ruby-activeldap 0.8.3 → 0.8.3.1

data/lib/active_ldap/callbacks.rb

@@ -0,0 +1,19 @@
+require 'active_record/callbacks'
+
+module ActiveLdap
+  module Callbacks
+    def self.append_features(base)
+      super
+
+      base.class_eval do
+        include ActiveRecord::Callbacks
+
+        def callback(method)
+          super
+        rescue ActiveRecord::ActiveRecordError
+          raise Error, $!.message
+        end
+      end
+    end
+  end
+end

data/lib/active_ldap/command.rb

@@ -0,0 +1,48 @@
+require 'optparse'
+require 'ostruct'
+
+module ActiveLdap
+  module Command
+    include GetTextSupport
+
+    module_function
+    def parse_options(argv=nil, version=nil)
+      argv ||= ARGV.dup
+      options = OpenStruct.new
+      opts = OptionParser.new do |opts|
+        yield(opts, options)
+
+        opts.separator ""
+        opts.separator _("Common options:")
+
+        opts.on_tail("--config=CONFIG",
+                     _("Specify configuration file written as YAML")) do |file|
+          require 'yaml'
+          config = YAML.load(File.read(file)).symbolize_keys
+          Configuration::DEFAULT_CONFIG.update(config)
+        end
+
+        opts.on_tail("-h", "--help", _("Show this message")) do
+          puts opts
+          exit
+        end
+
+        opts.on_tail("--version", _("Show version")) do
+          puts(version || VERSION)
+          exit
+        end
+      end
+      opts.parse!(argv)
+      [argv, opts, options]
+    end
+
+    def read_password(prompt, input=$stdin, output=$stdout)
+      output.print prompt
+      system "/bin/stty -echo" if input.tty?
+      input.gets.chomp
+    ensure
+      system "/bin/stty echo" if input.tty?
+      output.puts
+    end
+  end
+end

data/lib/active_ldap/configuration.rb

@@ -0,0 +1,114 @@
+
+module ActiveLdap
+  # Configuration
+  #
+  # Configuration provides the default settings required for
+  # ActiveLdap to work with your LDAP server. All of these
+  # settings can be passed in at initialization time.
+  module Configuration
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    DEFAULT_CONFIG = {}
+    DEFAULT_CONFIG[:host] = '127.0.0.1'
+    DEFAULT_CONFIG[:port] = 389
+    DEFAULT_CONFIG[:method] = :plain  # :ssl, :tls, :plain allowed
+
+    DEFAULT_CONFIG[:bind_dn] = nil
+    DEFAULT_CONFIG[:password_block] = nil
+    DEFAULT_CONFIG[:password] = nil
+    DEFAULT_CONFIG[:store_password] = true
+    DEFAULT_CONFIG[:allow_anonymous] = true
+    DEFAULT_CONFIG[:sasl_quiet] = false
+    DEFAULT_CONFIG[:try_sasl] = false
+    # See http://www.iana.org/assignments/sasl-mechanisms
+    DEFAULT_CONFIG[:sasl_mechanisms] = ["GSSAPI", "DIGEST-MD5",
+                                        "CRAM-MD5", "EXTERNAL"]
+
+    DEFAULT_CONFIG[:retry_limit] = 3
+    DEFAULT_CONFIG[:retry_wait] = 3
+    DEFAULT_CONFIG[:timeout] = 0 # in seconds; 0 <= Never timeout
+    # Whether or not to retry on timeouts
+    DEFAULT_CONFIG[:retry_on_timeout] = true
+
+    DEFAULT_CONFIG[:logger] = nil
+
+    module ClassMethods
+      @@defined_configurations = {}
+
+      def default_configuration
+        DEFAULT_CONFIG.dup
+      end
+
+      def ensure_configuration(config=nil)
+        if config.nil?
+          if defined?(LDAP_ENV)
+            config = LDAP_ENV
+          elsif defined?(RAILS_ENV)
+            config = RAILS_ENV
+          else
+            config = {}
+          end
+        end
+
+        if config.is_a?(Symbol) or config.is_a?(String)
+          _config = configurations[config.to_s]
+          unless _config
+            raise ConnectionError,
+                  _("%s connection is not configured") % config
+          end
+          config = _config
+        end
+
+        config
+      end
+
+      def configuration(key=nil)
+        @@defined_configurations[key || active_connection_name]
+      end
+
+      def define_configuration(key, config)
+        @@defined_configurations[key] = config
+      end
+
+      def defined_configurations
+        @@defined_configurations
+      end
+
+      def remove_configuration_by_configuration(config)
+        @@defined_configurations.delete_if {|key, value| value == config}
+      end
+
+      CONNECTION_CONFIGURATION_KEYS = [:base, :adapter]
+      def remove_connection_related_configuration(config)
+        config.reject do |key, value|
+          CONNECTION_CONFIGURATION_KEYS.include?(key)
+	end
+      end
+
+      def merge_configuration(config, target=self)
+        configuration = default_configuration
+        config.symbolize_keys.each do |key, value|
+          case key
+          when :base
+            # Scrub before inserting
+            target.base = value.gsub(/['}{#]/, '')
+          when :scope, :ldap_scope
+            if key == :ldap_scope
+              logger.warning do
+                _(":ldap_scope configuration option is deprecated. " \
+                  "Use :scope instead.")
+              end
+            end
+            target.scope = value
+            configuration[:scope] = value
+          else
+            configuration[key] = value
+          end
+        end
+        configuration
+      end
+    end
+  end
+end

data/lib/active_ldap/connection.rb

@@ -0,0 +1,234 @@
+module ActiveLdap
+  module Connection
+    def self.included(base)
+      base.extend(ClassMethods)
+    end
+
+    module ClassMethods
+      @@active_connections = {}
+      @@allow_concurrency = false
+
+      def thread_safe_active_connections
+        @@active_connections[Thread.current.object_id] ||= {}
+      end
+
+      def single_threaded_active_connections
+        @@active_connections
+      end
+
+      if @@allow_concurrency
+        alias_method :active_connections, :thread_safe_active_connections
+      else
+        alias_method :active_connections, :single_threaded_active_connections
+      end
+
+      def allow_concurrency=(threaded) #:nodoc:
+        logger.debug {"allow_concurrency=#{threaded}"} if logger
+        return if @@allow_concurrency == threaded
+        clear_all_cached_connections!
+        @@allow_concurrency = threaded
+        method_prefix = threaded ? "thread_safe" : "single_threaded"
+        sing = (class << self; self; end)
+        [:active_connections].each do |method|
+          sing.send(:alias_method, method, "#{method_prefix}_#{method}")
+        end
+      end
+
+      def active_connection_name
+        @active_connection_name ||= determine_active_connection_name
+      end
+
+      def remove_active_connections!
+        active_connections.keys.each do |key|
+          remove_connection(key)
+        end
+      end
+
+      def clear_active_connections!
+        connections = active_connections
+        connections.each do |key, connection|
+          connection.disconnect!
+        end
+        connections.clear
+      end
+
+      def clear_active_connection_name
+        @active_connection_name = nil
+        ObjectSpace.each_object(Class) do |klass|
+          if klass < self and !klass.name.empty?
+            klass.instance_variable_set("@active_connection_name", nil)
+          end
+        end
+      end
+
+      def connection
+        conn = nil
+        @active_connection_name ||= nil
+        if @active_connection_name
+          conn = active_connections[@active_connection_name]
+        end
+        unless conn
+          conn = retrieve_connection
+          active_connections[@active_connection_name] = conn
+        end
+        conn
+      end
+
+      def connection=(adapter)
+        if adapter.is_a?(Adapter::Base)
+          active_connections[active_connection_name] = adapter
+        elsif adapter.is_a?(Hash)
+          config = adapter
+          self.connection = instantiate_adapter(config)
+        elsif adapter.nil?
+          raise ConnectionNotEstablished
+        else
+          establish_connection(adapter)
+        end
+      end
+
+      def instantiate_adapter(config)
+        adapter = (config[:adapter] || "ldap")
+        normalized_adapter = adapter.downcase.gsub(/-/, "_")
+        adapter_method = "#{normalized_adapter}_connection"
+        unless Adapter::Base.respond_to?(adapter_method)
+          raise AdapterNotFound.new(adapter)
+        end
+        if config.has_key?(:ldap_scope)
+          logger.warning do
+            _(":ldap_scope connection option is deprecated. Use :scope instead.")
+          end
+          config[:scope] ||= config.delete(:ldap_scope)
+        end
+        config = remove_connection_related_configuration(config)
+        Adapter::Base.send(adapter_method, config)
+      end
+
+      def connected?
+        active_connections[active_connection_name] ? true : false
+      end
+
+      def retrieve_connection
+        conn = nil
+        name = active_connection_name
+        raise ConnectionNotEstablished unless name
+        conn = active_connections[name]
+        if conn.nil?
+          config = configuration(name)
+          raise ConnectionNotEstablished unless config
+          self.connection = config
+          conn = active_connections[name]
+        end
+        raise ConnectionNotEstablished if conn.nil?
+        conn
+      end
+
+      def remove_connection(klass_or_key=self)
+        if klass_or_key.is_a?(Module)
+          key = active_connection_key(klass_or_key)
+        else
+          key = klass_or_key
+        end
+        config = configuration(key)
+        conn = active_connections[key]
+        remove_configuration_by_configuration(config)
+        active_connections.delete_if {|key, value| value == conn}
+        conn.disconnect! if conn
+        config
+      end
+
+      def establish_connection(config=nil)
+        config = ensure_configuration(config)
+        remove_connection
+
+        clear_active_connection_name
+        key = active_connection_key
+        @active_connection_name = key
+        define_configuration(key, merge_configuration(config))
+      end
+
+      # Return the schema object
+      def schema
+        connection.schema
+      end
+
+      private
+      def active_connection_key(k=self)
+        k.name.empty? ? k.object_id : k.name
+      end
+
+      def determine_active_connection_name
+        key = active_connection_key
+        if active_connections[key] or configuration(key)
+          key
+        elsif self == ActiveLdap::Base
+          nil
+        else
+          superclass.active_connection_name
+        end
+      end
+
+      def clear_all_cached_connections!
+        if @@allow_concurrency
+          @@active_connections.each_value do |connection_hash_for_thread|
+            connection_hash_for_thread.each_value {|conn| conn.disconnect!}
+            connection_hash_for_thread.clear
+          end
+        else
+          @@active_connections.each_value {|conn| conn.disconnect!}
+        end
+        @@active_connections.clear
+      end
+    end
+
+    def establish_connection(config=nil)
+      config = self.class.ensure_configuration(config)
+      config = self.class.configuration.merge(config)
+      config = self.class.merge_configuration(config, self)
+
+      remove_connection
+      self.class.define_configuration(dn, config)
+    end
+
+    def remove_connection
+      self.class.remove_connection(dn)
+    end
+
+    def connection
+      conn = @connection
+      conn ||= self.class.active_connections[dn] || retrieve_connection if id
+      conn || self.class.connection
+    end
+
+    def connected?
+      connection != self.class.connection
+    end
+
+    def connection=(adapter)
+      if adapter.nil? or adapter.is_a?(Adapter::Base)
+        @connection = adapter
+      elsif adapter.is_a?(Hash)
+        config = adapter
+        @connection = self.class.instantiate_adapter(config)
+      else
+        establish_connection(adapter)
+      end
+    end
+
+    def retrieve_connection
+      conn = self.class.active_connections[dn]
+      return conn if conn
+
+      config = self.class.configuration(dn)
+      return nil unless config
+
+      conn = self.class.instantiate_adapter(config)
+      @connection = self.class.active_connections[dn] = conn
+      conn
+    end
+
+    def schema
+      connection.schema
+    end
+  end
+end

data/lib/active_ldap/distinguished_name.rb

@@ -0,0 +1,250 @@
+require 'strscan'
+
+module ActiveLdap
+  class DistinguishedName
+    include GetTextSupport
+
+    class Parser
+      include GetTextSupport
+
+      attr_reader :dn
+      def initialize(source)
+        @dn = nil
+        @source = source
+      end
+
+      def parse
+        return @dn if @dn
+
+        rdns = []
+        scanner = StringScanner.new(@source)
+
+        scanner.scan(/\s*/)
+        raise rdn_is_missing if scanner.scan(/\s*\+\s*/)
+        raise name_component_is_missing if scanner.scan(/\s*,\s*/)
+
+        rdn = {}
+        until scanner.eos?
+          type = scan_attribute_type(scanner)
+          skip_attribute_type_and_value_separator(scanner)
+          value = scan_attribute_value(scanner)
+          rdn[type] = value
+          if scanner.scan(/\s*\+\s*/)
+            raise rdn_is_missing if scanner.eos?
+          elsif scanner.scan(/\s*\,\s*/)
+            rdns << rdn
+            rdn = {}
+            raise name_component_is_missing if scanner.eos?
+          else
+            scanner.scan(/\s*/)
+            rdns << rdn if scanner.eos?
+          end
+        end
+
+        @dn = DN.new(*rdns)
+        @dn
+      end
+
+      private
+      ATTRIBUTE_TYPE_RE = /\s*([a-zA-Z][a-zA-Z\d\-]*|\d+(?:\.\d+)*)\s*/
+      def scan_attribute_type(scanner)
+        raise attribute_type_is_missing unless scanner.scan(ATTRIBUTE_TYPE_RE)
+        scanner[1]
+      end
+
+      def skip_attribute_type_and_value_separator(scanner)
+        raise attribute_value_is_missing unless scanner.scan(/\s*=\s*/)
+      end
+
+      HEX_PAIR = "(?:[\\da-fA-F]{2})"
+      STRING_CHARS_RE = /[^,=\+<>\#;\\\"]*/ #
+      PAIR_RE = /\\([,=\+<>\#;]|\\|\"|(#{HEX_PAIR}))/ #
+      HEX_STRING_RE = /\#(#{HEX_PAIR}+)/ #
+      def scan_attribute_value(scanner)
+        if scanner.scan(HEX_STRING_RE)
+          value = scanner[1].scan(/../).collect do |hex_pair|
+            hex_pair.hex
+          end.pack("C*")
+        elsif scanner.scan(/\"/)
+          value = scan_quoted_attribute_value(scanner)
+        else
+          value = scan_not_quoted_attribute_value(scanner)
+        end
+        raise attribute_value_is_missing if value.blank?
+
+        value
+      end
+
+      def scan_quoted_attribute_value(scanner)
+        result = ""
+        until scanner.scan(/\"/)
+          scanner.scan(/([^\\\"]*)/)
+          quoted_strings = scanner[1]
+          pairs = collect_pairs(scanner)
+
+          if scanner.eos? or (quoted_strings.empty? and pairs.empty?)
+            raise found_unmatched_quotation
+          end
+
+          result << quoted_strings
+          result << pairs
+        end
+        result
+      end
+
+      def scan_not_quoted_attribute_value(scanner)
+        result = ""
+        until scanner.eos?
+          prev_size = result.size
+          pairs = collect_pairs(scanner)
+          strings = scanner.scan(STRING_CHARS_RE)
+          result << pairs if !pairs.nil? and !pairs.empty?
+          unless strings.nil?
+            if scanner.peek(1) == ","
+              result << strings.rstrip
+            else
+              result << strings
+            end
+          end
+          break if prev_size == result.size
+        end
+        result
+      end
+
+      def collect_pairs(scanner)
+        result = ""
+        while scanner.scan(PAIR_RE)
+          if scanner[2]
+            result << [scanner[2].hex].pack("C*")
+          else
+            result << scanner[1]
+          end
+        end
+        result
+      end
+
+      def invalid_dn(reason)
+        DistinguishedNameInvalid.new(@source, reason)
+      end
+
+      def name_component_is_missing
+        invalid_dn(_("name component is missing"))
+      end
+
+      def rdn_is_missing
+        invalid_dn(_("relative distinguished name (RDN) is missing"))
+      end
+
+      def attribute_type_is_missing
+        invalid_dn(_("attribute type is missing"))
+      end
+
+      def attribute_value_is_missing
+        invalid_dn(_("attribute value is missing"))
+      end
+
+      def found_unmatched_quotation
+        invalid_dn(_("found unmatched quotation"))
+      end
+    end
+
+    class << self
+      def parse(source)
+        Parser.new(source).parse
+      end
+    end
+
+    attr_reader :rdns
+    def initialize(*rdns)
+      @rdns = rdns.collect do |rdn|
+        rdn = {rdn[0] => rdn[1]} if rdn.is_a?(Array) and rdn.size == 2
+        rdn
+      end
+    end
+
+    def -(other)
+      rdns = @rdns.dup
+      normalized_rdns = normalize(@rdns)
+      normalize(other.rdns).reverse_each do |rdn|
+        if rdn == normalized_rdns.pop
+          rdns.pop
+        else
+          raise ArgumentError, _("%s isn't sub DN of %s") % [other, self]
+        end
+      end
+      self.class.new(*rdns)
+    end
+
+    def <<(rdn)
+      @rdns << rdn
+    end
+
+    def unshift(rdn)
+      @rdns.unshift(rdn)
+    end
+
+    def <=>(other)
+      normalize_for_comparing(@rdns) <=>
+        normalize_for_comparing(other.rdns)
+    end
+
+    def ==(other)
+      other.is_a?(self.class) and
+        normalize(@rdns) == normalize(other.rdns)
+    end
+
+    def eql?(other)
+      other.is_a?(self.class) and
+        normalize(@rdns).to_s.eql?(normalize(other.rdns).to_s)
+    end
+
+    def hash
+      normalize(@rdns).to_s.hash
+    end
+
+    def inspect
+      super
+    end
+
+    def to_s
+      @rdns.collect do |rdn|
+        rdn.sort_by do |type, value|
+          type.upcase
+        end.collect do |type, value|
+          "#{type}=#{escape(value)}"
+        end.join("+")
+      end.join(",")
+    end
+
+    private
+    def normalize(rdns)
+      rdns.collect do |rdn|
+        normalized_rdn = {}
+        rdn.each do |key, value|
+          normalized_rdn[key.upcase] = value.upcase
+        end
+        normalized_rdn
+      end
+    end
+
+    def normalize_for_comparing(rdns)
+      normalize(rdns).collect do |rdn|
+        rdn.sort_by do |key, value|
+          key
+        end
+      end.collect do |key, value|
+        [key, value]
+      end
+    end
+
+    def escape(value)
+      if /(\A | \z)/.match(value)
+        '"' + value.gsub(/([\\\"])/, '\\\\\1') + '"'
+      else
+        value.gsub(/([,=\+<>#;\\\"])/, '\\\\\1')
+      end
+    end
+  end
+
+  DN = DistinguishedName
+end