diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b035e809..a1ce7996 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -17,17 +17,17 @@ jobs: test: runs-on: ubuntu-latest strategy: + fail-fast: false matrix: ruby: - - "2.6" - - "2.7" - "3.0" - "3.1" - "3.2" - - "jruby-9.3" + - "3.3" + - "3.4" - "jruby-9.4" - - "truffleruby-22" + - "truffleruby" steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Run tests with Ruby ${{ matrix.ruby }} - run: docker-compose run ci-${{ matrix.ruby }} + run: docker compose run ci-${{ matrix.ruby }} diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index ed69b335..50901661 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,26 +1,11 @@ # This configuration was generated by # `rubocop --auto-gen-config` -# on 2023-03-29 17:13:45 UTC using RuboCop version 1.48.1. +# on 2025-05-31 20:03:27 UTC using RuboCop version 1.75.8. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new # versions of RuboCop, may require this file to be generated again. -# Offense count: 1 -# This cop supports safe autocorrection (--autocorrect). -# Configuration parameters: TreatCommentsAsGroupSeparators, ConsiderPunctuation, Include. -# Include: **/*.gemspec -Gemspec/OrderedDependencies: - Exclude: - - 'net-ldap.gemspec' - -# Offense count: 1 -# Configuration parameters: Severity, Include. -# Include: **/*.gemspec -Gemspec/RequiredRubyVersion: - Exclude: - - 'net-ldap.gemspec' - # Offense count: 3 # This cop supports safe autocorrection (--autocorrect). # Configuration parameters: EnforcedStyle, IndentationWidth. @@ -61,7 +46,7 @@ Layout/EmptyLineAfterMagicComment: # Offense count: 6 # This cop supports safe autocorrection (--autocorrect). -# Configuration parameters: EmptyLineBetweenMethodDefs, EmptyLineBetweenClassDefs, EmptyLineBetweenModuleDefs, AllowAdjacentOneLineDefs, NumberOfEmptyLines. +# Configuration parameters: EmptyLineBetweenMethodDefs, EmptyLineBetweenClassDefs, EmptyLineBetweenModuleDefs, DefLikeMacros, AllowAdjacentOneLineDefs, NumberOfEmptyLines. Layout/EmptyLineBetweenDefs: Exclude: - 'lib/net/ldap/dataset.rb' @@ -104,7 +89,7 @@ Layout/EndAlignment: Exclude: - 'testserver/ldapserver.rb' -# Offense count: 2 +# Offense count: 6 # This cop supports safe autocorrection (--autocorrect). # Configuration parameters: IndentationWidth. # SupportedStyles: special_inside_parentheses, consistent, align_brackets @@ -148,9 +133,9 @@ Layout/IndentationWidth: - 'lib/net/ldap/password.rb' - 'lib/net/snmp.rb' -# Offense count: 15 +# Offense count: 14 # This cop supports safe autocorrection (--autocorrect). -# Configuration parameters: AllowDoxygenCommentStyle, AllowGemfileRubyComment. +# Configuration parameters: AllowDoxygenCommentStyle, AllowGemfileRubyComment, AllowRBSInlineAnnotation, AllowSteepAnnotation. Layout/LeadingCommentSpace: Exclude: - 'lib/net/ber/core_ext/array.rb' @@ -168,7 +153,7 @@ Layout/MultilineMethodCallBraceLayout: Exclude: - 'lib/net/ldap/filter.rb' -# Offense count: 7 +# Offense count: 8 # This cop supports safe autocorrection (--autocorrect). # Configuration parameters: EnforcedStyle. # SupportedStyles: space, no_space @@ -186,8 +171,9 @@ Layout/SpaceAroundKeyword: # Offense count: 7 # This cop supports safe autocorrection (--autocorrect). -# Configuration parameters: AllowForAlignment, EnforcedStyleForExponentOperator. +# Configuration parameters: AllowForAlignment, EnforcedStyleForExponentOperator, EnforcedStyleForRationalLiterals. # SupportedStylesForExponentOperator: space, no_space +# SupportedStylesForRationalLiterals: space, no_space Layout/SpaceAroundOperators: Exclude: - 'lib/net/ber/ber_parser.rb' @@ -214,8 +200,8 @@ Layout/SpaceInsideParens: - 'lib/net/snmp.rb' # Offense count: 1 -# This cop supports unsafe autocorrection (--autocorrect-all). -# Configuration parameters: AllowComments. +# This cop supports safe autocorrection (--autocorrect). +# Configuration parameters: AutoCorrect, AllowComments. Lint/EmptyConditionalBody: Exclude: - 'lib/net/ldap/filter.rb' @@ -227,6 +213,7 @@ Lint/EmptyWhen: - 'lib/net/ldap/pdu.rb' # Offense count: 30 +# This cop supports safe autocorrection (--autocorrect). Lint/ImplicitStringConcatenation: Exclude: - 'test/test_filter.rb' @@ -241,9 +228,9 @@ Lint/RescueException: Exclude: - 'lib/net/ldap/pdu.rb' -# Offense count: 9 +# Offense count: 10 # This cop supports safe autocorrection (--autocorrect). -# Configuration parameters: IgnoreEmptyBlocks, AllowUnusedKeywordArguments. +# Configuration parameters: AutoCorrect, IgnoreEmptyBlocks, AllowUnusedKeywordArguments. Lint/UnusedBlockArgument: Exclude: - 'lib/net/ldap.rb' @@ -251,7 +238,8 @@ Lint/UnusedBlockArgument: # Offense count: 7 # This cop supports safe autocorrection (--autocorrect). -# Configuration parameters: AllowUnusedKeywordArguments, IgnoreEmptyMethods, IgnoreNotImplementedMethods. +# Configuration parameters: AutoCorrect, AllowUnusedKeywordArguments, IgnoreEmptyMethods, IgnoreNotImplementedMethods, NotImplementedExceptions. +# NotImplementedExceptions: NotImplementedError Lint/UnusedMethodArgument: Exclude: - 'lib/net/ldap/entry.rb' @@ -262,19 +250,21 @@ Lint/UnusedMethodArgument: # Offense count: 1 # This cop supports safe autocorrection (--autocorrect). -# Configuration parameters: ContextCreatingMethods, MethodCreatingMethods. +# Configuration parameters: AutoCorrect, ContextCreatingMethods, MethodCreatingMethods. Lint/UselessAccessModifier: Exclude: - 'lib/net/ldap/connection.rb' # Offense count: 5 +# This cop supports safe autocorrection (--autocorrect). +# Configuration parameters: AutoCorrect. Lint/UselessAssignment: Exclude: - 'test/integration/test_add.rb' - 'test/test_ldap_connection.rb' - 'test/test_search.rb' -# Offense count: 38 +# Offense count: 42 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes. Metrics/AbcSize: Max: 124 @@ -285,22 +275,22 @@ Metrics/AbcSize: Metrics/BlockLength: Max: 119 -# Offense count: 11 -# Configuration parameters: CountBlocks. +# Offense count: 6 +# Configuration parameters: CountBlocks, CountModifierForms. Metrics/BlockNesting: Max: 4 -# Offense count: 11 +# Offense count: 12 # Configuration parameters: CountComments, CountAsOne. Metrics/ClassLength: - Max: 443 + Max: 451 -# Offense count: 20 +# Offense count: 21 # Configuration parameters: AllowedMethods, AllowedPatterns. Metrics/CyclomaticComplexity: Max: 45 -# Offense count: 74 +# Offense count: 79 # Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns. Metrics/MethodLength: Max: 130 @@ -333,7 +323,7 @@ Naming/ClassAndModuleCamelCase: Exclude: - 'lib/net/ldap/auth_adapter/gss_spnego.rb' -# Offense count: 87 +# Offense count: 88 Naming/ConstantName: Exclude: - 'lib/net/ldap.rb' @@ -350,6 +340,7 @@ Naming/ConstantName: # AllowedAcronyms: CLI, DSL, ACL, API, ASCII, CPU, CSS, DNS, EOF, GUID, HTML, HTTP, HTTPS, ID, IP, JSON, LHS, QPS, RAM, RHS, RPC, SLA, SMTP, SQL, SSH, TCP, TLS, TTL, UDP, UI, UID, UUID, URI, URL, UTF8, VM, XML, XMPP, XSRF, XSS Naming/FileName: Exclude: + - 'Rakefile.rb' - 'lib/net-ldap.rb' # Offense count: 11 @@ -380,7 +371,7 @@ Style/AccessorGrouping: - 'lib/net/ldap.rb' - 'lib/net/ldap/pdu.rb' -# Offense count: 10 +# Offense count: 11 # This cop supports safe autocorrection (--autocorrect). # Configuration parameters: EnforcedStyle. # SupportedStyles: prefer_alias, prefer_alias_method @@ -434,8 +425,10 @@ Style/CharacterLiteral: # Offense count: 23 # This cop supports unsafe autocorrection (--autocorrect-all). -# Configuration parameters: EnforcedStyle. +# Configuration parameters: EnforcedStyle, EnforcedStyleForClasses, EnforcedStyleForModules. # SupportedStyles: nested, compact +# SupportedStylesForClasses: ~, nested, compact +# SupportedStylesForModules: ~, nested, compact Style/ClassAndModuleChildren: Enabled: false @@ -493,7 +486,7 @@ Style/Documentation: # Offense count: 1 # This cop supports safe autocorrection (--autocorrect). -# Configuration parameters: EnforcedStyle. +# Configuration parameters: AutoCorrect, EnforcedStyle. # SupportedStyles: compact, expanded Style/EmptyMethod: Exclude: @@ -525,7 +518,7 @@ Style/ExplicitBlockArgument: - 'lib/net/ldap.rb' - 'lib/net/ldap/dataset.rb' -# Offense count: 54 +# Offense count: 57 # This cop supports unsafe autocorrection (--autocorrect-all). # Configuration parameters: EnforcedStyle. # SupportedStyles: always, always_true, never @@ -545,11 +538,11 @@ Style/GuardClause: Exclude: - 'lib/net/ldap/filter.rb' -# Offense count: 159 +# Offense count: 164 # This cop supports safe autocorrection (--autocorrect). # Configuration parameters: EnforcedStyle, EnforcedShorthandSyntax, UseHashRocketsWithSymbolValues, PreferHashRocketsForNonAlnumEndingSymbols. # SupportedStyles: ruby19, hash_rockets, no_mixed_keys, ruby19_no_mixed_keys -# SupportedShorthandSyntax: always, never, either, consistent +# SupportedShorthandSyntax: always, never, either, consistent, either_consistent Style/HashSyntax: Exclude: - 'lib/net/ber.rb' @@ -573,7 +566,7 @@ Style/IfInsideElse: Exclude: - 'lib/net/ldap/instrumentation.rb' -# Offense count: 25 +# Offense count: 28 # This cop supports safe autocorrection (--autocorrect). Style/IfUnlessModifier: Exclude: @@ -618,7 +611,14 @@ Style/MultilineWhenThen: Exclude: - 'lib/net/ldap/dn.rb' -# Offense count: 25 +# Offense count: 1 +# This cop supports safe autocorrection (--autocorrect). +# Configuration parameters: AllowMethodComparison, ComparisonsThreshold. +Style/MultipleComparison: + Exclude: + - 'lib/net/ldap/dataset.rb' + +# Offense count: 26 # This cop supports unsafe autocorrection (--autocorrect-all). # Configuration parameters: EnforcedStyle. # SupportedStyles: literals, strict @@ -650,7 +650,7 @@ Style/NegatedWhile: # Offense count: 3 # This cop supports safe autocorrection (--autocorrect). -# Configuration parameters: EnforcedStyle, MinBodyLength. +# Configuration parameters: EnforcedStyle, MinBodyLength, AllowConsecutiveConditionals. # SupportedStyles: skip_modifier_ifs, always Style/Next: Exclude: @@ -678,7 +678,7 @@ Style/Not: Exclude: - 'lib/net/ldap/filter.rb' -# Offense count: 11 +# Offense count: 13 # This cop supports safe autocorrection (--autocorrect). # Configuration parameters: Strict, AllowedNumbers, AllowedPatterns. Style/NumericLiterals: @@ -704,15 +704,12 @@ Style/OptionalBooleanParameter: Exclude: - 'lib/net/ldap/entry.rb' -# Offense count: 6 +# Offense count: 1 # This cop supports safe autocorrection (--autocorrect). # Configuration parameters: AllowSafeAssignment, AllowInMultilineConditions. Style/ParenthesesAroundCondition: Exclude: - - 'lib/net/ldap.rb' - - 'lib/net/ldap/auth_adapter/gss_spnego.rb' - 'lib/net/ldap/auth_adapter/sasl.rb' - - 'lib/net/ldap/auth_adapter/simple.rb' # Offense count: 13 # This cop supports safe autocorrection (--autocorrect). @@ -737,7 +734,7 @@ Style/PerlBackrefs: - 'testserver/ldapserver.rb' # Offense count: 10 -# This cop supports safe autocorrection (--autocorrect). +# This cop supports unsafe autocorrection (--autocorrect-all). # Configuration parameters: EnforcedStyle, AllowedCompactTypes. # SupportedStyles: compact, exploded Style/RaiseArgs: @@ -874,7 +871,7 @@ Style/StringConcatenation: - 'test/test_ldif.rb' - 'test/test_snmp.rb' -# Offense count: 683 +# Offense count: 728 # This cop supports safe autocorrection (--autocorrect). # Configuration parameters: EnforcedStyle, ConsistentQuotesInMultiline. # SupportedStyles: single_quotes, double_quotes @@ -907,7 +904,7 @@ Style/TernaryParentheses: # Offense count: 38 # This cop supports safe autocorrection (--autocorrect). # Configuration parameters: EnforcedStyleForMultiline. -# SupportedStylesForMultiline: comma, consistent_comma, no_comma +# SupportedStylesForMultiline: comma, consistent_comma, diff_comma, no_comma Style/TrailingCommaInHashLiteral: Enabled: false @@ -955,9 +952,9 @@ Style/ZeroLengthPredicate: - 'lib/net/ldap/filter.rb' - 'testserver/ldapserver.rb' -# Offense count: 24 +# Offense count: 27 # This cop supports safe autocorrection (--autocorrect). -# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns. +# Configuration parameters: AllowHeredoc, AllowURI, URISchemes, IgnoreCopDirectives, AllowedPatterns, SplitStrings. # URISchemes: http, https Layout/LineLength: Max: 360 diff --git a/Gemfile b/Gemfile index 851fabc2..10d2031f 100644 --- a/Gemfile +++ b/Gemfile @@ -1,2 +1,8 @@ source 'https://rubygems.org' gemspec + +gem "debug", platform: :mri +gem "flexmock", "~> 1.3" +gem "rake", "~> 12.3.3" +gem "rubocop", "~> 1.48" +gem "test-unit" diff --git a/README.rdoc b/README.rdoc index 6daafda6..88bdba61 100644 --- a/README.rdoc +++ b/README.rdoc @@ -23,7 +23,7 @@ the most recent LDAP RFCs (4510–4519, plus portions of 4520–4532). == Synopsis -See {Net::LDAP on rubydoc.info}[https://www.rubydoc.info/github/ruby-ldap/ruby-net-ldap] for documentation and usage samples. +See {Net::LDAP on rubydoc.info}[https://www.rubydoc.info/github/ruby-ldap/ruby-net-ldap/Net/LDAP] for documentation and usage samples. == Requirements diff --git a/ci-run.sh b/ci-run.sh index 27024a77..cef309c0 100755 --- a/ci-run.sh +++ b/ci-run.sh @@ -3,5 +3,6 @@ set -e gem install bundler +ruby -v | grep jruby && apt update && apt install -y gcc bundle check || bundle install bundle exec rake ci diff --git a/docker-compose.yml b/docker-compose.yml index 6ada67bf..4fbfbec8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,3 @@ -version: "3.8" - networks: integration_test_network: @@ -24,9 +22,9 @@ services: volumes: - ./test/fixtures/ldif:/ldif:ro - ci-2.6: - image: ruby:2.7 - entrypoint: /code/ci-run.sh + ci-3.0: + image: ruby:3.0 + command: /code/ci-run.sh environment: INTEGRATION: openldap INTEGRATION_HOST: ldap.example.org @@ -38,9 +36,9 @@ services: - .:/code working_dir: /code - ci-2.7: - image: ruby:2.7 - entrypoint: /code/ci-run.sh + ci-3.1: + image: ruby:3.1 + command: /code/ci-run.sh environment: INTEGRATION: openldap INTEGRATION_HOST: ldap.example.org @@ -52,9 +50,9 @@ services: - .:/code working_dir: /code - ci-3.0: - image: ruby:3.0 - entrypoint: /code/ci-run.sh + ci-3.2: + image: ruby:3.2 + command: /code/ci-run.sh environment: INTEGRATION: openldap INTEGRATION_HOST: ldap.example.org @@ -66,9 +64,9 @@ services: - .:/code working_dir: /code - ci-3.1: - image: ruby:3.1 - entrypoint: /code/ci-run.sh + ci-3.3: + image: ruby:3.3 + command: /code/ci-run.sh environment: INTEGRATION: openldap INTEGRATION_HOST: ldap.example.org @@ -80,8 +78,8 @@ services: - .:/code working_dir: /code - ci-3.2: - image: ruby:3.2 + ci-3.4: + image: ruby:3.4 entrypoint: /code/ci-run.sh environment: INTEGRATION: openldap @@ -95,9 +93,9 @@ services: working_dir: /code # https://github.com/flavorjones/truffleruby/pkgs/container/truffleruby - ci-truffleruby-22: - image: ghcr.io/flavorjones/truffleruby:22.3.1 - entrypoint: /code/ci-run.sh + ci-truffleruby: + image: ghcr.io/flavorjones/truffleruby:stable + command: /code/ci-run.sh environment: INTEGRATION: openldap INTEGRATION_HOST: ldap.example.org @@ -111,7 +109,7 @@ services: ci-jruby-9.3: image: jruby:9.3 - entrypoint: /code/ci-run.sh + command: /code/ci-run.sh environment: INTEGRATION: openldap INTEGRATION_HOST: ldap.example.org @@ -125,7 +123,7 @@ services: ci-jruby-9.4: image: jruby:9.4 - entrypoint: /code/ci-run.sh + command: /code/ci-run.sh environment: INTEGRATION: openldap INTEGRATION_HOST: ldap.example.org diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index af01dd1d..8dca73c0 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -311,7 +311,7 @@ class Net::LDAP 0 => :array, # RFC-2251 Control and Filter-AND 1 => :array, # SearchFilter-OR 2 => :array, # SearchFilter-NOT - 3 => :array, # Seach referral + 3 => :array, # Search referral 4 => :array, # unknown use in Microsoft Outlook 5 => :array, # SearchFilter-GE 6 => :array, # SearchFilter-LE @@ -325,7 +325,7 @@ class Net::LDAP universal = { constructed: { - 107 => :array, #ExtendedResponse (PasswdModifyResponseValue) + 107 => :string, # ExtendedResponse }, } @@ -341,6 +341,7 @@ class Net::LDAP StartTlsOid = '1.3.6.1.4.1.1466.20037' PasswdModifyOid = '1.3.6.1.4.1.4203.1.11.1' + WhoamiOid = '1.3.6.1.4.1.4203.1.11.3' # https://tools.ietf.org/html/rfc4511#section-4.1.9 # https://tools.ietf.org/html/rfc4511#appendix-A @@ -1200,6 +1201,23 @@ def delete_tree(args) end end + # Return the authorization identity of the client that issues the + # ldapwhoami request. The method does not support any arguments. + # + # Returns True or False to indicate whether the request was successfull. + # The result is available in the extended status information when calling + # #get_operation_result. + # + # ldap.ldapwhoami + # puts ldap.get_operation_result.extended_response + def ldapwhoami(args = {}) + instrument "ldapwhoami.net_ldap", args do |payload| + @result = use_connection(args, &:ldapwhoami) + @result.success? ? @result.extended_response : nil + end + end + alias_method :whoami, :ldapwhoami + # This method is experimental and subject to change. Return the rootDSE # record from the LDAP server as a Net::LDAP::Entry, or an empty Entry if # the server doesn't return the record. @@ -1257,10 +1275,10 @@ def search_subschema_entry rs = search(:ignore_server_caps => true, :base => "", :scope => SearchScope_BaseObject, :attributes => [:subschemaSubentry]) - return Net::LDAP::Entry.new unless (rs and rs.first) + return Net::LDAP::Entry.new unless rs and rs.first subschema_name = rs.first.subschemasubentry - return Net::LDAP::Entry.new unless (subschema_name and subschema_name.first) + return Net::LDAP::Entry.new unless subschema_name and subschema_name.first rs = search(:ignore_server_caps => true, :base => subschema_name.first, :scope => SearchScope_BaseObject, diff --git a/lib/net/ldap/auth_adapter/gss_spnego.rb b/lib/net/ldap/auth_adapter/gss_spnego.rb index 4a451ffb..b4c3e519 100644 --- a/lib/net/ldap/auth_adapter/gss_spnego.rb +++ b/lib/net/ldap/auth_adapter/gss_spnego.rb @@ -20,7 +20,7 @@ def bind(auth) require 'ntlm' user, psw = [auth[:username] || auth[:dn], auth[:password]] - raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw) + raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless user && psw nego = proc do |challenge| t2_msg = NTLM::Message.parse(challenge) diff --git a/lib/net/ldap/auth_adapter/sasl.rb b/lib/net/ldap/auth_adapter/sasl.rb index 4489bda4..bfebfc94 100644 --- a/lib/net/ldap/auth_adapter/sasl.rb +++ b/lib/net/ldap/auth_adapter/sasl.rb @@ -30,7 +30,7 @@ class Sasl < Net::LDAP::AuthAdapter def bind(auth) mech, cred, chall = auth[:mechanism], auth[:initial_credential], auth[:challenge_response] - raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (mech && cred && chall) + raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless mech && cred && chall message_id = @connection.next_msgid diff --git a/lib/net/ldap/auth_adapter/simple.rb b/lib/net/ldap/auth_adapter/simple.rb index d8e61c7b..8a753ea6 100644 --- a/lib/net/ldap/auth_adapter/simple.rb +++ b/lib/net/ldap/auth_adapter/simple.rb @@ -11,7 +11,7 @@ def bind(auth) ["", ""] end - raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw) + raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless user && psw message_id = @connection.next_msgid request = [ diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index f51b7b7e..f1a70b18 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -569,7 +569,12 @@ def modify(args) ops.to_ber_sequence, ].to_ber_appsequence(Net::LDAP::PDU::ModifyRequest) - write(request, nil, message_id) + controls = args.fetch(:controls, nil) + unless controls.nil? + controls = controls.to_ber_contextspecific(0) + end + + write(request, controls, message_id) pdu = queued_read(message_id) if !pdu || pdu.app_tag != Net::LDAP::PDU::ModifyResponse @@ -641,7 +646,12 @@ def add(args) message_id = next_msgid request = [add_dn.to_ber, add_attrs.to_ber_sequence].to_ber_appsequence(Net::LDAP::PDU::AddRequest) - write(request, nil, message_id) + controls = args.fetch(:controls, nil) + unless controls.nil? + controls = controls.to_ber_contextspecific(0) + end + + write(request, controls, message_id) pdu = queued_read(message_id) if !pdu || pdu.app_tag != Net::LDAP::PDU::AddResponse @@ -693,6 +703,22 @@ def delete(args) pdu end + def ldapwhoami + ext_seq = [Net::LDAP::WhoamiOid.to_ber_contextspecific(0)] + request = ext_seq.to_ber_appsequence(Net::LDAP::PDU::ExtendedRequest) + + message_id = next_msgid + + write(request, nil, message_id) + pdu = queued_read(message_id) + + if !pdu || pdu.app_tag != Net::LDAP::PDU::ExtendedResponse + raise Net::LDAP::ResponseMissingOrInvalidError, "response missing or invalid" + end + + pdu + end + # Internal: Returns a Socket like object used internally to communicate with # LDAP server. # diff --git a/lib/net/ldap/pdu.rb b/lib/net/ldap/pdu.rb index 564a23cc..83a609b7 100644 --- a/lib/net/ldap/pdu.rb +++ b/lib/net/ldap/pdu.rb @@ -194,13 +194,13 @@ def parse_ldap_result(sequence) # requestValue [1] OCTET STRING OPTIONAL } def parse_extended_response(sequence) - sequence.length >= 3 or raise Net::LDAP::PDU::Error, "Invalid LDAP result length." + sequence.length.between?(3, 5) or raise Net::LDAP::PDU::Error, "Invalid LDAP result length." @ldap_result = { :resultCode => sequence[0], :matchedDN => sequence[1], :errorMessage => sequence[2], } - @extended_response = sequence[3] + @extended_response = sequence.length == 3 ? nil : sequence.last end private :parse_extended_response diff --git a/net-ldap.gemspec b/net-ldap.gemspec index a5e53b88..077077f2 100644 --- a/net-ldap.gemspec +++ b/net-ldap.gemspec @@ -26,12 +26,9 @@ the most recent LDAP RFCs (4510-4519, plutions of 4520-4532).} s.homepage = %q{http://github.com/ruby-ldap/ruby-net-ldap} s.rdoc_options = ["--main", "README.rdoc"] s.require_paths = ["lib"] - s.required_ruby_version = ">= 2.0.0" + s.required_ruby_version = ">= 3.0.0" s.summary = %q{Net::LDAP for Ruby (also called net-ldap) implements client access for the Lightweight Directory Access Protocol (LDAP), an IETF standard protocol for accessing distributed directory services} - s.add_development_dependency("flexmock", "~> 1.3") - s.add_development_dependency("rake", "~> 12.3.3") - s.add_development_dependency("rubocop", "~> 1.48") - s.add_development_dependency("test-unit", "~> 3.3") - s.add_development_dependency("byebug", "~> 9.0.6") unless RUBY_PLATFORM == "java" + s.add_dependency("base64") + s.add_dependency("ostruct") end diff --git a/test/integration/test_password_modify.rb b/test/integration/test_password_modify.rb index 65507c80..e7d8d670 100644 --- a/test/integration/test_password_modify.rb +++ b/test/integration/test_password_modify.rb @@ -1,6 +1,13 @@ require_relative '../test_helper' class TestPasswordModifyIntegration < LDAPIntegrationTestCase + # see: https://www.rfc-editor.org/rfc/rfc3062#section-2 + PASSWORD_MODIFY_SYNTAX = Net::BER.compile_syntax( + application: {}, + universal: {}, + context_specific: { primitive: { 0 => :string } }, + ) + def setup super @admin_account = { dn: 'cn=admin,dc=example,dc=org', password: 'admin', method: :simple } @@ -49,7 +56,13 @@ def test_password_modify_generate auth: @auth, old_password: 'admin') - generated_password = @ldap.get_operation_result.extended_response[0][0] + passwd_modify_response_value = @ldap.get_operation_result.extended_response + seq = Net::BER::BerIdentifiedArray.new + sio = StringIO.new(passwd_modify_response_value) + until (e = sio.read_ber(PASSWORD_MODIFY_SYNTAX)).nil? + seq << e + end + generated_password = seq[0][0] assert generated_password, 'Should have generated a password' @@ -64,8 +77,13 @@ def test_password_modify_generate_no_old_password assert @ldap.password_modify(dn: @dn, auth: @auth) - generated_password = @ldap.get_operation_result.extended_response[0][0] - + passwd_modify_response_value = @ldap.get_operation_result.extended_response + seq = Net::BER::BerIdentifiedArray.new + sio = StringIO.new(passwd_modify_response_value) + until (e = sio.read_ber(PASSWORD_MODIFY_SYNTAX)).nil? + seq << e + end + generated_password = seq[0][0] assert generated_password, 'Should have generated a password' refute @ldap.bind(username: @dn, password: 'admin', method: :simple), diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index 74de115c..fdfa418c 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -502,6 +502,40 @@ def test_search_net_ldap_connection_event assert unread.empty?, "should not have any leftover unread messages" end + def test_add_with_controls + dacl_flag = 0x4 # DACL_SECURITY_INFORMATION + control_values = [dacl_flag].map(&:to_ber).to_ber_sequence.to_s.to_ber + controls = [] + # LDAP_SERVER_SD_FLAGS constant definition, taken from https://ldapwiki.com/wiki/LDAP_SERVER_SD_FLAGS_OID + ldap_server_sd_flags = '1.2.840.113556.1.4.801'.freeze + controls << [ldap_server_sd_flags.to_ber, true.to_ber, control_values].to_ber_sequence + + ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""]) + ber.ber_identifier = Net::LDAP::PDU::AddResponse + @tcp_socket.should_receive(:read_ber).and_return([1, ber]) + + result = @connection.add(:dn => "uid=added-user1,ou=People,dc=rubyldap,dc=com", :controls => controls) + assert result.success?, "should be success" + assert_equal "", result.error_message + end + + def test_modify_with_controls + dacl_flag = 0x4 # DACL_SECURITY_INFORMATION + control_values = [dacl_flag].map(&:to_ber).to_ber_sequence.to_s.to_ber + controls = [] + # LDAP_SERVER_SD_FLAGS constant definition, taken from https://ldapwiki.com/wiki/LDAP_SERVER_SD_FLAGS_OID + ldap_server_sd_flags = '1.2.840.113556.1.4.801'.freeze + controls << [ldap_server_sd_flags.to_ber, true.to_ber, control_values].to_ber_sequence + + ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, "", ""]) + ber.ber_identifier = Net::LDAP::PDU::ModifyResponse + @tcp_socket.should_receive(:read_ber).and_return([1, ber]) + + result = @connection.modify(:dn => "1", :operations => [[:replace, "mail", "something@sothsdkf.com"]], :controls => controls) + assert result.success?, "should be success" + assert_equal "", result.error_message + end + def test_search_with_controls # search data search_data_ber = Net::BER::BerIdentifiedArray.new([1, [ @@ -540,4 +574,15 @@ def test_search_with_controls # ensure no unread assert unread.empty?, "should not have any leftover unread messages" end + + def test_ldapwhoami + ber = Net::BER::BerIdentifiedArray.new([Net::LDAP::ResultCodeSuccess, '', '', 0, 'dn:uid=zerosteiner,ou=users,dc=example,dc=org']) + ber.ber_identifier = Net::LDAP::PDU::ExtendedResponse + response = [1, ber] + + @tcp_socket.should_receive(:read_ber).and_return(response) + + result = @connection.ldapwhoami + assert result.extended_response == 'dn:uid=zerosteiner,ou=users,dc=example,dc=org' + end end