1509aa8ef6
Some code has been removed. Version control is not synonymous with code storage - if you're not using it now, you probably don't have working tests and the code will be buggy anyway. Write it when you need it.
211 lines
5.7 KiB
Ruby
211 lines
5.7 KiB
Ruby
# $Id$
|
|
#
|
|
# Copyright (C) 2006 by Francis Cianfrocca. All Rights Reserved.
|
|
# Gmail account: garbagecat10.
|
|
#
|
|
# This is an LDAP server intended for unit testing of Net::LDAP.
|
|
# It implements as much of the protocol as we have the stomach
|
|
# to implement but serves static data. Use ldapsearch to test
|
|
# this server!
|
|
#
|
|
# To make this easier to write, we use the Ruby/EventMachine
|
|
# reactor library.
|
|
#
|
|
|
|
#------------------------------------------------
|
|
|
|
module LdapServer
|
|
|
|
LdapServerAsnSyntax = {
|
|
:application => {
|
|
:constructed => {
|
|
0 => :array, # LDAP BindRequest
|
|
3 => :array # LDAP SearchRequest
|
|
},
|
|
:primitive => {
|
|
2 => :string, # ldapsearch sends this to unbind
|
|
}
|
|
},
|
|
:context_specific => {
|
|
:primitive => {
|
|
0 => :string, # simple auth (password)
|
|
7 => :string # present filter
|
|
},
|
|
:constructed => {
|
|
3 => :array # equality filter
|
|
},
|
|
}
|
|
}
|
|
|
|
def post_init
|
|
$logger.info "Accepted LDAP connection"
|
|
@authenticated = false
|
|
end
|
|
|
|
def receive_data data
|
|
@data ||= ""; @data << data
|
|
while pdu = @data.read_ber!(LdapServerAsnSyntax)
|
|
begin
|
|
handle_ldap_pdu pdu
|
|
rescue
|
|
$logger.error "closing connection due to error #{$!}"
|
|
close_connection
|
|
end
|
|
end
|
|
end
|
|
|
|
def handle_ldap_pdu pdu
|
|
tag_id = pdu[1].ber_identifier
|
|
case tag_id
|
|
when 0x60
|
|
handle_bind_request pdu
|
|
when 0x63
|
|
handle_search_request pdu
|
|
when 0x42
|
|
# bizarre thing, it's a null object (primitive application-2)
|
|
# sent by ldapsearch to request an unbind (or a kiss-off, not sure which)
|
|
close_connection_after_writing
|
|
else
|
|
$logger.error "received unknown packet-type #{tag_id}"
|
|
close_connection_after_writing
|
|
end
|
|
end
|
|
|
|
def handle_bind_request pdu
|
|
# TODO, return a proper LDAP error instead of blowing up on version error
|
|
if pdu[1][0] != 3
|
|
send_ldap_response 1, pdu[0].to_i, 2, "", "We only support version 3"
|
|
elsif pdu[1][1] != "cn=bigshot,dc=bayshorenetworks,dc=com"
|
|
send_ldap_response 1, pdu[0].to_i, 48, "", "Who are you?"
|
|
elsif pdu[1][2].ber_identifier != 0x80
|
|
send_ldap_response 1, pdu[0].to_i, 7, "", "Keep it simple, man"
|
|
elsif pdu[1][2] != "opensesame"
|
|
send_ldap_response 1, pdu[0].to_i, 49, "", "Make my day"
|
|
else
|
|
@authenticated = true
|
|
send_ldap_response 1, pdu[0].to_i, 0, pdu[1][1], "I'll take it"
|
|
end
|
|
end
|
|
|
|
|
|
|
|
#--
|
|
# Search Response ::=
|
|
# CHOICE {
|
|
# entry [APPLICATION 4] SEQUENCE {
|
|
# objectName LDAPDN,
|
|
# attributes SEQUENCE OF SEQUENCE {
|
|
# AttributeType,
|
|
# SET OF AttributeValue
|
|
# }
|
|
# },
|
|
# resultCode [APPLICATION 5] LDAPResult
|
|
# }
|
|
def handle_search_request pdu
|
|
unless @authenticated
|
|
# NOTE, early exit.
|
|
send_ldap_response 5, pdu[0].to_i, 50, "", "Who did you say you were?"
|
|
return
|
|
end
|
|
|
|
treebase = pdu[1][0]
|
|
if treebase != "dc=bayshorenetworks,dc=com"
|
|
send_ldap_response 5, pdu[0].to_i, 32, "", "unknown treebase"
|
|
return
|
|
end
|
|
|
|
msgid = pdu[0].to_i.to_ber
|
|
|
|
# pdu[1][7] is the list of requested attributes.
|
|
# If it's an empty array, that means that *all* attributes were requested.
|
|
requested_attrs = if pdu[1][7].length > 0
|
|
pdu[1][7].map {|a| a.downcase}
|
|
else
|
|
:all
|
|
end
|
|
|
|
filters = pdu[1][6]
|
|
if filters.length == 0
|
|
# NOTE, early exit.
|
|
send_ldap_response 5, pdu[0].to_i, 53, "", "No filter specified"
|
|
end
|
|
|
|
# TODO, what if this returns nil?
|
|
filter = Net::LDAP::Filter.parse_ldap_filter( filters )
|
|
|
|
$ldif.each {|dn, entry|
|
|
if filter.match( entry )
|
|
attrs = []
|
|
entry.each {|k, v|
|
|
if requested_attrs == :all or requested_attrs.include?(k.downcase)
|
|
attrvals = v.map {|v1| v1.to_ber}.to_ber_set
|
|
attrs << [k.to_ber, attrvals].to_ber_sequence
|
|
end
|
|
}
|
|
|
|
appseq = [dn.to_ber, attrs.to_ber_sequence].to_ber_appsequence(4)
|
|
pkt = [msgid.to_ber, appseq].to_ber_sequence
|
|
send_data pkt
|
|
end
|
|
}
|
|
|
|
|
|
send_ldap_response 5, pdu[0].to_i, 0, "", "Was that what you wanted?"
|
|
end
|
|
|
|
|
|
|
|
def send_ldap_response pkt_tag, msgid, code, dn, text
|
|
send_data( [msgid.to_ber, [code.to_ber, dn.to_ber, text.to_ber].to_ber_appsequence(pkt_tag) ].to_ber )
|
|
end
|
|
|
|
end
|
|
|
|
|
|
#------------------------------------------------
|
|
|
|
# Rather bogus, a global method, which reads a HARDCODED filename
|
|
# parses out LDIF data. It will be used to serve LDAP queries out of this server.
|
|
#
|
|
def load_test_data
|
|
ary = File.readlines( "./testdata.ldif" )
|
|
hash = {}
|
|
while line = ary.shift and line.chomp!
|
|
if line =~ /^dn:[\s]*/i
|
|
dn = $'
|
|
hash[dn] = {}
|
|
while attr = ary.shift and attr.chomp! and attr =~ /^([\w]+)[\s]*:[\s]*/
|
|
hash[dn][$1.downcase] ||= []
|
|
hash[dn][$1.downcase] << $'
|
|
end
|
|
end
|
|
end
|
|
hash
|
|
end
|
|
|
|
|
|
#------------------------------------------------
|
|
|
|
if __FILE__ == $0
|
|
|
|
require 'rubygems'
|
|
require 'eventmachine'
|
|
|
|
require 'logger'
|
|
$logger = Logger.new $stderr
|
|
|
|
$logger.info "adding ../lib to loadpath, to pick up dev version of Net::LDAP."
|
|
$:.unshift "../lib"
|
|
|
|
$ldif = load_test_data
|
|
|
|
require 'net/ldap'
|
|
|
|
EventMachine.run {
|
|
$logger.info "starting LDAP server on 127.0.0.1 port 3890"
|
|
EventMachine.start_server "127.0.0.1", 3890, LdapServer
|
|
EventMachine.add_periodic_timer 60, proc {$logger.info "heartbeat"}
|
|
}
|
|
end
|
|
|