Merge pull request #20 from JesseCoretta/dev

v1.0.0-stable.2
JesseCoretta · Sep 20, 2023 · 268ac95 · 268ac95
2 parents 22e72ee + 1ed97d3
commit 268ac95
Show file tree

Hide file tree

Showing 16 changed files with 311 additions and 618 deletions.
diff --git a/README.md b/README.md
@@ -30,6 +30,7 @@ This package depends upon the following third-party packages:
   - [`go-antlraci`](https://github.com/JesseCoretta/go-antlraci)\*
   - [`go-objectid`](https://github.com/JesseCoretta/go-objectid)\*
   - [`go-stackage`](https://github.com/JesseCoretta/go-stackage)\*
+  - [`go-shifty`](https://github.com/JesseCoretta/go-shifty)\*
 
 _\* Conceived and maintained by same author_
 
@@ -52,8 +53,7 @@ DIT because it considers you a threat. 🤓
 
 ## About ACIs
 
-Within the context of ACIv3, An [ACI](## "Access Control Instruction") is an expressive statement or "policy" that is used to define the disclosing or withholding of information
-for an [X.500](## "ITU-T X-Series 500")/[LDAP](Lightweight Directory Access Protocol) [DIT](## "Directory Information Tree") as it pertains to its userbase.
+Within the context of ACIv3, An [ACI](## "Access Control Instruction") is an expressive statement or "policy" that is used to define the disclosing or withholding of information for an [X.500](## "ITU-T X-Series 500")/[LDAP](## "Lightweight Directory Access Protocol") [DIT](## "Directory Information Tree") as it pertains to its userbase.
 
 In layperson's terms, ACIs are a specific and (largely) non-proprietary form of "LDAP permissions" that govern who can read, write, search, etc.
 
@@ -108,8 +108,9 @@ to your vendor!
   - A package-wide cyclomatic complexity factor limit of nine (9) is imposed
     - We realize the standard recommended maximum is fifteen (15); we feel we can do better!
     - The following imported packages also exercise this philosophy:
-      - [`go-stackage`](http://github.com/JesseCoretta/go-stackage)
-      - [`go-objectid`](http://github.com/JesseCoretta/go-objectid)
+      - [`go-objectid`](https://github.com/JesseCoretta/go-objectid)
+      - [`go-stackage`](https://github.com/JesseCoretta/go-stackage)
+      - [`go-shifty`](https://github.com/JesseCoretta/go-shifty)
 - Compatible
   - Overall package design is meant to honor all of the facets of the ACIv3 specification **_in its entirety_**
   - No single vendor implementation is catered-to exclusively

diff --git a/bind.go b/bind.go
@@ -635,11 +635,14 @@ parsing request through go-antlraci.
 */
 func convertBindRulesHierarchy(stack any) (BindContext, bool) {
 	orig, _ := castAsStack(stack)
-	if orig.Len() == 0 {
-		return badBindRules, false
-	}
+	/*
+		if orig.Len() == 0 {
+			return badBindRules, false
+		}
+	*/
 
 	var clean BindRules
+	var err error
 
 	// Obtain the kind string from the
 	// original stack.
@@ -648,7 +651,7 @@ func convertBindRulesHierarchy(stack any) (BindContext, bool) {
 	// Iterate the newly-populated clean
 	// instance, performing type-casting
 	// as needed, possibly in recursion.
-	for i := 0; i < orig.Len() && ok; i++ {
+	for i := 0; i < orig.Len() && ok && err == nil; i++ {
 		slice, _ := orig.Index(i)
 
 		// perform a type switch upon the
@@ -682,11 +685,9 @@ func convertBindRulesHierarchy(stack any) (BindContext, bool) {
 			//   DistinguishedNames[<N1>] -> <dn1>
 			//                     [<N2>] -> <dn2>
 			//                     [<N3>] -> <dn3>
-			if err := ntv.assertExpressionValue(); err == nil {
+			if err = ntv.assertExpressionValue(); err == nil {
 				clean.Push(ntv)
-				continue
 			}
-			break
 
 		// slice is a stackage.Stack instance.
 		// We want to cast to a BindRules type

diff --git a/dn.go b/dn.go
@@ -789,6 +789,8 @@ keyword contexts:
 • `groupdn`
 
 • `roledn`
+
+Negated equality BindRule instances should be used with caution.
 */
 func (r BindDistinguishedName) Ne() BindRule {
 	x, ok := dnToCondition(r, Ne)
@@ -809,6 +811,8 @@ keyword contexts:
 • `target_to`
 
 • `target_from`
+
+Negated equality TargetRule instances should be used with caution.
 */
 func (r TargetDistinguishedName) Ne() TargetRule {
 	x, ok := dnToCondition(r, Ne)
@@ -1003,28 +1007,33 @@ func (r BindDistinguishedNames) setExpressionValues(key Keyword, values ...strin
 			var U LDAPURI
 			if U, err = parseLDAPURI(values[i], key.(BindKeyword)); err == nil {
 				r.Push(U)
-				continue
 			}
-			break
-		}
-
-		//
-		// If the DN has the LocalScheme (ldap:///)
-		// prefix, we will chop it off as it is not
-		// needed in literal form any longer.
-		D := chopDNPfx(condenseWHSP(values[i]))
-		if len(D) < 3 || !(contains(D, `=`) || contains(D, `?`) || !isDNAlias(D)) {
+		} else {
+			//
+			// If the DN has the LocalScheme (ldap:///)
+			// prefix, we will chop it off as it is not
+			// needed in literal form any longer.
+			D := chopDNPfx(condenseWHSP(values[i]))
 			err = illegalSyntaxPerTypeErr(D, r.Keyword())
-			return
+			if !isInvalidDNSyntax(D) && !contains(D, `?`) {
+				err = nil
+				// Push DN into receiver
+				r.Push(BindDistinguishedName{newDistinguishedName(D, key)})
+			}
 		}
 
-		// Push DN into receiver
-		r.Push(BindDistinguishedName{newDistinguishedName(D, key)})
+		if err != nil {
+			break
+		}
 	}
 
 	return
 }
 
+func isInvalidDNSyntax(dn string) bool {
+	return (len(dn) < 3 || !(contains(dn, `=`) || !isDNAlias(dn)))
+}
+
 /*
 setExpressionValues is a private method called by assertTargetTFDN for
 DN-based Target Rules parsing.
@@ -1041,7 +1050,7 @@ func (r TargetDistinguishedNames) setExpressionValues(key Keyword, values ...str
 		// prefix, we will chop it off as it is not
 		// needed in literal form any longer.
 		D := chopDNPfx(condenseWHSP(values[i]))
-		if len(D) < 3 || !(contains(D, `=`) || !isDNAlias(D)) {
+		if isInvalidDNSyntax(D) {
 			err = illegalSyntaxPerTypeErr(D, r.Keyword())
 			return
 		}

diff --git a/filter.go b/filter.go
@@ -1122,19 +1122,25 @@ func hasAttributeFilterOperationPrefix(raw string) bool {
 	return false
 }
 
-/*
-parseAttributeFilterOperations processes the raw input value into an instance of
-AttributeFilterOperations, which is returned alongside an error instance.
-*/
-func parseAttributeFilterOperations(raw string, delim int) (afos AttributeFilterOperations, err error) {
-	var char rune = rune(44) // ASCII #44 [comma, default]
+func afosDelim(delim int) (char rune) {
+	char = rune(44) // ASCII #44 [comma, default]
 
 	// If delim is anything except one (1)
 	// use the default, else use semicolon.
 	if delim == 1 {
 		char = rune(59) // ASCII #59 [semicolon]
 	}
 
+	return
+}
+
+/*
+parseAttributeFilterOperations processes the raw input value into an instance of
+AttributeFilterOperations, which is returned alongside an error instance.
+*/
+func parseAttributeFilterOperations(raw string, delim int) (afos AttributeFilterOperations, err error) {
+	char := afosDelim(delim)
+
 	// Scan the raw input value and count the number of
 	// occurrences of an AttributeOperation prefix.
 	var opct int
@@ -1174,7 +1180,7 @@ func parseAttributeFilterOperations(raw string, delim int) (afos AttributeFilter
 	// is an AttributeFilterOperation instance
 	//
 	// e.g.: add=objectClass:(&(employeeStatus:active)(c=US))
-	for i := 0; i < len(vals); i++ {
+	for i := 0; i < len(vals) && err == nil; i++ {
 		var afo AttributeFilterOperation
 
 		value := unquote(condenseWHSP(vals[i]))
@@ -1193,9 +1199,7 @@ func parseAttributeFilterOperations(raw string, delim int) (afos AttributeFilter
 			// instance into our AttributeFilterOperations
 			// stack instance.
 			afos.Push(afo)
-			continue
 		}
-		break
 	}
 
 	return
@@ -1224,13 +1228,11 @@ func parseAttributeFilterOperation(raw string) (afo AttributeFilterOperation, er
 		afo.setCategory(cat)
 		seq = split(trimS(val), `&&`)
 
-		for j := 0; j < len(seq); j++ {
+		for j := 0; j < len(seq) && err == nil; j++ {
 			var af AttributeFilter
 			if af, err = parseAttributeFilter(trimS(seq[j])); err == nil {
 				afo.Push(af)
-				continue
 			}
-			break
 		}
 	}
 

diff --git a/go.mod b/go.mod
@@ -9,6 +9,7 @@ require (
 )
 
 require (
+	github.com/JesseCoretta/go-shifty v1.0.0-stable.0 // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
 	golang.org/x/exp v0.0.0-20230515195305-f3d0a9c9a5cc // indirect
 )

diff --git a/go.sum b/go.sum
@@ -30,6 +30,8 @@ github.com/JesseCoretta/go-objectid v0.0.6-alpha.0 h1:2WjaaZMnC5BEKckaBy0txCDSH7
 github.com/JesseCoretta/go-objectid v0.0.6-alpha.0/go.mod h1:dOPQhGxLieMBl4WF1gq0Z3yb3KppfNGV/XrPrudjyuw=
 github.com/JesseCoretta/go-objectid v0.0.6-alpha.1 h1:aq+kKX3rZaKUl8XSAOFqzMTw6YZcrX2cSImbysw6BVE=
 github.com/JesseCoretta/go-objectid v0.0.6-alpha.1/go.mod h1:dOPQhGxLieMBl4WF1gq0Z3yb3KppfNGV/XrPrudjyuw=
+github.com/JesseCoretta/go-shifty v1.0.0-stable.0 h1:ELY5r6moVZeR8PrbZvZco52mzzFmHbv4xKUUmKs4nV8=
+github.com/JesseCoretta/go-shifty v1.0.0-stable.0/go.mod h1:vnqi9wCMnLDDD4XU3NmL2fF7dz4HiaAuI/M3bqB2bQE=
 github.com/JesseCoretta/go-stackage v0.0.1-alpha.1 h1:MzrDf4Sp7q/SghQf6Li3QQY/4kPjAIlyQtMOSKInpTU=
 github.com/JesseCoretta/go-stackage v0.0.1-alpha.1/go.mod h1:kfcMUggHyU8LQOldjir3KdXkZMeh1E/FWivmuPklZyQ=
 github.com/JesseCoretta/go-stackage v0.0.1-alpha.2 h1:kLGzZ93eUUZDwbJ4bTz5ujAZUAPGnltPPUN4SlOIwsw=