ruby-ldap 0.9.9

data/saslconn.c

@@ -0,0 +1,176 @@
+/*
+ * saslconn.c
+ * $Id: saslconn.c,v 1.25 2006/02/13 17:20:32 ianmacd Exp $
+ */
+
+#include "ruby.h"
+#include "rbldap.h"
+#if defined(HAVE_SYS_TIME_H)
+# include <sys/time.h>
+#endif
+#if defined(HAVE_UNISTD_H)
+# include <unistd.h>
+#endif
+
+extern VALUE rb_ldap_conn_initialize (int argc, VALUE argv[], VALUE self);
+extern VALUE rb_ldap_conn_rebind (VALUE self);
+
+#if defined(HAVE_LDAP_SASL_BIND_S)
+int
+rb_ldap_sasl_interaction (LDAP * ld, unsigned flags, void *defaults, void *in)
+{
+  /* not implemented */
+  return LDAP_SUCCESS;
+}
+
+/*
+ * call-seq:
+ * conn.sasl_bind(dn=nil, mech=nil, cred=nil, sctrls=nil, cctrls=nil)  => self
+ * conn.sasl_bind(dn=nil, mech=nil, cred=nil, sctrls=nil, cctrls=nil)
+ *   { |conn| }  => nil
+ *
+ * Bind an LDAP connection, using the DN, +dn+, the mechanism, +mech+, and the
+ * credential, +cred+.
+ *
+ * +sctrls+ is an array of server controls, whilst +cctrls+ is an array of
+ * client controls.
+ *
+ * and the bind method, +method+. If a block is given, +self+ is yielded to
+ * the block.
+ */
+VALUE
+rb_ldap_conn_sasl_bind (int argc, VALUE argv[], VALUE self)
+{
+  RB_LDAP_DATA *ldapdata;
+
+  VALUE arg1, arg2, arg3, arg4, arg5;
+  int version;
+  char *dn = NULL;
+  char *mechanism = NULL;
+  struct berval *cred = ALLOCA_N (struct berval, 1);
+  LDAPControl **serverctrls = NULL;
+  LDAPControl **clientctrls = NULL;
+
+  /*
+  struct berval *servercred = NULL;
+  char *sasl_realm = NULL;
+  char *sasl_authc_id = NULL;
+  char *sasl_authz_id = NULL;
+  char *sasl_secprops = NULL;
+  struct berval passwd = { 0, NULL };
+  */
+
+  unsigned sasl_flags = LDAP_SASL_AUTOMATIC;
+
+  Data_Get_Struct (self, RB_LDAP_DATA, ldapdata);
+  if (!ldapdata->ldap)
+    {
+      if (rb_iv_get (self, "@args") != Qnil)
+	{
+	  rb_ldap_conn_rebind (self);
+	  GET_LDAP_DATA (self, ldapdata);
+	}
+      else
+	{
+	  rb_raise (rb_eLDAP_InvalidDataError,
+		    "The LDAP handler has already unbound.");
+	}
+    }
+
+  if (ldapdata->bind)
+    {
+      rb_raise (rb_eLDAP_Error, "already bound.");
+    };
+  switch (rb_scan_args (argc, argv, "23", &arg1, &arg2, &arg3, &arg4, &arg5))
+    {
+    case 2:			/* don't need the cred for GSSAPI */
+      dn = StringValuePtr (arg1);
+      mechanism = StringValuePtr (arg2);
+      serverctrls = NULL;
+      clientctrls = NULL;
+      if (rb_iv_get (self, "@sasl_quiet") == Qtrue)
+	sasl_flags = LDAP_SASL_QUIET;
+      break;
+    case 3:
+      dn = StringValuePtr (arg1);
+      mechanism = StringValuePtr (arg2);
+      cred->bv_val = StringValueCStr (arg3);
+      cred->bv_len = RSTRING_LEN (arg3);
+      break;
+    case 4:
+      dn = StringValuePtr (arg1);
+      mechanism = StringValuePtr (arg2);
+      cred->bv_val = StringValueCStr (arg3);
+      cred->bv_len = RSTRING_LEN (arg3);
+      serverctrls = rb_ldap_get_controls (arg4);
+      break;
+    case 5:
+      dn = StringValuePtr (arg1);
+      mechanism = StringValuePtr (arg2);
+      cred->bv_val = StringValueCStr (arg3);
+      cred->bv_len = RSTRING_LEN (arg3);
+      serverctrls = rb_ldap_get_controls (arg4);
+      clientctrls = rb_ldap_get_controls (arg5);
+      break;
+    default:
+      rb_bug ("rb_ldap_conn_bind_s");
+    }
+
+  ldap_get_option (ldapdata->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+  if (version < LDAP_VERSION3)
+    {
+      version = LDAP_VERSION3;
+      ldapdata->err =
+	ldap_set_option (ldapdata->ldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+      Check_LDAP_Result (ldapdata->err);
+    }
+
+  /* the following works for GSSAPI, at least */
+  ldapdata->err =
+    ldap_sasl_interactive_bind_s (ldapdata->ldap, dn, mechanism,
+				  serverctrls, clientctrls, sasl_flags,
+				  rb_ldap_sasl_interaction, NULL);
+
+  if (ldapdata->err == LDAP_SASL_BIND_IN_PROGRESS)
+    {
+      rb_raise (rb_eNotImpError,
+		"SASL authentication is not fully supported.");
+      /* How can I implement this with portability? */
+      /* 
+         VALUE scred;
+	 scred = rb_tainted_str_new(servercred->bv_val,
+         servercred->bv_len);
+      */
+    }
+  else
+    {
+      Check_LDAP_Result (ldapdata->err);
+      ldapdata->bind = 1;
+    }
+
+  if (rb_block_given_p ())
+    {
+      rb_ensure (rb_yield, self, rb_ldap_conn_unbind, self);
+      return Qnil;
+    }
+  else
+    {
+      return self;
+    };
+}
+
+#else /* HAVE_LDAP_SASL_BIND_S */
+
+VALUE
+rb_ldap_conn_sasl_bind (int argc, VALUE argv[], VALUE self)
+{
+  rb_notimplement ();
+}
+
+#endif /* HAVE_LDAP_SASL_BIND_S */
+
+void
+Init_ldap_saslconn ()
+{
+  rb_define_method (rb_cLDAP_Conn, "sasl_bind", rb_ldap_conn_sasl_bind, -1);
+}

data/sslconn.c

@@ -0,0 +1,377 @@
+/*
+ * sslconn.c
+ * $Id: sslconn.c,v 1.18 2006/04/19 22:13:26 ianmacd Exp $
+ */
+
+#include "ruby.h"
+#include "rbldap.h"
+#if defined(HAVE_SYS_TIME_H)
+# include <sys/time.h>
+#endif
+#if defined(HAVE_UNISTD_H)
+# include <unistd.h>
+#endif
+
+#if defined(HAVE_LDAP_START_TLS_S)
+# define USE_OPENLDAP_SSLCONN
+#elif defined(HAVE_LDAPSSL_INIT)
+# define USE_NSSLDAP_SSLCONN
+#elif defined(HAVE_LDAP_SSLINIT)
+# define USE_WLDAP32_SSLCONN
+#endif
+
+VALUE rb_cLDAP_SSLConn;
+
+#ifdef USE_OPENLDAP_SSLCONN
+static VALUE
+rb_openldap_sslconn_initialize (int argc, VALUE argv[], VALUE self)
+{
+  RB_LDAP_DATA *ldapdata;
+  LDAP *cldap;
+  char *chost = NULL;
+  int cport = LDAP_PORT;
+
+  VALUE arg1, arg2, arg3, arg4, arg5;
+
+  LDAPControl **serverctrls = NULL;
+  LDAPControl **clientctrls = NULL;
+  int version;
+  int start_tls;
+
+
+  Data_Get_Struct (self, RB_LDAP_DATA, ldapdata);
+  if (ldapdata->ldap)
+    return Qnil;
+
+  switch (rb_scan_args (argc, argv, "05", &arg1, &arg2, &arg3, &arg4, &arg5))
+    {
+    case 0:
+      chost = ALLOCA_N (char, strlen ("localhost") + 1);
+      strcpy (chost, "localhost");
+      cport = LDAP_PORT;
+      start_tls = 0;
+      break;
+    case 1:
+      chost = StringValueCStr (arg1);
+      cport = LDAP_PORT;
+      start_tls = 0;
+      break;
+    case 2:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      start_tls = 0;
+      break;
+    case 3:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      start_tls = (arg3 == Qtrue) ? 1 : 0;
+      break;
+    case 4:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      start_tls = (arg3 == Qtrue) ? 1 : 0;
+      serverctrls = rb_ldap_get_controls (arg4);
+      break;
+    case 5:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      start_tls = (arg3 == Qtrue) ? 1 : 0;
+      serverctrls = rb_ldap_get_controls (arg4);
+      clientctrls = rb_ldap_get_controls (arg5);
+      break;
+    default:
+      rb_bug ("rb_ldap_conn_new");
+    }
+
+  cldap = ldap_init (chost, cport);
+  if (!cldap)
+    rb_raise (rb_eLDAP_ResultError, "can't initialise an LDAP session");
+
+  ldapdata->ldap = cldap;
+
+  if (rb_block_given_p ())
+    {
+      rb_yield (self);
+    }
+
+  ldap_get_option (cldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+  if (version < LDAP_VERSION3)
+    {
+      version = LDAP_VERSION3;
+      ldapdata->err =
+	ldap_set_option (cldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+      Check_LDAP_Result (ldapdata->err);
+    }
+
+  if (start_tls)
+    {
+      ldapdata->err = ldap_start_tls_s (cldap, serverctrls, clientctrls);
+      Check_LDAP_Result (ldapdata->err);
+    }
+  else
+    {
+      int opt = LDAP_OPT_X_TLS_HARD;
+      ldapdata->err = ldap_set_option (cldap, LDAP_OPT_X_TLS, &opt);
+      Check_LDAP_Result (ldapdata->err);
+    }
+
+  rb_iv_set (self, "@args", rb_ary_new4 (argc, argv));
+  rb_iv_set (self, "@sasl_quiet", Qfalse);
+
+  return Qnil;
+}
+#endif /* USE_OPENLDAP_SSLCONN */
+
+
+#ifdef USE_NSSLDAP_SSLCONN
+static VALUE
+rb_nssldap_sslconn_initialize (int argc, VALUE argv[], VALUE self)
+{
+  RB_LDAP_DATA *ldapdata;
+  LDAP *cldap;
+  char *chost = NULL;
+  char *certpath = NULL;
+  int cport = LDAP_PORT;
+  int csecure = 0;
+
+  VALUE arg1, arg2, arg3, arg4;
+
+  Data_Get_Struct (self, RB_LDAP_DATA, ldapdata);
+  if (ldapdata->ldap)
+    return Qnil;
+
+  switch (rb_scan_args (argc, argv, "04", &arg1, &arg2, &arg3, &arg4))
+    {
+    case 0:
+      chost = ALLOCA_N (char, strlen ("localhost") + 1);
+      strcpy (chost, "localhost");
+      cport = LDAP_PORT;
+      csecure = 0;
+      certpath = NULL;
+      break;
+    case 1:
+      chost = StringValueCStr (arg1);
+      cport = LDAP_PORT;
+      csecure = 0;
+      certpath = NULL;
+      break;
+    case 2:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      csecure = 0;
+      certpath = NULL;
+      break;
+    case 3:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      csecure = (arg3 == Qtrue) ? 1 : 0;
+      certpath = NULL;
+      break;
+    case 4:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      csecure = (arg3 == Qtrue) ? 1 : 0;
+      certpath = (arg4 == Qnil) ? NULL : StringValueCStr (arg4);
+      break;
+    default:
+      rb_bug ("rb_ldap_conn_new");
+    }
+
+  /***
+    ldapssl_client_init():
+     http://docs.iplanet.com/docs/manuals/dirsdk/csdk41/html/function.htm#25963
+     ldapssl_client_authinit():
+     http://docs.iplanet.com/docs/manuals/dirsdk/csdk41/html/function.htm#26024
+  ***/
+  ldapssl_client_init (certpath, NULL);
+  cldap = ldapssl_init (chost, cport, csecure);
+  ldapdata->ldap = cldap;
+
+  rb_iv_set (self, "@args", Qnil);
+
+  return Qnil;
+}
+#endif /* USE_NSSLDAP_SSLCONN */
+
+#if defined(USE_WLDAP32_SSLCONN)
+static VALUE
+rb_wldap32_sslconn_initialize (int argc, VALUE argv[], VALUE self)
+{
+  RB_LDAP_DATA *ldapdata;
+  LDAP *cldap;
+  char *chost;
+  int cport;
+  int csecure;
+  int version;
+
+  VALUE arg1, arg2, arg3;
+
+  Data_Get_Struct (self, RB_LDAP_DATA, ldapdata);
+  if (ldapdata->ldap)
+    return Qnil;
+
+  switch (rb_scan_args (argc, argv, "02", &arg1, &arg2, &arg3))
+    {
+    case 0:
+      chost = ALLOCA_N (char, strlen ("localhost") + 1);
+      strcpy (chost, "localhost");
+      cport = LDAP_PORT;
+      csecure = 1;
+      break;
+    case 1:
+      chost = StringValueCStr (arg1);
+      cport = LDAP_PORT;
+      csecure = 1;
+      break;
+    case 2:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      csecure = 1;
+      break;
+    case 3:
+      chost = StringValueCStr (arg1);
+      cport = NUM2INT (arg2);
+      csecure = (arg3 == Qtrue) ? 1 : 0;
+      break;
+    default:
+      rb_bug ("rb_ldap_conn_new");
+    }
+
+  cldap = ldap_sslinit (chost, cport, csecure);
+  ldapdata->ldap = cldap;
+
+#if defined(HAVE_LDAP_GET_OPTION) && defined(HAVE_LDAP_SET_OPTION)
+  ldap_get_option (cldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+  if (version < LDAP_VERSION3)
+    {
+      version = LDAP_VERSION3;
+      ldapdata->err =
+	ldap_set_option (cldap, LDAP_OPT_PROTOCOL_VERSION, &version);
+      Check_LDAP_Result (ldapdata->err);
+    }
+#endif
+
+  rb_iv_set (self, "@args", Qnil);
+
+  return Qnil;
+}
+
+VALUE
+rb_ldap_sslconn_bind_f (int argc, VALUE argv[], VALUE self,
+			VALUE (*rb_ldap_sslconn_bind_func) (int, VALUE[],
+							    VALUE))
+{
+  RB_LDAP_DATA *ldapdata;
+
+  Data_Get_Struct (self, RB_LDAP_DATA, ldapdata);
+  if (!ldapdata->ldap)
+    {
+      if (rb_iv_get (self, "@args") != Qnil)
+	{
+	  rb_ldap_conn_rebind (self);
+	  GET_LDAP_DATA (self, ldapdata);
+	}
+      else
+	{
+	  rb_raise (rb_eLDAP_InvalidDataError,
+		    "The LDAP handler has already unbound.");
+	}
+    }
+
+  ldapdata->err = ldap_connect (ldapdata->ldap, NULL);
+  Check_LDAP_Result (ldapdata->err);
+
+  return rb_ldap_sslconn_bind_func (argc, argv, self);
+}
+
+/*
+ * call-seq:
+ * conn.bind(dn=nil, password=nil, method=LDAP::LDAP_AUTH_SIMPLE)  => self
+ * conn.bind(dn=nil, password=nil, method=LDAP::LDAP_AUTH_SIMPLE)
+ *   { |conn| }  => self
+ *
+ * Bind an LDAP connection, using the DN, +dn+, the credential, +password+,
+ * and the bind method, +method+. If a block is given, +self+ is yielded to
+ * the block.
+ */
+VALUE
+rb_ldap_sslconn_bind_s (int argc, VALUE argv[], VALUE self)
+{
+  return rb_ldap_sslconn_bind_f (argc, argv, self, rb_ldap_conn_bind_s);
+}
+
+/*
+ * call-seq:
+ * conn.simple_bind(dn=nil, password=nil)  => self
+ * conn.simple_bind(dn=nil, password=nil) { |conn| }  => self
+ *
+ * Bind an LDAP connection, using the DN, +dn+, and the credential, +password+.
+ * If a block is given, +self+ is yielded to the block.
+ */
+VALUE
+rb_ldap_sslconn_simple_bind_s (int argc, VALUE argv[], VALUE self)
+{
+  return rb_ldap_sslconn_bind_f (argc, argv, self,
+				 rb_ldap_conn_simple_bind_s);
+}
+#endif /* USE_WLDAP32_SSLCONN */
+
+/*
+ * call-seq:
+ * LDAP::SSLConn.new(host='localhost', port=LDAP_PORT,
+ *                   start_tls=false, sctrls=nil, cctrls=nil)
+ *   => LDAP::SSLConn
+ * LDAP::SSLConn.new(host='localhost', port=LDAP_PORT,
+ *                   start_tls=false, sctrls=nil, cctrls=nil) { |conn| }
+ *   => LDAP::SSLConn
+ *
+ * Return a new LDAP::SSLConn connection to the server, +host+, on port +port+.
+ * If +start_tls+ is *true*, START_TLS will be used to establish the
+ * connection, automatically setting the LDAP protocol version to v3 if it is
+ * not already set.
+ *
+ * +sctrls+ is an array of server controls, whilst +cctrls+ is an array of
+ * client controls.
+ */
+VALUE
+rb_ldap_sslconn_initialize (int argc, VALUE argv[], VALUE self)
+{
+#if defined(USE_OPENLDAP_SSLCONN)
+  return rb_openldap_sslconn_initialize (argc, argv, self);
+#elif defined(USE_NSSLDAP_SSLCONN)
+  return rb_nssldap_sslconn_initialize (argc, argv, self);
+#elif defined(USE_WLDAP32_SSLCONN)
+  return rb_wldap32_sslconn_initialize (argc, argv, self);
+#else
+  rb_notimplement ();
+#endif
+}
+
+/* :nodoc: */
+VALUE
+rb_ldap_sslconn_s_open (int argc, VALUE argv[], VALUE klass)
+{
+  rb_notimplement ();
+}
+
+/* Document-class: LDAP::SSLConn
+ *
+ * Create and manipulate encrypted LDAP connections. LDAP::SSLConn is a
+ * subclass of LDAP::Conn and so has access to the same methods, except for
+ * LDAP::SSLConn.open, which is not implemented.
+ */
+void
+Init_ldap_sslconn ()
+{
+  rb_cLDAP_SSLConn =
+    rb_define_class_under (rb_mLDAP, "SSLConn", rb_cLDAP_Conn);
+  rb_define_singleton_method (rb_cLDAP_SSLConn, "open",
+			      rb_ldap_sslconn_s_open, -1);
+  rb_define_method (rb_cLDAP_SSLConn, "initialize",
+		    rb_ldap_sslconn_initialize, -1);
+#ifdef USE_WLDAP32_SSLCONN
+  rb_define_method (rb_cLDAP_SSLConn, "bind", rb_ldap_sslconn_bind_s, -1);
+  rb_define_method (rb_cLDAP_SSLConn, "simple_bind",
+		    rb_ldap_sslconn_simple_bind_s, -1);
+#endif
+}