Class: Gitlab::Auth::Ldap::DN
- Inherits:
-
Object
- Object
- Gitlab::Auth::Ldap::DN
- Defined in:
- lib/gitlab/auth/ldap/dn.rb
Constant Summary collapse
- FormatError =
Class.new(StandardError)
- MalformedError =
Class.new(FormatError)
- UnsupportedError =
Class.new(FormatError)
- NORMAL_ESCAPES =
www.rfc-editor.org/rfc/rfc4514 section 2.4 lists these exceptions for DN values. All of the following must be escaped in any normal string using a single backslash (‘') as escape. The space character is left out here because in a “normalized” string, spaces should only be escaped if necessary (i.e. leading or trailing space).
[',', '+', '"', '\\', '<', '>', ';', '='].freeze
- HEX_ESCAPES =
The following must be represented as escaped hex
{ "\n" => '\0a', "\r" => '\0d' }.freeze
- ESCAPE_RE =
Compiled character class regexp using the keys from the above hash, and checking for a space or # at the start, or space at the end, of the string.
Regexp.new("(^ |^#| $|[" + NORMAL_ESCAPES.map { |e| Regexp.escape(e) }.join + "])")
- HEX_ESCAPE_RE =
Regexp.new("([" + HEX_ESCAPES.keys.map { |e| Regexp.escape(e) }.join + "])")
Class Method Summary collapse
-
.escape(string) ⇒ Object
Escape a string for use in a DN value.
- .normalize_value(given_value) ⇒ Object
Instance Method Summary collapse
-
#each_pair {|key.string.strip, rstrip_except_escaped(value.string, @dn.length)| ... } ⇒ Object
Parse a DN into key value pairs using ASN from www.rfc-editor.org/rfc/rfc2253 section 3.
-
#initialize(*args) ⇒ DN
constructor
Initialize a DN, escaping as required.
- #rstrip_except_escaped(str, dn_index) ⇒ Object
-
#to_a ⇒ Object
Returns the DN as an array in the form expected by the constructor.
-
#to_normalized_s ⇒ Object
Return the DN as an escaped and normalized string.
-
#to_s ⇒ Object
Return the DN as an escaped string.
Constructor Details
#initialize(*args) ⇒ DN
Initialize a DN, escaping as required. Pass in attributes in name/value pairs. If there is a left over argument, it will be appended to the dn without escaping (useful for a base string).
Most uses of this class will be to escape a DN, rather than to parse it, so storing the dn as an escaped String and parsing parts as required with a state machine seems sensible.
44 45 46 47 48 49 50 |
# File 'lib/gitlab/auth/ldap/dn.rb', line 44 def initialize(*args) if args.length > 1 initialize_array(args) else initialize_string(args[0]) end end |
Dynamic Method Handling
This class handles dynamic methods through the method_missing method
#method_missing(method, *args, &block) ⇒ Object (private)
Proxy all other requests to the string object, because a DN is mainly used within the library as a string rubocop:disable GitlabSecurity/PublicSend
291 292 293 |
# File 'lib/gitlab/auth/ldap/dn.rb', line 291 def method_missing(method, *args, &block) @dn.send(method, *args, &block) end |
Class Method Details
.escape(string) ⇒ Object
Escape a string for use in a DN value
260 261 262 263 |
# File 'lib/gitlab/auth/ldap/dn.rb', line 260 def self.escape(string) escaped = string.gsub(ESCAPE_RE) { |char| "\\" + char } escaped.gsub(HEX_ESCAPE_RE) { |char| HEX_ESCAPES[char] } end |
.normalize_value(given_value) ⇒ Object
30 31 32 33 34 |
# File 'lib/gitlab/auth/ldap/dn.rb', line 30 def self.normalize_value(given_value) dummy_dn = "placeholder=#{given_value}" normalized_dn = new(*dummy_dn).to_normalized_s normalized_dn.delete_prefix('placeholder=') end |
Instance Method Details
#each_pair {|key.string.strip, rstrip_except_escaped(value.string, @dn.length)| ... } ⇒ Object
Parse a DN into key value pairs using ASN from www.rfc-editor.org/rfc/rfc2253 section 3. rubocop:disable Metrics/AbcSize rubocop:disable Metrics/CyclomaticComplexity rubocop:disable Metrics/PerceivedComplexity
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 |
# File 'lib/gitlab/auth/ldap/dn.rb', line 58 def each_pair state = :key key = StringIO.new value = StringIO.new hex_buffer = "" @dn.each_char.with_index do |char, dn_index| case state when :key then case char when 'a'..'z', 'A'..'Z' then state = :key_normal key << char when '0'..'9' then state = :key_oid key << char when ' ' then state = :key else raise(MalformedError, "Unrecognized first character of an RDN attribute type name \"#{char}\"") end when :key_normal then case char when '=' then state = :value when 'a'..'z', 'A'..'Z', '0'..'9', '-', ' ' then key << char else raise(MalformedError, "Unrecognized RDN attribute type name character \"#{char}\"") end when :key_oid then case char when '=' then state = :value when '0'..'9', '.', ' ' then key << char else raise(MalformedError, "Unrecognized RDN OID attribute type name character \"#{char}\"") end when :value then case char when '\\' then state = :value_normal_escape when '"' then state = :value_quoted when ' ' then state = :value when '#' then state = :value_hexstring value << char when ',' then state = :key yield key.string.strip, rstrip_except_escaped(value.string, dn_index) key = StringIO.new value = StringIO.new else state = :value_normal value << char end when :value_normal then case char when '\\' then state = :value_normal_escape when ',' then state = :key yield key.string.strip, rstrip_except_escaped(value.string, dn_index) key = StringIO.new value = StringIO.new when '+' then raise(UnsupportedError, "Multivalued RDNs are not supported") else value << char end when :value_normal_escape then case char when '0'..'9', 'a'..'f', 'A'..'F' then state = :value_normal_escape_hex hex_buffer = char else state = :value_normal value << char end when :value_normal_escape_hex then case char when '0'..'9', 'a'..'f', 'A'..'F' then state = :value_normal value << "#{hex_buffer}#{char}".to_i(16).chr else raise(MalformedError, "Invalid escaped hex code \"\\#{hex_buffer}#{char}\"") end when :value_quoted then case char when '\\' then state = :value_quoted_escape when '"' then state = :value_end else value << char end when :value_quoted_escape then case char when '0'..'9', 'a'..'f', 'A'..'F' then state = :value_quoted_escape_hex hex_buffer = char else state = :value_quoted value << char end when :value_quoted_escape_hex then case char when '0'..'9', 'a'..'f', 'A'..'F' then state = :value_quoted value << "#{hex_buffer}#{char}".to_i(16).chr else raise(MalformedError, "Expected the second character of a hex pair inside a double quoted value, but got \"#{char}\"") end when :value_hexstring then case char when '0'..'9', 'a'..'f', 'A'..'F' then state = :value_hexstring_hex value << char when ' ' then state = :value_end when ',' then state = :key yield key.string.strip, rstrip_except_escaped(value.string, dn_index) key = StringIO.new value = StringIO.new else raise(MalformedError, "Expected the first character of a hex pair, but got \"#{char}\"") end when :value_hexstring_hex then case char when '0'..'9', 'a'..'f', 'A'..'F' then state = :value_hexstring value << char else raise(MalformedError, "Expected the second character of a hex pair, but got \"#{char}\"") end when :value_end then case char when ' ' then state = :value_end when ',' then state = :key yield key.string.strip, rstrip_except_escaped(value.string, dn_index) key = StringIO.new value = StringIO.new else raise(MalformedError, "Expected the end of an attribute value, but got \"#{char}\"") end else raise "Fell out of state machine" end end # Last pair raise(MalformedError, 'DN string ended unexpectedly') unless [:value, :value_normal, :value_hexstring, :value_end].include? state yield key.string.strip, rstrip_except_escaped(value.string, @dn.length) end |
#rstrip_except_escaped(str, dn_index) ⇒ Object
196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 |
# File 'lib/gitlab/auth/ldap/dn.rb', line 196 def rstrip_except_escaped(str, dn_index) str_ends_with_whitespace = str.match(/\s\z/) if str_ends_with_whitespace dn_part_ends_with_escaped_whitespace = @dn[0, dn_index].match(/\\(\s+)\z/) if dn_part_ends_with_escaped_whitespace dn_part_rwhitespace = dn_part_ends_with_escaped_whitespace[1] num_chars_to_remove = dn_part_rwhitespace.length - 1 str = str[0, str.length - num_chars_to_remove] else str.rstrip! end end str end |
#to_a ⇒ Object
Returns the DN as an array in the form expected by the constructor.
216 217 218 219 220 |
# File 'lib/gitlab/auth/ldap/dn.rb', line 216 def to_a a = [] self.each_pair { |key, value| a << key << value } unless @dn.empty? a end |
#to_normalized_s ⇒ Object
Return the DN as an escaped and normalized string.
230 231 232 |
# File 'lib/gitlab/auth/ldap/dn.rb', line 230 def to_normalized_s self.class.new(*to_a).to_s.downcase end |
#to_s ⇒ Object
Return the DN as an escaped string.
224 225 226 |
# File 'lib/gitlab/auth/ldap/dn.rb', line 224 def to_s @dn end |