ruby-activeldap 0.8.2 → 0.8.3

data/lib/active_ldap/adapter/ldap.rb

@@ -1,232 +0,0 @@
-require 'active_ldap/adapter/base'
-
-module ActiveLdap
-  module Adapter
-    class Base
-      class << self
-        def ldap_connection(options)
-          unless defined?(::LDAP)
-            require 'active_ldap/adapter/ldap_ext'
-          end
-          Ldap.new(options)
-        end
-      end
-    end
-
-    class Ldap < Base
-      module Method
-        class SSL
-          def connect(host, port)
-            LDAP::SSLConn.new(host, port, false)
-          end
-        end
-
-        class TLS
-          def connect(host, port)
-            LDAP::SSLConn.new(host, port, true)
-          end
-        end
-
-        class Plain
-          def connect(host, port)
-            LDAP::Conn.new(host, port)
-          end
-        end
-      end
-
-      def connect(options={})
-        super do |host, port, method|
-          method.connect(host, port)
-        end
-      end
-
-      def unbind(options={})
-        return unless bound?
-        operation(options) do
-          execute(:unbind)
-        end
-      end
-
-      def bind(options={})
-        super do
-          @connection.error_message
-        end
-      end
-
-      def bind_as_anonymous(options={})
-        super do
-          execute(:bind)
-          true
-        end
-      end
-
-      def bound?
-        connecting? and @connection.bound?
-      end
-
-      def search(options={}, &block)
-        super(options) do |base, scope, filter, attrs, limit, callback|
-          begin
-            i = 0
-            execute(:search, base, scope, filter, attrs) do |entry|
-              i += 1
-              attributes = {}
-              entry.attrs.each do |attr|
-                attributes[attr] = entry.vals(attr)
-              end
-              callback.call([entry.dn, attributes], block)
-              break if limit and limit >= i
-            end
-          rescue RuntimeError
-            if $!.message == "no result returned by search"
-              @logger.debug {"No matches for #{filter} and attrs " +
-                             "#{attrs.inspect}"}
-            else
-              raise
-            end
-          end
-        end
-      end
-
-      def to_ldif(dn, attributes)
-        ldif = LDAP::LDIF.to_ldif("dn", [dn.dup])
-        attributes.sort_by do |key, value|
-          key
-        end.each do |key, values|
-          ldif << LDAP::LDIF.to_ldif(key, values)
-        end
-        ldif
-      end
-
-      def load(ldifs, options={})
-        super do |ldif|
-          LDAP::LDIF.parse_entry(ldif).send(@connection)
-        end
-      end
-
-      def delete(targets, options={})
-        super do |target|
-          execute(:delete, target)
-        end
-      end
-
-      def add(dn, entries, options={})
-        super do |dn, entries|
-          execute(:add, dn, parse_entries(entries))
-        end
-      end
-
-      def modify(dn, entries, options={})
-        super do |dn, entries|
-          execute(:modify, dn, parse_entries(entries))
-        end
-      end
-
-      private
-      def prepare_connection(options={})
-        operation(options) do
-          @connection.set_option(LDAP::LDAP_OPT_PROTOCOL_VERSION, 3)
-        end
-      end
-
-      def root_dse(attributes, options={})
-        sec = options[:sec] || 0
-        usec = options[:usec] || 0
-        @connection.root_dse(attributes, sec, usec)
-      end
-
-      def execute(method, *args, &block)
-        begin
-          @connection.send(method, *args, &block)
-        rescue LDAP::ResultError
-          @connection.assert_error_code
-          raise $!.message
-        end
-      end
-
-      def with_timeout(try_reconnect=true, options={}, &block)
-        begin
-          super
-        rescue LDAP::ServerDown => e
-          @logger.error {"LDAP server is down: #{e.message}"}
-          retry if try_reconnect and reconnect(options)
-          raise ConnectionError.new(e.message)
-        end
-      end
-
-      def ensure_method(method)
-        Method.constants.each do |name|
-          if method.to_s.downcase == name.downcase
-            return Method.const_get(name).new
-          end
-        end
-
-        available_methods = Method.constants.collect do |name|
-          name.downcase.to_sym.inspect
-        end.join(", ")
-        raise ConfigurationError,
-                "#{method.inspect} is not one of the available connect " +
-                "methods #{available_methods}"
-      end
-
-      def ensure_scope(scope)
-        scope_map = {
-          :base => LDAP::LDAP_SCOPE_BASE,
-          :sub => LDAP::LDAP_SCOPE_SUBTREE,
-          :one => LDAP::LDAP_SCOPE_ONELEVEL,
-        }
-        value = scope_map[scope || :sub]
-        if value.nil?
-          available_scopes = scope_map.keys.inspect
-          raise ArgumentError, "#{scope.inspect} is not one of the available " +
-                               "LDAP scope #{available_scopes}"
-        end
-        value
-      end
-
-      def sasl_bind(bind_dn, options={})
-        super do |bind_dn, mechanism, quiet|
-          begin
-            sasl_quiet = @connection.sasl_quiet
-            @connection.sasl_quiet = quiet unless quiet.nil?
-            args = [bind_dn, mechanism]
-            if need_credential_sasl_mechanism?(mechanism)
-              args << password(bind_dn, options)
-            end
-            execute(:sasl_bind, *args)
-          ensure
-            @connection.sasl_quiet = sasl_quiet
-          end
-        end
-      end
-
-      def simple_bind(bind_dn, options={})
-        super do |bind_dn, passwd|
-          execute(:bind, bind_dn, passwd)
-        end
-      end
-
-      def parse_entries(entries)
-        result = []
-        entries.each do |type, key, attributes|
-          mod_type = ensure_mod_type(type)
-          binary = schema.binary?(key)
-          mod_type |= LDAP::LDAP_MOD_BVALUES if binary
-          attributes.each do |name, values|
-            result << LDAP.mod(mod_type, name, values)
-          end
-        end
-        result
-      end
-
-      def ensure_mod_type(type)
-        case type
-        when :replace, :add
-          LDAP.const_get("LDAP_MOD_#{type.to_s.upcase}")
-        else
-          raise ArgumentError, "unknown type: #{type}"
-        end
-      end
-    end
-  end
-end

data/lib/active_ldap/adapter/ldap_ext.rb

@@ -1,69 +0,0 @@
-require_library_or_gem 'ldap'
-require 'ldap/ldif'
-require 'ldap/schema'
-
-module LDAP
-  class Mod
-    unless instance_method(:to_s).arity.zero?
-      alias_method :original_to_s, :to_s
-      def to_s
-        inspect
-      end
-    end
-
-    alias_method :_initialize, :initialize
-    def initialize(op, type, vals)
-      if (LDAP::VERSION.split(/\./).collect {|x| x.to_i} <=> [0, 9, 7]) <= 0
-        @op, @type, @vals = op, type, vals # to protect from GC
-      end
-      _initialize(op, type, vals)
-    end
-  end
-
-  IMPLEMENT_SPECIFIC_ERRORS = {}
-  {
-    0x51 => "SERVER_DOWN",
-    0x52 => "LOCAL_ERROR",
-    0x53 => "ENCODING_ERROR",
-    0x54 => "DECODING_ERROR",
-    0x55 => "TIMEOUT",
-    0x56 => "AUTH_UNKNOWN",
-    0x57 => "FILTER_ERROR",
-    0x58 => "USER_CANCELLED",
-    0x59 => "PARAM_ERROR",
-    0x5a => "NO_MEMORY",
-
-    0x5b => "CONNECT_ERROR",
-    0x5c => "NOT_SUPPORTED",
-    0x5d => "CONTROL_NOT_FOUND",
-    0x5e => "NO_RESULTS_RETURNED",
-    0x5f => "MORE_RESULTS_TO_RETURN",
-    0x60 => "CLIENT_LOOP",
-    0x61 => "REFERRAL_LIMIT_EXCEEDED",
-  }.each do |code, name|
-    IMPLEMENT_SPECIFIC_ERRORS[code] =
-      ActiveLdap::LdapError.define(code, name, self)
-  end
-
-  class Conn
-    def failed?
-      not err.zero?
-    end
-
-    def error_message
-      if failed?
-        LDAP.err2string(err)
-      else
-        nil
-      end
-    end
-
-    def assert_error_code
-      return unless failed?
-      klass = ActiveLdap::LdapError::ERRORS[err]
-      klass ||= IMPLEMENT_SPECIFIC_ERRORS[err]
-      klass ||= ActiveLdap::LdapError
-      raise klass, LDAP.err2string(err)
-    end
-  end
-end

data/lib/active_ldap/adapter/net_ldap.rb

@@ -1,288 +0,0 @@
-require 'digest/md5'
-
-require 'active_ldap/adapter/base'
-
-module ActiveLdap
-  module Adapter
-    class Base
-      class << self
-        def net_ldap_connection(options)
-          unless defined?(::Net::LDAP)
-            require 'active_ldap/adapter/net_ldap_ext'
-          end
-          NetLdap.new(options)
-        end
-      end
-    end
-
-    class NetLdap < Base
-      METHOD = {
-        :ssl => :simple_tls,
-        :tls => :start_tls,
-        :plain => nil,
-      }
-
-      def connect(options={})
-        @bound = false
-        super do |host, port, method|
-          config = {
-            :host => host,
-            :port => port,
-          }
-          config[:encryption] = {:method => method} if method
-          Net::LDAP::Connection.new(config)
-        end
-      end
-
-      def unbind(options={})
-        @bound = false
-      end
-
-      def bind(options={})
-        @bound = false
-        begin
-          super
-        rescue Net::LDAP::LdapError
-          raise AuthenticationError, $!.message
-        end
-      end
-
-      def bind_as_anonymous(options={})
-        super do
-          @bound = false
-          execute(:bind, :method => :anonymous)
-          @bound = true
-        end
-      end
-
-      def bound?
-        connecting? and @bound
-      end
-
-      def search(options={}, &block)
-        super(options) do |base, scope, filter, attrs, limit, callback|
-          args = {
-            :base => base,
-            :scope => scope,
-            :filter => filter,
-            :attributes => attrs,
-            :size => limit,
-          }
-          execute(:search, args) do |entry|
-            attributes = {}
-            entry.original_attribute_names.each do |name|
-              attributes[name] = entry[name]
-            end
-            callback.call([entry.dn, attributes], block)
-          end
-        end
-      end
-
-      def to_ldif(dn, attributes)
-        entry = Net::LDAP::Entry.new(dn.dup)
-        attributes.each do |key, values|
-          entry[key] = values.flatten
-        end
-        entry.to_ldif
-      end
-
-      def load(ldifs, options={})
-        super do |ldif|
-          entry = Net::LDAP::Entry.from_single_ldif_string(ldif)
-          attributes = {}
-          entry.each do |name, values|
-            attributes[name] = values
-          end
-          attributes.delete(:dn)
-          execute(:add,
-                  :dn => entry.dn,
-                  :attributes => attributes)
-        end
-      end
-
-      def delete(targets, options={})
-        super do |target|
-          execute(:delete, :dn => target)
-        end
-      end
-
-      def add(dn, entries, options={})
-        super do |dn, entries|
-          attributes = {}
-          entries.each do |type, key, attrs|
-            attrs.each do |name, values|
-              attributes[name] = values
-            end
-          end
-          execute(:add, :dn => dn, :attributes => attributes)
-        end
-      end
-
-      def modify(dn, entries, options={})
-        super do |dn, entries|
-          execute(:modify,
-                  :dn => dn,
-                  :operations => parse_entries(entries))
-        end
-      end
-
-      private
-      def execute(method, *args, &block)
-        result = @connection.send(method, *args, &block)
-        message = nil
-        if result.is_a?(Hash)
-          message = result[:errorMessage]
-          result = result[:resultCode]
-        end
-        unless result.zero?
-          klass = LdapError::ERRORS[result]
-          klass ||= LdapError
-          raise klass,
-                [Net::LDAP.result2string(result), message].compact.join(": ")
-        end
-      end
-
-      def root_dse(attrs, options={})
-        search(:base => "",
-               :scope => :base,
-               :attributes => attrs).collect do |dn, attributes|
-          attributes
-        end
-      end
-
-      def ensure_method(method)
-        method ||= "plain"
-        normalized_method = method.to_s.downcase.to_sym
-        return METHOD[normalized_method] if METHOD.has_key?(normalized_method)
-
-        available_methods = METHOD.keys.collect {|m| m.inspect}.join(", ")
-        raise ConfigurationError,
-                "#{method.inspect} is not one of the available connect " +
-                "methods #{available_methods}"
-      end
-
-      def ensure_scope(scope)
-        scope_map = {
-          :base => Net::LDAP::SearchScope_BaseObject,
-          :sub => Net::LDAP::SearchScope_WholeSubtree,
-          :one => Net::LDAP::SearchScope_SingleLevel,
-        }
-        value = scope_map[scope || :sub]
-        if value.nil?
-          available_scopes = scope_map.keys.inspect
-          raise ArgumentError, "#{scope.inspect} is not one of the available " +
-                               "LDAP scope #{available_scopes}"
-        end
-        value
-      end
-
-      def sasl_bind(bind_dn, options={})
-        super do |bind_dn, mechanism, quiet|
-          normalized_mechanism = mechanism.downcase.gsub(/-/, '_')
-          sasl_bind_setup = "sasl_bind_setup_#{normalized_mechanism}"
-          next unless respond_to?(sasl_bind_setup, true)
-          initial_credential, challenge_response =
-            send(sasl_bind_setup, bind_dn, options)
-          args = {
-            :method => :sasl,
-            :initial_credential => initial_credential,
-            :mechanism => mechanism,
-            :challenge_response => challenge_response,
-          }
-          @bound = false
-          execute(:bind, args)
-          @bound = true
-        end
-      end
-
-      def sasl_bind_setup_digest_md5(bind_dn, options)
-        initial_credential = ""
-        nonce_count = 1
-        challenge_response = Proc.new do |cred|
-          params = parse_sasl_digest_md5_credential(cred)
-          qops = params["qop"].split(/,/)
-          return "unsupported qops: #{qops.inspect}" unless qops.include?("auth")
-          qop = "auth"
-          server = @connection.instance_variable_get("@conn").addr[2]
-          realm = params['realm']
-          uri = "ldap/#{server}"
-          nc = "%08x" % nonce_count
-          nonce = params["nonce"]
-          cnonce = generate_client_nonce
-          requests = {
-            :username => bind_dn.inspect,
-            :realm => realm.inspect,
-            :nonce => nonce.inspect,
-            :cnonce => cnonce.inspect,
-            :nc => nc,
-            :qop => qop,
-            :maxbuf => "65536",
-            "digest-uri" => uri.inspect,
-          }
-          a1 = "#{bind_dn}:#{realm}:#{password(cred, options)}"
-          a1 = "#{Digest::MD5.digest(a1)}:#{nonce}:#{cnonce}"
-          ha1 = Digest::MD5.hexdigest(a1)
-          a2 = "AUTHENTICATE:#{uri}"
-          ha2 = Digest::MD5.hexdigest(a2)
-          response = "#{ha1}:#{nonce}:#{nc}:#{cnonce}:#{qop}:#{ha2}"
-          requests["response"] = Digest::MD5.hexdigest(response)
-          nonce_count += 1
-          requests.collect do |key, value|
-            "#{key}=#{value}"
-          end.join(",")
-        end
-        [initial_credential, challenge_response]
-      end
-
-      def parse_sasl_digest_md5_credential(cred)
-        params = {}
-        cred.scan(/(\w+)=(\"?)(.+?)\2(?:,|$)/) do |name, sep, value|
-          params[name] = value
-        end
-        params
-      end
-
-      CHARS = ("a".."z").to_a + ("A".."Z").to_a + ("0".."9").to_a
-      def generate_client_nonce(size=32)
-        nonce = ""
-        size.times do |i|
-          nonce << CHARS[rand(CHARS.size)]
-        end
-        nonce
-      end
-
-      def simple_bind(bind_dn, options={})
-        super do |bind_dn, passwd|
-          args = {
-            :method => :simple,
-            :username => bind_dn,
-            :password => passwd,
-          }
-          @bound = false
-          execute(:bind, args)
-          @bound = true
-        end
-      end
-
-      def parse_entries(entries)
-        result = []
-        entries.each do |type, key, attributes|
-          mod_type = ensure_mod_type(type)
-          attributes.each do |name, values|
-            result << [mod_type, name, values]
-          end
-        end
-        result
-      end
-
-      def ensure_mod_type(type)
-        case type
-        when :replace, :add
-          type
-        else
-          raise ArgumentError, "unknown type: #{type}"
-        end
-      end
-    end
-  end
-end