Class: Gitlab::Auth::Ldap::DN

Inherits:

Object

• Object
• Gitlab::Auth::Ldap::DN

Defined in:

lib/gitlab/auth/ldap/dn.rb

Constant Summary

FormatError =

Class.new(StandardError)

MalformedError =

Class.new(FormatError)

UnsupportedError =

Class.new(FormatError)

NORMAL_ESCAPES =

www.rfc-editor.org/rfc/rfc4514 section 2.4 lists these exceptions for DN values. All of the following must be escaped in any normal string using a single backslash (‘') as escape. The space character is left out here because in a “normalized” string, spaces should only be escaped if necessary (i.e. leading or trailing space).

[',', '+', '"', '\\', '<', '>', ';', '='].freeze

HEX_ESCAPES =

The following must be represented as escaped hex

{
  "\n" => '\0a',
  "\r" => '\0d'
}.freeze

ESCAPE_RE =

Compiled character class regexp using the keys from the above hash, and checking for a space or # at the start, or space at the end, of the string.

Regexp.new("(^ |^#| $|[" +
NORMAL_ESCAPES.map { |e| Regexp.escape(e) }.join +
"])")

HEX_ESCAPE_RE =

Regexp.new("([" +
HEX_ESCAPES.keys.map { |e| Regexp.escape(e) }.join +
"])")

Class Method Summary

• .escape(string) ⇒ Object

  Escape a string for use in a DN value.

• .normalize_value(given_value) ⇒ Object

Instance Method Summary

• #each_pair {|key.string.strip, rstrip_except_escaped(value.string, @dn.length)| ... } ⇒ Object

  Parse a DN into key value pairs using ASN from www.rfc-editor.org/rfc/rfc2253 section 3.

• #initialize(*args) ⇒ DN constructor

  Initialize a DN, escaping as required.

• #rstrip_except_escaped(str, dn_index) ⇒ Object
• #to_a ⇒ Object

  Returns the DN as an array in the form expected by the constructor.

• #to_normalized_s ⇒ Object

  Return the DN as an escaped and normalized string.

• #to_s ⇒ Object

  Return the DN as an escaped string.

Constructor Details

#initialize(*args) ⇒ DN

Initialize a DN, escaping as required. Pass in attributes in name/value pairs. If there is a left over argument, it will be appended to the dn without escaping (useful for a base string).

Most uses of this class will be to escape a DN, rather than to parse it, so storing the dn as an escaped String and parsing parts as required with a state machine seems sensible.

# File 'lib/gitlab/auth/ldap/dn.rb', line 44

def initialize(*args)
  if args.length > 1
    initialize_array(args)
  else
    initialize_string(args[0])
  end
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(method, *args, &block) ⇒ Object (private)

Proxy all other requests to the string object, because a DN is mainly used within the library as a string rubocop:disable GitlabSecurity/PublicSend

# File 'lib/gitlab/auth/ldap/dn.rb', line 291

def method_missing(method, *args, &block)
  @dn.send(method, *args, &block)
end

Class Method Details

.escape(string) ⇒ Object

Escape a string for use in a DN value

# File 'lib/gitlab/auth/ldap/dn.rb', line 260

def self.escape(string)
  escaped = string.gsub(ESCAPE_RE) { |char| "\\" + char }
  escaped.gsub(HEX_ESCAPE_RE) { |char| HEX_ESCAPES[char] }
end

.normalize_value(given_value) ⇒ Object

# File 'lib/gitlab/auth/ldap/dn.rb', line 30

def self.normalize_value(given_value)
  dummy_dn = "placeholder=#{given_value}"
  normalized_dn = new(*dummy_dn).to_normalized_s
  normalized_dn.delete_prefix('placeholder=')
end

Instance Method Details

#each_pair {|key.string.strip, rstrip_except_escaped(value.string, @dn.length)| ... } ⇒ Object

Parse a DN into key value pairs using ASN from www.rfc-editor.org/rfc/rfc2253 section 3. rubocop:disable Metrics/AbcSize rubocop:disable Metrics/CyclomaticComplexity rubocop:disable Metrics/PerceivedComplexity

Yields:

• (key.string.strip, rstrip_except_escaped(value.string, @dn.length))

Raises:

• (MalformedError)

# File 'lib/gitlab/auth/ldap/dn.rb', line 58

def each_pair
  state = :key
  key = StringIO.new
  value = StringIO.new
  hex_buffer = ""

  @dn.each_char.with_index do |char, dn_index|
    case state
    when :key then
      case char
      when 'a'..'z', 'A'..'Z' then
        state = :key_normal
        key << char
      when '0'..'9' then
        state = :key_oid
        key << char
      when ' ' then state = :key
      else raise(MalformedError, "Unrecognized first character of an RDN attribute type name \"#{char}\"")
      end
    when :key_normal then
      case char
      when '=' then state = :value
      when 'a'..'z', 'A'..'Z', '0'..'9', '-', ' ' then key << char
      else raise(MalformedError, "Unrecognized RDN attribute type name character \"#{char}\"")
      end
    when :key_oid then
      case char
      when '=' then state = :value
      when '0'..'9', '.', ' ' then key << char
      else raise(MalformedError, "Unrecognized RDN OID attribute type name character \"#{char}\"")
      end
    when :value then
      case char
      when '\\' then state = :value_normal_escape
      when '"' then state = :value_quoted
      when ' ' then state = :value
      when '#' then
        state = :value_hexstring
        value << char
      when ',' then
        state = :key
        yield key.string.strip, rstrip_except_escaped(value.string, dn_index)
        key = StringIO.new
        value = StringIO.new
      else
        state = :value_normal
        value << char
      end
    when :value_normal then
      case char
      when '\\' then state = :value_normal_escape
      when ',' then
        state = :key
        yield key.string.strip, rstrip_except_escaped(value.string, dn_index)
        key = StringIO.new
        value = StringIO.new
      when '+' then raise(UnsupportedError, "Multivalued RDNs are not supported")
      else value << char
      end
    when :value_normal_escape then
      case char
      when '0'..'9', 'a'..'f', 'A'..'F' then
        state = :value_normal_escape_hex
        hex_buffer = char
      else
        state = :value_normal
        value << char
      end
    when :value_normal_escape_hex then
      case char
      when '0'..'9', 'a'..'f', 'A'..'F' then
        state = :value_normal
        value << "#{hex_buffer}#{char}".to_i(16).chr
      else raise(MalformedError, "Invalid escaped hex code \"\\#{hex_buffer}#{char}\"")
      end
    when :value_quoted then
      case char
      when '\\' then state = :value_quoted_escape
      when '"' then state = :value_end
      else value << char
      end
    when :value_quoted_escape then
      case char
      when '0'..'9', 'a'..'f', 'A'..'F' then
        state = :value_quoted_escape_hex
        hex_buffer = char
      else
        state = :value_quoted
        value << char
      end
    when :value_quoted_escape_hex then
      case char
      when '0'..'9', 'a'..'f', 'A'..'F' then
        state = :value_quoted
        value << "#{hex_buffer}#{char}".to_i(16).chr
      else raise(MalformedError, "Expected the second character of a hex pair inside a double quoted value, but got \"#{char}\"")
      end
    when :value_hexstring then
      case char
      when '0'..'9', 'a'..'f', 'A'..'F' then
        state = :value_hexstring_hex
        value << char
      when ' ' then state = :value_end
      when ',' then
        state = :key
        yield key.string.strip, rstrip_except_escaped(value.string, dn_index)
        key = StringIO.new
        value = StringIO.new
      else raise(MalformedError, "Expected the first character of a hex pair, but got \"#{char}\"")
      end
    when :value_hexstring_hex then
      case char
      when '0'..'9', 'a'..'f', 'A'..'F' then
        state = :value_hexstring
        value << char
      else raise(MalformedError, "Expected the second character of a hex pair, but got \"#{char}\"")
      end
    when :value_end then
      case char
      when ' ' then state = :value_end
      when ',' then
        state = :key
        yield key.string.strip, rstrip_except_escaped(value.string, dn_index)
        key = StringIO.new
        value = StringIO.new
      else raise(MalformedError, "Expected the end of an attribute value, but got \"#{char}\"")
      end
    else raise "Fell out of state machine"
    end
  end

  # Last pair
  raise(MalformedError, 'DN string ended unexpectedly') unless
    [:value, :value_normal, :value_hexstring, :value_end].include? state

  yield key.string.strip, rstrip_except_escaped(value.string, @dn.length)
end

#rstrip_except_escaped(str, dn_index) ⇒ Object

# File 'lib/gitlab/auth/ldap/dn.rb', line 196

def rstrip_except_escaped(str, dn_index)
  str_ends_with_whitespace = str.match(/\s\z/)

  if str_ends_with_whitespace
    dn_part_ends_with_escaped_whitespace = @dn[0, dn_index].match(/\\(\s+)\z/)

    if dn_part_ends_with_escaped_whitespace
      dn_part_rwhitespace = dn_part_ends_with_escaped_whitespace[1]
      num_chars_to_remove = dn_part_rwhitespace.length - 1
      str = str[0, str.length - num_chars_to_remove]
    else
      str.rstrip!
    end
  end

  str
end

#to_a ⇒ Object

Returns the DN as an array in the form expected by the constructor.

# File 'lib/gitlab/auth/ldap/dn.rb', line 216

def to_a
  a = []
  self.each_pair { |key, value| a << key << value } unless @dn.empty?
  a
end

#to_normalized_s ⇒ Object

Return the DN as an escaped and normalized string.

# File 'lib/gitlab/auth/ldap/dn.rb', line 230

def to_normalized_s
  self.class.new(*to_a).to_s.downcase
end

#to_s ⇒ Object

Return the DN as an escaped string.

# File 'lib/gitlab/auth/ldap/dn.rb', line 224

def to_s
  @dn
end