17
|
-
port: 389
|
18
|
-
method: :tls
|
19
|
-
base: dc=production,dc=local,dc=net
|
20
|
-
bind_dn: cn=admin,dc=local,dc=net
|
21
|
-
password: secret
|
@@ -1,12 +0,0 @@
|
|
1
|
-
require_library_or_gem 'active_ldap'
|
2
|
-
ActiveLdap::Base.logger ||= RAILS_DEFAULT_LOGGER
|
3
|
-
ldap_configuration_file = File.join(RAILS_ROOT, 'config', 'ldap.yml')
|
4
|
-
if File.exist?(ldap_configuration_file)
|
5
|
-
configurations = YAML::load(ERB.new(IO.read(ldap_configuration_file)).result)
|
6
|
-
ActiveLdap::Base.configurations = configurations
|
7
|
-
ActiveLdap::Base.establish_connection
|
8
|
-
else
|
9
|
-
message = "You should run 'script/generator scaffold_al' " +
|
10
|
-
"to make #{ldap_configuration_file}"
|
11
|
-
ActiveLdap::Base.logger.error(message)
|
12
|
-
end
|
data/test/TODO
DELETED
data/test/al-test-utils.rb
DELETED
@@ -1,381 +0,0 @@
|
|
1
|
-
require 'test/unit'
|
2
|
-
require 'test-unit-ext'
|
3
|
-
|
4
|
-
require 'erb'
|
5
|
-
require 'yaml'
|
6
|
-
require 'socket'
|
7
|
-
require 'openssl'
|
8
|
-
require 'rbconfig'
|
9
|
-
require 'tempfile'
|
10
|
-
|
11
|
-
require 'active_ldap'
|
12
|
-
|
13
|
-
require File.join(File.expand_path(File.dirname(__FILE__)), "command")
|
14
|
-
|
15
|
-
LDAP_ENV = "test" unless defined?(LDAP_ENV)
|
16
|
-
|
17
|
-
module AlTestUtils
|
18
|
-
def self.included(base)
|
19
|
-
base.class_eval do
|
20
|
-
include Config
|
21
|
-
include Connection
|
22
|
-
include Populate
|
23
|
-
include TemporaryEntry
|
24
|
-
include CommandSupport
|
25
|
-
include MockLogger
|
26
|
-
end
|
27
|
-
end
|
28
|
-
|
29
|
-
module Config
|
30
|
-
def setup
|
31
|
-
super
|
32
|
-
@base_dir = File.expand_path(File.dirname(__FILE__))
|
33
|
-
@top_dir = File.expand_path(File.join(@base_dir, ".."))
|
34
|
-
@example_dir = File.join(@top_dir, "examples")
|
35
|
-
@config_file = File.join(File.dirname(__FILE__), "config.yaml")
|
36
|
-
ActiveLdap::Base.configurations = read_config
|
37
|
-
end
|
38
|
-
|
39
|
-
def teardown
|
40
|
-
super
|
41
|
-
end
|
42
|
-
|
43
|
-
def current_configuration
|
44
|
-
ActiveLdap::Base.configurations[LDAP_ENV]
|
45
|
-
end
|
46
|
-
|
47
|
-
def read_config
|
48
|
-
unless File.exist?(@config_file)
|
49
|
-
raise "config file for testing doesn't exist: #{@config_file}"
|
50
|
-
end
|
51
|
-
config = YAML.load(ERB.new(File.read(@config_file)).result)
|
52
|
-
config.each do |key, value|
|
53
|
-
adapter = ENV["ACTIVE_LDAP_TEST_ADAPTER"]
|
54
|
-
value[:adapter] = adapter if adapter
|
55
|
-
end
|
56
|
-
config
|
57
|
-
end
|
58
|
-
end
|
59
|
-
|
60
|
-
module Connection
|
61
|
-
def setup
|
62
|
-
super
|
63
|
-
ActiveLdap::Base.establish_connection
|
64
|
-
end
|
65
|
-
|
66
|
-
def teardown
|
67
|
-
ActiveLdap::Base.clear_active_connections!
|
68
|
-
super
|
69
|
-
end
|
70
|
-
end
|
71
|
-
|
72
|
-
module Populate
|
73
|
-
def setup
|
74
|
-
@dumped_data = nil
|
75
|
-
super
|
76
|
-
begin
|
77
|
-
@dumped_data = ActiveLdap::Base.dump(:scope => :sub)
|
78
|
-
rescue ActiveLdap::ConnectionError
|
79
|
-
end
|
80
|
-
ActiveLdap::Base.delete_all(nil, :scope => :sub)
|
81
|
-
populate
|
82
|
-
end
|
83
|
-
|
84
|
-
def teardown
|
85
|
-
if @dumped_data
|
86
|
-
ActiveLdap::Base.establish_connection
|
87
|
-
ActiveLdap::Base.delete_all(nil, :scope => :sub)
|
88
|
-
ActiveLdap::Base.load(@dumped_data)
|
89
|
-
end
|
90
|
-
super
|
91
|
-
end
|
92
|
-
|
93
|
-
def populate
|
94
|
-
populate_base
|
95
|
-
populate_ou
|
96
|
-
populate_user_class
|
97
|
-
populate_group_class
|
98
|
-
populate_associations
|
99
|
-
end
|
100
|
-
|
101
|
-
def populate_base
|
102
|
-
unless ActiveLdap::Base.search(:scope => :base).empty?
|
103
|
-
return
|
104
|
-
end
|
105
|
-
|
106
|
-
suffixes = []
|
107
|
-
ActiveLdap::Base.base.split(/,/).reverse_each do |suffix|
|
108
|
-
prefix = suffixes.join(",")
|
109
|
-
suffixes.unshift(suffix)
|
110
|
-
name, value = suffix.split(/=/, 2)
|
111
|
-
next unless name == "dc"
|
112
|
-
dc_class = Class.new(ActiveLdap::Base)
|
113
|
-
dc_class.ldap_mapping :dn_attribute => "dc",
|
114
|
-
:prefix => "",
|
115
|
-
:scope => :base,
|
116
|
-
:classes => ["top", "dcObject", "organization"]
|
117
|
-
dc_class.base = prefix
|
118
|
-
next if dc_class.exists?(value, :prefix => "dc=#{value}")
|
119
|
-
dc = dc_class.new(value)
|
120
|
-
dc.o = dc.dc
|
121
|
-
begin
|
122
|
-
dc.save
|
123
|
-
rescue ActiveLdap::OperationNotPermitted
|
124
|
-
end
|
125
|
-
end
|
126
|
-
end
|
127
|
-
|
128
|
-
def ou_class(prefix="")
|
129
|
-
ou_class = Class.new(ActiveLdap::Base)
|
130
|
-
ou_class.ldap_mapping :dn_attribute => "ou",
|
131
|
-
:prefix => prefix,
|
132
|
-
:classes => ["top", "organizationalUnit"]
|
133
|
-
ou_class
|
134
|
-
end
|
135
|
-
|
136
|
-
def populate_ou
|
137
|
-
%w(Users Groups).each do |name|
|
138
|
-
make_ou(name)
|
139
|
-
end
|
140
|
-
end
|
141
|
-
|
142
|
-
def make_ou(name)
|
143
|
-
ou_class.new(name).save
|
144
|
-
end
|
145
|
-
|
146
|
-
def populate_user_class
|
147
|
-
@user_class = Class.new(ActiveLdap::Base)
|
148
|
-
@user_class_classes = ["posixAccount", "person"]
|
149
|
-
@user_class.ldap_mapping :dn_attribute => "uid",
|
150
|
-
:prefix => "ou=Users",
|
151
|
-
:scope => :sub,
|
152
|
-
:classes => @user_class_classes
|
153
|
-
end
|
154
|
-
|
155
|
-
def populate_group_class
|
156
|
-
@group_class = Class.new(ActiveLdap::Base)
|
157
|
-
@group_class.ldap_mapping :prefix => "ou=Groups",
|
158
|
-
:scope => :sub,
|
159
|
-
:classes => ["posixGroup"]
|
160
|
-
end
|
161
|
-
|
162
|
-
def populate_associations
|
163
|
-
@user_class.belongs_to :groups, :many => "memberUid"
|
164
|
-
@user_class.belongs_to :primary_group,
|
165
|
-
:foreign_key => "gidNumber",
|
166
|
-
:primary_key => "gidNumber"
|
167
|
-
@group_class.has_many :members, :wrap => "memberUid"
|
168
|
-
@group_class.has_many :primary_members,
|
169
|
-
:foreign_key => "gidNumber",
|
170
|
-
:primary_key => "gidNumber"
|
171
|
-
@user_class.set_associated_class(:groups, @group_class)
|
172
|
-
@user_class.set_associated_class(:primary_group, @group_class)
|
173
|
-
@group_class.set_associated_class(:members, @user_class)
|
174
|
-
@group_class.set_associated_class(:primary_members, @user_class)
|
175
|
-
end
|
176
|
-
end
|
177
|
-
|
178
|
-
module TemporaryEntry
|
179
|
-
@@certificate = nil
|
180
|
-
def setup
|
181
|
-
super
|
182
|
-
@user_index = 0
|
183
|
-
@group_index = 0
|
184
|
-
end
|
185
|
-
|
186
|
-
def make_temporary_user(config={})
|
187
|
-
@user_index += 1
|
188
|
-
uid = config[:uid] || "temp-user#{@user_index}"
|
189
|
-
ensure_delete_user(uid) do
|
190
|
-
password = config[:password] || "password"
|
191
|
-
uid_number = config[:uid_number] || default_uid
|
192
|
-
gid_number = config[:gid_number] || default_gid
|
193
|
-
home_directory = config[:home_directory] || "/nonexistent"
|
194
|
-
_wrap_assertion do
|
195
|
-
assert(!@user_class.exists?(uid))
|
196
|
-
assert_raise(ActiveLdap::EntryNotFound) do
|
197
|
-
@user_class.find(uid).dn
|
198
|
-
end
|
199
|
-
user = @user_class.new(uid)
|
200
|
-
assert(user.new_entry?)
|
201
|
-
user.cn = user.uid
|
202
|
-
user.sn = user.uid
|
203
|
-
user.uid_number = uid_number
|
204
|
-
user.gid_number = gid_number
|
205
|
-
user.home_directory = home_directory
|
206
|
-
user.user_password = ActiveLdap::UserPassword.ssha(password)
|
207
|
-
unless config[:simple]
|
208
|
-
user.add_class('shadowAccount', 'inetOrgPerson',
|
209
|
-
'organizationalPerson')
|
210
|
-
user.user_certificate = certificate
|
211
|
-
user.jpeg_photo = jpeg_photo
|
212
|
-
end
|
213
|
-
user.save
|
214
|
-
assert(!user.new_entry?)
|
215
|
-
yield(@user_class.find(user.uid), password)
|
216
|
-
end
|
217
|
-
end
|
218
|
-
end
|
219
|
-
|
220
|
-
def make_temporary_group(config={})
|
221
|
-
@group_index += 1
|
222
|
-
cn = config[:cn] || "temp-group#{@group_index}"
|
223
|
-
ensure_delete_group(cn) do
|
224
|
-
gid_number = config[:gid_number] || default_gid
|
225
|
-
_wrap_assertion do
|
226
|
-
assert(!@group_class.exists?(cn))
|
227
|
-
assert_raise(ActiveLdap::EntryNotFound) do
|
228
|
-
@group_class.find(cn)
|
229
|
-
end
|
230
|
-
group = @group_class.new(cn)
|
231
|
-
assert(group.new_entry?)
|
232
|
-
group.gid_number = gid_number
|
233
|
-
assert(group.save)
|
234
|
-
assert(!group.new_entry?)
|
235
|
-
yield(@group_class.find(group.cn))
|
236
|
-
end
|
237
|
-
end
|
238
|
-
end
|
239
|
-
|
240
|
-
def ensure_delete_user(uid)
|
241
|
-
yield(uid)
|
242
|
-
ensure
|
243
|
-
@user_class.delete(uid) if @user_class.exists?(uid)
|
244
|
-
end
|
245
|
-
|
246
|
-
def ensure_delete_group(cn)
|
247
|
-
yield(cn)
|
248
|
-
ensure
|
249
|
-
@group_class.delete(cn) if @group_class.exists?(cn)
|
250
|
-
end
|
251
|
-
|
252
|
-
def default_uid
|
253
|
-
"10000#{@user_index}"
|
254
|
-
end
|
255
|
-
|
256
|
-
def default_gid
|
257
|
-
"10000#{@group_index}"
|
258
|
-
end
|
259
|
-
|
260
|
-
def certificate_path
|
261
|
-
File.join(@example_dir, 'example.der')
|
262
|
-
end
|
263
|
-
|
264
|
-
def certificate
|
265
|
-
return @@certificate if @@certificate
|
266
|
-
if File.exists?(certificate_path)
|
267
|
-
@@certificate = File.read(certificate_path)
|
268
|
-
return @@certificate
|
269
|
-
end
|
270
|
-
|
271
|
-
rsa = OpenSSL::PKey::RSA.new(512)
|
272
|
-
comment = "Generated by Ruby/OpenSSL"
|
273
|
-
|
274
|
-
cert = OpenSSL::X509::Certificate.new
|
275
|
-
cert.version = 3
|
276
|
-
cert.serial = 0
|
277
|
-
subject = [["OU", "test"],
|
278
|
-
["CN", Socket.gethostname]]
|
279
|
-
name = OpenSSL::X509::Name.new(subject)
|
280
|
-
cert.subject = name
|
281
|
-
cert.issuer = name
|
282
|
-
cert.not_before = Time.now
|
283
|
-
cert.not_after = Time.now + (365*24*60*60)
|
284
|
-
cert.public_key = rsa.public_key
|
285
|
-
|
286
|
-
ef = OpenSSL::X509::ExtensionFactory.new(nil, cert)
|
287
|
-
ef.issuer_certificate = cert
|
288
|
-
cert.extensions = [
|
289
|
-
ef.create_extension("basicConstraints","CA:FALSE"),
|
290
|
-
ef.create_extension("keyUsage", "keyEncipherment"),
|
291
|
-
ef.create_extension("subjectKeyIdentifier", "hash"),
|
292
|
-
ef.create_extension("extendedKeyUsage", "serverAuth"),
|
293
|
-
ef.create_extension("nsComment", comment),
|
294
|
-
]
|
295
|
-
aki = ef.create_extension("authorityKeyIdentifier",
|
296
|
-
"keyid:always,issuer:always")
|
297
|
-
cert.add_extension(aki)
|
298
|
-
cert.sign(rsa, OpenSSL::Digest::SHA1.new)
|
299
|
-
|
300
|
-
@@certificate = cert.to_der
|
301
|
-
@@certificate
|
302
|
-
end
|
303
|
-
|
304
|
-
def jpeg_photo_path
|
305
|
-
File.join(@example_dir, 'example.jpg')
|
306
|
-
end
|
307
|
-
|
308
|
-
def jpeg_photo
|
309
|
-
File.read(jpeg_photo_path)
|
310
|
-
end
|
311
|
-
end
|
312
|
-
|
313
|
-
module CommandSupport
|
314
|
-
def setup
|
315
|
-
super
|
316
|
-
@fakeroot = "fakeroot"
|
317
|
-
@ruby = File.join(::Config::CONFIG["bindir"],
|
318
|
-
::Config::CONFIG["RUBY_INSTALL_NAME"])
|
319
|
-
@top_dir = File.expand_path(File.join(File.dirname(__FILE__), ".."))
|
320
|
-
@examples_dir = File.join(@top_dir, "examples")
|
321
|
-
@lib_dir = File.join(@top_dir, "lib")
|
322
|
-
@ruby_args = [
|
323
|
-
"-I", @examples_dir,
|
324
|
-
"-I", @lib_dir,
|
325
|
-
]
|
326
|
-
end
|
327
|
-
|
328
|
-
def run_command(*args, &block)
|
329
|
-
file = Tempfile.new("al-command-support")
|
330
|
-
file.open
|
331
|
-
file.puts(ActiveLdap::Base.configurations["test"].to_yaml)
|
332
|
-
file.close
|
333
|
-
run_ruby(*[@command, "--config", file.path, *args], &block)
|
334
|
-
end
|
335
|
-
|
336
|
-
def run_ruby(*ruby_args, &block)
|
337
|
-
args = [@ruby, *@ruby_args]
|
338
|
-
args.concat(ruby_args)
|
339
|
-
Command.run(*args, &block)
|
340
|
-
end
|
341
|
-
|
342
|
-
def run_ruby_with_fakeroot(*ruby_args, &block)
|
343
|
-
args = [@fakeroot, @ruby, *@ruby_args]
|
344
|
-
args.concat(ruby_args)
|
345
|
-
Command.run(*args, &block)
|
346
|
-
end
|
347
|
-
end
|
348
|
-
|
349
|
-
module MockLogger
|
350
|
-
def make_mock_logger
|
351
|
-
logger = Object.new
|
352
|
-
class << logger
|
353
|
-
def messages(type)
|
354
|
-
@messages ||= {}
|
355
|
-
@messages[type] ||= []
|
356
|
-
@messages[type]
|
357
|
-
end
|
358
|
-
|
359
|
-
def info(content=nil)
|
360
|
-
messages(:info) << (block_given? ? yield : content)
|
361
|
-
end
|
362
|
-
def warn(content=nil)
|
363
|
-
messages(:warn) << (block_given? ? yield : content)
|
364
|
-
end
|
365
|
-
def error(content=nil)
|
366
|
-
messages(:error) << (block_given? ? yield : content)
|
367
|
-
end
|
368
|
-
end
|
369
|
-
logger
|
370
|
-
end
|
371
|
-
|
372
|
-
def with_mock_logger
|
373
|
-
original_logger = ActiveLdap::Base.logger
|
374
|
-
mock_logger = make_mock_logger
|
375
|
-
ActiveLdap::Base.logger = mock_logger
|
376
|
-
yield(mock_logger)
|
377
|
-
ensure
|
378
|
-
ActiveLdap::Base.logger = original_logger
|
379
|
-
end
|
380
|
-
end
|
381
|
-
end
|