Chris@909: # $Id: pdu.rb 126 2006-05-31 15:55:16Z blackhedd $ Chris@909: # Chris@909: # LDAP PDU support classes Chris@909: # Chris@909: # Chris@909: #---------------------------------------------------------------------------- Chris@909: # Chris@909: # Copyright (C) 2006 by Francis Cianfrocca. All Rights Reserved. Chris@909: # Chris@909: # Gmail: garbagecat10 Chris@909: # Chris@909: # This program is free software; you can redistribute it and/or modify Chris@909: # it under the terms of the GNU General Public License as published by Chris@909: # the Free Software Foundation; either version 2 of the License, or Chris@909: # (at your option) any later version. Chris@909: # Chris@909: # This program is distributed in the hope that it will be useful, Chris@909: # but WITHOUT ANY WARRANTY; without even the implied warranty of Chris@909: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Chris@909: # GNU General Public License for more details. Chris@909: # Chris@909: # You should have received a copy of the GNU General Public License Chris@909: # along with this program; if not, write to the Free Software Chris@909: # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Chris@909: # Chris@909: #--------------------------------------------------------------------------- Chris@909: # Chris@909: Chris@909: Chris@909: Chris@909: module Net Chris@909: Chris@909: Chris@909: class LdapPduError < Exception; end Chris@909: Chris@909: Chris@909: class LdapPdu Chris@909: Chris@909: BindResult = 1 Chris@909: SearchReturnedData = 4 Chris@909: SearchResult = 5 Chris@909: ModifyResponse = 7 Chris@909: AddResponse = 9 Chris@909: DeleteResponse = 11 Chris@909: ModifyRDNResponse = 13 Chris@909: SearchResultReferral = 19 Chris@909: Chris@909: attr_reader :msg_id, :app_tag Chris@909: attr_reader :search_dn, :search_attributes, :search_entry Chris@909: attr_reader :search_referrals Chris@909: Chris@909: # Chris@909: # initialize Chris@909: # An LDAP PDU always looks like a BerSequence with Chris@909: # at least two elements: an integer (message-id number), and Chris@909: # an application-specific sequence. Chris@909: # Some LDAPv3 packets also include an optional Chris@909: # third element, which is a sequence of "controls" Chris@909: # (See RFC 2251, section 4.1.12). Chris@909: # The application-specific tag in the sequence tells Chris@909: # us what kind of packet it is, and each kind has its Chris@909: # own format, defined in RFC-1777. Chris@909: # Observe that many clients (such as ldapsearch) Chris@909: # do not necessarily enforce the expected application Chris@909: # tags on received protocol packets. This implementation Chris@909: # does interpret the RFC strictly in this regard, and Chris@909: # it remains to be seen whether there are servers out Chris@909: # there that will not work well with our approach. Chris@909: # Chris@909: # Added a controls-processor to SearchResult. Chris@909: # Didn't add it everywhere because it just _feels_ Chris@909: # like it will need to be refactored. Chris@909: # Chris@909: def initialize ber_object Chris@909: begin Chris@909: @msg_id = ber_object[0].to_i Chris@909: @app_tag = ber_object[1].ber_identifier - 0x60 Chris@909: rescue Chris@909: # any error becomes a data-format error Chris@909: raise LdapPduError.new( "ldap-pdu format error" ) Chris@909: end Chris@909: Chris@909: case @app_tag Chris@909: when BindResult Chris@909: parse_ldap_result ber_object[1] Chris@909: when SearchReturnedData Chris@909: parse_search_return ber_object[1] Chris@909: when SearchResultReferral Chris@909: parse_search_referral ber_object[1] Chris@909: when SearchResult Chris@909: parse_ldap_result ber_object[1] Chris@909: parse_controls(ber_object[2]) if ber_object[2] Chris@909: when ModifyResponse Chris@909: parse_ldap_result ber_object[1] Chris@909: when AddResponse Chris@909: parse_ldap_result ber_object[1] Chris@909: when DeleteResponse Chris@909: parse_ldap_result ber_object[1] Chris@909: when ModifyRDNResponse Chris@909: parse_ldap_result ber_object[1] Chris@909: else Chris@909: raise LdapPduError.new( "unknown pdu-type: #{@app_tag}" ) Chris@909: end Chris@909: end Chris@909: Chris@909: # Chris@909: # result_code Chris@909: # This returns an LDAP result code taken from the PDU, Chris@909: # but it will be nil if there wasn't a result code. Chris@909: # That can easily happen depending on the type of packet. Chris@909: # Chris@909: def result_code code = :resultCode Chris@909: @ldap_result and @ldap_result[code] Chris@909: end Chris@909: Chris@909: # Return RFC-2251 Controls if any. Chris@909: # Messy. Does this functionality belong somewhere else? Chris@909: def result_controls Chris@909: @ldap_controls || [] Chris@909: end Chris@909: Chris@909: Chris@909: # Chris@909: # parse_ldap_result Chris@909: # Chris@909: def parse_ldap_result sequence Chris@909: sequence.length >= 3 or raise LdapPduError Chris@909: @ldap_result = {:resultCode => sequence[0], :matchedDN => sequence[1], :errorMessage => sequence[2]} Chris@909: end Chris@909: private :parse_ldap_result Chris@909: Chris@909: # Chris@909: # parse_search_return Chris@909: # Definition from RFC 1777 (we're handling application-4 here) Chris@909: # Chris@909: # Search Response ::= Chris@909: # CHOICE { Chris@909: # entry [APPLICATION 4] SEQUENCE { Chris@909: # objectName LDAPDN, Chris@909: # attributes SEQUENCE OF SEQUENCE { Chris@909: # AttributeType, Chris@909: # SET OF AttributeValue Chris@909: # } Chris@909: # }, Chris@909: # resultCode [APPLICATION 5] LDAPResult Chris@909: # } Chris@909: # Chris@909: # We concoct a search response that is a hash of the returned attribute values. Chris@909: # NOW OBSERVE CAREFULLY: WE ARE DOWNCASING THE RETURNED ATTRIBUTE NAMES. Chris@909: # This is to make them more predictable for user programs, but it Chris@909: # may not be a good idea. Maybe this should be configurable. Chris@909: # ALTERNATE IMPLEMENTATION: In addition to @search_dn and @search_attributes, Chris@909: # we also return @search_entry, which is an LDAP::Entry object. Chris@909: # If that works out well, then we'll remove the first two. Chris@909: # Chris@909: # Provisionally removed obsolete search_attributes and search_dn, 04May06. Chris@909: # Chris@909: def parse_search_return sequence Chris@909: sequence.length >= 2 or raise LdapPduError Chris@909: @search_entry = LDAP::Entry.new( sequence[0] ) Chris@909: #@search_dn = sequence[0] Chris@909: #@search_attributes = {} Chris@909: sequence[1].each {|seq| Chris@909: @search_entry[seq[0]] = seq[1] Chris@909: #@search_attributes[seq[0].downcase.intern] = seq[1] Chris@909: } Chris@909: end Chris@909: Chris@909: # Chris@909: # A search referral is a sequence of one or more LDAP URIs. Chris@909: # Any number of search-referral replies can be returned by the server, interspersed Chris@909: # with normal replies in any order. Chris@909: # Until I can think of a better way to do this, we'll return the referrals as an array. Chris@909: # It'll be up to higher-level handlers to expose something reasonable to the client. Chris@909: def parse_search_referral uris Chris@909: @search_referrals = uris Chris@909: end Chris@909: Chris@909: Chris@909: # Per RFC 2251, an LDAP "control" is a sequence of tuples, each consisting Chris@909: # of an OID, a boolean criticality flag defaulting FALSE, and an OPTIONAL Chris@909: # Octet String. If only two fields are given, the second one may be Chris@909: # either criticality or data, since criticality has a default value. Chris@909: # Someday we may want to come back here and add support for some of Chris@909: # more-widely used controls. RFC-2696 is a good example. Chris@909: # Chris@909: def parse_controls sequence Chris@909: @ldap_controls = sequence.map do |control| Chris@909: o = OpenStruct.new Chris@909: o.oid,o.criticality,o.value = control[0],control[1],control[2] Chris@909: if o.criticality and o.criticality.is_a?(String) Chris@909: o.value = o.criticality Chris@909: o.criticality = false Chris@909: end Chris@909: o Chris@909: end Chris@909: end Chris@909: private :parse_controls Chris@909: Chris@909: Chris@909: end Chris@909: Chris@909: Chris@909: end # module Net Chris@909: