From a83fb32025ec66801e2a4e48cfe60e9117709ff8 Mon Sep 17 00:00:00 2001 From: Brian Weaver Date: Tue, 25 Aug 2015 14:20:09 -0400 Subject: [PATCH 001/146] Server strings are always UTF-8 --- lib/net/ber.rb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/net/ber.rb b/lib/net/ber.rb index b8992a92..f7f1bdde 100644 --- a/lib/net/ber.rb +++ b/lib/net/ber.rb @@ -296,9 +296,8 @@ def to_arr class Net::BER::BerIdentifiedString < String attr_accessor :ber_identifier def initialize args + args.force_encoding('UTF-8') if args.respond_to(:force_encoding) super args - # LDAP uses UTF-8 encoded strings - self.encode('UTF-8') if self.respond_to?(:encoding) rescue self end end From 04125c73f71b9da207d1a5cb31996f73f072d33c Mon Sep 17 00:00:00 2001 From: Brian Weaver Date: Tue, 25 Aug 2015 14:49:43 -0400 Subject: [PATCH 002/146] Correctly encode to UTF-8 when possible --- lib/net/ber.rb | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/lib/net/ber.rb b/lib/net/ber.rb index f7f1bdde..b4b9e9da 100644 --- a/lib/net/ber.rb +++ b/lib/net/ber.rb @@ -296,8 +296,11 @@ def to_arr class Net::BER::BerIdentifiedString < String attr_accessor :ber_identifier def initialize args - args.force_encoding('UTF-8') if args.respond_to(:force_encoding) - super args + super begin + args.respond_to?(:encode) ? args.encode('UTF-8') : args + rescue + args + end end end From b3e67d37cee7008e65f201674af00475a214bae8 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Thu, 27 Aug 2015 11:57:55 +0900 Subject: [PATCH 003/146] Raise Net::LDAP::ConnectionRefusedError when new connection is refused. Now Net::LDAP::Connection.new raises Net::LDAP::Error even if the connection refused. It's hard for some application to reconnect it only when refused. --- lib/net/ldap/connection.rb | 2 +- test/test_ldap_connection.rb | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index b51bcc10..8e0e8c18 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -14,7 +14,7 @@ def initialize(server) rescue SocketError raise Net::LDAP::Error, "No such address or other socket error." rescue Errno::ECONNREFUSED - raise Net::LDAP::Error, "Server #{server[:host]} refused connection on port #{server[:port]}." + raise Net::LDAP::ConnectionRefusedError, "Server #{server[:host]} refused connection on port #{server[:port]}." rescue Errno::EHOSTUNREACH => error raise Net::LDAP::Error, "Host #{server[:host]} was unreachable (#{error.message})" rescue Errno::ETIMEDOUT diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index 96b542ac..5b90ae22 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -14,6 +14,13 @@ def test_blocked_port end end + def test_connection_refused + flexmock(TCPSocket).should_receive(:new).and_raise(Errno::ECONNREFUSED) + assert_raise Net::LDAP::ConnectionRefusedError do + Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636) + end + end + def test_raises_unknown_exceptions error = Class.new(StandardError) flexmock(TCPSocket).should_receive(:new).and_raise(error) From 4f0f4b2efe059c0bd56a2aa5427a9cb5793e64e7 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Fri, 28 Aug 2015 14:12:36 +0900 Subject: [PATCH 004/146] Raising Net::LDAP::ConnectionRefusedError, shows deprecation warning. --- lib/net/ldap/error.rb | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/lib/net/ldap/error.rb b/lib/net/ldap/error.rb index c9a25f90..1b24b5a3 100644 --- a/lib/net/ldap/error.rb +++ b/lib/net/ldap/error.rb @@ -9,7 +9,21 @@ class Error < StandardError; end class AlreadyOpenedError < Error; end class SocketError < Error; end - class ConnectionRefusedError < Error; end + class ConnectionRefusedError < Error; + def initialize(*args) + warn warning_message + super + end + + def message + warning_message + super + end + + private + def warning_message + "Deprecation warning: Net::LDAP::ConnectionRefused will be deprecated. Use Errno::ECONNREFUSED instead. \n" + end + end class NoOpenSSLError < Error; end class NoStartTLSResultError < Error; end class NoSearchBaseError < Error; end From d20ee69c7e936a152f73dc58a1660286dc266cff Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Fri, 28 Aug 2015 16:02:45 +0900 Subject: [PATCH 005/146] ConnectionRefusedError does not change the original error message --- lib/net/ldap/error.rb | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/net/ldap/error.rb b/lib/net/ldap/error.rb index 1b24b5a3..38b4a4a5 100644 --- a/lib/net/ldap/error.rb +++ b/lib/net/ldap/error.rb @@ -11,17 +11,18 @@ class AlreadyOpenedError < Error; end class SocketError < Error; end class ConnectionRefusedError < Error; def initialize(*args) - warn warning_message + warn_deprecation_message super end def message - warning_message + super + warn_deprecation_message + super end private - def warning_message - "Deprecation warning: Net::LDAP::ConnectionRefused will be deprecated. Use Errno::ECONNREFUSED instead. \n" + def warn_deprecation_message + warn "Deprecation warning: Net::LDAP::ConnectionRefused will be deprecated. Use Errno::ECONNREFUSED instead." end end class NoOpenSSLError < Error; end From b0bf5511520edb7a27874967bdd499e00dba89cb Mon Sep 17 00:00:00 2001 From: Alex Stockwell Date: Wed, 16 Sep 2015 19:12:45 -0700 Subject: [PATCH 006/146] obscure auth password upon #inspect, added test, closes #216 --- lib/net/ldap.rb | 5 +++++ test/test_ldap.rb | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 75b463fb..35c9c54d 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -1195,6 +1195,11 @@ def paged_searches_supported? @server_caps[:supportedcontrol].include?(Net::LDAP::LDAPControls::PAGED_RESULTS) end + # Mask auth password + def inspect + super.gsub @auth[:password], "*******" if @auth[:password] + end + private # Yields an open connection if there is one, otherwise establishes a new diff --git a/test/test_ldap.rb b/test/test_ldap.rb index 9704b346..6122b8df 100644 --- a/test/test_ldap.rb +++ b/test/test_ldap.rb @@ -57,4 +57,10 @@ def test_instrument_search_with_size assert_equal "(uid=user1)", payload[:filter] assert_equal result.size, payload[:size] end + + def test_obscure_auth + password = "opensesame" + @subject.auth "joe_user", password + assert_not_include(@subject.inspect, password) + end end From 02ec36edbb862d510ab4c6ecc7782b1bd1099f3b Mon Sep 17 00:00:00 2001 From: Alex Stockwell Date: Wed, 16 Sep 2015 19:28:09 -0700 Subject: [PATCH 007/146] fixed oversight bug where inspecting Net::LDAP with anonymous auth returned nil --- lib/net/ldap.rb | 4 +++- test/test_ldap.rb | 1 + 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 35c9c54d..635aa97d 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -1197,7 +1197,9 @@ def paged_searches_supported? # Mask auth password def inspect - super.gsub @auth[:password], "*******" if @auth[:password] + inspected = super + inspected.gsub! @auth[:password], "*******" if @auth[:password] + inspected end private diff --git a/test/test_ldap.rb b/test/test_ldap.rb index 6122b8df..f30416b2 100644 --- a/test/test_ldap.rb +++ b/test/test_ldap.rb @@ -60,6 +60,7 @@ def test_instrument_search_with_size def test_obscure_auth password = "opensesame" + assert_include(@subject.inspect, "anonymous") @subject.auth "joe_user", password assert_not_include(@subject.inspect, password) end From b4a3bd2ddc90c0decd664c69a51023820e1548a7 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Fri, 18 Sep 2015 17:54:07 +0900 Subject: [PATCH 008/146] Capture the result of stderr to check the warning message. --- test/test_ldap_connection.rb | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index 5b90ae22..4fa7b22d 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -1,6 +1,14 @@ require_relative 'test_helper' class TestLDAPConnection < Test::Unit::TestCase + def capture_stderr + stderr, $stderr = $stderr, StringIO.new + yield + $stderr.string + ensure + $stderr = stderr + end + def test_unresponsive_host assert_raise Net::LDAP::Error do Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636) @@ -16,9 +24,12 @@ def test_blocked_port def test_connection_refused flexmock(TCPSocket).should_receive(:new).and_raise(Errno::ECONNREFUSED) - assert_raise Net::LDAP::ConnectionRefusedError do - Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636) + stderr = capture_stderr do + assert_raise Net::LDAP::ConnectionRefusedError do + Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636) + end end + assert_equal("Deprecation warning: Net::LDAP::ConnectionRefused will be deprecated. Use Errno::ECONNREFUSED instead.\n", stderr) end def test_raises_unknown_exceptions From 9be7363d8e9a04e14866768d8ccc166e24c77e84 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Fri, 18 Sep 2015 10:29:49 -0700 Subject: [PATCH 009/146] add script/changelog --- README.rdoc | 2 +- script/changelog | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100755 script/changelog diff --git a/README.rdoc b/README.rdoc index 89b2d7d7..7980c403 100644 --- a/README.rdoc +++ b/README.rdoc @@ -56,7 +56,7 @@ To run the integration tests against an LDAP server: This section is for gem maintainers to cut a new version of the gem. * Update lib/net/ldap/version.rb to next version number X.X.X following {semver}(http://semver.org/). -* Update `History.rdoc`. Get latest changes with `git log --oneline vLAST_RELEASE..HEAD | grep Merge` +* Update `History.rdoc`. Get latest changes with `script/changelog` * On the master branch, run `script/release` diff --git a/script/changelog b/script/changelog new file mode 100755 index 00000000..cda2ad83 --- /dev/null +++ b/script/changelog @@ -0,0 +1,47 @@ +#!/bin/bash +# Usage: script/changelog [-r ] [-b ] [-h ] +# +# repo: BASE string of GitHub REPOsitory url. e.g. "user_or_org/REPOsitory". Defaults to git remote url. +# base: git ref to compare from. e.g. "v1.3.1". Defaults to latest git tag. +# head: git ref to compare to. Defaults to "HEAD". +# +# Generate a changelog preview from pull requests merged between `base` and +# `head`. +# +# https://github.com/jch/release-scripts/blob/master/changelog +set -e + +[ $# -eq 0 ] && set -- --help +while [[ $# > 1 ]] +do + key="$1" + case $key in + -r|--repo) + repo="$2" + shift + ;; + -b|--base) + base="$2" + shift + ;; + -h|--head) + head="$2" + shift + ;; + *) + ;; + esac + shift +done + +repo="${repo:-$(git remote -v | grep push | awk '{print $2}' | cut -d'/' -f4- | sed 's/\.git//')}" +base="${base:-$(git tag -l | sort -t. -k 1,1n -k 2,2n -k 3,3n | tail -n 1)}" +head="${head:-HEAD}" +api_url="https://api.github.com" + +# get merged PR's. Better way is to query the API for these, but this is easier +for pr in $(git log --oneline $base..$head | grep "Merge pull request" | awk '{gsub("#",""); print $5}') +do + # frustrated with trying to pull out the right values, fell back to ruby + curl -s "$api_url/repos/$repo/pulls/$pr" | ruby -rjson -e 'pr=JSON.parse(STDIN.read); puts "* #{pr[%q(title)]} {##{pr[%q(number)]}}[#{pr[%q(html_url)]}]"' +done From f45e7ff32c7c6e7faee877bba7409006eb3cee4b Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Fri, 18 Sep 2015 10:30:23 -0700 Subject: [PATCH 010/146] bump version 0.12 --- History.rdoc | 13 +++++++++++++ lib/net/ldap/version.rb | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/History.rdoc b/History.rdoc index fa7ff5a1..70e92eee 100644 --- a/History.rdoc +++ b/History.rdoc @@ -1,3 +1,16 @@ +=== Net::LDAP 0.12 + +* Correctly set BerIdentifiedString values to UTF-8 {#212}[https://github.com/ruby-ldap/ruby-net-ldap/pull/212] +* Raise Net::LDAP::ConnectionRefusedError when new connection is refused. {#213}[https://github.com/ruby-ldap/ruby-net-ldap/pull/213] +* obscure auth password upon #inspect, added test, closes #216 {#217}[https://github.com/ruby-ldap/ruby-net-ldap/pull/217] +* Fixing incorrect error class name {#207}[https://github.com/ruby-ldap/ruby-net-ldap/pull/207] +* Travis update {#205}[https://github.com/ruby-ldap/ruby-net-ldap/pull/205] +* Remove obsolete rbx-19mode from Travis {#204}[https://github.com/ruby-ldap/ruby-net-ldap/pull/204] +* mv "sudo" from script/install-openldap to .travis.yml {#199}[https://github.com/ruby-ldap/ruby-net-ldap/pull/199] +* Remove meaningless shebang {#200}[https://github.com/ruby-ldap/ruby-net-ldap/pull/200] +* Fix Travis CI build {#202}[https://github.com/ruby-ldap/ruby-net-ldap/pull/202] +* README.rdoc: fix travis link {#195}[https://github.com/ruby-ldap/ruby-net-ldap/pull/195] + === Net::LDAP 0.11 * Major enhancements: * #183 Specific errors subclassing Net::LDAP::Error diff --git a/lib/net/ldap/version.rb b/lib/net/ldap/version.rb index 98d557cf..1d0f6b08 100644 --- a/lib/net/ldap/version.rb +++ b/lib/net/ldap/version.rb @@ -1,5 +1,5 @@ module Net class LDAP - VERSION = "0.11" + VERSION = "0.12" end end From c005e67a5796e36c5c37771368717df9cd0543c9 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Fri, 18 Sep 2015 10:30:40 -0700 Subject: [PATCH 011/146] update readme for release instructions --- README.rdoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.rdoc b/README.rdoc index 7980c403..7f774e31 100644 --- a/README.rdoc +++ b/README.rdoc @@ -55,10 +55,11 @@ To run the integration tests against an LDAP server: This section is for gem maintainers to cut a new version of the gem. +* Check out a new branch `release-VERSION` * Update lib/net/ldap/version.rb to next version number X.X.X following {semver}(http://semver.org/). * Update `History.rdoc`. Get latest changes with `script/changelog` - -* On the master branch, run `script/release` +* Open a pull request with these changes for review +* After merging, on the master branch, run `script/release` :include: Contributors.rdoc From 1ac5805e58cb05ac17dfa455102e002448532f0c Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Fri, 18 Sep 2015 10:44:33 -0700 Subject: [PATCH 012/146] readme extensions section --- README.rdoc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.rdoc b/README.rdoc index 89b2d7d7..c3973305 100644 --- a/README.rdoc +++ b/README.rdoc @@ -37,6 +37,14 @@ sources. Simply require either 'net-ldap' or 'net/ldap'. +== Extensions + +This library focuses on the core LDAP RFCs referenced in the description. +However, we recognize there are commonly used extensions to the spec that are +useful. If there is another library which handles it, we list it here. + +* {resolv-srv}[https://rubygems.org/gems/resolv-srv]: Support RFC2782 SRV record lookup and failover + == Develop This task will run the test suite and the From 98d122d3f94707e2367da8353ee2610ec095ff7c Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Fri, 18 Sep 2015 17:42:23 -0700 Subject: [PATCH 013/146] follow semver --- lib/net/ldap/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/net/ldap/version.rb b/lib/net/ldap/version.rb index 1d0f6b08..219b4156 100644 --- a/lib/net/ldap/version.rb +++ b/lib/net/ldap/version.rb @@ -1,5 +1,5 @@ module Net class LDAP - VERSION = "0.12" + VERSION = "0.12.0" end end From 777438da6cf28581ef7c05703c09855f062f1574 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Fri, 18 Sep 2015 17:43:01 -0700 Subject: [PATCH 014/146] missed a spot --- History.rdoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/History.rdoc b/History.rdoc index 70e92eee..40b45255 100644 --- a/History.rdoc +++ b/History.rdoc @@ -1,4 +1,4 @@ -=== Net::LDAP 0.12 +=== Net::LDAP 0.12.0 * Correctly set BerIdentifiedString values to UTF-8 {#212}[https://github.com/ruby-ldap/ruby-net-ldap/pull/212] * Raise Net::LDAP::ConnectionRefusedError when new connection is refused. {#213}[https://github.com/ruby-ldap/ruby-net-ldap/pull/213] From f950eca64ef2b73c5219ed830c6749c689046032 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Mon, 21 Sep 2015 23:10:38 +0900 Subject: [PATCH 015/146] Specify the port of LDAP server by giving INTEGRATION_PORT environment variable --- test/test_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test_helper.rb b/test/test_helper.rb index 640b0e23..cd34017c 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -56,7 +56,7 @@ def setup @service = MockInstrumentationService.new @ldap = Net::LDAP.new \ host: ENV.fetch('INTEGRATION_HOST', 'localhost'), - port: 389, + port: ENV.fetch('INTEGRATION_PORT', 389), admin_user: 'uid=admin,dc=rubyldap,dc=com', admin_password: 'passworD1', search_domains: %w(dc=rubyldap,dc=com), From cede61d2391b2e3746e18c0b0c0d963c5d01e02d Mon Sep 17 00:00:00 2001 From: Jeremy Bopp Date: Sun, 27 Sep 2015 22:00:50 -0500 Subject: [PATCH 016/146] Add the ability to provide a list of hosts to use when opening a connection --- lib/net/ldap.rb | 5 +++ lib/net/ldap/connection.rb | 68 ++++++++++++++++++++++++++---------- test/test_ldap_connection.rb | 38 ++++++++++++++++++++ 3 files changed, 93 insertions(+), 18 deletions(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 635aa97d..ffb48719 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -432,6 +432,7 @@ def self.result2string(code) #:nodoc: attr_accessor :host attr_accessor :port + attr_accessor :hosts attr_accessor :base # Instantiate an object of type Net::LDAP to perform directory operations. @@ -440,6 +441,8 @@ def self.result2string(code) #:nodoc: # described below. The following arguments are supported: # * :host => the LDAP server's IP-address (default 127.0.0.1) # * :port => the LDAP server's TCP port (default 389) + # * :hosts => an enumerable of pairs of hosts and corresponding ports with + # which to attempt opening connections (default [[host, port]]) # * :auth => a Hash containing authorization parameters. Currently # supported values include: {:method => :anonymous} and {:method => # :simple, :username => your_user_name, :password => your_password } @@ -468,6 +471,7 @@ def self.result2string(code) #:nodoc: def initialize(args = {}) @host = args[:host] || DefaultHost @port = args[:port] || DefaultPort + @hosts = args[:hosts] @verbose = false # Make this configurable with a switch on the class. @auth = args[:auth] || DefaultAuth @base = args[:base] || DefaultTreebase @@ -1230,6 +1234,7 @@ def new_connection Net::LDAP::Connection.new \ :host => @host, :port => @port, + :hosts => @hosts, :encryption => @encryption, :instrumentation_service => @instrumentation_service end diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 8e0e8c18..05aedfef 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -8,24 +8,56 @@ class Net::LDAP::Connection #:nodoc: def initialize(server) @instrumentation_service = server[:instrumentation_service] + server[:hosts] = [[server[:host], server[:port]]] if server[:hosts].nil? + if server[:socket] + prepare_socket(server) + else + open_connection(server) + end + + yield self if block_given? + end + + def prepare_socket(server) + @conn = server[:socket] + + if server[:encryption] + setup_encryption server[:encryption] + end + end + + def open_connection(server) + errors = [] + server[:hosts].each do |host, port| + begin + return connect_to_host(host, port, server) + rescue Net::LDAP::Error + errors << $! + end + end + + raise errors.first if errors.size == 1 + raise Net::LDAP::Error, + "Unable to connect to any given server: \n #{errors.join("\n ")}" + end + + def connect_to_host(host, port, server) begin - @conn = server[:socket] || TCPSocket.new(server[:host], server[:port]) + @conn = TCPSocket.new(host, port) rescue SocketError raise Net::LDAP::Error, "No such address or other socket error." rescue Errno::ECONNREFUSED - raise Net::LDAP::ConnectionRefusedError, "Server #{server[:host]} refused connection on port #{server[:port]}." + raise Net::LDAP::ConnectionRefusedError, "Server #{host} refused connection on port #{port}." rescue Errno::EHOSTUNREACH => error - raise Net::LDAP::Error, "Host #{server[:host]} was unreachable (#{error.message})" + raise Net::LDAP::Error, "Host #{host} was unreachable (#{error.message})" rescue Errno::ETIMEDOUT - raise Net::LDAP::Error, "Connection to #{server[:host]} timed out." + raise Net::LDAP::Error, "Connection to #{host} timed out." end if server[:encryption] setup_encryption server[:encryption] end - - yield self if block_given? end module GetbyteForSSLSocket @@ -63,18 +95,18 @@ def self.wrap_with_ssl(io, tls_options = {}) end #-- - # Helper method called only from new, and only after we have a - # successfully-opened @conn instance variable, which is a TCP connection. - # Depending on the received arguments, we establish SSL, potentially - # replacing the value of @conn accordingly. Don't generate any errors here - # if no encryption is requested. DO raise Net::LDAP::Error objects if encryption - # is requested and we have trouble setting it up. That includes if OpenSSL - # is not set up on the machine. (Question: how does the Ruby OpenSSL - # wrapper react in that case?) DO NOT filter exceptions raised by the - # OpenSSL library. Let them pass back to the user. That should make it - # easier for us to debug the problem reports. Presumably (hopefully?) that - # will also produce recognizable errors if someone tries to use this on a - # machine without OpenSSL. + # Helper method called only from prepare_socket or open_connection, and only + # after we have a successfully-opened @conn instance variable, which is a TCP + # connection. Depending on the received arguments, we establish SSL, + # potentially replacing the value of @conn accordingly. Don't generate any + # errors here if no encryption is requested. DO raise Net::LDAP::Error objects + # if encryption is requested and we have trouble setting it up. That includes + # if OpenSSL is not set up on the machine. (Question: how does the Ruby + # OpenSSL wrapper react in that case?) DO NOT filter exceptions raised by the + # OpenSSL library. Let them pass back to the user. That should make it easier + # for us to debug the problem reports. Presumably (hopefully?) that will also + # produce recognizable errors if someone tries to use this on a machine + # without OpenSSL. # # The simple_tls method is intended as the simplest, stupidest, easiest # solution for people who want nothing more than encrypted comms with the diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index 4fa7b22d..6fdf0b0a 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -9,6 +9,44 @@ def capture_stderr $stderr = stderr end + def test_list_of_hosts_with_first_host_successful + hosts = [ + ['test.mocked.com', 636], + ['test2.mocked.com', 636], + ['test3.mocked.com', 636], + ] + flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[0]).once.and_return(nil) + flexmock(TCPSocket).should_receive(:new).ordered.never + Net::LDAP::Connection.new(:hosts => hosts.to_enum(:each)) + end + + def test_list_of_hosts_with_first_host_failure + hosts = [ + ['test.mocked.com', 636], + ['test2.mocked.com', 636], + ['test3.mocked.com', 636], + ] + flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[0]).once.and_raise(SocketError) + flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[1]).once.and_return(nil) + flexmock(TCPSocket).should_receive(:new).ordered.never + Net::LDAP::Connection.new(:hosts => hosts.to_enum(:each)) + end + + def test_list_of_hosts_with_all_hosts_failure + hosts = [ + ['test.mocked.com', 636], + ['test2.mocked.com', 636], + ['test3.mocked.com', 636], + ] + flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[0]).once.and_raise(SocketError) + flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[1]).once.and_raise(SocketError) + flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[2]).once.and_raise(SocketError) + flexmock(TCPSocket).should_receive(:new).ordered.never + assert_raise Net::LDAP::Error do + Net::LDAP::Connection.new(:hosts => hosts.to_enum(:each)) + end + end + def test_unresponsive_host assert_raise Net::LDAP::Error do Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636) From c0db1d17d4b29da18cc77540177f41c265ad18d0 Mon Sep 17 00:00:00 2001 From: Jeremy Bopp Date: Mon, 28 Sep 2015 18:13:44 -0500 Subject: [PATCH 017/146] Remove enumerable enforcement attempt in tests --- test/test_ldap_connection.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index 6fdf0b0a..e5104838 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -17,7 +17,7 @@ def test_list_of_hosts_with_first_host_successful ] flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[0]).once.and_return(nil) flexmock(TCPSocket).should_receive(:new).ordered.never - Net::LDAP::Connection.new(:hosts => hosts.to_enum(:each)) + Net::LDAP::Connection.new(:hosts => hosts) end def test_list_of_hosts_with_first_host_failure @@ -29,7 +29,7 @@ def test_list_of_hosts_with_first_host_failure flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[0]).once.and_raise(SocketError) flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[1]).once.and_return(nil) flexmock(TCPSocket).should_receive(:new).ordered.never - Net::LDAP::Connection.new(:hosts => hosts.to_enum(:each)) + Net::LDAP::Connection.new(:hosts => hosts) end def test_list_of_hosts_with_all_hosts_failure @@ -43,7 +43,7 @@ def test_list_of_hosts_with_all_hosts_failure flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[2]).once.and_raise(SocketError) flexmock(TCPSocket).should_receive(:new).ordered.never assert_raise Net::LDAP::Error do - Net::LDAP::Connection.new(:hosts => hosts.to_enum(:each)) + Net::LDAP::Connection.new(:hosts => hosts) end end From 07b48d3c7237fdb36b30ed145afbcf2061a5292c Mon Sep 17 00:00:00 2001 From: ronan lanore Date: Tue, 29 Sep 2015 13:16:01 +0200 Subject: [PATCH 018/146] add slash to attyirbute value filter --- lib/net/ldap/filter.rb | 2 +- test/test_filter_parser.rb | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/net/ldap/filter.rb b/lib/net/ldap/filter.rb index 0ab847b8..aad84f83 100644 --- a/lib/net/ldap/filter.rb +++ b/lib/net/ldap/filter.rb @@ -752,7 +752,7 @@ def parse_filter_branch(scanner) scanner.scan(/\s*/) if op = scanner.scan(/<=|>=|!=|:=|=/) scanner.scan(/\s*/) - if value = scanner.scan(/(?:[-\[\]{}\w*.+:@=,#\$%&!'^~\s\xC3\x80-\xCA\xAF]|[^\x00-\x7F]|\\[a-fA-F\d]{2})+/u) + if value = scanner.scan(/(?:[-\[\]{}\w*.+\/:@=,#\$%&!'^~\s\xC3\x80-\xCA\xAF]|[^\x00-\x7F]|\\[a-fA-F\d]{2})+/u) # 20100313 AZ: Assumes that "(uid=george*)" is the same as # "(uid=george* )". The standard doesn't specify, but I can find # no examples that suggest otherwise. diff --git a/test/test_filter_parser.rb b/test/test_filter_parser.rb index 210e0218..6f1ca48b 100644 --- a/test/test_filter_parser.rb +++ b/test/test_filter_parser.rb @@ -14,6 +14,10 @@ def test_brackets assert_kind_of Net::LDAP::Filter, Net::LDAP::Filter::FilterParser.parse("(cn=[{something}])") end + def test_slash + assert_kind_of Net::LDAP::Filter, Net::LDAP::Filter::FilterParser.parse("(departmentNumber=FOO//BAR/FOO)") + end + def test_colons assert_kind_of Net::LDAP::Filter, Net::LDAP::Filter::FilterParser.parse("(ismemberof=cn=edu:berkeley:app:calmessages:deans,ou=campus groups,dc=berkeley,dc=edu)") end From 197d46051b68d8fe7aea77082b188f45e7e3c144 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Fri, 2 Oct 2015 14:55:41 +0900 Subject: [PATCH 019/146] Extract Simple method as AuthAdapter --- lib/net/ldap/auth_adapter.rb | 25 ++++++++++++++++++ lib/net/ldap/auth_adapters/anon.rb | 3 +++ lib/net/ldap/auth_adapters/anonymous.rb | 3 +++ lib/net/ldap/auth_adapters/simple.rb | 34 +++++++++++++++++++++++++ lib/net/ldap/connection.rb | 21 ++++++++------- 5 files changed, 77 insertions(+), 9 deletions(-) create mode 100644 lib/net/ldap/auth_adapter.rb create mode 100644 lib/net/ldap/auth_adapters/anon.rb create mode 100644 lib/net/ldap/auth_adapters/anonymous.rb create mode 100644 lib/net/ldap/auth_adapters/simple.rb diff --git a/lib/net/ldap/auth_adapter.rb b/lib/net/ldap/auth_adapter.rb new file mode 100644 index 00000000..1ec74360 --- /dev/null +++ b/lib/net/ldap/auth_adapter.rb @@ -0,0 +1,25 @@ +module Net + class LDAP + class AuthAdapter + def self.regiseter(names, adapter) + names = Array(names) + @adapters ||= {} + names.each do |name| + @adapters[name] = adapter + end + end + + def self.[](name) + @adapters[name] + end + + def initialize(conn) + @connection = conn + end + + def bind + raise "bind method must be overwritten" + end + end + end +end diff --git a/lib/net/ldap/auth_adapters/anon.rb b/lib/net/ldap/auth_adapters/anon.rb new file mode 100644 index 00000000..7cb65cb6 --- /dev/null +++ b/lib/net/ldap/auth_adapters/anon.rb @@ -0,0 +1,3 @@ +require 'net/ldap/auth_adapters/simple' + +Net::LDAP::AuthAdapter.register(:anon, Net::LDAP::AuthAdapters::Simple) diff --git a/lib/net/ldap/auth_adapters/anonymous.rb b/lib/net/ldap/auth_adapters/anonymous.rb new file mode 100644 index 00000000..8ed42298 --- /dev/null +++ b/lib/net/ldap/auth_adapters/anonymous.rb @@ -0,0 +1,3 @@ +require 'net/ldap/auth_adapters/simple' + +Net::LDAP::AuthAdapter.register(:anonymous, Net::LDAP::AuthAdapters::Simple) diff --git a/lib/net/ldap/auth_adapters/simple.rb b/lib/net/ldap/auth_adapters/simple.rb new file mode 100644 index 00000000..36e9e174 --- /dev/null +++ b/lib/net/ldap/auth_adapters/simple.rb @@ -0,0 +1,34 @@ +module Net + class LDAP + module AuthAdapters + class Simple < AuthAdapter + def bind(auth) + user, psw = if auth[:method] == :simple + [auth[:username] || auth[:dn], auth[:password]] + else + ["", ""] + end + + raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw) + + message_id = @connection.next_msgid + request = [ + LdapVersion.to_ber, user.to_ber, + psw.to_ber_contextspecific(0) + ].to_ber_appsequence(Net::LDAP::PDU::BindRequest) + + @connection.write(request, nil, message_id) + pdu = @connection.queued_read(message_id) + + if !pdu || pdu.app_tag != Net::LDAP::PDU::BindResult + raise Net::LDAP::NoBindResultError, "no bind result" + end + + pdu + end + end + end + end +end + +Net::LDAP::AuthAdapter.register(:simple, Net::LDAP::AuthAdapters::Simple) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 05aedfef..da53a0b1 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -250,15 +250,18 @@ def next_msgid def bind(auth) instrument "bind.net_ldap_connection" do |payload| payload[:method] = meth = auth[:method] - if [:simple, :anonymous, :anon].include?(meth) - bind_simple auth - elsif meth == :sasl - bind_sasl(auth) - elsif meth == :gss_spnego - bind_gss_spnego(auth) - else - raise Net::LDAP::AuthMethodUnsupportedError, "Unsupported auth method (#{meth})" - end + require "net/ldap/auth_adapters/#{meth}" + adapter = Net::LDAP::AuthAdapterp[meth] + adapter.bind(auth) + # if [:simple, :anonymous, :anon].include?(meth) + # bind_simple auth + # elsif meth == :sasl + # bind_sasl(auth) + # elsif meth == :gss_spnego + # bind_gss_spnego(auth) + # else + # raise Net::LDAP::AuthMethodUnsupportedError, "Unsupported auth method (#{meth})" + # end end end From b57a283c7b87a7a4a07bcf909c03bab32eb1715a Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Fri, 2 Oct 2015 14:59:35 +0900 Subject: [PATCH 020/146] Fix uninitialized constant error by adding require statement --- lib/net/ldap/auth_adapters/simple.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/net/ldap/auth_adapters/simple.rb b/lib/net/ldap/auth_adapters/simple.rb index 36e9e174..2c7301d8 100644 --- a/lib/net/ldap/auth_adapters/simple.rb +++ b/lib/net/ldap/auth_adapters/simple.rb @@ -1,3 +1,5 @@ +require 'net/ldap/auth_adapter' + module Net class LDAP module AuthAdapters From 9c7b1af6b62e609b137371882d41dd4c8e2e9cfd Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Fri, 2 Oct 2015 15:02:09 +0900 Subject: [PATCH 021/146] Fix typo --- lib/net/ldap/auth_adapter.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/net/ldap/auth_adapter.rb b/lib/net/ldap/auth_adapter.rb index 1ec74360..bd818dec 100644 --- a/lib/net/ldap/auth_adapter.rb +++ b/lib/net/ldap/auth_adapter.rb @@ -1,7 +1,7 @@ module Net class LDAP class AuthAdapter - def self.regiseter(names, adapter) + def self.register(names, adapter) names = Array(names) @adapters ||= {} names.each do |name| From 2546e35c9d6bd661ade33e4b3ad3edd2c57dba66 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Fri, 2 Oct 2015 19:42:41 +0900 Subject: [PATCH 022/146] Instantiate AuthAdapter in #bind --- lib/net/ldap/connection.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index da53a0b1..29f96d8b 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -251,8 +251,8 @@ def bind(auth) instrument "bind.net_ldap_connection" do |payload| payload[:method] = meth = auth[:method] require "net/ldap/auth_adapters/#{meth}" - adapter = Net::LDAP::AuthAdapterp[meth] - adapter.bind(auth) + adapter = Net::LDAP::AuthAdapter[meth] + adapter.new(self).bind(auth) # if [:simple, :anonymous, :anon].include?(meth) # bind_simple auth # elsif meth == :sasl From 069ad98b12bbc33006249d6edbb5f71542fc015c Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Fri, 2 Oct 2015 19:44:47 +0900 Subject: [PATCH 023/146] Fix wrong reference to constant --- lib/net/ldap/auth_adapters/simple.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/net/ldap/auth_adapters/simple.rb b/lib/net/ldap/auth_adapters/simple.rb index 2c7301d8..ade93682 100644 --- a/lib/net/ldap/auth_adapters/simple.rb +++ b/lib/net/ldap/auth_adapters/simple.rb @@ -15,7 +15,7 @@ def bind(auth) message_id = @connection.next_msgid request = [ - LdapVersion.to_ber, user.to_ber, + Net::LDAP::Connection::LdapVersion.to_ber, user.to_ber, psw.to_ber_contextspecific(0) ].to_ber_appsequence(Net::LDAP::PDU::BindRequest) From 585ae827283fc655970579d924368b9dd6f68914 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Fri, 2 Oct 2015 19:45:16 +0900 Subject: [PATCH 024/146] Call connection#write method with send --- lib/net/ldap/auth_adapters/simple.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/net/ldap/auth_adapters/simple.rb b/lib/net/ldap/auth_adapters/simple.rb index ade93682..c580cf99 100644 --- a/lib/net/ldap/auth_adapters/simple.rb +++ b/lib/net/ldap/auth_adapters/simple.rb @@ -19,7 +19,7 @@ def bind(auth) psw.to_ber_contextspecific(0) ].to_ber_appsequence(Net::LDAP::PDU::BindRequest) - @connection.write(request, nil, message_id) + @connection.send(:write, request, nil, message_id) pdu = @connection.queued_read(message_id) if !pdu || pdu.app_tag != Net::LDAP::PDU::BindResult From ac729dd8c0d748ef4de10a18b78e79197110e39f Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Sat, 3 Oct 2015 00:41:25 +0900 Subject: [PATCH 025/146] Net::LDAP::Connection#bind is abolihsed --- lib/net/ldap/connection.rb | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 29f96d8b..802e3832 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -265,35 +265,6 @@ def bind(auth) end end - #-- - # Implements a simple user/psw authentication. Accessed by calling #bind - # with a method of :simple or :anonymous. - #++ - def bind_simple(auth) - user, psw = if auth[:method] == :simple - [auth[:username] || auth[:dn], auth[:password]] - else - ["", ""] - end - - raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw) - - message_id = next_msgid - request = [ - LdapVersion.to_ber, user.to_ber, - psw.to_ber_contextspecific(0) - ].to_ber_appsequence(Net::LDAP::PDU::BindRequest) - - write(request, nil, message_id) - pdu = queued_read(message_id) - - if !pdu || pdu.app_tag != Net::LDAP::PDU::BindResult - raise Net::LDAP::NoBindResultError, "no bind result" - end - - pdu - end - #-- # Required parameters: :mechanism, :initial_credential and # :challenge_response From d5f7516e0d8061bd97bf7c2cf112fd5912744c73 Mon Sep 17 00:00:00 2001 From: Jeremy Bopp Date: Mon, 28 Sep 2015 10:35:32 -0500 Subject: [PATCH 026/146] DRY up connection handling logic --- lib/net/ldap/connection.rb | 56 ++++++++++++++++++-------------------- 1 file changed, 27 insertions(+), 29 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 05aedfef..fdec64b5 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -8,56 +8,54 @@ class Net::LDAP::Connection #:nodoc: def initialize(server) @instrumentation_service = server[:instrumentation_service] - server[:hosts] = [[server[:host], server[:port]]] if server[:hosts].nil? if server[:socket] prepare_socket(server) else + server[:hosts] = [[server[:host], server[:port]]] if server[:hosts].nil? open_connection(server) end yield self if block_given? end - def prepare_socket(server) - @conn = server[:socket] + def prepare_socket(server, close = false) + socket = server[:socket] + encryption = server[:encryption] - if server[:encryption] - setup_encryption server[:encryption] - end + @conn = socket + setup_encryption encryption if encryption + rescue + # Ensure the connection is closed when requested in the event of an SSL + # setup failure. + @conn.close if close + @conn = nil + raise end def open_connection(server) + hosts = server[:hosts] + encryption = server[:encryption] + errors = [] - server[:hosts].each do |host, port| + hosts.each do |host, port| begin - return connect_to_host(host, port, server) - rescue Net::LDAP::Error - errors << $! + prepare_socket(server.merge(socket: TCPSocket.new(host, port)), true) + return + rescue Net::LDAP::Error, SocketError, SystemCallError, + OpenSSL::SSL::SSLError + errors << [$!, host, port] end end - raise errors.first if errors.size == 1 - raise Net::LDAP::Error, - "Unable to connect to any given server: \n #{errors.join("\n ")}" - end - - def connect_to_host(host, port, server) - begin - @conn = TCPSocket.new(host, port) - rescue SocketError - raise Net::LDAP::Error, "No such address or other socket error." - rescue Errno::ECONNREFUSED - raise Net::LDAP::ConnectionRefusedError, "Server #{host} refused connection on port #{port}." - rescue Errno::EHOSTUNREACH => error - raise Net::LDAP::Error, "Host #{host} was unreachable (#{error.message})" - rescue Errno::ETIMEDOUT - raise Net::LDAP::Error, "Connection to #{host} timed out." + if errors.size == 1 + error = errors.first.first + raise Net::LDAP::ConnectionRefusedError, error.message if error.kind_of? Errno::ECONNREFUSED + raise Net::LDAP::Error, error.message end - if server[:encryption] - setup_encryption server[:encryption] - end + raise Net::LDAP::Error, + "Unable to connect to any given server: \n #{errors.map { |e, h, p| "#{e.class}: #{e.message} (#{h}:#{p})" }.join("\n ")}" end module GetbyteForSSLSocket From 91db1ba20ef4b31f5e0516b293f7fd29089b22c9 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Sat, 3 Oct 2015 16:38:01 +0900 Subject: [PATCH 027/146] Define Sasl AuthAdapter --- lib/net/ldap/auth_adapters/sasl.rb | 41 ++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 lib/net/ldap/auth_adapters/sasl.rb diff --git a/lib/net/ldap/auth_adapters/sasl.rb b/lib/net/ldap/auth_adapters/sasl.rb new file mode 100644 index 00000000..01e7f05a --- /dev/null +++ b/lib/net/ldap/auth_adapters/sasl.rb @@ -0,0 +1,41 @@ +require 'net/ldap/auth_adapter' + +module Net + class LDAP + module AuthAdapters + class Sasl < Net::LDAP::AuthAdapter + def bind(auth) + mech, cred, chall = auth[:mechanism], auth[:initial_credential], + auth[:challenge_response] + raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (mech && cred && chall) + + message_id = @connection.next_msgid + + n = 0 + loop { + sasl = [mech.to_ber, cred.to_ber].to_ber_contextspecific(3) + request = [ + Net::LDAP::Connection::LdapVersion.to_ber, "".to_ber, sasl + ].to_ber_appsequence(Net::LDAP::PDU::BindRequest) + + @connection.send(:write, request, nil, message_id) + pdu = @connection.queued_read(message_id) + + if !pdu || pdu.app_tag != Net::LDAP::PDU::BindResult + raise Net::LDAP::NoBindResultError, "no bind result" + end + + return pdu unless pdu.result_code == Net::LDAP::ResultCodeSaslBindInProgress + raise Net::LDAP::SASLChallengeOverflowError, "sasl-challenge overflow" if ((n += 1) > MaxSaslChallenges) + + cred = chall.call(pdu.result_server_sasl_creds) + } + + raise Net::LDAP::SASLChallengeOverflowError, "why are we here?" + end + end + end + end +end + +Net::LDAP::AuthAdapter.register(:sasl, Net::LDAP::AuthAdapters::Sasl) From ab20ad22cede28a689b47502628fd83a8bb1ba86 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Sat, 3 Oct 2015 22:17:20 +0900 Subject: [PATCH 028/146] Define GSS_SPNEGO AuthAdapter --- lib/net/ldap/auth_adapters/gss_spnego.rb | 42 +++++++++++ lib/net/ldap/auth_adapters/sasl.rb | 21 ++++++ lib/net/ldap/connection.rb | 92 ------------------------ 3 files changed, 63 insertions(+), 92 deletions(-) create mode 100644 lib/net/ldap/auth_adapters/gss_spnego.rb diff --git a/lib/net/ldap/auth_adapters/gss_spnego.rb b/lib/net/ldap/auth_adapters/gss_spnego.rb new file mode 100644 index 00000000..2513f150 --- /dev/null +++ b/lib/net/ldap/auth_adapters/gss_spnego.rb @@ -0,0 +1,42 @@ +require 'net/ldap/auth_adapter' +require 'net/ldap/auth_adapters/sasl' + +module Net + class LDAP + module AuthAdapers + #-- + # PROVISIONAL, only for testing SASL implementations. DON'T USE THIS YET. + # Uses Kohei Kajimoto's Ruby/NTLM. We have to find a clean way to + # integrate it without introducing an external dependency. + # + # This authentication method is accessed by calling #bind with a :method + # parameter of :gss_spnego. It requires :username and :password + # attributes, just like the :simple authentication method. It performs a + # GSS-SPNEGO authentication with the server, which is presumed to be a + # Microsoft Active Directory. + #++ + class GSS_SPNEGO < Net::LDAP::AuthAdapter + def bind(auth) + require 'ntlm' + + user, psw = [auth[:username] || auth[:dn], auth[:password]] + raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw) + + nego = proc { |challenge| + t2_msg = NTLM::Message.parse(challenge) + t3_msg = t2_msg.response({ :user => user, :password => psw }, + { :ntlmv2 => true }) + t3_msg.serialize + } + + Net::LDAP::AuthAdapter.new(@connection). + bind(:method => :sasl, :mechanism => "GSS-SPNEGO", + :initial_credential => NTLM::Message::Type1.new.serialize, + :challenge_response => nego) + end + end + end + end +end + +Net::LDAP::Adapter.register(:gss_spnego, Net::LDAP::AuthAdapters::GSS_SPNEGO) diff --git a/lib/net/ldap/auth_adapters/sasl.rb b/lib/net/ldap/auth_adapters/sasl.rb index 01e7f05a..c7c460c0 100644 --- a/lib/net/ldap/auth_adapters/sasl.rb +++ b/lib/net/ldap/auth_adapters/sasl.rb @@ -4,6 +4,27 @@ module Net class LDAP module AuthAdapters class Sasl < Net::LDAP::AuthAdapter + #-- + # Required parameters: :mechanism, :initial_credential and + # :challenge_response + # + # Mechanism is a string value that will be passed in the SASL-packet's + # "mechanism" field. + # + # Initial credential is most likely a string. It's passed in the initial + # BindRequest that goes to the server. In some protocols, it may be empty. + # + # Challenge-response is a Ruby proc that takes a single parameter and + # returns an object that will typically be a string. The + # challenge-response block is called when the server returns a + # BindResponse with a result code of 14 (saslBindInProgress). The + # challenge-response block receives a parameter containing the data + # returned by the server in the saslServerCreds field of the LDAP + # BindResponse packet. The challenge-response block may be called multiple + # times during the course of a SASL authentication, and each time it must + # return a value that will be passed back to the server as the credential + # data in the next BindRequest packet. + #++ def bind(auth) mech, cred, chall = auth[:mechanism], auth[:initial_credential], auth[:challenge_response] diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 802e3832..e3129348 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -253,101 +253,9 @@ def bind(auth) require "net/ldap/auth_adapters/#{meth}" adapter = Net::LDAP::AuthAdapter[meth] adapter.new(self).bind(auth) - # if [:simple, :anonymous, :anon].include?(meth) - # bind_simple auth - # elsif meth == :sasl - # bind_sasl(auth) - # elsif meth == :gss_spnego - # bind_gss_spnego(auth) - # else - # raise Net::LDAP::AuthMethodUnsupportedError, "Unsupported auth method (#{meth})" - # end end end - #-- - # Required parameters: :mechanism, :initial_credential and - # :challenge_response - # - # Mechanism is a string value that will be passed in the SASL-packet's - # "mechanism" field. - # - # Initial credential is most likely a string. It's passed in the initial - # BindRequest that goes to the server. In some protocols, it may be empty. - # - # Challenge-response is a Ruby proc that takes a single parameter and - # returns an object that will typically be a string. The - # challenge-response block is called when the server returns a - # BindResponse with a result code of 14 (saslBindInProgress). The - # challenge-response block receives a parameter containing the data - # returned by the server in the saslServerCreds field of the LDAP - # BindResponse packet. The challenge-response block may be called multiple - # times during the course of a SASL authentication, and each time it must - # return a value that will be passed back to the server as the credential - # data in the next BindRequest packet. - #++ - def bind_sasl(auth) - mech, cred, chall = auth[:mechanism], auth[:initial_credential], - auth[:challenge_response] - raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (mech && cred && chall) - - message_id = next_msgid - - n = 0 - loop { - sasl = [mech.to_ber, cred.to_ber].to_ber_contextspecific(3) - request = [ - LdapVersion.to_ber, "".to_ber, sasl - ].to_ber_appsequence(Net::LDAP::PDU::BindRequest) - - write(request, nil, message_id) - pdu = queued_read(message_id) - - if !pdu || pdu.app_tag != Net::LDAP::PDU::BindResult - raise Net::LDAP::NoBindResultError, "no bind result" - end - - return pdu unless pdu.result_code == Net::LDAP::ResultCodeSaslBindInProgress - raise Net::LDAP::SASLChallengeOverflowError, "sasl-challenge overflow" if ((n += 1) > MaxSaslChallenges) - - cred = chall.call(pdu.result_server_sasl_creds) - } - - raise Net::LDAP::SASLChallengeOverflowError, "why are we here?" - end - private :bind_sasl - - #-- - # PROVISIONAL, only for testing SASL implementations. DON'T USE THIS YET. - # Uses Kohei Kajimoto's Ruby/NTLM. We have to find a clean way to - # integrate it without introducing an external dependency. - # - # This authentication method is accessed by calling #bind with a :method - # parameter of :gss_spnego. It requires :username and :password - # attributes, just like the :simple authentication method. It performs a - # GSS-SPNEGO authentication with the server, which is presumed to be a - # Microsoft Active Directory. - #++ - def bind_gss_spnego(auth) - require 'ntlm' - - user, psw = [auth[:username] || auth[:dn], auth[:password]] - raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw) - - nego = proc { |challenge| - t2_msg = NTLM::Message.parse(challenge) - t3_msg = t2_msg.response({ :user => user, :password => psw }, - { :ntlmv2 => true }) - t3_msg.serialize - } - - bind_sasl(:method => :sasl, :mechanism => "GSS-SPNEGO", - :initial_credential => NTLM::Message::Type1.new.serialize, - :challenge_response => nego) - end - private :bind_gss_spnego - - #-- # Allow the caller to specify a sort control # From 60edf55bacd355b4c742c6f56137fa89467bcff6 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Wed, 7 Oct 2015 20:21:44 +0900 Subject: [PATCH 029/146] Make namespace of AuthAdapater singular --- lib/net/ldap/{auth_adapters => auth_adapter}/gss_spnego.rb | 2 +- lib/net/ldap/{auth_adapters => auth_adapter}/sasl.rb | 2 +- lib/net/ldap/{auth_adapters => auth_adapter}/simple.rb | 2 +- lib/net/ldap/auth_adapters/anon.rb | 3 --- lib/net/ldap/auth_adapters/anonymous.rb | 3 --- 5 files changed, 3 insertions(+), 9 deletions(-) rename lib/net/ldap/{auth_adapters => auth_adapter}/gss_spnego.rb (97%) rename lib/net/ldap/{auth_adapters => auth_adapter}/sasl.rb (99%) rename lib/net/ldap/{auth_adapters => auth_adapter}/simple.rb (97%) delete mode 100644 lib/net/ldap/auth_adapters/anon.rb delete mode 100644 lib/net/ldap/auth_adapters/anonymous.rb diff --git a/lib/net/ldap/auth_adapters/gss_spnego.rb b/lib/net/ldap/auth_adapter/gss_spnego.rb similarity index 97% rename from lib/net/ldap/auth_adapters/gss_spnego.rb rename to lib/net/ldap/auth_adapter/gss_spnego.rb index 2513f150..b44b5c5e 100644 --- a/lib/net/ldap/auth_adapters/gss_spnego.rb +++ b/lib/net/ldap/auth_adapter/gss_spnego.rb @@ -1,5 +1,5 @@ require 'net/ldap/auth_adapter' -require 'net/ldap/auth_adapters/sasl' +require 'net/ldap/auth_adapter/sasl' module Net class LDAP diff --git a/lib/net/ldap/auth_adapters/sasl.rb b/lib/net/ldap/auth_adapter/sasl.rb similarity index 99% rename from lib/net/ldap/auth_adapters/sasl.rb rename to lib/net/ldap/auth_adapter/sasl.rb index c7c460c0..38e977b9 100644 --- a/lib/net/ldap/auth_adapters/sasl.rb +++ b/lib/net/ldap/auth_adapter/sasl.rb @@ -2,7 +2,7 @@ module Net class LDAP - module AuthAdapters + module AuthAdapter class Sasl < Net::LDAP::AuthAdapter #-- # Required parameters: :mechanism, :initial_credential and diff --git a/lib/net/ldap/auth_adapters/simple.rb b/lib/net/ldap/auth_adapter/simple.rb similarity index 97% rename from lib/net/ldap/auth_adapters/simple.rb rename to lib/net/ldap/auth_adapter/simple.rb index c580cf99..471878c5 100644 --- a/lib/net/ldap/auth_adapters/simple.rb +++ b/lib/net/ldap/auth_adapter/simple.rb @@ -2,7 +2,7 @@ module Net class LDAP - module AuthAdapters + class AuthAdapter class Simple < AuthAdapter def bind(auth) user, psw = if auth[:method] == :simple diff --git a/lib/net/ldap/auth_adapters/anon.rb b/lib/net/ldap/auth_adapters/anon.rb deleted file mode 100644 index 7cb65cb6..00000000 --- a/lib/net/ldap/auth_adapters/anon.rb +++ /dev/null @@ -1,3 +0,0 @@ -require 'net/ldap/auth_adapters/simple' - -Net::LDAP::AuthAdapter.register(:anon, Net::LDAP::AuthAdapters::Simple) diff --git a/lib/net/ldap/auth_adapters/anonymous.rb b/lib/net/ldap/auth_adapters/anonymous.rb deleted file mode 100644 index 8ed42298..00000000 --- a/lib/net/ldap/auth_adapters/anonymous.rb +++ /dev/null @@ -1,3 +0,0 @@ -require 'net/ldap/auth_adapters/simple' - -Net::LDAP::AuthAdapter.register(:anonymous, Net::LDAP::AuthAdapters::Simple) From b56450d0ae75e94da14803057c0b4aa35dfdbbad Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Wed, 7 Oct 2015 20:27:16 +0900 Subject: [PATCH 030/146] Fix wrong adapter used in GSS_SPNEGO --- lib/net/ldap/auth_adapter/gss_spnego.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/net/ldap/auth_adapter/gss_spnego.rb b/lib/net/ldap/auth_adapter/gss_spnego.rb index b44b5c5e..5eb62a0a 100644 --- a/lib/net/ldap/auth_adapter/gss_spnego.rb +++ b/lib/net/ldap/auth_adapter/gss_spnego.rb @@ -29,7 +29,7 @@ def bind(auth) t3_msg.serialize } - Net::LDAP::AuthAdapter.new(@connection). + Net::LDAP::AuthAdapter::Sasl.new(@connection). bind(:method => :sasl, :mechanism => "GSS-SPNEGO", :initial_credential => NTLM::Message::Type1.new.serialize, :challenge_response => nego) From 86e4ba16fe9177bd3fce308616ef2258f4ad4d34 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Wed, 7 Oct 2015 20:39:31 +0900 Subject: [PATCH 031/146] Move registration of AuthAdapters to net/ldap --- lib/net/ldap.rb | 6 ++++++ lib/net/ldap/auth_adapter/gss_spnego.rb | 2 -- lib/net/ldap/auth_adapter/sasl.rb | 4 +--- lib/net/ldap/auth_adapter/simple.rb | 2 -- lib/net/ldap/connection.rb | 1 - 5 files changed, 7 insertions(+), 8 deletions(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index ffb48719..7c151895 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -27,6 +27,12 @@ class LDAP require 'net/ldap/connection' require 'net/ldap/version' require 'net/ldap/error' +require 'net/ldap/auth_adapter' +require 'net/ldap/auth_adapter/simple' +require 'net/ldap/auth_adapter/sasl' + +Net::LDAP::AuthAdapter.register([:simple, :anon, :anonymous], Net::LDAP::AuthAdapter::Simple) +Net::LDAP::AuthAdapter.register(:sasl, Net::LDAP::AuthAdapter::Sasl) # == Quick-start for the Impatient # === Quick Example of a user-authentication against an LDAP directory: diff --git a/lib/net/ldap/auth_adapter/gss_spnego.rb b/lib/net/ldap/auth_adapter/gss_spnego.rb index 5eb62a0a..e251f038 100644 --- a/lib/net/ldap/auth_adapter/gss_spnego.rb +++ b/lib/net/ldap/auth_adapter/gss_spnego.rb @@ -38,5 +38,3 @@ def bind(auth) end end end - -Net::LDAP::Adapter.register(:gss_spnego, Net::LDAP::AuthAdapters::GSS_SPNEGO) diff --git a/lib/net/ldap/auth_adapter/sasl.rb b/lib/net/ldap/auth_adapter/sasl.rb index 38e977b9..fa7315b5 100644 --- a/lib/net/ldap/auth_adapter/sasl.rb +++ b/lib/net/ldap/auth_adapter/sasl.rb @@ -2,7 +2,7 @@ module Net class LDAP - module AuthAdapter + class AuthAdapter class Sasl < Net::LDAP::AuthAdapter #-- # Required parameters: :mechanism, :initial_credential and @@ -58,5 +58,3 @@ def bind(auth) end end end - -Net::LDAP::AuthAdapter.register(:sasl, Net::LDAP::AuthAdapters::Sasl) diff --git a/lib/net/ldap/auth_adapter/simple.rb b/lib/net/ldap/auth_adapter/simple.rb index 471878c5..d01b57ae 100644 --- a/lib/net/ldap/auth_adapter/simple.rb +++ b/lib/net/ldap/auth_adapter/simple.rb @@ -32,5 +32,3 @@ def bind(auth) end end end - -Net::LDAP::AuthAdapter.register(:simple, Net::LDAP::AuthAdapters::Simple) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index e3129348..f45e54a0 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -250,7 +250,6 @@ def next_msgid def bind(auth) instrument "bind.net_ldap_connection" do |payload| payload[:method] = meth = auth[:method] - require "net/ldap/auth_adapters/#{meth}" adapter = Net::LDAP::AuthAdapter[meth] adapter.new(self).bind(auth) end From fbb1951f41bfe42599bfe691dc276e45f09856d1 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Fri, 9 Oct 2015 05:00:07 +0900 Subject: [PATCH 032/146] Register gss_spnego when requiring 'net/ldap' --- lib/net/ldap.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 7c151895..2467663d 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -30,9 +30,11 @@ class LDAP require 'net/ldap/auth_adapter' require 'net/ldap/auth_adapter/simple' require 'net/ldap/auth_adapter/sasl' +require 'net/ldap/auth_adapter/gss_spnego' Net::LDAP::AuthAdapter.register([:simple, :anon, :anonymous], Net::LDAP::AuthAdapter::Simple) Net::LDAP::AuthAdapter.register(:sasl, Net::LDAP::AuthAdapter::Sasl) +Net::LDAP::AuthAdapter.register(:gss_spnego, Net::LDAP::AuthAdapter::Sasl) # == Quick-start for the Impatient # === Quick Example of a user-authentication against an LDAP directory: From 9bf1f3003a5f20c370f8d0dbd0ce88dfdeac1434 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Fri, 9 Oct 2015 05:35:13 +0900 Subject: [PATCH 033/146] Raise exception when specifying undefined auth method --- lib/net/ldap/auth_adapter.rb | 6 +++++- test/test_auth_adapter.rb | 11 +++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 test/test_auth_adapter.rb diff --git a/lib/net/ldap/auth_adapter.rb b/lib/net/ldap/auth_adapter.rb index bd818dec..f74232d1 100644 --- a/lib/net/ldap/auth_adapter.rb +++ b/lib/net/ldap/auth_adapter.rb @@ -10,7 +10,11 @@ def self.register(names, adapter) end def self.[](name) - @adapters[name] + a = @adapters[name] + if a.nil? + raise Net::LDAP::AuthMethodUnsupportedError, "Unsupported auth method (#{name})" + end + return a end def initialize(conn) diff --git a/test/test_auth_adapter.rb b/test/test_auth_adapter.rb new file mode 100644 index 00000000..7cec57bc --- /dev/null +++ b/test/test_auth_adapter.rb @@ -0,0 +1,11 @@ +require 'test_helper' + +class TestAuthAdapter < Test::Unit::TestCase + def test_undefined_auth_adapter + flexmock(TCPSocket).should_receive(:new).ordered.with('ldap.example.com', 379).once.and_return(nil) + conn = Net::LDAP::Connection.new(host: 'ldap.example.com', port: 379) + assert_raise Net::LDAP::AuthMethodUnsupportedError, "Unsupported auth method (foo)" do + conn.bind(method: :foo) + end + end +end From 8be52247f156fd640b0140bd336f0d1b7be302c7 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Sat, 10 Oct 2015 06:52:02 +0900 Subject: [PATCH 034/146] GSS SPNEGO is not supported --- lib/net/ldap.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 2467663d..7c151895 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -30,11 +30,9 @@ class LDAP require 'net/ldap/auth_adapter' require 'net/ldap/auth_adapter/simple' require 'net/ldap/auth_adapter/sasl' -require 'net/ldap/auth_adapter/gss_spnego' Net::LDAP::AuthAdapter.register([:simple, :anon, :anonymous], Net::LDAP::AuthAdapter::Simple) Net::LDAP::AuthAdapter.register(:sasl, Net::LDAP::AuthAdapter::Sasl) -Net::LDAP::AuthAdapter.register(:gss_spnego, Net::LDAP::AuthAdapter::Sasl) # == Quick-start for the Impatient # === Quick Example of a user-authentication against an LDAP directory: From edee2ee46b0f3bba2ea5b71019a7a11a53bbb23b Mon Sep 17 00:00:00 2001 From: Jeremy Bopp Date: Sun, 18 Oct 2015 17:32:07 -0500 Subject: [PATCH 035/146] Move connection error handling logic into a new error class * ConnectionError wraps the creation of several error types for backward compatibility * For now, ConnectionError is only created when more than 1 error is given to the constructor * In the future, ConnectionError should be used even in the single error case --- lib/net/ldap/connection.rb | 9 +-------- lib/net/ldap/error.rb | 19 +++++++++++++++++++ test/test_ldap_connection.rb | 2 +- 3 files changed, 21 insertions(+), 9 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index fdec64b5..d28554ff 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -48,14 +48,7 @@ def open_connection(server) end end - if errors.size == 1 - error = errors.first.first - raise Net::LDAP::ConnectionRefusedError, error.message if error.kind_of? Errno::ECONNREFUSED - raise Net::LDAP::Error, error.message - end - - raise Net::LDAP::Error, - "Unable to connect to any given server: \n #{errors.map { |e, h, p| "#{e.class}: #{e.message} (#{h}:#{p})" }.join("\n ")}" + raise Net::LDAP::ConnectionError.new(errors) end module GetbyteForSSLSocket diff --git a/lib/net/ldap/error.rb b/lib/net/ldap/error.rb index 38b4a4a5..9f157195 100644 --- a/lib/net/ldap/error.rb +++ b/lib/net/ldap/error.rb @@ -25,6 +25,25 @@ def warn_deprecation_message warn "Deprecation warning: Net::LDAP::ConnectionRefused will be deprecated. Use Errno::ECONNREFUSED instead." end end + class ConnectionError < Error + def self.new(errors) + error = errors.first.first + if errors.size == 1 + if error.kind_of? Errno::ECONNREFUSED + return Net::LDAP::ConnectionRefusedError.new(error.message) + end + + return Net::LDAP::Error.new(error.message) + end + + super + end + + def initialize(errors) + message = "Unable to connect to any given server: \n #{errors.map { |e, h, p| "#{e.class}: #{e.message} (#{h}:#{p})" }.join("\n ")}" + super(message) + end + end class NoOpenSSLError < Error; end class NoStartTLSResultError < Error; end class NoSearchBaseError < Error; end diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index e5104838..d991bddc 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -42,7 +42,7 @@ def test_list_of_hosts_with_all_hosts_failure flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[1]).once.and_raise(SocketError) flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[2]).once.and_raise(SocketError) flexmock(TCPSocket).should_receive(:new).ordered.never - assert_raise Net::LDAP::Error do + assert_raise Net::LDAP::ConnectionError do Net::LDAP::Connection.new(:hosts => hosts) end end From e1a0d1348f2e49acb5ba67e803e9102eb1b64f14 Mon Sep 17 00:00:00 2001 From: Jeremy Bopp Date: Sun, 18 Oct 2015 17:38:03 -0500 Subject: [PATCH 036/146] Resolve rubocop violations --- test/test_ldap_connection.rb | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index d991bddc..73752631 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -11,10 +11,10 @@ def capture_stderr def test_list_of_hosts_with_first_host_successful hosts = [ - ['test.mocked.com', 636], - ['test2.mocked.com', 636], - ['test3.mocked.com', 636], - ] + ['test.mocked.com', 636], + ['test2.mocked.com', 636], + ['test3.mocked.com', 636], + ] flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[0]).once.and_return(nil) flexmock(TCPSocket).should_receive(:new).ordered.never Net::LDAP::Connection.new(:hosts => hosts) @@ -22,10 +22,10 @@ def test_list_of_hosts_with_first_host_successful def test_list_of_hosts_with_first_host_failure hosts = [ - ['test.mocked.com', 636], - ['test2.mocked.com', 636], - ['test3.mocked.com', 636], - ] + ['test.mocked.com', 636], + ['test2.mocked.com', 636], + ['test3.mocked.com', 636], + ] flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[0]).once.and_raise(SocketError) flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[1]).once.and_return(nil) flexmock(TCPSocket).should_receive(:new).ordered.never @@ -34,10 +34,10 @@ def test_list_of_hosts_with_first_host_failure def test_list_of_hosts_with_all_hosts_failure hosts = [ - ['test.mocked.com', 636], - ['test2.mocked.com', 636], - ['test3.mocked.com', 636], - ] + ['test.mocked.com', 636], + ['test2.mocked.com', 636], + ['test3.mocked.com', 636], + ] flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[0]).once.and_raise(SocketError) flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[1]).once.and_raise(SocketError) flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[2]).once.and_raise(SocketError) From 5a4ddb14a1f1abf54202c8e7fcd5bf3ba287c91f Mon Sep 17 00:00:00 2001 From: Jeremy Bopp Date: Mon, 19 Oct 2015 14:42:08 -0500 Subject: [PATCH 037/146] Assign exceptions to a variable rather than use $! --- lib/net/ldap/connection.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index d28554ff..3c3dbfd6 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -43,8 +43,8 @@ def open_connection(server) prepare_socket(server.merge(socket: TCPSocket.new(host, port)), true) return rescue Net::LDAP::Error, SocketError, SystemCallError, - OpenSSL::SSL::SSLError - errors << [$!, host, port] + OpenSSL::SSL::SSLError => e + errors << [e, host, port] end end From ab320af47c6c75536ac6ab7a83a419746132f67a Mon Sep 17 00:00:00 2001 From: Jeremy Bopp Date: Mon, 19 Oct 2015 14:43:38 -0500 Subject: [PATCH 038/146] Close the socket where opened when necessary --- lib/net/ldap/connection.rb | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 3c3dbfd6..f3b42f71 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -19,18 +19,12 @@ def initialize(server) yield self if block_given? end - def prepare_socket(server, close = false) + def prepare_socket(server) socket = server[:socket] encryption = server[:encryption] @conn = socket setup_encryption encryption if encryption - rescue - # Ensure the connection is closed when requested in the event of an SSL - # setup failure. - @conn.close if close - @conn = nil - raise end def open_connection(server) @@ -40,10 +34,14 @@ def open_connection(server) errors = [] hosts.each do |host, port| begin - prepare_socket(server.merge(socket: TCPSocket.new(host, port)), true) + socket = TCPSocket.new(host, port) + prepare_socket(server.merge(socket: socket)) return rescue Net::LDAP::Error, SocketError, SystemCallError, OpenSSL::SSL::SSLError => e + # Ensure the connection is closed in the event a setup failure. + socket.close unless socket.nil? + socket = nil errors << [e, host, port] end end From e8290692cfd9f196c0d90f36fca29bc530e51dfe Mon Sep 17 00:00:00 2001 From: Jeremy Bopp Date: Sun, 25 Oct 2015 22:28:21 -0500 Subject: [PATCH 039/146] Move connection cleanup logic into the close method --- lib/net/ldap/connection.rb | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index f3b42f71..691e284f 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -34,14 +34,12 @@ def open_connection(server) errors = [] hosts.each do |host, port| begin - socket = TCPSocket.new(host, port) - prepare_socket(server.merge(socket: socket)) + prepare_socket(server.merge(socket: TCPSocket.new(host, port))) return rescue Net::LDAP::Error, SocketError, SystemCallError, OpenSSL::SSL::SSLError => e # Ensure the connection is closed in the event a setup failure. - socket.close unless socket.nil? - socket = nil + close errors << [e, host, port] end end @@ -145,6 +143,7 @@ def setup_encryption(args) # have to call it, but perhaps it will come in handy someday. #++ def close + return if @conn.nil? @conn.close @conn = nil end From 762b78f77f394a0efed96a4854a22c464d08ef2f Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Tue, 27 Oct 2015 10:48:52 -0600 Subject: [PATCH 040/146] release 0.12.0 --- History.rdoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/History.rdoc b/History.rdoc index 40b45255..1e0270a8 100644 --- a/History.rdoc +++ b/History.rdoc @@ -1,5 +1,10 @@ === Net::LDAP 0.12.0 +* DRY up connection handling logic {#224}[https://github.com/ruby-ldap/ruby-net-ldap/pull/224] +* Define auth adapters {#226}[https://github.com/ruby-ldap/ruby-net-ldap/pull/226] +* add slash to attribute value filter {#225}[https://github.com/ruby-ldap/ruby-net-ldap/pull/225] +* Add the ability to provide a list of hosts for a connection {#223}[https://github.com/ruby-ldap/ruby-net-ldap/pull/223] +* Specify the port of LDAP server by giving INTEGRATION_PORT {#221}[https://github.com/ruby-ldap/ruby-net-ldap/pull/221] * Correctly set BerIdentifiedString values to UTF-8 {#212}[https://github.com/ruby-ldap/ruby-net-ldap/pull/212] * Raise Net::LDAP::ConnectionRefusedError when new connection is refused. {#213}[https://github.com/ruby-ldap/ruby-net-ldap/pull/213] * obscure auth password upon #inspect, added test, closes #216 {#217}[https://github.com/ruby-ldap/ruby-net-ldap/pull/217] From 2f053dd12264da42d90144341b4c0f0d8a372349 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Tue, 27 Oct 2015 11:28:56 -0600 Subject: [PATCH 041/146] Release 0.12.0 From b637db7efe22e2b864d3e37b21726ab3589188c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dennis=20G=C3=BCnnewig?= Date: Thu, 5 Nov 2015 17:32:10 +0100 Subject: [PATCH 042/146] Set operation result if LDAP server is not accessible --- lib/net/ldap.rb | 6 ++++++ test/test_ldap_connection.rb | 13 +++++++++++++ 2 files changed, 19 insertions(+) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 7c151895..0ec7fbb7 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -1243,5 +1243,11 @@ def new_connection :hosts => @hosts, :encryption => @encryption, :instrumentation_service => @instrumentation_service + rescue Errno::ECONNREFUSED, Net::LDAP::ConnectionRefusedError => e + @result = { + :resultCode => 52, + :errorMessage => ResultStrings[ResultCodeUnavailable] + } + raise e end end # class LDAP diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index 73752631..b4c77615 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -47,6 +47,19 @@ def test_list_of_hosts_with_all_hosts_failure end end + def test_result_for_connection_failed_is_set + flexmock(TCPSocket).should_receive(:new).and_raise(Errno::ECONNREFUSED) + + ldap_client = Net::LDAP.new(host: '127.0.0.1', port: 12345) + + assert_raise Net::LDAP::ConnectionRefusedError do + ldap_client.bind(method: :simple, username: 'asdf', password: 'asdf') + end + + assert_equal(ldap_client.get_operation_result.code, 52) + assert_equal(ldap_client.get_operation_result.message, 'Unavailable') + end + def test_unresponsive_host assert_raise Net::LDAP::Error do Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636) From 83406ee5ca7f26c0a6580e3ca2d5942b2b3a27a3 Mon Sep 17 00:00:00 2001 From: Justin Ouellette Date: Sun, 8 Nov 2015 21:13:30 -0500 Subject: [PATCH 043/146] Fixed capitalization of StartTLSError --- lib/net/ldap/connection.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 4e3f6dd0..71ff7b43 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -130,7 +130,7 @@ def setup_encryption(args) if pdu.result_code.zero? @conn = self.class.wrap_with_ssl(@conn, args[:tls_options]) else - raise Net::LDAP::StartTlSError, "start_tls failed: #{pdu.result_code}" + raise Net::LDAP::StartTLSError, "start_tls failed: #{pdu.result_code}" end else raise Net::LDAP::EncMethodUnsupportedError, "unsupported encryption method #{args[:method]}" From d5e6afd6c77ad7a62d49b57000a650df14d26352 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Mon, 9 Nov 2015 22:17:50 -0800 Subject: [PATCH 044/146] lazy init Net::LDAP::Connection's internal sock --- lib/net/ldap/connection.rb | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 4e3f6dd0..e987a443 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -6,16 +6,10 @@ class Net::LDAP::Connection #:nodoc: LdapVersion = 3 MaxSaslChallenges = 10 - def initialize(server) + def initialize(server = {}) + @server = server @instrumentation_service = server[:instrumentation_service] - if server[:socket] - prepare_socket(server) - else - server[:hosts] = [[server[:host], server[:port]]] if server[:hosts].nil? - open_connection(server) - end - yield self if block_given? end @@ -195,7 +189,7 @@ def message_queue def read(syntax = Net::LDAP::AsnSyntax) ber_object = instrument "read.net_ldap_connection", :syntax => syntax do |payload| - @conn.read_ber(syntax) do |id, content_length| + socket.read_ber(syntax) do |id, content_length| payload[:object_type_id] = id payload[:content_length] = content_length end @@ -225,7 +219,7 @@ def read(syntax = Net::LDAP::AsnSyntax) def write(request, controls = nil, message_id = next_msgid) instrument "write.net_ldap_connection" do |payload| packet = [message_id.to_ber, request, controls].compact.to_ber_sequence - payload[:content_length] = @conn.write(packet) + payload[:content_length] = socket.write(packet) end end private :write @@ -600,4 +594,18 @@ def delete(args) pdu end + + private + + # Returns a Socket like object used internally to communicate with LDAP server + # + # Typically a TCPSocket, but can be a OpenSSL::SSL::SSLSocket + def socket + return @conn if defined? @conn + + # First refactoring uses the existing methods open_connection and + # prepare_socket to set @conn. Next cleanup would centralize connection + # handling here. + open_connection(@server) + end end # class Connection From 4a415bcc4f43c2f40ed037266089a9405b0d2768 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Mon, 9 Nov 2015 23:29:48 -0800 Subject: [PATCH 045/146] preserve existing socket init code --- lib/net/ldap/connection.rb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index e987a443..84164ef7 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -606,6 +606,13 @@ def socket # First refactoring uses the existing methods open_connection and # prepare_socket to set @conn. Next cleanup would centralize connection # handling here. - open_connection(@server) + if @server[:socket] + prepare_socket(@server) + else + @server[:hosts] = [[@server[:host], @server[:port]]] if @server[:hosts].nil? + open_connection(@server) + end + + @conn end end # class Connection From b8568061cf1d55966aa87d75bf8825f1fe3e143e Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Mon, 9 Nov 2015 23:30:36 -0800 Subject: [PATCH 046/146] #socket internal for easier testing --- lib/net/ldap/connection.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 84164ef7..0d419c4d 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -595,9 +595,8 @@ def delete(args) pdu end - private - - # Returns a Socket like object used internally to communicate with LDAP server + # Internal: Returns a Socket like object used internally to communicate with + # LDAP server. # # Typically a TCPSocket, but can be a OpenSSL::SSL::SSLSocket def socket From 76dde7b25b130e7e847b72700fde593a9ca86024 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Mon, 9 Nov 2015 23:30:50 -0800 Subject: [PATCH 047/146] parameterize socket_class for testing --- lib/net/ldap/connection.rb | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 0d419c4d..ef703dd2 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -13,6 +13,15 @@ def initialize(server = {}) yield self if block_given? end + # Allows tests to parameterize what socket class to use + def socket_class + @socket_class || TCPSocket + end + + def socket_class=(socket_class) + @socket_class = socket_class + end + def prepare_socket(server) socket = server[:socket] encryption = server[:encryption] @@ -28,7 +37,7 @@ def open_connection(server) errors = [] hosts.each do |host, port| begin - prepare_socket(server.merge(socket: TCPSocket.new(host, port))) + prepare_socket(server.merge(socket: socket_class.new(host, port))) return rescue Net::LDAP::Error, SocketError, SystemCallError, OpenSSL::SSL::SSLError => e From 53cc6b501e5dbe25ab1498968eafec0a7c927fa9 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Mon, 9 Nov 2015 23:32:12 -0800 Subject: [PATCH 048/146] remove tcpsocket stubbing with FakeTCPSocket class --- test/test_ldap_connection.rb | 54 ++++++++++++++++++++++-------------- 1 file changed, 33 insertions(+), 21 deletions(-) diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index b4c77615..c75ad410 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -9,41 +9,53 @@ def capture_stderr $stderr = stderr end + # Fake socket for testing + # + # FakeTCPSocket.new("success", 636) + # FakeTCPSocket.new("fail.SocketError", 636) # raises SocketError + class FakeTCPSocket + def initialize(host, port) + status, error = host.split(".") + if status == "fail" + raise Object.const_get(error) + end + end + end + def test_list_of_hosts_with_first_host_successful hosts = [ - ['test.mocked.com', 636], - ['test2.mocked.com', 636], - ['test3.mocked.com', 636], + ["success.host", 636], + ["fail.SocketError", 636], + ["fail.SocketError", 636], ] - flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[0]).once.and_return(nil) - flexmock(TCPSocket).should_receive(:new).ordered.never - Net::LDAP::Connection.new(:hosts => hosts) + + connection = Net::LDAP::Connection.new(:hosts => hosts) + connection.socket_class = FakeTCPSocket + connection.socket end def test_list_of_hosts_with_first_host_failure hosts = [ - ['test.mocked.com', 636], - ['test2.mocked.com', 636], - ['test3.mocked.com', 636], + ["fail.SocketError", 636], + ["success.host", 636], + ["fail.SocketError", 636], ] - flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[0]).once.and_raise(SocketError) - flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[1]).once.and_return(nil) - flexmock(TCPSocket).should_receive(:new).ordered.never - Net::LDAP::Connection.new(:hosts => hosts) + connection = Net::LDAP::Connection.new(:hosts => hosts) + connection.socket_class = FakeTCPSocket + connection.socket end def test_list_of_hosts_with_all_hosts_failure hosts = [ - ['test.mocked.com', 636], - ['test2.mocked.com', 636], - ['test3.mocked.com', 636], + ["fail.SocketError", 636], + ["fail.SocketError", 636], + ["fail.SocketError", 636], ] - flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[0]).once.and_raise(SocketError) - flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[1]).once.and_raise(SocketError) - flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[2]).once.and_raise(SocketError) - flexmock(TCPSocket).should_receive(:new).ordered.never + + connection = Net::LDAP::Connection.new(:hosts => hosts) + connection.socket_class = FakeTCPSocket assert_raise Net::LDAP::ConnectionError do - Net::LDAP::Connection.new(:hosts => hosts) + connection.socket end end From e9a1bf19603e51cd5b3718e30309f574311037e5 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Tue, 10 Nov 2015 00:13:22 -0800 Subject: [PATCH 049/146] add initialize docs --- lib/net/ldap/connection.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index ef703dd2..6d58f6ea 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -6,6 +6,14 @@ class Net::LDAP::Connection #:nodoc: LdapVersion = 3 MaxSaslChallenges = 10 + # Initialize a connection to an LDAP server + # + # :server + # :hosts Array of tuples specifying host, port + # :host host + # :port port + # :socket prepared socket + # def initialize(server = {}) @server = server @instrumentation_service = server[:instrumentation_service] From 9a2e26ef08e0781b6a1ad294c5c073918f2f2384 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Tue, 10 Nov 2015 00:30:58 -0800 Subject: [PATCH 050/146] preserve existing behavior --- lib/net/ldap.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 0ec7fbb7..d952c484 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -1237,12 +1237,16 @@ def use_connection(args) # Establish a new connection to the LDAP server def new_connection - Net::LDAP::Connection.new \ + connection = Net::LDAP::Connection.new \ :host => @host, :port => @port, :hosts => @hosts, :encryption => @encryption, :instrumentation_service => @instrumentation_service + + # Force connect to see if there's a connection error + connection.socket + connection rescue Errno::ECONNREFUSED, Net::LDAP::ConnectionRefusedError => e @result = { :resultCode => 52, From 259f18af42b56efe3d371ba59e9349dda736d55d Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Tue, 10 Nov 2015 00:31:17 -0800 Subject: [PATCH 051/146] update tests --- test/test_ldap_connection.rb | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index c75ad410..a8620eb7 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -59,6 +59,7 @@ def test_list_of_hosts_with_all_hosts_failure end end + # This belongs in test_ldap, not test_ldap_connection def test_result_for_connection_failed_is_set flexmock(TCPSocket).should_receive(:new).and_raise(Errno::ECONNREFUSED) @@ -73,33 +74,36 @@ def test_result_for_connection_failed_is_set end def test_unresponsive_host + connection = Net::LDAP::Connection.new(:host => "fail.Errno::ETIMEDOUT", :port => 636) + connection.socket_class = FakeTCPSocket assert_raise Net::LDAP::Error do - Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636) + connection.socket end end def test_blocked_port - flexmock(TCPSocket).should_receive(:new).and_raise(SocketError) + connection = Net::LDAP::Connection.new(:host => "fail.SocketError", :port => 636) + connection.socket_class = FakeTCPSocket assert_raise Net::LDAP::Error do - Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636) + connection.socket end end def test_connection_refused - flexmock(TCPSocket).should_receive(:new).and_raise(Errno::ECONNREFUSED) + connection = Net::LDAP::Connection.new(:host => "fail.Errno::ECONNREFUSED", :port => 636) + connection.socket_class = FakeTCPSocket stderr = capture_stderr do assert_raise Net::LDAP::ConnectionRefusedError do - Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636) + connection.socket end end assert_equal("Deprecation warning: Net::LDAP::ConnectionRefused will be deprecated. Use Errno::ECONNREFUSED instead.\n", stderr) end def test_raises_unknown_exceptions - error = Class.new(StandardError) - flexmock(TCPSocket).should_receive(:new).and_raise(error) - assert_raise error do - Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636) + connection = Net::LDAP::Connection.new(:host => "fail.StandardError", :port => 636) + assert_raise Net::LDAP::Error do + connection.socket end end From f6ad189c2e07f55a9c1c17c54c236a98a5727caa Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Tue, 10 Nov 2015 17:30:23 -0800 Subject: [PATCH 052/146] use fake for auth adapter test --- test/test_auth_adapter.rb | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/test/test_auth_adapter.rb b/test/test_auth_adapter.rb index 7cec57bc..ee7fb4cc 100644 --- a/test/test_auth_adapter.rb +++ b/test/test_auth_adapter.rb @@ -1,9 +1,14 @@ require 'test_helper' class TestAuthAdapter < Test::Unit::TestCase + class FakeSocket + def initialize(*args) + end + end + def test_undefined_auth_adapter - flexmock(TCPSocket).should_receive(:new).ordered.with('ldap.example.com', 379).once.and_return(nil) conn = Net::LDAP::Connection.new(host: 'ldap.example.com', port: 379) + conn.socket_class = FakeSocket assert_raise Net::LDAP::AuthMethodUnsupportedError, "Unsupported auth method (foo)" do conn.bind(method: :foo) end From e7cc5ae51ecf21053d21afa1970eced85106233b Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Tue, 10 Nov 2015 17:30:43 -0800 Subject: [PATCH 053/146] replace ldap tests with fake connection object --- lib/net/ldap.rb | 5 +++++ test/test_ldap.rb | 41 +++++++++++++++++++++++++++++++---------- 2 files changed, 36 insertions(+), 10 deletions(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index d952c484..febad64c 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -1212,6 +1212,11 @@ def inspect inspected end + # Internal: Set @open_connection for testing + def connection=(connection) + @open_connection = connection + end + private # Yields an open connection if there is one, otherwise establishes a new diff --git a/test/test_ldap.rb b/test/test_ldap.rb index f30416b2..b8c8afdf 100644 --- a/test/test_ldap.rb +++ b/test/test_ldap.rb @@ -1,6 +1,28 @@ require 'test_helper' class TestLDAPInstrumentation < Test::Unit::TestCase + # Fake Net::LDAP::Connection for testing + class FakeConnection + # It's difficult to instantiate Net::LDAP::PDU objects. Faking out what we + # need here until that object is brought under test and has it's constructor + # cleaned up. + class Result < Struct.new(:success?, :result_code); end + + def initialize + @bind_success = Result.new(true, Net::LDAP::ResultCodeSuccess) + @search_success = Result.new(true, Net::LDAP::ResultCodeSizeLimitExceeded) + end + + def bind(args = {}) + @bind_success + end + + def search(*args) + yield @search_success if block_given? + @search_success + end + end + def setup @connection = flexmock(:connection, :close => true) flexmock(Net::LDAP::Connection).should_receive(:new).and_return(@connection) @@ -15,8 +37,9 @@ def setup def test_instrument_bind events = @service.subscribe "bind.net_ldap" - bind_result = flexmock(:bind_result, :success? => true) - flexmock(@connection).should_receive(:bind).with(Hash).and_return(bind_result) + fake_connection = FakeConnection.new + @subject.connection = fake_connection + bind_result = fake_connection.bind assert @subject.bind @@ -28,10 +51,9 @@ def test_instrument_bind def test_instrument_search events = @service.subscribe "search.net_ldap" - flexmock(@connection).should_receive(:bind).and_return(flexmock(:bind_result, :result_code => Net::LDAP::ResultCodeSuccess)) - flexmock(@connection).should_receive(:search).with(Hash, Proc). - yields(entry = Net::LDAP::Entry.new("uid=user1,ou=users,dc=example,dc=com")). - and_return(flexmock(:search_result, :success? => true, :result_code => Net::LDAP::ResultCodeSuccess)) + fake_connection = FakeConnection.new + @subject.connection = fake_connection + entry = fake_connection.search refute_nil @subject.search(:filter => "(uid=user1)") @@ -44,10 +66,9 @@ def test_instrument_search def test_instrument_search_with_size events = @service.subscribe "search.net_ldap" - flexmock(@connection).should_receive(:bind).and_return(flexmock(:bind_result, :result_code => Net::LDAP::ResultCodeSuccess)) - flexmock(@connection).should_receive(:search).with(Hash, Proc). - yields(entry = Net::LDAP::Entry.new("uid=user1,ou=users,dc=example,dc=com")). - and_return(flexmock(:search_result, :success? => true, :result_code => Net::LDAP::ResultCodeSizeLimitExceeded)) + fake_connection = FakeConnection.new + @subject.connection = fake_connection + entry = fake_connection.search refute_nil @subject.search(:filter => "(uid=user1)", :size => 1) From 7969aa93506f1d477f5dcd6055ec8f85b986fe4b Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Wed, 11 Nov 2015 09:12:29 -0800 Subject: [PATCH 054/146] some cleanup --- lib/net/ldap/auth_adapter/gss_spnego.rb | 9 +++++---- lib/net/ldap/error.rb | 1 + 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/net/ldap/auth_adapter/gss_spnego.rb b/lib/net/ldap/auth_adapter/gss_spnego.rb index e251f038..b4fec88c 100644 --- a/lib/net/ldap/auth_adapter/gss_spnego.rb +++ b/lib/net/ldap/auth_adapter/gss_spnego.rb @@ -29,10 +29,11 @@ def bind(auth) t3_msg.serialize } - Net::LDAP::AuthAdapter::Sasl.new(@connection). - bind(:method => :sasl, :mechanism => "GSS-SPNEGO", - :initial_credential => NTLM::Message::Type1.new.serialize, - :challenge_response => nego) + Net::LDAP::AuthAdapter::Sasl.new(@connection).bind \ + :method => :sasl, + :mechanism => "GSS-SPNEGO", + :initial_credential => NTLM::Message::Type1.new.serialize, + :challenge_response => nego end end end diff --git a/lib/net/ldap/error.rb b/lib/net/ldap/error.rb index 9f157195..50442d06 100644 --- a/lib/net/ldap/error.rb +++ b/lib/net/ldap/error.rb @@ -21,6 +21,7 @@ def message end private + def warn_deprecation_message warn "Deprecation warning: Net::LDAP::ConnectionRefused will be deprecated. Use Errno::ECONNREFUSED instead." end From 59378248e900abc9244ceae2becacb9b2f0530fb Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Wed, 11 Nov 2015 09:16:00 -0800 Subject: [PATCH 055/146] release 0.12.1 --- History.rdoc | 5 +++++ lib/net/ldap/version.rb | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/History.rdoc b/History.rdoc index 1e0270a8..dbf7ee63 100644 --- a/History.rdoc +++ b/History.rdoc @@ -1,3 +1,8 @@ +=== Net::LDAP 0.12.1 + +* Whitespace formatting cleanup {#236}[https://github.com/ruby-ldap/ruby-net-ldap/pull/236] +* Set operation result if LDAP server is not accessible {#232}[https://github.com/ruby-ldap/ruby-net-ldap/pull/232] + === Net::LDAP 0.12.0 * DRY up connection handling logic {#224}[https://github.com/ruby-ldap/ruby-net-ldap/pull/224] diff --git a/lib/net/ldap/version.rb b/lib/net/ldap/version.rb index 219b4156..cbe858ab 100644 --- a/lib/net/ldap/version.rb +++ b/lib/net/ldap/version.rb @@ -1,5 +1,5 @@ module Net class LDAP - VERSION = "0.12.0" + VERSION = "0.12.1" end end From 9f29e158d310dc1c9a7084a87b7d57d4aa47683c Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Wed, 11 Nov 2015 09:33:07 -0800 Subject: [PATCH 056/146] Release 0.12.1 --- net-ldap.gemspec | 1 + 1 file changed, 1 insertion(+) diff --git a/net-ldap.gemspec b/net-ldap.gemspec index 97c12906..99e6e72e 100644 --- a/net-ldap.gemspec +++ b/net-ldap.gemspec @@ -33,4 +33,5 @@ the most recent LDAP RFCs (4510-4519, plutions of 4520-4532).} s.add_development_dependency("rake", "~> 10.0") s.add_development_dependency("rubocop", "~> 0.28.0") s.add_development_dependency("test-unit") + s.add_development_dependency("byebug") end From 11ad9053d7548b1315441d88263c5361e4e8f294 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Wed, 25 Nov 2015 18:45:37 +0900 Subject: [PATCH 057/146] Net::LDAP#encryption accepts string --- lib/net/ldap.rb | 6 ++++-- test/test_ldap.rb | 6 ++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 0ec7fbb7..223f8175 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -589,9 +589,11 @@ def authenticate(username, password) # :tls_options => { :ca_file => "/etc/cafile.pem", :ssl_version => "TLSv1_1" } # } def encryption(args) - case args + return if args.nil? + + case method = args.to_sym when :simple_tls, :start_tls - args = { :method => args, :tls_options => {} } + args = { :method => method, :tls_options => {} } end @encryption = args end diff --git a/test/test_ldap.rb b/test/test_ldap.rb index f30416b2..0c241f69 100644 --- a/test/test_ldap.rb +++ b/test/test_ldap.rb @@ -64,4 +64,10 @@ def test_obscure_auth @subject.auth "joe_user", password assert_not_include(@subject.inspect, password) end + + def test_encryption + enc = @subject.encryption('start_tls') + + assert_equal enc[:method], :start_tls + end end From 6a2f702504f89854e4442d3b934b6536522462a1 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Wed, 25 Nov 2015 19:00:46 +0900 Subject: [PATCH 058/146] Giving Hash, it is used as encryption options. --- lib/net/ldap.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 223f8175..aef8df60 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -590,6 +590,7 @@ def authenticate(username, password) # } def encryption(args) return if args.nil? + return @encryption = args if args.is_a? Hash case method = args.to_sym when :simple_tls, :start_tls From 0062027f234d6d7a52e27b3c77d0eb1a653a48f8 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Tue, 1 Dec 2015 22:46:48 +0900 Subject: [PATCH 059/146] Drop support for ruby 1.9.3 --- .travis.yml | 3 ++- net-ldap.gemspec | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 4131d6e4..8ad98d0f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,10 +1,10 @@ language: ruby rvm: - - 1.9.3 - 2.0.0 - 2.1 - 2.2 # optional + - 2.3.0-preview1 - ruby-head - jruby-19mode - jruby-head @@ -21,6 +21,7 @@ script: bundle exec rake ci matrix: allow_failures: + - rvm: 2.3.0-preview1 - rvm: ruby-head - rvm: jruby-19mode - rvm: jruby-head diff --git a/net-ldap.gemspec b/net-ldap.gemspec index 99e6e72e..66bd5c8a 100644 --- a/net-ldap.gemspec +++ b/net-ldap.gemspec @@ -26,7 +26,7 @@ the most recent LDAP RFCs (4510-4519, plutions of 4520-4532).} s.homepage = %q{http://github.com/ruby-ldap/ruby-net-ldap} s.rdoc_options = ["--main", "README.rdoc"] s.require_paths = ["lib"] - s.required_ruby_version = ">= 1.9.3" + s.required_ruby_version = ">= 2.0.0" s.summary = %q{Net::LDAP for Ruby (also called net-ldap) implements client access for the Lightweight Directory Access Protocol (LDAP), an IETF standard protocol for accessing distributed directory services} s.add_development_dependency("flexmock", "~> 1.3") From 737c484db2d54728740b2f252ad18b3d654b687a Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Thu, 3 Dec 2015 06:14:56 +0900 Subject: [PATCH 060/146] Remove 2.3.0-preview since ruby-head already is included --- .travis.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 8ad98d0f..b6dadb8d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -4,7 +4,6 @@ rvm: - 2.1 - 2.2 # optional - - 2.3.0-preview1 - ruby-head - jruby-19mode - jruby-head @@ -21,7 +20,6 @@ script: bundle exec rake ci matrix: allow_failures: - - rvm: 2.3.0-preview1 - rvm: ruby-head - rvm: jruby-19mode - rvm: jruby-head From def2c463d4cea77a5e6d40690def1b2a9a8a8f7f Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Sun, 13 Dec 2015 22:30:40 +0900 Subject: [PATCH 061/146] Deprecate encrypt method --- lib/net/ldap.rb | 97 +++++++++++++++++++++++++------------------------ 1 file changed, 49 insertions(+), 48 deletions(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index aef8df60..2a7f0106 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -461,11 +461,52 @@ def self.result2string(code) #:nodoc: # call to #search, that value will override any treebase value you give # here. # * :encryption => specifies the encryption to be used in communicating - # with the LDAP server. The value is either a Hash containing additional - # parameters, or the Symbol :simple_tls, which is equivalent to - # specifying the Hash {:method => :simple_tls}. There is a fairly large - # range of potential values that may be given for this parameter. See - # #encryption for details. + # with the LDAP server. The value must be a Hash containing additional + # parameters, which consists of two keys: + # method: - :simple_tls or :start_tls + # options: - Hash of options for that method + # The :simple_tls encryption method encrypts all communications + # with the LDAP server. It completely establishes SSL/TLS encryption with + # the LDAP server before any LDAP-protocol data is exchanged. There is no + # plaintext negotiation and no special encryption-request controls are + # sent to the server. The :simple_tls option is the simplest, easiest + # way to encrypt communications between Net::LDAP and LDAP servers. + # It's intended for cases where you have an implicit level of trust in the + # authenticity of the LDAP server. No validation of the LDAP server's SSL + # certificate is performed. This means that :simple_tls will not produce + # errors if the LDAP server's encryption certificate is not signed by a + # well-known Certification Authority. If you get communications or + # protocol errors when using this option, check with your LDAP server + # administrator. Pay particular attention to the TCP port you are + # connecting to. It's impossible for an LDAP server to support plaintext + # LDAP communications and simple TLS connections on the same port. + # The standard TCP port for unencrypted LDAP connections is 389, but the + # standard port for simple-TLS encrypted connections is 636. Be sure you + # are using the correct port. + # + # The :start_tls like the :simple_tls encryption method also encrypts all + # communcations with the LDAP server. With the exception that it operates + # over the standard TCP port. + # + # In order to verify certificates and enable other TLS options, the + # :tls_options hash can be passed alongside :simple_tls or :start_tls. + # This hash contains any options that can be passed to + # OpenSSL::SSL::SSLContext#set_params(). The most common options passed + # should be OpenSSL::SSL::SSLContext::DEFAULT_PARAMS, or the :ca_file option, + # which contains a path to a Certificate Authority file (PEM-encoded). + # + # Example for a default setup without custom settings: + # { + # :method => :simple_tls, + # :tls_options => OpenSSL::SSL::SSLContext::DEFAULT_PARAMS + # } + # + # Example for specifying a CA-File and only allowing TLSv1.1 connections: + # + # { + # :method => :start_tls, + # :tls_options => { :ca_file => "/etc/cafile.pem", :ssl_version => "TLSv1_1" } + # } # * :force_no_page => Set to true to prevent paged results even if your # server says it supports them. This is a fix for MS Active Directory # * :instrumentation_service => An object responsible for instrumenting @@ -482,7 +523,7 @@ def initialize(args = {}) @auth = args[:auth] || DefaultAuth @base = args[:base] || DefaultTreebase @force_no_page = args[:force_no_page] || DefaultForceNoPage - encryption args[:encryption] # may be nil + @encryption = args[:encryption] # may be nil if pr = @auth[:password] and pr.respond_to?(:call) @auth[:password] = pr.call @@ -546,48 +587,8 @@ def authenticate(username, password) # additional capabilities are added, more configuration values will be # added here. # - # The :simple_tls encryption method encrypts all communications - # with the LDAP server. It completely establishes SSL/TLS encryption with - # the LDAP server before any LDAP-protocol data is exchanged. There is no - # plaintext negotiation and no special encryption-request controls are - # sent to the server. The :simple_tls option is the simplest, easiest - # way to encrypt communications between Net::LDAP and LDAP servers. - # It's intended for cases where you have an implicit level of trust in the - # authenticity of the LDAP server. No validation of the LDAP server's SSL - # certificate is performed. This means that :simple_tls will not produce - # errors if the LDAP server's encryption certificate is not signed by a - # well-known Certification Authority. If you get communications or - # protocol errors when using this option, check with your LDAP server - # administrator. Pay particular attention to the TCP port you are - # connecting to. It's impossible for an LDAP server to support plaintext - # LDAP communications and simple TLS connections on the same port. - # The standard TCP port for unencrypted LDAP connections is 389, but the - # standard port for simple-TLS encrypted connections is 636. Be sure you - # are using the correct port. - # - # The :start_tls like the :simple_tls encryption method also encrypts all - # communcations with the LDAP server. With the exception that it operates - # over the standard TCP port. - # - # In order to verify certificates and enable other TLS options, the - # :tls_options hash can be passed alongside :simple_tls or :start_tls. - # This hash contains any options that can be passed to - # OpenSSL::SSL::SSLContext#set_params(). The most common options passed - # should be OpenSSL::SSL::SSLContext::DEFAULT_PARAMS, or the :ca_file option, - # which contains a path to a Certificate Authority file (PEM-encoded). - # - # Example for a default setup without custom settings: - # { - # :method => :simple_tls, - # :tls_options => OpenSSL::SSL::SSLContext::DEFAULT_PARAMS - # } - # - # Example for specifying a CA-File and only allowing TLSv1.1 connections: - # - # { - # :method => :start_tls, - # :tls_options => { :ca_file => "/etc/cafile.pem", :ssl_version => "TLSv1_1" } - # } + # This method is deprecated. + # def encryption(args) return if args.nil? return @encryption = args if args.is_a? Hash From 9f9abd35ac8daa3cd4568f98ef20853346f33c34 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Mon, 14 Dec 2015 00:50:46 +0900 Subject: [PATCH 062/146] When calling Net::LDAP#encryption, it shows deprecation warning. --- lib/net/ldap.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 2a7f0106..d76c4767 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -590,6 +590,7 @@ def authenticate(username, password) # This method is deprecated. # def encryption(args) + warn "Deprecation warning: please give :encryption option as a Hash to Net::LDAP.new" return if args.nil? return @encryption = args if args.is_a? Hash From ecce488daed676351b561e39a2dae1147983c939 Mon Sep 17 00:00:00 2001 From: Andi Bachmann Date: Mon, 14 Dec 2015 14:21:20 +0100 Subject: [PATCH 063/146] . adds correct UTF-8 encoding --- lib/net/ber.rb | 38 ++++++++++++++++++++++++++++++++++---- test/ber/test_ber.rb | 10 +++++++++- 2 files changed, 43 insertions(+), 5 deletions(-) diff --git a/lib/net/ber.rb b/lib/net/ber.rb index b4b9e9da..498b8aaf 100644 --- a/lib/net/ber.rb +++ b/lib/net/ber.rb @@ -293,13 +293,43 @@ def to_arr ## # A String object with a BER identifier attached. +# class Net::BER::BerIdentifiedString < String attr_accessor :ber_identifier + + # The binary data provided when parsing the result of the LDAP search + # has the encoding 'ASCII-8BIT' (which is basically 'BINARY', or 'unknown'). + # + # This is the kind of a backtrace showing how the binary `data` comes to + # BerIdentifiedString.new(data): + # + # @conn.read_ber(syntax) + # -> StringIO.new(self).read_ber(syntax), i.e. included from module + # -> Net::BER::BERParser.read_ber(syntax) + # -> (private)Net::BER::BERParser.parse_ber_object(syntax, id, data) + # + # In the `#parse_ber_object` method `data`, according to its OID, is being + # 'casted' to one of the Net::BER:BerIdentifiedXXX classes. + # + # As we are using LDAP v3 we can safely assume that the data is encoded + # in UTF-8 and therefore the only thing to be done when instantiating is to + # switch the encoding from 'ASCII-8BIT' to 'UTF-8'. + # + # Unfortunately, there are some ActiveDirectory specific attributes + # (like `objectguid`) that should remain binary (do they really?). + # Using the `#valid_encoding?` we can trap this cases. Special cases like + # Japanese, Korean, etc. encodings might also profit from this. However + # I have no clue how this encodings function. def initialize args - super begin - args.respond_to?(:encode) ? args.encode('UTF-8') : args - rescue - args + super + # + # Check the encoding of the newly created String and set the encoding + # to 'UTF-8' (NOTE: we do NOT change the bytes, but only set the + # encoding to 'UTF-8'). + current_encoding = encoding + if current_encoding == Encoding::BINARY + force_encoding('UTF-8') + force_encoding(current_encoding) unless valid_encoding? end end end diff --git a/test/ber/test_ber.rb b/test/ber/test_ber.rb index 92b3902d..ae17ddd1 100644 --- a/test/ber/test_ber.rb +++ b/test/ber/test_ber.rb @@ -130,12 +130,20 @@ def test_binary_data def test_ascii_data_in_utf8 data = "some text".force_encoding("UTF-8") bis = Net::BER::BerIdentifiedString.new(data) + + assert bis.valid_encoding?, "should be a valid encoding" + assert_equal "UTF-8", bis.encoding.name + end + + def test_umlaut_data_in_utf8 + data = "Müller".force_encoding("UTF-8") + bis = Net::BER::BerIdentifiedString.new(data) assert bis.valid_encoding?, "should be a valid encoding" assert_equal "UTF-8", bis.encoding.name end - def test_ut8_data_in_utf8 + def test_utf8_data_in_utf8 data = ["e4b8ad"].pack("H*").force_encoding("UTF-8") bis = Net::BER::BerIdentifiedString.new(data) From 34ea9538c89759f426f44a978cfcc23e7c7103ac Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Tue, 5 Jan 2016 09:28:40 +0900 Subject: [PATCH 064/146] Update bundler before installing gems with bundler --- .travis.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.travis.yml b/.travis.yml index b6dadb8d..fc764963 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,6 +12,9 @@ rvm: env: - INTEGRATION=openldap +before_install: + - gem update bundler + install: - if [ "$INTEGRATION" = "openldap" ]; then sudo script/install-openldap; fi - bundle install From b05d766c5c2786568717d891ccfad6ccab605355 Mon Sep 17 00:00:00 2001 From: Stefano Tortarolo Date: Thu, 17 Dec 2015 10:46:08 +0000 Subject: [PATCH 065/146] Remove trailing spaces --- lib/net/ber.rb | 14 +++++++------- test/ber/test_ber.rb | 4 ++-- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/lib/net/ber.rb b/lib/net/ber.rb index 498b8aaf..c34de6ba 100644 --- a/lib/net/ber.rb +++ b/lib/net/ber.rb @@ -293,24 +293,24 @@ def to_arr ## # A String object with a BER identifier attached. -# +# class Net::BER::BerIdentifiedString < String attr_accessor :ber_identifier # The binary data provided when parsing the result of the LDAP search # has the encoding 'ASCII-8BIT' (which is basically 'BINARY', or 'unknown'). - # + # # This is the kind of a backtrace showing how the binary `data` comes to # BerIdentifiedString.new(data): # # @conn.read_ber(syntax) # -> StringIO.new(self).read_ber(syntax), i.e. included from module - # -> Net::BER::BERParser.read_ber(syntax) + # -> Net::BER::BERParser.read_ber(syntax) # -> (private)Net::BER::BERParser.parse_ber_object(syntax, id, data) - # + # # In the `#parse_ber_object` method `data`, according to its OID, is being # 'casted' to one of the Net::BER:BerIdentifiedXXX classes. - # + # # As we are using LDAP v3 we can safely assume that the data is encoded # in UTF-8 and therefore the only thing to be done when instantiating is to # switch the encoding from 'ASCII-8BIT' to 'UTF-8'. @@ -322,9 +322,9 @@ class Net::BER::BerIdentifiedString < String # I have no clue how this encodings function. def initialize args super - # + # # Check the encoding of the newly created String and set the encoding - # to 'UTF-8' (NOTE: we do NOT change the bytes, but only set the + # to 'UTF-8' (NOTE: we do NOT change the bytes, but only set the # encoding to 'UTF-8'). current_encoding = encoding if current_encoding == Encoding::BINARY diff --git a/test/ber/test_ber.rb b/test/ber/test_ber.rb index ae17ddd1..95cfe1ae 100644 --- a/test/ber/test_ber.rb +++ b/test/ber/test_ber.rb @@ -130,11 +130,11 @@ def test_binary_data def test_ascii_data_in_utf8 data = "some text".force_encoding("UTF-8") bis = Net::BER::BerIdentifiedString.new(data) - + assert bis.valid_encoding?, "should be a valid encoding" assert_equal "UTF-8", bis.encoding.name end - + def test_umlaut_data_in_utf8 data = "Müller".force_encoding("UTF-8") bis = Net::BER::BerIdentifiedString.new(data) From f6611e26273fa9df44e4ac1ae63e006f08c23e1d Mon Sep 17 00:00:00 2001 From: Stefano Tortarolo Date: Thu, 17 Dec 2015 10:47:44 +0000 Subject: [PATCH 066/146] Use Socket.tcp instead of TCPSocket.new to provide socket timeouts This patch prevents LDAP connections to hang up for an eccessive amount of time and instead returns earlier in case of failures (e.g., packets dropped). A new option is now exposed through Net::LDAP: - connect_timeout: sets a timeout for socket#connect (defaults to 1s) It also provides an integration test to validate the new behaviour (#244) --- lib/net/ldap.rb | 24 ++++++++++++++------- lib/net/ldap/connection.rb | 9 +++++++- script/install-openldap | 3 +++ test/integration/test_bind.rb | 8 +++++++ test/test_auth_adapter.rb | 3 ++- test/test_ldap_connection.rb | 39 +++++++++++++++++++++-------------- 6 files changed, 62 insertions(+), 24 deletions(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index d76c4767..27fd56a7 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -79,6 +79,14 @@ class LDAP # # p ldap.get_operation_result # +# === Setting connect timeout +# +# By default, Net::LDAP uses TCP sockets with a connection timeout of 5 seconds. +# +# This value can be tweaked passing the :connect_timeout parameter. +# i.e. +# ldap = Net::LDAP.new ..., +# :connect_timeout => 3 # # == A Brief Introduction to LDAP # @@ -487,22 +495,22 @@ def self.result2string(code) #:nodoc: # The :start_tls like the :simple_tls encryption method also encrypts all # communcations with the LDAP server. With the exception that it operates # over the standard TCP port. - # + # # In order to verify certificates and enable other TLS options, the # :tls_options hash can be passed alongside :simple_tls or :start_tls. # This hash contains any options that can be passed to # OpenSSL::SSL::SSLContext#set_params(). The most common options passed # should be OpenSSL::SSL::SSLContext::DEFAULT_PARAMS, or the :ca_file option, # which contains a path to a Certificate Authority file (PEM-encoded). - # + # # Example for a default setup without custom settings: # { # :method => :simple_tls, # :tls_options => OpenSSL::SSL::SSLContext::DEFAULT_PARAMS # } - # + # # Example for specifying a CA-File and only allowing TLSv1.1 connections: - # + # # { # :method => :start_tls, # :tls_options => { :ca_file => "/etc/cafile.pem", :ssl_version => "TLSv1_1" } @@ -524,6 +532,7 @@ def initialize(args = {}) @base = args[:base] || DefaultTreebase @force_no_page = args[:force_no_page] || DefaultForceNoPage @encryption = args[:encryption] # may be nil + @connect_timeout = args[:connect_timeout] if pr = @auth[:password] and pr.respond_to?(:call) @auth[:password] = pr.call @@ -587,7 +596,7 @@ def authenticate(username, password) # additional capabilities are added, more configuration values will be # added here. # - # This method is deprecated. + # This method is deprecated. # def encryption(args) warn "Deprecation warning: please give :encryption option as a Hash to Net::LDAP.new" @@ -1247,8 +1256,9 @@ def new_connection :port => @port, :hosts => @hosts, :encryption => @encryption, - :instrumentation_service => @instrumentation_service - rescue Errno::ECONNREFUSED, Net::LDAP::ConnectionRefusedError => e + :instrumentation_service => @instrumentation_service, + :connect_timeout => @connect_timeout + rescue Errno::ECONNREFUSED, Errno::ETIMEDOUT, Net::LDAP::ConnectionRefusedError => e @result = { :resultCode => 52, :errorMessage => ResultStrings[ResultCodeUnavailable] diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 71ff7b43..e23972c4 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -3,6 +3,9 @@ class Net::LDAP::Connection #:nodoc: include Net::LDAP::Instrumentation + # Seconds before failing for socket connect timeout + DefaultConnectTimeout = 5 + LdapVersion = 3 MaxSaslChallenges = 10 @@ -31,10 +34,14 @@ def open_connection(server) hosts = server[:hosts] encryption = server[:encryption] + socket_opts = { + connect_timeout: server[:connect_timeout] || DefaultConnectTimeout + } + errors = [] hosts.each do |host, port| begin - prepare_socket(server.merge(socket: TCPSocket.new(host, port))) + prepare_socket(server.merge(socket: Socket.tcp(host, port, socket_opts))) return rescue Net::LDAP::Error, SocketError, SystemCallError, OpenSSL::SSL::SSLError => e diff --git a/script/install-openldap b/script/install-openldap index b9efac98..efb0cbaa 100755 --- a/script/install-openldap +++ b/script/install-openldap @@ -109,4 +109,7 @@ chgrp ssl-cert /etc/ssl/private/ldap01_slapd_key.pem chmod g+r /etc/ssl/private/ldap01_slapd_key.pem chmod o-r /etc/ssl/private/ldap01_slapd_key.pem +# Drop packets on a secondary port used to specific timeout tests +iptables -A OUTPUT -p tcp -j DROP --dport 8389 + service slapd restart diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index bea6b034..b7fa35bc 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -5,6 +5,14 @@ def test_bind_success assert @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "passworD1"), @ldap.get_operation_result.inspect end + def test_bind_timeout + @ldap.port = 8389 + error = assert_raise Net::LDAP::Error do + @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "passworD1") + end + assert_equal('Connection timed out - user specified timeout', error.message) + end + def test_bind_anonymous_fail refute @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: ""), @ldap.get_operation_result.inspect diff --git a/test/test_auth_adapter.rb b/test/test_auth_adapter.rb index 7cec57bc..badde0fb 100644 --- a/test/test_auth_adapter.rb +++ b/test/test_auth_adapter.rb @@ -2,7 +2,8 @@ class TestAuthAdapter < Test::Unit::TestCase def test_undefined_auth_adapter - flexmock(TCPSocket).should_receive(:new).ordered.with('ldap.example.com', 379).once.and_return(nil) + flexmock(Socket).should_receive(:tcp).ordered.with('ldap.example.com', 379, { connect_timeout: 5 }).once.and_return(nil) + conn = Net::LDAP::Connection.new(host: 'ldap.example.com', port: 379) assert_raise Net::LDAP::AuthMethodUnsupportedError, "Unsupported auth method (foo)" do conn.bind(method: :foo) diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index b4c77615..727b82a4 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -15,8 +15,8 @@ def test_list_of_hosts_with_first_host_successful ['test2.mocked.com', 636], ['test3.mocked.com', 636], ] - flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[0]).once.and_return(nil) - flexmock(TCPSocket).should_receive(:new).ordered.never + flexmock(Socket).should_receive(:tcp).ordered.with(*hosts[0], { connect_timeout: 5 }).once.and_return(nil) + flexmock(Socket).should_receive(:tcp).ordered.never Net::LDAP::Connection.new(:hosts => hosts) end @@ -26,9 +26,9 @@ def test_list_of_hosts_with_first_host_failure ['test2.mocked.com', 636], ['test3.mocked.com', 636], ] - flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[0]).once.and_raise(SocketError) - flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[1]).once.and_return(nil) - flexmock(TCPSocket).should_receive(:new).ordered.never + flexmock(Socket).should_receive(:tcp).ordered.with(*hosts[0], { connect_timeout: 5 }).once.and_raise(SocketError) + flexmock(Socket).should_receive(:tcp).ordered.with(*hosts[1], { connect_timeout: 5 }).once.and_return(nil) + flexmock(Socket).should_receive(:tcp).ordered.never Net::LDAP::Connection.new(:hosts => hosts) end @@ -38,17 +38,17 @@ def test_list_of_hosts_with_all_hosts_failure ['test2.mocked.com', 636], ['test3.mocked.com', 636], ] - flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[0]).once.and_raise(SocketError) - flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[1]).once.and_raise(SocketError) - flexmock(TCPSocket).should_receive(:new).ordered.with(*hosts[2]).once.and_raise(SocketError) - flexmock(TCPSocket).should_receive(:new).ordered.never + flexmock(Socket).should_receive(:tcp).ordered.with(*hosts[0], { connect_timeout: 5 }).once.and_raise(SocketError) + flexmock(Socket).should_receive(:tcp).ordered.with(*hosts[1], { connect_timeout: 5 }).once.and_raise(SocketError) + flexmock(Socket).should_receive(:tcp).ordered.with(*hosts[2], { connect_timeout: 5 }).once.and_raise(SocketError) + flexmock(Socket).should_receive(:tcp).ordered.never assert_raise Net::LDAP::ConnectionError do Net::LDAP::Connection.new(:hosts => hosts) end end def test_result_for_connection_failed_is_set - flexmock(TCPSocket).should_receive(:new).and_raise(Errno::ECONNREFUSED) + flexmock(Socket).should_receive(:tcp).and_raise(Errno::ECONNREFUSED) ldap_client = Net::LDAP.new(host: '127.0.0.1', port: 12345) @@ -67,14 +67,14 @@ def test_unresponsive_host end def test_blocked_port - flexmock(TCPSocket).should_receive(:new).and_raise(SocketError) + flexmock(Socket).should_receive(:tcp).and_raise(SocketError) assert_raise Net::LDAP::Error do Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636) end end def test_connection_refused - flexmock(TCPSocket).should_receive(:new).and_raise(Errno::ECONNREFUSED) + flexmock(Socket).should_receive(:tcp).and_raise(Errno::ECONNREFUSED) stderr = capture_stderr do assert_raise Net::LDAP::ConnectionRefusedError do Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636) @@ -83,9 +83,18 @@ def test_connection_refused assert_equal("Deprecation warning: Net::LDAP::ConnectionRefused will be deprecated. Use Errno::ECONNREFUSED instead.\n", stderr) end + def test_connection_timedout + flexmock(Socket).should_receive(:tcp).and_raise(Errno::ETIMEDOUT) + stderr = capture_stderr do + assert_raise Net::LDAP::Error do + Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636) + end + end + end + def test_raises_unknown_exceptions error = Class.new(StandardError) - flexmock(TCPSocket).should_receive(:new).and_raise(error) + flexmock(Socket).should_receive(:tcp).and_raise(error) assert_raise error do Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636) end @@ -328,7 +337,7 @@ class TestLDAPConnectionErrors < Test::Unit::TestCase def setup @tcp_socket = flexmock(:connection) @tcp_socket.should_receive(:write) - flexmock(TCPSocket).should_receive(:new).and_return(@tcp_socket) + flexmock(Socket).should_receive(:tcp).and_return(@tcp_socket) @connection = Net::LDAP::Connection.new(:host => 'test.mocked.com', :port => 636) end @@ -357,7 +366,7 @@ class TestLDAPConnectionInstrumentation < Test::Unit::TestCase def setup @tcp_socket = flexmock(:connection) @tcp_socket.should_receive(:write) - flexmock(TCPSocket).should_receive(:new).and_return(@tcp_socket) + flexmock(Socket).should_receive(:tcp).and_return(@tcp_socket) @service = MockInstrumentationService.new @connection = Net::LDAP::Connection.new \ From e63134e3142a7e9e515c3b8e1695dbb43c56bccb Mon Sep 17 00:00:00 2001 From: Rufus Post Date: Mon, 15 Dec 2014 17:26:12 +1100 Subject: [PATCH 067/146] Support for rfc3062 Password Modify, closes #163 This implements the password modify extended request http://tools.ietf.org/html/rfc3062 --- Contributors.rdoc | 1 + lib/net/ber.rb | 1 + lib/net/ldap.rb | 53 +++++++++++++++- lib/net/ldap/connection.rb | 45 +++++++++++++ lib/net/ldap/pdu.rb | 26 +++++++- test/fixtures/openldap/slapd.conf.ldif | 2 +- test/integration/test_password_modify.rb | 80 ++++++++++++++++++++++++ 7 files changed, 204 insertions(+), 4 deletions(-) create mode 100644 test/integration/test_password_modify.rb diff --git a/Contributors.rdoc b/Contributors.rdoc index e40b20db..137394f8 100644 --- a/Contributors.rdoc +++ b/Contributors.rdoc @@ -22,3 +22,4 @@ Contributions since: * David J. Lee (DavidJLee) * Cody Cutrer (ccutrer) * WoodsBagotAndreMarquesLee +* Rufus Post (mynameisrufus) diff --git a/lib/net/ber.rb b/lib/net/ber.rb index c34de6ba..3bc7a2ba 100644 --- a/lib/net/ber.rb +++ b/lib/net/ber.rb @@ -106,6 +106,7 @@ module Net # :nodoc: # CHARACTER STRINGC29: 61 (0x3d, 0b00111101) # BMPStringP30: 30 (0x1e, 0b00011110) # BMPStringC30: 62 (0x3e, 0b00111110) + # ExtendedResponseC107: 139 (0x8b, 0b010001011) # module BER VERSION = Net::LDAP::VERSION diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 27fd56a7..455bbd6e 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -323,7 +323,14 @@ class Net::LDAP :constructed => constructed, } + universal = { + constructed: { + 107 => :array #ExtendedResponse (PasswdModifyResponseValue) + } + } + AsnSyntax = Net::BER.compile_syntax(:application => application, + :universal => universal, :context_specific => context_specific) DefaultHost = "127.0.0.1" @@ -332,7 +339,8 @@ class Net::LDAP DefaultTreebase = "dc=com" DefaultForceNoPage = false - StartTlsOid = "1.3.6.1.4.1.1466.20037" + StartTlsOid = '1.3.6.1.4.1.1466.20037' + PasswdModifyOid = '1.3.6.1.4.1.4203.1.11.1' # https://tools.ietf.org/html/rfc4511#section-4.1.9 # https://tools.ietf.org/html/rfc4511#appendix-A @@ -651,8 +659,11 @@ def self.open(args) #++ def get_operation_result result = @result - result = result.result if result.is_a?(Net::LDAP::PDU) os = OpenStruct.new + if result.is_a?(Net::LDAP::PDU) + os.extended_response = result.extended_response + result = result.result + end if result.is_a?(Hash) # We might get a hash of LDAP response codes instead of a simple # numeric code. @@ -1041,6 +1052,44 @@ def modify(args) end end + # Password Modify + # + # Change existing password: + # + # dn = 'uid=modify-password-user1,ou=People,dc=rubyldap,dc=com' + # auth = { + # method: :simple, + # username: dn, + # password: 'passworD1' + # } + # ldap.password_modify(dn: dn, + # auth: auth, + # old_password: 'passworD1', + # new_password: 'passworD2') + # + # Or get the LDAP server to generate a password for you: + # + # dn = 'uid=modify-password-user1,ou=People,dc=rubyldap,dc=com' + # auth = { + # method: :simple, + # username: dn, + # password: 'passworD1' + # } + # ldap.password_modify(dn: dn, + # auth: auth, + # old_password: 'passworD1') + # + # ldap.get_operation_result.extended_response[0][0] #=> 'VtcgGf/G' + # + def password_modify(args) + instrument "modify_password.net_ldap", args do |payload| + @result = use_connection(args) do |conn| + conn.password_modify(args) + end + @result.success? + end + end + # Add a value to an attribute. Takes the full DN of the entry to modify, # the name (Symbol or String) of the attribute, and the value (String or # Array). If the attribute does not exist (and there are no schema diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index e23972c4..67757323 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -539,6 +539,51 @@ def modify(args) pdu end + ## + # Password Modify + # + # http://tools.ietf.org/html/rfc3062 + # + # passwdModifyOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.11.1 + # + # PasswdModifyRequestValue ::= SEQUENCE { + # userIdentity [0] OCTET STRING OPTIONAL + # oldPasswd [1] OCTET STRING OPTIONAL + # newPasswd [2] OCTET STRING OPTIONAL } + # + # PasswdModifyResponseValue ::= SEQUENCE { + # genPasswd [0] OCTET STRING OPTIONAL } + # + # Encoded request: + # + # 00\x02\x01\x02w+\x80\x171.3.6.1.4.1.4203.1.11.1\x81\x100\x0E\x81\x05old\x82\x05new + # + def password_modify(args) + dn = args[:dn] + raise ArgumentError, 'DN is required' if !dn || dn.empty? + + ext_seq = [Net::LDAP::PasswdModifyOid.to_ber_contextspecific(0)] + + unless args[:old_password].nil? + pwd_seq = [args[:old_password].to_ber(0x81)] + pwd_seq << args[:new_password].to_ber(0x82) unless args[:new_password].nil? + ext_seq << pwd_seq.to_ber_sequence.to_ber(0x81) + end + + request = ext_seq.to_ber_appsequence(Net::LDAP::PDU::ExtendedRequest) + + message_id = next_msgid + + write(request, nil, message_id) + pdu = queued_read(message_id) + + if !pdu || pdu.app_tag != Net::LDAP::PDU::ExtendedResponse + raise Net::LDAP::ResponseMissingError, "response missing or invalid" + end + + pdu + end + #-- # TODO: need to support a time limit, in case the server fails to respond. # Unlike other operation-methods in this class, we return a result hash diff --git a/lib/net/ldap/pdu.rb b/lib/net/ldap/pdu.rb index f749f669..5527c1df 100644 --- a/lib/net/ldap/pdu.rb +++ b/lib/net/ldap/pdu.rb @@ -74,6 +74,7 @@ class Error < RuntimeError; end attr_reader :search_referrals attr_reader :search_parameters attr_reader :bind_parameters + attr_reader :extended_response ## # Returns RFC-2251 Controls if any. @@ -120,7 +121,7 @@ def initialize(ber_object) when UnbindRequest parse_unbind_request(ber_object[1]) when ExtendedResponse - parse_ldap_result(ber_object[1]) + parse_extended_response(ber_object[1]) else raise LdapPduError.new("unknown pdu-type: #{@app_tag}") end @@ -180,6 +181,29 @@ def parse_ldap_result(sequence) end private :parse_ldap_result + ## + # Parse an extended response + # + # http://www.ietf.org/rfc/rfc2251.txt + # + # Each Extended operation consists of an Extended request and an + # Extended response. + # + # ExtendedRequest ::= [APPLICATION 23] SEQUENCE { + # requestName [0] LDAPOID, + # requestValue [1] OCTET STRING OPTIONAL } + + def parse_extended_response(sequence) + sequence.length >= 3 or raise Net::LDAP::PDU::Error, "Invalid LDAP result length." + @ldap_result = { + :resultCode => sequence[0], + :matchedDN => sequence[1], + :errorMessage => sequence[2] + } + @extended_response = sequence[3] + end + private :parse_extended_response + ## # A Bind Response may have an additional field, ID [7], serverSaslCreds, # per RFC 2251 pgh 4.2.3. diff --git a/test/fixtures/openldap/slapd.conf.ldif b/test/fixtures/openldap/slapd.conf.ldif index 6ba5cf77..77a6af09 100644 --- a/test/fixtures/openldap/slapd.conf.ldif +++ b/test/fixtures/openldap/slapd.conf.ldif @@ -3,7 +3,7 @@ objectClass: olcGlobal cn: config olcPidFile: /var/run/slapd/slapd.pid olcArgsFile: /var/run/slapd/slapd.args -olcLogLevel: none +olcLogLevel: -1 olcToolThreads: 1 dn: olcDatabase={-1}frontend,cn=config diff --git a/test/integration/test_password_modify.rb b/test/integration/test_password_modify.rb new file mode 100644 index 00000000..12583363 --- /dev/null +++ b/test/integration/test_password_modify.rb @@ -0,0 +1,80 @@ +require_relative '../test_helper' + +class TestPasswordModifyIntegration < LDAPIntegrationTestCase + def setup + super + @ldap.authenticate 'cn=admin,dc=rubyldap,dc=com', 'passworD1' + + @dn = 'uid=modify-password-user1,ou=People,dc=rubyldap,dc=com' + + attrs = { + objectclass: %w(top inetOrgPerson organizationalPerson person), + uid: 'modify-password-user1', + cn: 'modify-password-user1', + sn: 'modify-password-user1', + mail: 'modify-password-user1@rubyldap.com', + userPassword: 'passworD1' + } + unless @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject) + assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect + end + assert @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject) + + @auth = { + method: :simple, + username: @dn, + password: 'passworD1' + } + end + + def test_password_modify + assert @ldap.password_modify(dn: @dn, + auth: @auth, + old_password: 'passworD1', + new_password: 'passworD2') + + assert @ldap.get_operation_result.extended_response.nil?, + 'Should not have generated a new password' + + refute @ldap.bind(username: @dn, password: 'passworD1', method: :simple), + 'Old password should no longer be valid' + + assert @ldap.bind(username: @dn, password: 'passworD2', method: :simple), + 'New password should be valid' + end + + def test_password_modify_generate + assert @ldap.password_modify(dn: @dn, + auth: @auth, + old_password: 'passworD1') + + generated_password = @ldap.get_operation_result.extended_response[0][0] + + assert generated_password, 'Should have generated a password' + + refute @ldap.bind(username: @dn, password: 'passworD1', method: :simple), + 'Old password should no longer be valid' + + assert @ldap.bind(username: @dn, password: generated_password, method: :simple), + 'New password should be valid' + end + + def test_password_modify_generate_no_old_password + assert @ldap.password_modify(dn: @dn, + auth: @auth) + + generated_password = @ldap.get_operation_result.extended_response[0][0] + + assert generated_password, 'Should have generated a password' + + refute @ldap.bind(username: @dn, password: 'passworD1', method: :simple), + 'Old password should no longer be valid' + + assert @ldap.bind(username: @dn, password: generated_password, method: :simple), + 'New password should be valid' + end + + def teardown + @ldap.delete dn: @dn + end +end From aa0638cdb2fc3907db706464911d0a96a0c9340f Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Wed, 6 Jan 2016 15:14:06 -0800 Subject: [PATCH 068/146] release 0.13.0 --- History.rdoc | 10 ++++++++++ lib/net/ldap/version.rb | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/History.rdoc b/History.rdoc index dbf7ee63..f6dbbc61 100644 --- a/History.rdoc +++ b/History.rdoc @@ -1,3 +1,13 @@ +=== Net::LDAP 0.13.0 + +* Set a connect_timeout for the creation of a socket {#243}[https://github.com/ruby-ldap/ruby-net-ldap/pull/243] +* Update bundler before installing gems with bundler {#245}[https://github.com/ruby-ldap/ruby-net-ldap/pull/245] +* Net::LDAP#encryption accepts string {#239}[https://github.com/ruby-ldap/ruby-net-ldap/pull/239] +* Adds correct UTF-8 encoding to Net::BER::BerIdentifiedString {#242}[https://github.com/ruby-ldap/ruby-net-ldap/pull/242] +* Remove 2.3.0-preview since ruby-head already is included {#241}[https://github.com/ruby-ldap/ruby-net-ldap/pull/241] +* Drop support for ruby 1.9.3 {#240}[https://github.com/ruby-ldap/ruby-net-ldap/pull/240] +* Fixed capitalization of StartTLSError {#234}[https://github.com/ruby-ldap/ruby-net-ldap/pull/234] + === Net::LDAP 0.12.1 * Whitespace formatting cleanup {#236}[https://github.com/ruby-ldap/ruby-net-ldap/pull/236] diff --git a/lib/net/ldap/version.rb b/lib/net/ldap/version.rb index cbe858ab..259355b2 100644 --- a/lib/net/ldap/version.rb +++ b/lib/net/ldap/version.rb @@ -1,5 +1,5 @@ module Net class LDAP - VERSION = "0.12.1" + VERSION = "0.13.0" end end From 67d8311aed6de49f4f2007e67b5e01ac7787c88e Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Thu, 7 Jan 2016 10:04:35 -0800 Subject: [PATCH 069/146] Release 0.13.0 From 1aab8c9a86d88c378bbc203449341d61d6e7c2f7 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Fri, 8 Jan 2016 10:32:14 -0800 Subject: [PATCH 070/146] set socket_class in initialize --- lib/net/ldap/connection.rb | 26 +++++++++++++------------- test/test_auth_adapter.rb | 3 +-- test/test_ldap_connection.rb | 24 +++++++++--------------- 3 files changed, 23 insertions(+), 30 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index e9a79414..39cfd970 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -21,19 +21,10 @@ def initialize(server = {}) @server = server @instrumentation_service = server[:instrumentation_service] - yield self if block_given? - end + # Allows tests to parameterize what socket class to use + @socket_class = server.fetch(:socket_class, DefaultSocket) - # Allows tests to parameterize what socket class to use - def socket_class - @socket_class || DefaultSocket - end - - # Wrap around Socket.tcp to normalize with other Socket initializers - class DefaultSocket - def self.new(host, port, socket_opts = {}) - Socket.tcp(host, port, socket_opts) - end + yield self if block_given? end def socket_class=(socket_class) @@ -59,7 +50,7 @@ def open_connection(server) errors = [] hosts.each do |host, port| begin - prepare_socket(server.merge(socket: socket_class.new(host, port, socket_opts))) + prepare_socket(server.merge(socket: @socket_class.new(host, port, socket_opts))) return rescue Net::LDAP::Error, SocketError, SystemCallError, OpenSSL::SSL::SSLError => e @@ -690,4 +681,13 @@ def socket @conn end + + private + + # Wrap around Socket.tcp to normalize with other Socket initializers + class DefaultSocket + def self.new(host, port, socket_opts = {}) + Socket.tcp(host, port, socket_opts) + end + end end # class Connection diff --git a/test/test_auth_adapter.rb b/test/test_auth_adapter.rb index ee7fb4cc..9e4c6002 100644 --- a/test/test_auth_adapter.rb +++ b/test/test_auth_adapter.rb @@ -7,8 +7,7 @@ def initialize(*args) end def test_undefined_auth_adapter - conn = Net::LDAP::Connection.new(host: 'ldap.example.com', port: 379) - conn.socket_class = FakeSocket + conn = Net::LDAP::Connection.new(host: 'ldap.example.com', port: 379, :socket_class => FakeSocket) assert_raise Net::LDAP::AuthMethodUnsupportedError, "Unsupported auth method (foo)" do conn.bind(method: :foo) end diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index 12ca3d71..51e30c3f 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -29,8 +29,7 @@ def test_list_of_hosts_with_first_host_successful ["fail.SocketError", 636], ] - connection = Net::LDAP::Connection.new(:hosts => hosts) - connection.socket_class = FakeTCPSocket + connection = Net::LDAP::Connection.new(:hosts => hosts, :socket_class => FakeTCPSocket) connection.socket end @@ -41,8 +40,7 @@ def test_list_of_hosts_with_first_host_failure ["fail.SocketError", 636], ] - connection = Net::LDAP::Connection.new(:hosts => hosts) - connection.socket_class = FakeTCPSocket + connection = Net::LDAP::Connection.new(:hosts => hosts, :socket_class => FakeTCPSocket) connection.socket end @@ -53,8 +51,7 @@ def test_list_of_hosts_with_all_hosts_failure ["fail.SocketError", 636], ] - connection = Net::LDAP::Connection.new(:hosts => hosts) - connection.socket_class = FakeTCPSocket + connection = Net::LDAP::Connection.new(:hosts => hosts, :socket_class => FakeTCPSocket) assert_raise Net::LDAP::ConnectionError do connection.socket end @@ -75,24 +72,21 @@ def test_result_for_connection_failed_is_set end def test_unresponsive_host - connection = Net::LDAP::Connection.new(:host => "fail.Errno::ETIMEDOUT", :port => 636) - connection.socket_class = FakeTCPSocket + connection = Net::LDAP::Connection.new(:host => "fail.Errno::ETIMEDOUT", :port => 636, :socket_class => FakeTCPSocket) assert_raise Net::LDAP::Error do connection.socket end end def test_blocked_port - connection = Net::LDAP::Connection.new(:host => "fail.SocketError", :port => 636) - connection.socket_class = FakeTCPSocket + connection = Net::LDAP::Connection.new(:host => "fail.SocketError", :port => 636, :socket_class => FakeTCPSocket) assert_raise Net::LDAP::Error do connection.socket end end def test_connection_refused - connection = Net::LDAP::Connection.new(:host => "fail.Errno::ECONNREFUSED", :port => 636) - connection.socket_class = FakeTCPSocket + connection = Net::LDAP::Connection.new(:host => "fail.Errno::ECONNREFUSED", :port => 636, :socket_class => FakeTCPSocket) stderr = capture_stderr do assert_raise Net::LDAP::ConnectionRefusedError do connection.socket @@ -102,7 +96,7 @@ def test_connection_refused end def test_connection_timeout - connection = Net::LDAP::Connection.new(:host => "fail.Errno::ETIMEDOUT", :port => 636) + connection = Net::LDAP::Connection.new(:host => "fail.Errno::ETIMEDOUT", :port => 636, :socket_class => FakeTCPSocket) stderr = capture_stderr do assert_raise Net::LDAP::Error do connection.socket @@ -111,8 +105,8 @@ def test_connection_timeout end def test_raises_unknown_exceptions - connection = Net::LDAP::Connection.new(:host => "fail.StandardError", :port => 636) - assert_raise Net::LDAP::Error do + connection = Net::LDAP::Connection.new(:host => "fail.StandardError", :port => 636, :socket_class => FakeTCPSocket) + assert_raise StandardError do connection.socket end end From 0dec1d971701db1e5e65f59ce9c8bec1b5f6f3e2 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Fri, 8 Jan 2016 11:41:25 -0800 Subject: [PATCH 071/146] fix multiline blocks --- lib/net/ldap.rb | 8 ++++---- lib/net/ldap/auth_adapter/gss_spnego.rb | 2 -- lib/net/ldap/auth_adapter/sasl.rb | 4 ++-- lib/net/ldap/connection.rb | 8 ++++---- lib/net/ldap/entry.rb | 4 ++-- lib/net/ldap/filter.rb | 4 ++-- lib/net/snmp.rb | 12 ++++++------ test/test_filter.rb | 4 ++-- test/test_snmp.rb | 8 ++++---- 9 files changed, 26 insertions(+), 28 deletions(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 455bbd6e..6dbda5a3 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -775,10 +775,10 @@ def search(args = {}) instrument "search.net_ldap", args do |payload| @result = use_connection(args) do |conn| - conn.search(args) { |entry| + conn.search(args) do |entry| result_set << entry if result_set yield entry if block_given? - } + end end if return_result_set @@ -917,7 +917,7 @@ def bind(auth = @auth) # end def bind_as(args = {}) result = false - open { |me| + open do |me| rs = search args if rs and rs.first and dn = rs.first.dn password = args[:password] @@ -925,7 +925,7 @@ def bind_as(args = {}) result = rs if bind(:method => :simple, :username => dn, :password => password) end - } + end result end diff --git a/lib/net/ldap/auth_adapter/gss_spnego.rb b/lib/net/ldap/auth_adapter/gss_spnego.rb index b4fec88c..fffdc04f 100644 --- a/lib/net/ldap/auth_adapter/gss_spnego.rb +++ b/lib/net/ldap/auth_adapter/gss_spnego.rb @@ -22,12 +22,10 @@ def bind(auth) user, psw = [auth[:username] || auth[:dn], auth[:password]] raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw) - nego = proc { |challenge| t2_msg = NTLM::Message.parse(challenge) t3_msg = t2_msg.response({ :user => user, :password => psw }, { :ntlmv2 => true }) t3_msg.serialize - } Net::LDAP::AuthAdapter::Sasl.new(@connection).bind \ :method => :sasl, diff --git a/lib/net/ldap/auth_adapter/sasl.rb b/lib/net/ldap/auth_adapter/sasl.rb index fa7315b5..ebbe4e63 100644 --- a/lib/net/ldap/auth_adapter/sasl.rb +++ b/lib/net/ldap/auth_adapter/sasl.rb @@ -33,7 +33,7 @@ def bind(auth) message_id = @connection.next_msgid n = 0 - loop { + loop do sasl = [mech.to_ber, cred.to_ber].to_ber_contextspecific(3) request = [ Net::LDAP::Connection::LdapVersion.to_ber, "".to_ber, sasl @@ -50,7 +50,7 @@ def bind(auth) raise Net::LDAP::SASLChallengeOverflowError, "sasl-challenge overflow" if ((n += 1) > MaxSaslChallenges) cred = chall.call(pdu.result_server_sasl_creds) - } + end raise Net::LDAP::SASLChallengeOverflowError, "why are we here?" end diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 67757323..0064cbda 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -500,14 +500,14 @@ def search(args = nil) def self.modify_ops(operations) ops = [] if operations - operations.each { |op, attrib, values| + operations.each do |op, attrib, values| # TODO, fix the following line, which gives a bogus error if the # opcode is invalid. op_ber = MODIFY_OPERATIONS[op.to_sym].to_ber_enumerated values = [ values ].flatten.map { |v| v.to_ber if v }.to_ber_set values = [ attrib.to_s.to_ber, values ].to_ber_sequence ops << [ op_ber, values ].to_ber - } + end end ops end @@ -594,9 +594,9 @@ def password_modify(args) def add(args) add_dn = args[:dn] or raise Net::LDAP::EmptyDNError, "Unable to add empty DN" add_attrs = [] - a = args[:attributes] and a.each { |k, v| + a = args[:attributes] and a.each do |k, v| add_attrs << [ k.to_s.to_ber, Array(v).map { |m| m.to_ber}.to_ber_set ].to_ber_sequence - } + end message_id = next_msgid request = [add_dn.to_ber, add_attrs.to_ber_sequence].to_ber_appsequence(Net::LDAP::PDU::AddRequest) diff --git a/lib/net/ldap/entry.rb b/lib/net/ldap/entry.rb index c2615268..f46912ba 100644 --- a/lib/net/ldap/entry.rb +++ b/lib/net/ldap/entry.rb @@ -141,10 +141,10 @@ def attribute_names # (possibly empty) \Array of data values. def each # :yields: attribute-name, data-values-array if block_given? - attribute_names.each {|a| + attribute_names.each do|a| attr_name,values = a,self[a] yield attr_name, values - } + end end end alias_method :each_attribute, :each diff --git a/lib/net/ldap/filter.rb b/lib/net/ldap/filter.rb index aad84f83..d4542e3d 100644 --- a/lib/net/ldap/filter.rb +++ b/lib/net/ldap/filter.rb @@ -287,7 +287,7 @@ def parse_ber(ber) when 0xa4 # context-specific constructed 4, "substring" str = "" final = false - ber.last.each { |b| + ber.last.each do |b| case b.ber_identifier when 0x80 # context-specific primitive 0, SubstringFilter "initial" raise Net::LDAP::SubstringFilterError, "Unrecognized substring filter; bad initial value." if str.length > 0 @@ -298,7 +298,7 @@ def parse_ber(ber) str += "*#{escape(b)}" final = true end - } + end str += "*" unless final eq(ber.first.to_s, str) when 0xa5 # context-specific constructed 5, "greaterOrEqual" diff --git a/lib/net/snmp.rb b/lib/net/snmp.rb index 501df851..fe7a2899 100644 --- a/lib/net/snmp.rb +++ b/lib/net/snmp.rb @@ -227,9 +227,9 @@ def pdu_to_ber_string error_status.to_ber, error_index.to_ber, [ - @variables.map {|n,v| + @variables.map do|n,v| [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence - } + end ].to_ber_sequence ].to_ber_contextspecific(0) when :get_next_request @@ -238,9 +238,9 @@ def pdu_to_ber_string error_status.to_ber, error_index.to_ber, [ - @variables.map {|n,v| + @variables.map do|n,v| [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence - } + end ].to_ber_sequence ].to_ber_contextspecific(1) when :get_response @@ -249,9 +249,9 @@ def pdu_to_ber_string error_status.to_ber, error_index.to_ber, [ - @variables.map {|n,v| + @variables.map do|n,v| [n.to_ber_oid, v.to_ber].to_ber_sequence - } + end ].to_ber_sequence ].to_ber_contextspecific(2) else diff --git a/test/test_filter.rb b/test/test_filter.rb index 2bcccd92..dd4577eb 100644 --- a/test/test_filter.rb +++ b/test/test_filter.rb @@ -13,11 +13,11 @@ def test_invalid_filter_string end def test_invalid_filter - assert_raises(Net::LDAP::OperatorError) { + assert_raises(Net::LDAP::OperatorError) do # This test exists to prove that our constructor blocks unknown filter # types. All filters must be constructed using helpers. Filter.__send__(:new, :xx, nil, nil) - } + end end def test_to_s diff --git a/test/test_snmp.rb b/test/test_snmp.rb index fe1ee168..6a809a80 100644 --- a/test/test_snmp.rb +++ b/test/test_snmp.rb @@ -16,9 +16,9 @@ def self.raw_string(s) def test_invalid_packet data = "xxxx" - assert_raise(Net::BER::BerError) { + assert_raise(Net::BER::BerError) do ary = data.read_ber(Net::SNMP::AsnSyntax) - } + end end # The method String#read_ber! added by Net::BER consumes a well-formed BER @@ -40,9 +40,9 @@ def _test_consume_string end def test_weird_packet - assert_raise(Net::SnmpPdu::Error) { + assert_raise(Net::SnmpPdu::Error) do Net::SnmpPdu.parse("aaaaaaaaaaaaaa") - } + end end def test_get_request From 63d7bbb3198445bf3509aebc7e7841661a5b2a7a Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Fri, 8 Jan 2016 11:41:35 -0800 Subject: [PATCH 072/146] fix trailing underscore --- test/integration/test_search.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/test_search.rb b/test/integration/test_search.rb index b56052ce..96f9ff42 100644 --- a/test/integration/test_search.rb +++ b/test/integration/test_search.rb @@ -57,7 +57,7 @@ def test_search_timeout entries << entry end - payload, _ = events.pop + payload, = events.pop assert_equal 5, payload[:time] assert_equal entries, result end From 17e2fe6ed983f1ccd12b32d33022868dd5b11893 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Fri, 8 Jan 2016 11:41:48 -0800 Subject: [PATCH 073/146] fix multiline block --- lib/net/ldap/auth_adapter/gss_spnego.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/net/ldap/auth_adapter/gss_spnego.rb b/lib/net/ldap/auth_adapter/gss_spnego.rb index fffdc04f..9f773454 100644 --- a/lib/net/ldap/auth_adapter/gss_spnego.rb +++ b/lib/net/ldap/auth_adapter/gss_spnego.rb @@ -22,10 +22,12 @@ def bind(auth) user, psw = [auth[:username] || auth[:dn], auth[:password]] raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw) + nego = proc do |challenge| t2_msg = NTLM::Message.parse(challenge) t3_msg = t2_msg.response({ :user => user, :password => psw }, { :ntlmv2 => true }) t3_msg.serialize + end Net::LDAP::AuthAdapter::Sasl.new(@connection).bind \ :method => :sasl, From 2702b89bac61d26440a17794297c873acd9044fd Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Fri, 8 Jan 2016 11:46:41 -0800 Subject: [PATCH 074/146] fix multiline blocks --- test/test_ldif.rb | 8 ++++---- testserver/ldapserver.rb | 13 ++++++------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/test/test_ldif.rb b/test/test_ldif.rb index 988c3155..8181671c 100644 --- a/test/test_ldif.rb +++ b/test/test_ldif.rb @@ -68,10 +68,10 @@ def test_ldif_with_base64_dn_and_continuation_lines # TODO, INADEQUATE. We need some more tests # to verify the content. def test_ldif - File.open(TestLdifFilename, "r") {|f| + File.open(TestLdifFilename, "r") do |f| ds = Net::LDAP::Dataset::read_ldif(f) assert_equal(13, ds.length) - } + end end # Must test folded lines and base64-encoded lines as well as normal ones. @@ -84,13 +84,13 @@ def test_to_ldif entries = data.lines.grep(/^dn:\s*/) { $'.chomp } dn_entries = entries.dup - ds = Net::LDAP::Dataset::read_ldif(io) { |type, value| + ds = Net::LDAP::Dataset::read_ldif(io) do |type, value| case type when :dn assert_equal(dn_entries.first, value) dn_entries.shift end - } + end assert_equal(entries.size, ds.size) assert_equal(entries.sort, ds.to_ldif.grep(/^dn:\s*/) { $'.chomp }) end diff --git a/testserver/ldapserver.rb b/testserver/ldapserver.rb index eba130ce..24578ffb 100644 --- a/testserver/ldapserver.rb +++ b/testserver/ldapserver.rb @@ -133,21 +133,21 @@ def handle_search_request pdu # TODO, what if this returns nil? filter = Net::LDAP::Filter.parse_ldap_filter( filters ) - $ldif.each {|dn, entry| + $ldif.each do |dn, entry| if filter.match( entry ) attrs = [] - entry.each {|k, v| + entry.each do |k, v| if requested_attrs == :all or requested_attrs.include?(k.downcase) attrvals = v.map {|v1| v1.to_ber}.to_ber_set attrs << [k.to_ber, attrvals].to_ber_sequence end - } + end appseq = [dn.to_ber, attrs.to_ber_sequence].to_ber_appsequence(4) pkt = [msgid.to_ber, appseq].to_ber_sequence send_data pkt end - } + end send_ldap_response 5, pdu[0].to_i, 0, "", "Was that what you wanted?" @@ -201,10 +201,9 @@ def load_test_data require 'net/ldap' - EventMachine.run { + EventMachine.run do $logger.info "starting LDAP server on 127.0.0.1 port 3890" EventMachine.start_server "127.0.0.1", 3890, LdapServer EventMachine.add_periodic_timer 60, proc {$logger.info "heartbeat"} - } + end end - From defcc866c40a0439f498cd3bfdb965870e19d7c2 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Fri, 8 Jan 2016 11:53:54 -0800 Subject: [PATCH 075/146] add explicit exceptions for this project --- .rubocop.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.rubocop.yml b/.rubocop.yml index 85ffa202..084ca199 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -3,3 +3,12 @@ inherit_from: .rubocop_todo.yml AllCops: Exclude: - 'pkg/**/*' + +Style/ExtraSpacing: + Enabled: false + +Lint/AssignmentInCondition: + Enabled: false + +Style/ParallelAssignment: + Enabled: false From 5a06857f8adfff1d63477a455b765389264a0f1a Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Fri, 8 Jan 2016 11:54:06 -0800 Subject: [PATCH 076/146] regenerate rubocop_todo --- .rubocop_todo.yml | 448 +++++++++++++++++++++++++++++++++------------- 1 file changed, 323 insertions(+), 125 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 5a5dcbc7..4c6c68d2 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,43 +1,61 @@ -# This configuration was generated by `rubocop --auto-gen-config` -# on 2014-12-19 15:32:44 +1100 using RuboCop version 0.28.0. +# This configuration was generated by +# `rubocop --auto-gen-config` +# on 2016-01-08 11:47:42 -0800 using RuboCop version 0.35.0. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new # versions of RuboCop, may require this file to be generated again. -# Offense count: 12 -# Configuration parameters: AllowSafeAssignment. -Lint/AssignmentInCondition: - Enabled: false - # Offense count: 1 -# Configuration parameters: AlignWith, SupportedStyles. +# Cop supports --auto-correct. +# Configuration parameters: AlignWith, SupportedStyles, AutoCorrect. Lint/EndAlignment: Enabled: false +# Offense count: 1 +Lint/NonLocalExitFromIterator: + Exclude: + - 'lib/net/ldap/connection.rb' + # Offense count: 1 Lint/RescueException: - Enabled: false + Exclude: + - 'lib/net/ldap/pdu.rb' # Offense count: 1 Lint/ShadowingOuterLocalVariable: - Enabled: false + Exclude: + - 'lib/net/ldap/instrumentation.rb' -# Offense count: 9 +# Offense count: 10 # Cop supports --auto-correct. +# Configuration parameters: IgnoreEmptyBlocks. Lint/UnusedBlockArgument: - Enabled: false + Exclude: + - 'lib/net/ldap.rb' + - 'lib/net/snmp.rb' + - 'test/support/vm/openldap/Vagrantfile' # Offense count: 3 # Cop supports --auto-correct. +# Configuration parameters: AllowUnusedKeywordArguments, IgnoreEmptyMethods. Lint/UnusedMethodArgument: - Enabled: false + Exclude: + - 'lib/net/ldap/entry.rb' + - 'lib/net/ldap/pdu.rb' + - 'test/test_search.rb' -# Offense count: 7 +# Offense count: 9 Lint/UselessAssignment: - Enabled: false - -# Offense count: 47 + Exclude: + - 'lib/net/ldap/connection.rb' + - 'lib/net/ldap/password.rb' + - 'test/integration/test_add.rb' + - 'test/test_ldap_connection.rb' + - 'test/test_search.rb' + - 'test/test_snmp.rb' + +# Offense count: 48 Metrics/AbcSize: Max: 114 @@ -45,16 +63,16 @@ Metrics/AbcSize: Metrics/BlockNesting: Max: 4 -# Offense count: 9 +# Offense count: 10 # Configuration parameters: CountComments. Metrics/ClassLength: - Max: 470 + Max: 423 -# Offense count: 20 +# Offense count: 21 Metrics/CyclomaticComplexity: Max: 41 -# Offense count: 193 +# Offense count: 229 # Configuration parameters: AllowURI, URISchemes. Metrics/LineLength: Max: 360 @@ -64,54 +82,76 @@ Metrics/LineLength: Metrics/MethodLength: Max: 130 +# Offense count: 1 +# Configuration parameters: CountComments. +Metrics/ModuleLength: + Max: 104 + # Offense count: 13 Metrics/PerceivedComplexity: - Max: 36 + Max: 37 # Offense count: 1 Style/AccessorMethodName: - Enabled: false + Exclude: + - 'lib/net/ldap.rb' # Offense count: 4 # Cop supports --auto-correct. Style/AlignArray: - Enabled: false + Exclude: + - 'lib/net/ldap.rb' + - 'lib/net/ldap/auth_adapter/sasl.rb' + - 'lib/net/ldap/connection.rb' -# Offense count: 3 +# Offense count: 10 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. Style/AlignParameters: - Enabled: false + Exclude: + - 'test/ber/test_ber.rb' + - 'test/integration/test_ber.rb' + - 'test/integration/test_bind.rb' + - 'test/integration/test_password_modify.rb' -# Offense count: 36 +# Offense count: 37 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. Style/AndOr: - Enabled: false + Exclude: + - 'lib/net/ber/ber_parser.rb' + - 'lib/net/ldap.rb' + - 'lib/net/ldap/connection.rb' + - 'lib/net/ldap/dataset.rb' + - 'lib/net/ldap/filter.rb' + - 'lib/net/ldap/pdu.rb' + - 'testserver/ldapserver.rb' # Offense count: 1 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. Style/BarePercentLiterals: - Enabled: false + Exclude: + - 'test/test_entry.rb' # Offense count: 1 # Cop supports --auto-correct. Style/BlockComments: - Enabled: false + Exclude: + - 'test/test_rename.rb' -# Offense count: 20 -# Cop supports --auto-correct. -Style/Blocks: - Enabled: false - -# Offense count: 2 +# Offense count: 9 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. Style/BracesAroundHashParameters: - Enabled: false + Exclude: + - 'lib/net/ldap/auth_adapter/gss_spnego.rb' + - 'lib/net/snmp.rb' + - 'test/test_auth_adapter.rb' + - 'test/test_ldap_connection.rb' # Offense count: 4 +# Cop supports --auto-correct. # Configuration parameters: IndentWhenRelativeTo, SupportedStyles, IndentOneStep. Style/CaseIndentation: Enabled: false @@ -119,41 +159,82 @@ Style/CaseIndentation: # Offense count: 4 # Cop supports --auto-correct. Style/CharacterLiteral: - Enabled: false + Exclude: + - 'lib/net/ldap/dataset.rb' + - 'lib/net/ldap/entry.rb' + +# Offense count: 1 +Style/ClassAndModuleCamelCase: + Exclude: + - 'lib/net/ldap/auth_adapter/gss_spnego.rb' -# Offense count: 22 +# Offense count: 23 # Configuration parameters: EnforcedStyle, SupportedStyles. Style/ClassAndModuleChildren: Enabled: false -# Offense count: 1 +# Offense count: 2 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. Style/ClassCheck: - Enabled: false + Exclude: + - 'lib/net/ber/core_ext/array.rb' + - 'lib/net/ldap/error.rb' # Offense count: 13 # Cop supports --auto-correct. Style/ColonMethodCall: - Enabled: false + Exclude: + - 'test/test_ldif.rb' + - 'test/test_ssl_ber.rb' -# Offense count: 2 +# Offense count: 1 +# Cop supports --auto-correct. # Configuration parameters: Keywords. Style/CommentAnnotation: - Enabled: false + Exclude: + - 'lib/net/ber.rb' -# Offense count: 86 +# Offense count: 88 Style/ConstantName: - Enabled: false + Exclude: + - 'lib/net/ldap.rb' + - 'lib/net/ldap/connection.rb' + - 'lib/net/ldap/filter.rb' + - 'lib/net/ldap/pdu.rb' + - 'lib/net/snmp.rb' + - 'test/test_ldif.rb' + - 'testserver/ldapserver.rb' # Offense count: 18 # Cop supports --auto-correct. Style/DeprecatedHashMethods: - Enabled: false + Exclude: + - 'lib/net/snmp.rb' + - 'test/test_ldap_connection.rb' + - 'test/test_ldif.rb' + - 'test/test_search.rb' -# Offense count: 46 +# Offense count: 21 +# Configuration parameters: Exclude. Style/Documentation: - Enabled: false + Exclude: + - 'spec/**/*' + - 'test/**/*' + - 'lib/net/ber.rb' + - 'lib/net/ber/core_ext.rb' + - 'lib/net/ldap.rb' + - 'lib/net/ldap/auth_adapter.rb' + - 'lib/net/ldap/auth_adapter/sasl.rb' + - 'lib/net/ldap/auth_adapter/simple.rb' + - 'lib/net/ldap/connection.rb' + - 'lib/net/ldap/error.rb' + - 'lib/net/ldap/instrumentation.rb' + - 'lib/net/ldap/password.rb' + - 'lib/net/ldap/pdu.rb' + - 'lib/net/ldap/version.rb' + - 'lib/net/snmp.rb' + - 'testserver/ldapserver.rb' # Offense count: 23 # Cop supports --auto-correct. @@ -164,77 +245,106 @@ Style/DotPosition: # Offense count: 1 # Cop supports --auto-correct. Style/ElseAlignment: - Enabled: false + Exclude: + - 'testserver/ldapserver.rb' -# Offense count: 4 +# Offense count: 5 # Cop supports --auto-correct. # Configuration parameters: AllowAdjacentOneLineDefs. Style/EmptyLineBetweenDefs: - Enabled: false + Exclude: + - 'lib/net/ldap.rb' + - 'lib/net/ldap/dataset.rb' + - 'lib/net/snmp.rb' -# Offense count: 9 +# Offense count: 8 # Cop supports --auto-correct. Style/EmptyLines: - Enabled: false + Exclude: + - 'lib/net/snmp.rb' + - 'testserver/ldapserver.rb' # Offense count: 1 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. Style/EmptyLinesAroundClassBody: - Enabled: false + Exclude: + - 'test/test_snmp.rb' # Offense count: 2 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. Style/EmptyLinesAroundModuleBody: - Enabled: false + Exclude: + - 'testserver/ldapserver.rb' # Offense count: 3 +# Cop supports --auto-correct. Style/EvenOdd: - Enabled: false + Exclude: + - 'lib/net/ldap/dn.rb' # Offense count: 1 # Configuration parameters: Exclude. Style/FileName: - Enabled: false + Exclude: + - 'lib/net-ldap.rb' # Offense count: 9 # Configuration parameters: AllowedVariables. Style/GlobalVars: - Enabled: false + Exclude: + - 'testserver/ldapserver.rb' -# Offense count: 3 +# Offense count: 4 # Configuration parameters: MinBodyLength. Style/GuardClause: - Enabled: false + Exclude: + - 'lib/net/ber.rb' + - 'lib/net/ldap/entry.rb' + - 'lib/net/ldap/filter.rb' -# Offense count: 150 +# Offense count: 149 # Cop supports --auto-correct. -# Configuration parameters: EnforcedStyle, SupportedStyles. +# Configuration parameters: EnforcedStyle, SupportedStyles, UseHashRocketsWithSymbolValues. Style/HashSyntax: Enabled: false -# Offense count: 8 +# Offense count: 7 +# Cop supports --auto-correct. # Configuration parameters: MaxLineLength. Style/IfUnlessModifier: - Enabled: false + Exclude: + - 'lib/net/ber.rb' + - 'lib/net/ber/core_ext/integer.rb' + - 'lib/net/ldap.rb' + - 'lib/net/ldap/filter.rb' + - 'lib/net/snmp.rb' # Offense count: 2 # Cop supports --auto-correct. -# Configuration parameters: EnforcedStyle, SupportedStyles. +# Configuration parameters: SupportedStyles. Style/IndentHash: - Enabled: false + EnforcedStyle: consistent -# Offense count: 6 +# Offense count: 10 # Cop supports --auto-correct. # Configuration parameters: Width. Style/IndentationWidth: - Enabled: false + Exclude: + - 'lib/net/ber.rb' + - 'lib/net/ldap/password.rb' + - 'lib/net/snmp.rb' + - 'test/test_snmp.rb' + - 'testserver/ldapserver.rb' -# Offense count: 2 +# Offense count: 3 # Cop supports --auto-correct. Style/LeadingCommentSpace: - Enabled: false + Exclude: + - 'lib/net/ber/core_ext/array.rb' + - 'lib/net/ldap.rb' + - 'lib/net/ldap/connection.rb' # Offense count: 21 # Cop supports --auto-correct. @@ -255,66 +365,85 @@ Style/MultilineOperationIndentation: # Offense count: 1 Style/MultilineTernaryOperator: - Enabled: false + Exclude: + - 'lib/net/ldap/connection.rb' # Offense count: 1 # Cop supports --auto-correct. Style/NegatedIf: - Enabled: false + Exclude: + - 'test/test_helper.rb' # Offense count: 1 # Cop supports --auto-correct. Style/NegatedWhile: - Enabled: false + Exclude: + - 'lib/net/ldap/filter.rb' # Offense count: 3 +# Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, MinBodyLength, SupportedStyles. Style/Next: - Enabled: false + Exclude: + - 'lib/net/ldap/connection.rb' + - 'testserver/ldapserver.rb' # Offense count: 1 # Cop supports --auto-correct. Style/NilComparison: - Enabled: false + Exclude: + - 'lib/net/ldap/connection.rb' # Offense count: 1 # Cop supports --auto-correct. # Configuration parameters: IncludeSemanticChanges. Style/NonNilCheck: - Enabled: false + Exclude: + - 'lib/net/ber/ber_parser.rb' # Offense count: 1 # Cop supports --auto-correct. Style/Not: - Enabled: false + Exclude: + - 'lib/net/ldap/filter.rb' -# Offense count: 10 +# Offense count: 11 # Cop supports --auto-correct. Style/NumericLiterals: MinDigits: 8 # Offense count: 3 Style/OpMethod: - Enabled: false + Exclude: + - 'lib/net/ldap/filter.rb' # Offense count: 6 # Cop supports --auto-correct. # Configuration parameters: AllowSafeAssignment. Style/ParenthesesAroundCondition: - Enabled: false + Exclude: + - 'lib/net/ldap.rb' + - 'lib/net/ldap/auth_adapter/gss_spnego.rb' + - 'lib/net/ldap/auth_adapter/sasl.rb' + - 'lib/net/ldap/auth_adapter/simple.rb' # Offense count: 3 # Cop supports --auto-correct. # Configuration parameters: PreferredDelimiters. Style/PercentLiteralDelimiters: - Enabled: false + Exclude: + - 'net-ldap.gemspec' + - 'test/test_entry.rb' # Offense count: 11 # Cop supports --auto-correct. Style/PerlBackrefs: - Enabled: false + Exclude: + - 'lib/net/ldap/dataset.rb' + - 'lib/net/ldap/filter.rb' + - 'testserver/ldapserver.rb' -# Offense count: 9 +# Offense count: 10 # Configuration parameters: EnforcedStyle, SupportedStyles. Style/RaiseArgs: Enabled: false @@ -322,54 +451,96 @@ Style/RaiseArgs: # Offense count: 1 # Cop supports --auto-correct. Style/RedundantBegin: - Enabled: false + Exclude: + - 'lib/net/snmp.rb' -# Offense count: 3 +# Offense count: 4 # Cop supports --auto-correct. # Configuration parameters: AllowMultipleReturnValues. Style/RedundantReturn: - Enabled: false + Exclude: + - 'lib/net/ber/core_ext/string.rb' + - 'lib/net/ldap/auth_adapter.rb' + - 'lib/net/ldap/entry.rb' + - 'lib/net/ldap/password.rb' -# Offense count: 7 +# Offense count: 6 # Cop supports --auto-correct. Style/RedundantSelf: - Enabled: false + Exclude: + - 'lib/net/ber/core_ext/array.rb' + - 'lib/net/ber/core_ext/string.rb' + - 'lib/net/ldap/dn.rb' + - 'lib/net/ldap/filter.rb' -# Offense count: 1 -# Configuration parameters: MaxSlashes. +# Offense count: 2 +# Cop supports --auto-correct. +# Configuration parameters: EnforcedStyle, SupportedStyles, AllowInnerSlashes. Style/RegexpLiteral: - Enabled: false + Exclude: + - 'lib/net/ldap/filter.rb' + - 'net-ldap.gemspec' -# Offense count: 2 +# Offense count: 1 +# Cop supports --auto-correct. Style/RescueModifier: - Enabled: false + Exclude: + - 'test/ber/core_ext/test_string.rb' -# Offense count: 7 +# Offense count: 8 # Cop supports --auto-correct. # Configuration parameters: AllowAsExpressionSeparator. Style/Semicolon: - Enabled: false + Exclude: + - 'lib/net/ldap/dn.rb' + - 'lib/net/ldap/error.rb' + - 'testserver/ldapserver.rb' -# Offense count: 61 +# Offense count: 66 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. Style/SignalException: - Enabled: false + Exclude: + - 'lib/net/ber/ber_parser.rb' + - 'lib/net/ber/core_ext/array.rb' + - 'lib/net/ldap.rb' + - 'lib/net/ldap/auth_adapter.rb' + - 'lib/net/ldap/auth_adapter/gss_spnego.rb' + - 'lib/net/ldap/auth_adapter/sasl.rb' + - 'lib/net/ldap/auth_adapter/simple.rb' + - 'lib/net/ldap/connection.rb' + - 'lib/net/ldap/dn.rb' + - 'lib/net/ldap/entry.rb' + - 'lib/net/ldap/filter.rb' + - 'lib/net/ldap/password.rb' + - 'lib/net/ldap/pdu.rb' + - 'lib/net/snmp.rb' # Offense count: 2 # Configuration parameters: Methods. Style/SingleLineBlockParams: - Enabled: false + Exclude: + - 'lib/net/ldap/filter.rb' # Offense count: 2 # Cop supports --auto-correct. Style/SingleSpaceBeforeFirstArg: - Enabled: false + Exclude: + - 'lib/net/ldap/dataset.rb' + - 'lib/net/ldap/instrumentation.rb' # Offense count: 24 # Cop supports --auto-correct. Style/SpaceAfterComma: - Enabled: false + Exclude: + - 'lib/net/ber/core_ext/integer.rb' + - 'lib/net/ber/core_ext/string.rb' + - 'lib/net/ldap/dataset.rb' + - 'lib/net/ldap/entry.rb' + - 'lib/net/snmp.rb' + - 'test/ber/core_ext/test_array.rb' + - 'test/ber/test_ber.rb' + - 'test/test_dn.rb' # Offense count: 2 # Cop supports --auto-correct. @@ -377,10 +548,16 @@ Style/SpaceAfterComma: Style/SpaceAroundEqualsInParameterDefault: Enabled: false -# Offense count: 8 +# Offense count: 9 # Cop supports --auto-correct. +# Configuration parameters: MultiSpaceAllowedForOperators. Style/SpaceAroundOperators: - Enabled: false + Exclude: + - 'lib/net/ldap/connection.rb' + - 'lib/net/ldap/entry.rb' + - 'lib/net/ldap/filter.rb' + - 'test/test_entry.rb' + - 'test/test_ldap_connection.rb' # Offense count: 2 # Cop supports --auto-correct. @@ -397,7 +574,13 @@ Style/SpaceInsideBlockBraces: # Offense count: 37 # Cop supports --auto-correct. Style/SpaceInsideBrackets: - Enabled: false + Exclude: + - 'lib/net/ber.rb' + - 'lib/net/ldap.rb' + - 'lib/net/ldap/connection.rb' + - 'lib/net/ldap/filter.rb' + - 'test/test_ldap_connection.rb' + - 'testserver/ldapserver.rb' # Offense count: 1 # Cop supports --auto-correct. @@ -408,52 +591,67 @@ Style/SpaceInsideHashLiteralBraces: # Offense count: 20 # Cop supports --auto-correct. Style/SpaceInsideParens: - Enabled: false + Exclude: + - 'lib/net/ldap/entry.rb' + - 'lib/net/snmp.rb' + - 'test/test_password.rb' + - 'testserver/ldapserver.rb' # Offense count: 5 # Cop supports --auto-correct. Style/SpecialGlobalVars: - Enabled: false + Exclude: + - 'lib/net/snmp.rb' + - 'net-ldap.gemspec' + - 'testserver/ldapserver.rb' -# Offense count: 645 +# Offense count: 663 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. Style/StringLiterals: Enabled: false -# Offense count: 10 +# Offense count: 11 # Cop supports --auto-correct. # Configuration parameters: IgnoredMethods. Style/SymbolProc: - Enabled: false + Exclude: + - 'lib/net/ber.rb' + - 'lib/net/ber/core_ext/array.rb' + - 'lib/net/ldap/connection.rb' + - 'lib/net/ldap/dataset.rb' + - 'lib/net/ldap/filter.rb' + - 'test/ber/test_ber.rb' + - 'test/test_ldif.rb' + - 'testserver/ldapserver.rb' -# Offense count: 1 -# Cop supports --auto-correct. -# Configuration parameters: EnforcedStyle, SupportedStyles. -Style/TrailingBlankLines: - Enabled: false - -# Offense count: 9 +# Offense count: 12 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyleForMultiline, SupportedStyles. Style/TrailingComma: - Enabled: false - -# Offense count: 1 -# Cop supports --auto-correct. -# Configuration parameters: ExactNameMatch, AllowPredicates, AllowDSLWriters, Whitelist. -Style/TrivialAccessors: - Enabled: false + Exclude: + - 'lib/net/ldap.rb' + - 'lib/net/ldap/dn.rb' + - 'lib/net/snmp.rb' + - 'test/ber/test_ber.rb' + - 'test/test_dn.rb' + - 'test/test_filter.rb' + - 'test/test_ldap_connection.rb' + - 'testserver/ldapserver.rb' # Offense count: 5 # Cop supports --auto-correct. Style/UnneededPercentQ: - Enabled: false + Exclude: + - 'net-ldap.gemspec' + - 'test/test_entry.rb' # Offense count: 1 +# Cop supports --auto-correct. # Configuration parameters: MaxLineLength. Style/WhileUntilModifier: - Enabled: false + Exclude: + - 'lib/net/ldap/filter.rb' # Offense count: 1 # Cop supports --auto-correct. From 64d9f28820c90f1fb2b01f6d0da84d4c8f4c88a8 Mon Sep 17 00:00:00 2001 From: Rufus Post Date: Mon, 11 Jan 2016 14:24:48 +1100 Subject: [PATCH 077/146] fix deprecated hash methods --- .rubocop_todo.yml | 9 --------- lib/net/snmp.rb | 2 +- test/test_ldap_connection.rb | 18 +++++++++--------- test/test_ldif.rb | 12 ++++++------ test/test_search.rb | 4 ++-- 5 files changed, 18 insertions(+), 27 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 4c6c68d2..3007d218 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -206,15 +206,6 @@ Style/ConstantName: - 'test/test_ldif.rb' - 'testserver/ldapserver.rb' -# Offense count: 18 -# Cop supports --auto-correct. -Style/DeprecatedHashMethods: - Exclude: - - 'lib/net/snmp.rb' - - 'test/test_ldap_connection.rb' - - 'test/test_ldif.rb' - - 'test/test_search.rb' - # Offense count: 21 # Configuration parameters: Exclude. Style/Documentation: diff --git a/lib/net/snmp.rb b/lib/net/snmp.rb index fe7a2899..8767e399 100644 --- a/lib/net/snmp.rb +++ b/lib/net/snmp.rb @@ -191,7 +191,7 @@ def pdu_type= t end def error_status= es - unless ErrorStatusCodes.has_key?(es) + unless ErrorStatusCodes.key?(es) raise Error.new("unknown error-status: #{es}") end @error_status = es diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index 51e30c3f..d6f75906 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -399,8 +399,8 @@ def test_write_net_ldap_connection_event # a write event payload, result = events.pop - assert payload.has_key?(:result) - assert payload.has_key?(:content_length) + assert payload.key?(:result) + assert payload.key?(:content_length) end def test_read_net_ldap_connection_event @@ -416,7 +416,7 @@ def test_read_net_ldap_connection_event # a read event payload, result = events.pop - assert payload.has_key?(:result) + assert payload.key?(:result) assert_equal read_result, result end @@ -433,9 +433,9 @@ def test_parse_pdu_net_ldap_connection_event # a parse_pdu event payload, result = events.pop - assert payload.has_key?(:pdu) - assert payload.has_key?(:app_tag) - assert payload.has_key?(:message_id) + assert payload.key?(:pdu) + assert payload.key?(:app_tag) + assert payload.key?(:message_id) assert_equal Net::LDAP::PDU::BindResult, payload[:app_tag] assert_equal 1, payload[:message_id] pdu = payload[:pdu] @@ -455,7 +455,7 @@ def test_bind_net_ldap_connection_event # a read event payload, result = events.pop - assert payload.has_key?(:result) + assert payload.key?(:result) assert result.success?, "should be success" end @@ -482,8 +482,8 @@ def test_search_net_ldap_connection_event # a search event payload, result = events.pop - assert payload.has_key?(:result) - assert payload.has_key?(:filter) + assert payload.key?(:result) + assert payload.key?(:filter) assert_equal "(uid=user1)", payload[:filter].to_s assert result diff --git a/test/test_ldif.rb b/test/test_ldif.rb index 8181671c..b86eb2fb 100644 --- a/test/test_ldif.rb +++ b/test/test_ldif.rb @@ -38,31 +38,31 @@ def test_ldif_with_password def test_ldif_with_continuation_lines ds = Net::LDAP::Dataset::read_ldif(StringIO.new("dn: abcdefg\r\n hijklmn\r\n\r\n")) - assert_equal(true, ds.has_key?("abcdefghijklmn")) + assert_equal(true, ds.key?("abcdefghijklmn")) end def test_ldif_with_continuation_lines_and_extra_whitespace ds1 = Net::LDAP::Dataset::read_ldif(StringIO.new("dn: abcdefg\r\n hijklmn\r\n\r\n")) - assert_equal(true, ds1.has_key?("abcdefg hijklmn")) + assert_equal(true, ds1.key?("abcdefg hijklmn")) ds2 = Net::LDAP::Dataset::read_ldif(StringIO.new("dn: abcdefg\r\n hij klmn\r\n\r\n")) - assert_equal(true, ds2.has_key?("abcdefghij klmn")) + assert_equal(true, ds2.key?("abcdefghij klmn")) end def test_ldif_tab_is_not_continuation ds = Net::LDAP::Dataset::read_ldif(StringIO.new("dn: key\r\n\tnotcontinued\r\n\r\n")) - assert_equal(true, ds.has_key?("key")) + assert_equal(true, ds.key?("key")) end def test_ldif_with_base64_dn str = "dn:: Q049QmFzZTY0IGRuIHRlc3QsT1U9VGVzdCxPVT1Vbml0cyxEQz1leGFtcGxlLERDPWNvbQ==\r\n\r\n" ds = Net::LDAP::Dataset::read_ldif(StringIO.new(str)) - assert_equal(true, ds.has_key?("CN=Base64 dn test,OU=Test,OU=Units,DC=example,DC=com")) + assert_equal(true, ds.key?("CN=Base64 dn test,OU=Test,OU=Units,DC=example,DC=com")) end def test_ldif_with_base64_dn_and_continuation_lines str = "dn:: Q049QmFzZTY0IGRuIHRlc3Qgd2l0aCBjb250aW51YXRpb24gbGluZSxPVT1UZXN0LE9VPVVua\r\n XRzLERDPWV4YW1wbGUsREM9Y29t\r\n\r\n" ds = Net::LDAP::Dataset::read_ldif(StringIO.new(str)) - assert_equal(true, ds.has_key?("CN=Base64 dn test with continuation line,OU=Test,OU=Units,DC=example,DC=com")) + assert_equal(true, ds.key?("CN=Base64 dn test with continuation line,OU=Test,OU=Units,DC=example,DC=com")) end # TODO, INADEQUATE. We need some more tests diff --git a/test/test_search.rb b/test/test_search.rb index e349d0b8..c577a6a2 100644 --- a/test/test_search.rb +++ b/test/test_search.rb @@ -32,8 +32,8 @@ def test_instrumentation_publishes_event @connection.search(:filter => "test") payload, result = events.pop - assert payload.has_key?(:result) - assert payload.has_key?(:filter) + assert payload.key?(:result) + assert payload.key?(:filter) assert_equal "test", payload[:filter] end end From 8572cacddae0520a47def01a9fc74818630eb85c Mon Sep 17 00:00:00 2001 From: Rufus Post Date: Mon, 11 Jan 2016 14:18:40 +1100 Subject: [PATCH 078/146] fix space after comma --- .rubocop_todo.yml | 13 ------------- lib/net/ber/core_ext/integer.rb | 2 +- lib/net/ber/core_ext/string.rb | 2 +- lib/net/ldap/dataset.rb | 2 +- lib/net/ldap/entry.rb | 2 +- lib/net/snmp.rb | 12 ++++++------ test/ber/core_ext/test_array.rb | 2 +- test/ber/test_ber.rb | 2 +- test/test_dn.rb | 6 +++--- 9 files changed, 15 insertions(+), 28 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 4c6c68d2..747cb8ca 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -529,19 +529,6 @@ Style/SingleSpaceBeforeFirstArg: - 'lib/net/ldap/dataset.rb' - 'lib/net/ldap/instrumentation.rb' -# Offense count: 24 -# Cop supports --auto-correct. -Style/SpaceAfterComma: - Exclude: - - 'lib/net/ber/core_ext/integer.rb' - - 'lib/net/ber/core_ext/string.rb' - - 'lib/net/ldap/dataset.rb' - - 'lib/net/ldap/entry.rb' - - 'lib/net/snmp.rb' - - 'test/ber/core_ext/test_array.rb' - - 'test/ber/test_ber.rb' - - 'test/test_dn.rb' - # Offense count: 2 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. diff --git a/lib/net/ber/core_ext/integer.rb b/lib/net/ber/core_ext/integer.rb index b2149f9b..78313045 100644 --- a/lib/net/ber/core_ext/integer.rb +++ b/lib/net/ber/core_ext/integer.rb @@ -20,7 +20,7 @@ def to_ber_length_encoding if self <= 127 [self].pack('C') else - i = [self].pack('N').sub(/^[\0]+/,"") + i = [self].pack('N').sub(/^[\0]+/, "") [0x80 + i.length].pack('C') + i end end diff --git a/lib/net/ber/core_ext/string.rb b/lib/net/ber/core_ext/string.rb index e8a43e2c..995d26d4 100644 --- a/lib/net/ber/core_ext/string.rb +++ b/lib/net/ber/core_ext/string.rb @@ -75,6 +75,6 @@ def read_ber!(syntax = nil) end def reject_empty_ber_arrays - self.gsub(/0\000/n,'') + self.gsub(/0\000/n, '') end end diff --git a/lib/net/ldap/dataset.rb b/lib/net/ldap/dataset.rb index 54fc1a07..47810ce7 100644 --- a/lib/net/ldap/dataset.rb +++ b/lib/net/ldap/dataset.rb @@ -141,7 +141,7 @@ def read_ldif(io) # $' is the dn-value # Avoid the Base64 class because not all Ruby versions have it. dn = ($1 == ":") ? $'.unpack('m').shift : $' - ds[dn] = Hash.new { |k,v| k[v] = [] } + ds[dn] = Hash.new { |k, v| k[v] = [] } yield :dn, dn if block_given? elsif line.empty? dn = nil diff --git a/lib/net/ldap/entry.rb b/lib/net/ldap/entry.rb index f46912ba..d5068dde 100644 --- a/lib/net/ldap/entry.rb +++ b/lib/net/ldap/entry.rb @@ -142,7 +142,7 @@ def attribute_names def each # :yields: attribute-name, data-values-array if block_given? attribute_names.each do|a| - attr_name,values = a,self[a] + attr_name, values = a, self[a] yield attr_name, values end end diff --git a/lib/net/snmp.rb b/lib/net/snmp.rb index fe7a2899..2ff49aac 100644 --- a/lib/net/snmp.rb +++ b/lib/net/snmp.rb @@ -148,7 +148,7 @@ def parse_get_request data # data[2] is error_index, always zero. send :error_status=, 0 send :error_index=, 0 - data[3].each do |n,v| + data[3].each do |n, v| # A variable-binding, of which there may be several, # consists of an OID and a BER null. # We're ignoring the null, we might want to verify it instead. @@ -166,7 +166,7 @@ def parse_get_response data send :request_id=, data[0].to_i send :error_status=, data[1].to_i send :error_index=, data[2].to_i - data[3].each do |n,v| + data[3].each do |n, v| # A variable-binding, of which there may be several, # consists of an OID and a BER null. # We're ignoring the null, we might want to verify it instead. @@ -177,7 +177,7 @@ def parse_get_response data def version= ver - unless [0,2].include?(ver) + unless [0, 2].include?(ver) raise Error.new("unknown snmp-version: #{ver}") end @version = ver @@ -227,7 +227,7 @@ def pdu_to_ber_string error_status.to_ber, error_index.to_ber, [ - @variables.map do|n,v| + @variables.map do|n, v| [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence end ].to_ber_sequence @@ -238,7 +238,7 @@ def pdu_to_ber_string error_status.to_ber, error_index.to_ber, [ - @variables.map do|n,v| + @variables.map do|n, v| [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence end ].to_ber_sequence @@ -249,7 +249,7 @@ def pdu_to_ber_string error_status.to_ber, error_index.to_ber, [ - @variables.map do|n,v| + @variables.map do|n, v| [n.to_ber_oid, v.to_ber].to_ber_sequence end ].to_ber_sequence diff --git a/test/ber/core_ext/test_array.rb b/test/ber/core_ext/test_array.rb index 308fffc5..2d1e957a 100644 --- a/test/ber/core_ext/test_array.rb +++ b/test/ber/core_ext/test_array.rb @@ -6,7 +6,7 @@ def test_control_code_array control_codes << ['1.2.3'.to_ber, true.to_ber].to_ber_sequence control_codes << ['1.7.9'.to_ber, false.to_ber].to_ber_sequence control_codes = control_codes.to_ber_sequence - res = [['1.2.3', true],['1.7.9',false]].to_ber_control + res = [['1.2.3', true], ['1.7.9', false]].to_ber_control assert_equal control_codes, res end diff --git a/test/ber/test_ber.rb b/test/ber/test_ber.rb index 95cfe1ae..c2f5a568 100644 --- a/test/ber/test_ber.rb +++ b/test/ber/test_ber.rb @@ -6,7 +6,7 @@ def test_empty_array end def test_array - ary = [1,2,3] + ary = [1, 2, 3] encoded_ary = ary.map { |el| el.to_ber }.to_ber assert_equal ary, encoded_ary.read_ber diff --git a/test/test_dn.rb b/test/test_dn.rb index 0cb2ec5a..5fff6ae8 100644 --- a/test/test_dn.rb +++ b/test/test_dn.rb @@ -13,17 +13,17 @@ def test_escape_on_initialize def test_to_a dn = Net::LDAP::DN.new('cn=James, ou=Company\\,\\20LLC') - assert_equal ['cn','James','ou','Company, LLC'], dn.to_a + assert_equal ['cn', 'James', 'ou', 'Company, LLC'], dn.to_a end def test_to_a_parenthesis dn = Net::LDAP::DN.new('cn = \ James , ou = "Comp\28ny" ') - assert_equal ['cn',' James','ou','Comp(ny'], dn.to_a + assert_equal ['cn', ' James', 'ou', 'Comp(ny'], dn.to_a end def test_to_a_hash_symbol dn = Net::LDAP::DN.new('1.23.4= #A3B4D5 ,ou=Company') - assert_equal ['1.23.4','#A3B4D5','ou','Company'], dn.to_a + assert_equal ['1.23.4', '#A3B4D5', 'ou', 'Company'], dn.to_a end # TODO: raise a more specific exception than RuntimeError From 0e6808448e5463111372fa01c8b7a490cf6e8b30 Mon Sep 17 00:00:00 2001 From: Rufus Post Date: Mon, 11 Jan 2016 14:15:57 +1100 Subject: [PATCH 079/146] fix space inside brackets --- .rubocop_todo.yml | 11 ----------- lib/net/ber.rb | 2 +- lib/net/ldap.rb | 6 +++--- lib/net/ldap/connection.rb | 8 ++++---- lib/net/ldap/filter.rb | 2 +- test/test_ldap_connection.rb | 14 +++++++------- testserver/ldapserver.rb | 2 +- 7 files changed, 17 insertions(+), 28 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 4c6c68d2..469260d5 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -571,17 +571,6 @@ Style/SpaceBeforeBlockBraces: Style/SpaceInsideBlockBraces: Enabled: false -# Offense count: 37 -# Cop supports --auto-correct. -Style/SpaceInsideBrackets: - Exclude: - - 'lib/net/ber.rb' - - 'lib/net/ldap.rb' - - 'lib/net/ldap/connection.rb' - - 'lib/net/ldap/filter.rb' - - 'test/test_ldap_connection.rb' - - 'testserver/ldapserver.rb' - # Offense count: 1 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, EnforcedStyleForEmptyBraces, SupportedStyles. diff --git a/lib/net/ber.rb b/lib/net/ber.rb index 3bc7a2ba..baf08e14 100644 --- a/lib/net/ber.rb +++ b/lib/net/ber.rb @@ -235,7 +235,7 @@ def self.compile_syntax(syntax) # TODO 20100327 AZ: Should we be allocating an array of 256 values # that will either be +nil+ or an object type symbol, or should we # allocate an empty Hash since unknown values return +nil+ anyway? - out = [ nil ] * 256 + out = [nil] * 256 syntax.each do |tag_class_id, encodings| tag_class = TAG_CLASS[tag_class_id] encodings.each do |encoding_id, classes| diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 32414250..5f328a24 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -264,14 +264,14 @@ class Net::LDAP SearchScope_BaseObject = 0 SearchScope_SingleLevel = 1 SearchScope_WholeSubtree = 2 - SearchScopes = [ SearchScope_BaseObject, SearchScope_SingleLevel, - SearchScope_WholeSubtree ] + SearchScopes = [SearchScope_BaseObject, SearchScope_SingleLevel, + SearchScope_WholeSubtree] DerefAliases_Never = 0 DerefAliases_Search = 1 DerefAliases_Find = 2 DerefAliases_Always = 3 - DerefAliasesArray = [ DerefAliases_Never, DerefAliases_Search, DerefAliases_Find, DerefAliases_Always ] + DerefAliasesArray = [DerefAliases_Never, DerefAliases_Search, DerefAliases_Find, DerefAliases_Always] primitive = { 2 => :null } # UnbindRequest body constructed = { diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index e16f4096..1ac9dfd7 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -513,9 +513,9 @@ def self.modify_ops(operations) # TODO, fix the following line, which gives a bogus error if the # opcode is invalid. op_ber = MODIFY_OPERATIONS[op.to_sym].to_ber_enumerated - values = [ values ].flatten.map { |v| v.to_ber if v }.to_ber_set - values = [ attrib.to_s.to_ber, values ].to_ber_sequence - ops << [ op_ber, values ].to_ber + values = [values].flatten.map { |v| v.to_ber if v }.to_ber_set + values = [attrib.to_s.to_ber, values].to_ber_sequence + ops << [op_ber, values].to_ber end end ops @@ -604,7 +604,7 @@ def add(args) add_dn = args[:dn] or raise Net::LDAP::EmptyDNError, "Unable to add empty DN" add_attrs = [] a = args[:attributes] and a.each do |k, v| - add_attrs << [ k.to_s.to_ber, Array(v).map { |m| m.to_ber}.to_ber_set ].to_ber_sequence + add_attrs << [k.to_s.to_ber, Array(v).map { |m| m.to_ber}.to_ber_set].to_ber_sequence end message_id = next_msgid diff --git a/lib/net/ldap/filter.rb b/lib/net/ldap/filter.rb index d4542e3d..084b997d 100644 --- a/lib/net/ldap/filter.rb +++ b/lib/net/ldap/filter.rb @@ -23,7 +23,7 @@ class Net::LDAP::Filter ## # Known filter types. - FilterTypes = [ :ne, :eq, :ge, :le, :and, :or, :not, :ex, :bineq ] + FilterTypes = [:ne, :eq, :ge, :le, :and, :or, :not, :ex, :bineq] def initialize(op, left, right) #:nodoc: unless FilterTypes.include?(op) diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index 51e30c3f..6b34ab5e 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -112,23 +112,23 @@ def test_raises_unknown_exceptions end def test_modify_ops_delete - args = { :operations => [ [ :delete, "mail" ] ] } + args = { :operations => [[:delete, "mail"]] } result = Net::LDAP::Connection.modify_ops(args[:operations]) - expected = [ "0\r\n\x01\x010\b\x04\x04mail1\x00" ] + expected = ["0\r\n\x01\x010\b\x04\x04mail1\x00"] assert_equal(expected, result) end def test_modify_ops_add - args = { :operations => [ [ :add, "mail", "testuser@example.com" ] ] } + args = { :operations => [[:add, "mail", "testuser@example.com"]] } result = Net::LDAP::Connection.modify_ops(args[:operations]) - expected = [ "0#\n\x01\x000\x1E\x04\x04mail1\x16\x04\x14testuser@example.com" ] + expected = ["0#\n\x01\x000\x1E\x04\x04mail1\x16\x04\x14testuser@example.com"] assert_equal(expected, result) end def test_modify_ops_replace - args = { :operations =>[ [ :replace, "mail", "testuser@example.com" ] ] } + args = { :operations =>[[:replace, "mail", "testuser@example.com"]] } result = Net::LDAP::Connection.modify_ops(args[:operations]) - expected = [ "0#\n\x01\x020\x1E\x04\x04mail1\x16\x04\x14testuser@example.com" ] + expected = ["0#\n\x01\x020\x1E\x04\x04mail1\x16\x04\x14testuser@example.com"] assert_equal(expected, result) end @@ -463,7 +463,7 @@ def test_search_net_ldap_connection_event # search data search_data_ber = Net::BER::BerIdentifiedArray.new([1, [ "uid=user1,ou=People,dc=rubyldap,dc=com", - [ ["uid", ["user1"]] ] + [["uid", ["user1"]]] ]]) search_data_ber.ber_identifier = Net::LDAP::PDU::SearchReturnedData search_data = [1, search_data_ber] diff --git a/testserver/ldapserver.rb b/testserver/ldapserver.rb index 24578ffb..25e38799 100644 --- a/testserver/ldapserver.rb +++ b/testserver/ldapserver.rb @@ -156,7 +156,7 @@ def handle_search_request pdu def send_ldap_response pkt_tag, msgid, code, dn, text - send_data( [msgid.to_ber, [code.to_ber, dn.to_ber, text.to_ber].to_ber_appsequence(pkt_tag) ].to_ber ) + send_data( [msgid.to_ber, [code.to_ber, dn.to_ber, text.to_ber].to_ber_appsequence(pkt_tag)].to_ber ) end end From 9d6240317e06d728db123cbbcdb0dacce9638934 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Tue, 12 Jan 2016 10:16:09 -0800 Subject: [PATCH 080/146] fix trailing comma Default is to require a trailing comma. --- .rubocop.yml | 3 +++ .rubocop_todo.yml | 14 -------------- lib/net/ber/ber_parser.rb | 2 +- lib/net/ldap.rb | 16 ++++++++-------- lib/net/ldap/connection.rb | 14 +++++++------- lib/net/ldap/pdu.rb | 4 ++-- lib/net/snmp.rb | 22 +++++++++++----------- test/integration/test_add.rb | 2 +- test/integration/test_ber.rb | 2 +- test/integration/test_delete.rb | 2 +- test/integration/test_open.rb | 2 +- test/integration/test_password_modify.rb | 4 ++-- test/test_filter.rb | 4 ++-- test/test_ldap_connection.rb | 6 +++--- testserver/ldapserver.rb | 4 ++-- 15 files changed, 45 insertions(+), 56 deletions(-) diff --git a/.rubocop.yml b/.rubocop.yml index 084ca199..9870d13e 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -12,3 +12,6 @@ Lint/AssignmentInCondition: Style/ParallelAssignment: Enabled: false + +Style/TrailingComma: + EnforcedStyleForMultiline: comma diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 892dfacf..13e5ac59 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -592,20 +592,6 @@ Style/SymbolProc: - 'test/test_ldif.rb' - 'testserver/ldapserver.rb' -# Offense count: 12 -# Cop supports --auto-correct. -# Configuration parameters: EnforcedStyleForMultiline, SupportedStyles. -Style/TrailingComma: - Exclude: - - 'lib/net/ldap.rb' - - 'lib/net/ldap/dn.rb' - - 'lib/net/snmp.rb' - - 'test/ber/test_ber.rb' - - 'test/test_dn.rb' - - 'test/test_filter.rb' - - 'test/test_ldap_connection.rb' - - 'testserver/ldapserver.rb' - # Offense count: 5 # Cop supports --auto-correct. Style/UnneededPercentQ: diff --git a/lib/net/ber/ber_parser.rb b/lib/net/ber/ber_parser.rb index 09de8c82..ee69eed8 100644 --- a/lib/net/ber/ber_parser.rb +++ b/lib/net/ber/ber_parser.rb @@ -14,7 +14,7 @@ module Net::BER::BERParser } constructed = { 16 => :array, - 17 => :array + 17 => :array, } universal = { :primitive => primitive, :constructed => constructed } diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 5f328a24..a9c843e7 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -325,8 +325,8 @@ class Net::LDAP universal = { constructed: { - 107 => :array #ExtendedResponse (PasswdModifyResponseValue) - } + 107 => :array, #ExtendedResponse (PasswdModifyResponseValue) + }, } AsnSyntax = Net::BER.compile_syntax(:application => application, @@ -389,14 +389,14 @@ class Net::LDAP ResultCodeCompareFalse, ResultCodeCompareTrue, ResultCodeReferral, - ResultCodeSaslBindInProgress + ResultCodeSaslBindInProgress, ] # nonstandard list of "successful" result codes for searches ResultCodesSearchSuccess = [ ResultCodeSuccess, ResultCodeTimeLimitExceeded, - ResultCodeSizeLimitExceeded + ResultCodeSizeLimitExceeded, ] # map of result code to human message @@ -438,7 +438,7 @@ class Net::LDAP ResultCodeEntryAlreadyExists => "Entry Already Exists", ResultCodeObjectClassModsProhibited => "ObjectClass Modifications Prohibited", ResultCodeAffectsMultipleDSAs => "Affects Multiple DSAs", - ResultCodeOther => "Other" + ResultCodeOther => "Other", } module LDAPControls @@ -591,7 +591,7 @@ def authenticate(username, password) @auth = { :method => :simple, :username => username, - :password => password + :password => password, } end alias_method :auth, :authenticate @@ -1208,7 +1208,7 @@ def search_root_dse :supportedExtension, :supportedFeatures, :supportedLdapVersion, - :supportedSASLMechanisms + :supportedSASLMechanisms, ]) (rs and rs.first) or Net::LDAP::Entry.new end @@ -1319,7 +1319,7 @@ def new_connection rescue Errno::ECONNREFUSED, Errno::ETIMEDOUT, Net::LDAP::ConnectionRefusedError => e @result = { :resultCode => 52, - :errorMessage => ResultStrings[ResultCodeUnavailable] + :errorMessage => ResultStrings[ResultCodeUnavailable], } raise e end diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 1ac9dfd7..96e735b9 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -44,7 +44,7 @@ def open_connection(server) encryption = server[:encryption] socket_opts = { - connect_timeout: server[:connect_timeout] || DefaultConnectTimeout + connect_timeout: server[:connect_timeout] || DefaultConnectTimeout, } errors = [] @@ -133,7 +133,7 @@ def setup_encryption(args) when :start_tls message_id = next_msgid request = [ - Net::LDAP::StartTlsOid.to_ber_contextspecific(0) + Net::LDAP::StartTlsOid.to_ber_contextspecific(0), ].to_ber_appsequence(Net::LDAP::PDU::ExtendedRequest) write(request, nil, message_id) @@ -283,7 +283,7 @@ def encode_sort_controls(sort_definitions) sort_control = [ Net::LDAP::LDAPControls::SORT_REQUEST.to_ber, false.to_ber, - sort_control_values.to_ber_sequence.to_s.to_ber + sort_control_values.to_ber_sequence.to_s.to_ber, ].to_ber_sequence end @@ -396,7 +396,7 @@ def search(args = nil) time.to_ber, attrs_only.to_ber, filter.to_ber, - ber_attrs.to_ber_sequence + ber_attrs.to_ber_sequence, ].to_ber_appsequence(Net::LDAP::PDU::SearchRequest) # rfc2696_cookie sometimes contains binary data from Microsoft Active Directory @@ -409,7 +409,7 @@ def search(args = nil) Net::LDAP::LDAPControls::PAGED_RESULTS.to_ber, # Criticality MUST be false to interoperate with normal LDAPs. false.to_ber, - rfc2696_cookie.map{ |v| v.to_ber}.to_ber_sequence.to_s.to_ber + rfc2696_cookie.map{ |v| v.to_ber}.to_ber_sequence.to_s.to_ber, ].to_ber_sequence if paged controls << ber_sort if ber_sort controls = controls.empty? ? nil : controls.to_ber_contextspecific(0) @@ -503,7 +503,7 @@ def search(args = nil) MODIFY_OPERATIONS = { #:nodoc: :add => 0, :delete => 1, - :replace => 2 + :replace => 2, } def self.modify_ops(operations) @@ -535,7 +535,7 @@ def modify(args) message_id = next_msgid request = [ modify_dn.to_ber, - ops.to_ber_sequence + ops.to_ber_sequence, ].to_ber_appsequence(Net::LDAP::PDU::ModifyRequest) write(request, nil, message_id) diff --git a/lib/net/ldap/pdu.rb b/lib/net/ldap/pdu.rb index 5527c1df..382c7acb 100644 --- a/lib/net/ldap/pdu.rb +++ b/lib/net/ldap/pdu.rb @@ -175,7 +175,7 @@ def parse_ldap_result(sequence) @ldap_result = { :resultCode => sequence[0], :matchedDN => sequence[1], - :errorMessage => sequence[2] + :errorMessage => sequence[2], } parse_search_referral(sequence[3]) if @ldap_result[:resultCode] == Net::LDAP::ResultCodeReferral end @@ -198,7 +198,7 @@ def parse_extended_response(sequence) @ldap_result = { :resultCode => sequence[0], :matchedDN => sequence[1], - :errorMessage => sequence[2] + :errorMessage => sequence[2], } @extended_response = sequence[3] end diff --git a/lib/net/snmp.rb b/lib/net/snmp.rb index 0fb99baf..258e8060 100644 --- a/lib/net/snmp.rb +++ b/lib/net/snmp.rb @@ -12,7 +12,7 @@ class SNMP 2 => :integer, # Gauge32 or Unsigned32, (RFC2578 sec 2) 3 => :integer # TimeTicks32, (RFC2578 sec 2) }, - :constructed => {} + :constructed => {}, }, :context_specific => { :primitive => {}, @@ -20,8 +20,8 @@ class SNMP 0 => :array, # GetRequest PDU (RFC1157 pgh 4.1.2) 1 => :array, # GetNextRequest PDU (RFC1157 pgh 4.1.3) 2 => :array # GetResponse PDU (RFC1157 pgh 4.1.4) - } - } + }, + }, }) # SNMP 32-bit counter. @@ -70,7 +70,7 @@ class Error < StandardError; end :get_next_request, :get_response, :set_request, - :trap + :trap, ] ErrorStatusCodes = { # Per RFC1157, pgh 4.1.1 0 => "noError", @@ -78,7 +78,7 @@ class Error < StandardError; end 2 => "noSuchName", 3 => "badValue", 4 => "readOnly", - 5 => "genErr" + 5 => "genErr", } class << self @@ -229,8 +229,8 @@ def pdu_to_ber_string [ @variables.map do|n, v| [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence - end - ].to_ber_sequence + end, + ].to_ber_sequence, ].to_ber_contextspecific(0) when :get_next_request [ @@ -240,8 +240,8 @@ def pdu_to_ber_string [ @variables.map do|n, v| [n.to_ber_oid, Net::BER::BerIdentifiedNull.new.to_ber].to_ber_sequence - end - ].to_ber_sequence + end, + ].to_ber_sequence, ].to_ber_contextspecific(1) when :get_response [ @@ -251,8 +251,8 @@ def pdu_to_ber_string [ @variables.map do|n, v| [n.to_ber_oid, v.to_ber].to_ber_sequence - end - ].to_ber_sequence + end, + ].to_ber_sequence, ].to_ber_contextspecific(2) else raise Error.new( "unknown pdu-type: #{pdu_type}" ) diff --git a/test/integration/test_add.rb b/test/integration/test_add.rb index 3cddb18a..dcac6149 100644 --- a/test/integration/test_add.rb +++ b/test/integration/test_add.rb @@ -14,7 +14,7 @@ def test_add uid: "added-user1", cn: "added-user1", sn: "added-user1", - mail: "added-user1@rubyldap.com" + mail: "added-user1@rubyldap.com", } assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect diff --git a/test/integration/test_ber.rb b/test/integration/test_ber.rb index 8fb4d374..51e93334 100644 --- a/test/integration/test_ber.rb +++ b/test/integration/test_ber.rb @@ -12,7 +12,7 @@ def test_true_ber_encoding filter: "(uid=user1)", size: 1, attributes: attrs, - attributes_only: true + attributes_only: true, ).first # matches attributes we requested diff --git a/test/integration/test_delete.rb b/test/integration/test_delete.rb index 355df7b9..0cca32a9 100644 --- a/test/integration/test_delete.rb +++ b/test/integration/test_delete.rb @@ -12,7 +12,7 @@ def setup uid: "delete-user1", cn: "delete-user1", sn: "delete-user1", - mail: "delete-user1@rubyldap.com" + mail: "delete-user1@rubyldap.com", } unless @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject) assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect diff --git a/test/integration/test_open.rb b/test/integration/test_open.rb index 36724f5d..a7ac09da 100644 --- a/test/integration/test_open.rb +++ b/test/integration/test_open.rb @@ -63,7 +63,7 @@ def test_nested_add_with_open uid: "nested-open-added-user1", cn: "nested-open-added-user1", sn: "nested-open-added-user1", - mail: "nested-open-added-user1@rubyldap.com" + mail: "nested-open-added-user1@rubyldap.com", } @ldap.authenticate "cn=admin,dc=rubyldap,dc=com", "passworD1" diff --git a/test/integration/test_password_modify.rb b/test/integration/test_password_modify.rb index 12583363..1f1c72a9 100644 --- a/test/integration/test_password_modify.rb +++ b/test/integration/test_password_modify.rb @@ -13,7 +13,7 @@ def setup cn: 'modify-password-user1', sn: 'modify-password-user1', mail: 'modify-password-user1@rubyldap.com', - userPassword: 'passworD1' + userPassword: 'passworD1', } unless @ldap.search(base: @dn, scope: Net::LDAP::SearchScope_BaseObject) assert @ldap.add(dn: @dn, attributes: attrs), @ldap.get_operation_result.inspect @@ -23,7 +23,7 @@ def setup @auth = { method: :simple, username: @dn, - password: 'passworD1' + password: 'passworD1', } end diff --git a/test/test_filter.rb b/test/test_filter.rb index dd4577eb..807c86dd 100644 --- a/test/test_filter.rb +++ b/test/test_filter.rb @@ -144,7 +144,7 @@ def test_ber_conversion '(:dn:2.4.8.10:=Dino)', '(cn:dn:1.2.3.4.5:=John Smith)', '(sn:dn:2.4.6.8.10:=Barbara Jones)', - '(&(sn:dn:2.4.6.8.10:=Barbara Jones))' + '(&(sn:dn:2.4.6.8.10:=Barbara Jones))', ].each_with_index do |filter_str, index| define_method "test_decode_filter_#{index}" do filter = Net::LDAP::Filter.from_rfc2254(filter_str) @@ -195,7 +195,7 @@ def test_well_known_ber_string "foo" "\\2A\\5C" "bar", "foo" "\\2a\\5c" "bar", "foo" "\\2A\\5c" "bar", - "foo" "\\2a\\5C" "bar" + "foo" "\\2a\\5C" "bar", ].each do |escaped| # unescapes escaped characters filter = Net::LDAP::Filter.eq("objectclass", "#{escaped}*#{escaped}*#{escaped}") diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index 85411773..6bb027ac 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -162,7 +162,7 @@ def make_message(message_id, options = {}) app_tag: Net::LDAP::PDU::SearchResult, code: Net::LDAP::ResultCodeSuccess, matched_dn: "", - error_message: "" + error_message: "", }.merge(options) result = Net::BER::BerIdentifiedArray.new([options[:code], options[:matched_dn], options[:error_message]]) result.ber_identifier = options[:app_tag] @@ -257,7 +257,7 @@ def test_queued_read_rename assert result = conn.rename( olddn: "uid=renamable-user1,ou=People,dc=rubyldap,dc=com", - newrdn: "uid=renamed-user1" + newrdn: "uid=renamed-user1", ) assert result.success? assert_equal 2, result.message_id @@ -463,7 +463,7 @@ def test_search_net_ldap_connection_event # search data search_data_ber = Net::BER::BerIdentifiedArray.new([1, [ "uid=user1,ou=People,dc=rubyldap,dc=com", - [["uid", ["user1"]]] + [["uid", ["user1"]]], ]]) search_data_ber.ber_identifier = Net::LDAP::PDU::SearchReturnedData search_data = [1, search_data_ber] diff --git a/testserver/ldapserver.rb b/testserver/ldapserver.rb index 25e38799..eb0c40d3 100644 --- a/testserver/ldapserver.rb +++ b/testserver/ldapserver.rb @@ -24,7 +24,7 @@ module LdapServer }, :primitive => { 2 => :string, # ldapsearch sends this to unbind - } + }, }, :context_specific => { :primitive => { @@ -34,7 +34,7 @@ module LdapServer :constructed => { 3 => :array # equality filter }, - } + }, } def post_init From 27813f51d7f4567c08e3c9b0a2e0f0c4c772b6cd Mon Sep 17 00:00:00 2001 From: Jesper Josefsson Date: Sat, 23 Jan 2016 10:48:38 +0100 Subject: [PATCH 081/146] Docs: Net::LDAP now requires ruby >= 2 --- README.rdoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.rdoc b/README.rdoc index b7f6b311..53e2d468 100644 --- a/README.rdoc +++ b/README.rdoc @@ -25,7 +25,7 @@ See Net::LDAP for documentation and usage samples. == Requirements -Net::LDAP requires a Ruby 1.9.3 compatible interpreter or better. +Net::LDAP requires a Ruby 2.0.0 compatible interpreter or better. == Install From 8aaa96b552bcbd559ec6bd88846ccbba7b589db9 Mon Sep 17 00:00:00 2001 From: Ryan Showalter Date: Tue, 26 Jan 2016 18:33:28 -0600 Subject: [PATCH 082/146] Normalize the encryption parameter passed to the LDAP constructor --- lib/net/ldap.rb | 23 +++++++++++++++-------- test/test_ldap.rb | 20 ++++++++++++++++++++ 2 files changed, 35 insertions(+), 8 deletions(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index a9c843e7..4ba27339 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -539,7 +539,7 @@ def initialize(args = {}) @auth = args[:auth] || DefaultAuth @base = args[:base] || DefaultTreebase @force_no_page = args[:force_no_page] || DefaultForceNoPage - @encryption = args[:encryption] # may be nil + @encryption = normalize_encryption(args[:encryption]) # may be nil @connect_timeout = args[:connect_timeout] if pr = @auth[:password] and pr.respond_to?(:call) @@ -609,13 +609,7 @@ def authenticate(username, password) def encryption(args) warn "Deprecation warning: please give :encryption option as a Hash to Net::LDAP.new" return if args.nil? - return @encryption = args if args.is_a? Hash - - case method = args.to_sym - when :simple_tls, :start_tls - args = { :method => method, :tls_options => {} } - end - @encryption = args + @encryption = normalize_encryption(args) end # #open takes the same parameters as #new. #open makes a network @@ -1323,4 +1317,17 @@ def new_connection } raise e end + + # Normalize encryption parameter the constructor accepts, expands a few + # convenience symbols into recognizable hashes + def normalize_encryption(args) + return if args.nil? + return args if args.is_a? Hash + + case method = args.to_sym + when :simple_tls, :start_tls + { :method => method, :tls_options => {} } + end + end + end # class LDAP diff --git a/test/test_ldap.rb b/test/test_ldap.rb index 85325457..8d6a9a72 100644 --- a/test/test_ldap.rb +++ b/test/test_ldap.rb @@ -91,4 +91,24 @@ def test_encryption assert_equal enc[:method], :start_tls end + + def test_normalize_encryption_symbol + enc = @subject.send(:normalize_encryption, :start_tls) + assert_equal enc, {:method => :start_tls, :tls_options => {}} + end + + def test_normalize_encryption_nil + enc = @subject.send(:normalize_encryption, nil) + assert_equal enc, nil + end + + def test_normalize_encryption_string + enc = @subject.send(:normalize_encryption, 'start_tls') + assert_equal enc, {:method => :start_tls, :tls_options => {}} + end + + def test_normalize_encryption_hash + enc = @subject.send(:normalize_encryption, {:method => :start_tls, :tls_options => {:foo => :bar}}) + assert_equal enc, {:method => :start_tls, :tls_options => {:foo => :bar}} + end end From 60faa64211af2d3b25808a35bfef88a5af8232b1 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Wed, 3 Feb 2016 07:54:21 -0800 Subject: [PATCH 083/146] release 0.14.0 --- History.rdoc | 17 +++++++++++++++++ lib/net/ldap/version.rb | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/History.rdoc b/History.rdoc index f6dbbc61..27444a12 100644 --- a/History.rdoc +++ b/History.rdoc @@ -1,5 +1,22 @@ +=== Net::LDAP 0.14.0 + +* Normalize the encryption parameter passed to the LDAP constructor {#264}[https://github.com/ruby-ldap/ruby-net-ldap/pull/264] +* Update Docs: Net::LDAP now requires ruby >= 2 {#261}[https://github.com/ruby-ldap/ruby-net-ldap/pull/261] +* fix symbol proc {#255}[https://github.com/ruby-ldap/ruby-net-ldap/pull/255] +* fix trailing commas {#256}[https://github.com/ruby-ldap/ruby-net-ldap/pull/256] +* fix deprecated hash methods {#254}[https://github.com/ruby-ldap/ruby-net-ldap/pull/254] +* fix space after comma {#253}[https://github.com/ruby-ldap/ruby-net-ldap/pull/253] +* fix space inside brackets {#252}[https://github.com/ruby-ldap/ruby-net-ldap/pull/252] +* Rubocop style fixes {#249}[https://github.com/ruby-ldap/ruby-net-ldap/pull/249] +* Lazy initialize Net::LDAP::Connection's internal socket {#235}[https://github.com/ruby-ldap/ruby-net-ldap/pull/235] +* Support for rfc3062 Password Modify, closes #163 {#178}[https://github.com/ruby-ldap/ruby-net-ldap/pull/178] + === Net::LDAP 0.13.0 +Avoid this release for because of an backwards incompatibility in how encryption +is initialized https://github.com/ruby-ldap/ruby-net-ldap/pull/264. We did not +yank it because people have already worked around it. + * Set a connect_timeout for the creation of a socket {#243}[https://github.com/ruby-ldap/ruby-net-ldap/pull/243] * Update bundler before installing gems with bundler {#245}[https://github.com/ruby-ldap/ruby-net-ldap/pull/245] * Net::LDAP#encryption accepts string {#239}[https://github.com/ruby-ldap/ruby-net-ldap/pull/239] diff --git a/lib/net/ldap/version.rb b/lib/net/ldap/version.rb index 259355b2..3aa9482a 100644 --- a/lib/net/ldap/version.rb +++ b/lib/net/ldap/version.rb @@ -1,5 +1,5 @@ module Net class LDAP - VERSION = "0.13.0" + VERSION = "0.14.0" end end From 3bf849d415a691b5632f2e20cc637e377b15b2ad Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Thu, 4 Feb 2016 21:47:20 -0800 Subject: [PATCH 084/146] Release 0.14.0 From 09d0c36e33a24ae97e71d6e021ce6fc7509a8945 Mon Sep 17 00:00:00 2001 From: Aman Gupta Date: Wed, 15 Jun 2016 16:37:48 -0700 Subject: [PATCH 085/146] use connect_timeout when establishing an openssl connection --- lib/net/ldap/connection.rb | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index f8ba0b61..5a38bba9 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -31,26 +31,27 @@ def socket_class=(socket_class) @socket_class = socket_class end - def prepare_socket(server) + def prepare_socket(server, timeout=nil) socket = server[:socket] encryption = server[:encryption] @conn = socket - setup_encryption encryption if encryption + setup_encryption(encryption, timeout) if encryption end def open_connection(server) hosts = server[:hosts] encryption = server[:encryption] + timeout = server[:connect_timeout] || DefaultConnectTimeout socket_opts = { - connect_timeout: server[:connect_timeout] || DefaultConnectTimeout, + connect_timeout: timeout, } errors = [] hosts.each do |host, port| begin - prepare_socket(server.merge(socket: @socket_class.new(host, port, socket_opts))) + prepare_socket(server.merge(socket: @socket_class.new(host, port, socket_opts)), timeout) return rescue Net::LDAP::Error, SocketError, SystemCallError, OpenSSL::SSL::SSLError => e @@ -76,7 +77,7 @@ def close end end - def self.wrap_with_ssl(io, tls_options = {}) + def self.wrap_with_ssl(io, tls_options = {}, timeout=nil) raise Net::LDAP::NoOpenSSLError, "OpenSSL is unavailable" unless Net::LDAP::HasOpenSSL ctx = OpenSSL::SSL::SSLContext.new @@ -86,7 +87,22 @@ def self.wrap_with_ssl(io, tls_options = {}) ctx.set_params(tls_options) unless tls_options.empty? conn = OpenSSL::SSL::SSLSocket.new(io, ctx) - conn.connect + + begin + conn.connect_nonblock + rescue IO::WaitReadable + if IO.select([conn], nil, nil, timeout) + retry + else + raise Net::LDAP::LdapError, "OpenSSL connection read timeout" + end + rescue IO::WaitWritable + if IO.select(nil, [conn], nil, timeout) + retry + else + raise Net::LDAP::LdapError, "OpenSSL connection write timeout" + end + end # Doesn't work: # conn.sync_close = true @@ -123,11 +139,11 @@ def self.wrap_with_ssl(io, tls_options = {}) # communications, as with simple_tls. Thanks for Kouhei Sutou for # generously contributing the :start_tls path. #++ - def setup_encryption(args) + def setup_encryption(args, timeout=nil) args[:tls_options] ||= {} case args[:method] when :simple_tls - @conn = self.class.wrap_with_ssl(@conn, args[:tls_options]) + @conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout) # additional branches requiring server validation and peer certs, etc. # go here. when :start_tls @@ -144,7 +160,7 @@ def setup_encryption(args) end if pdu.result_code.zero? - @conn = self.class.wrap_with_ssl(@conn, args[:tls_options]) + @conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout) else raise Net::LDAP::StartTLSError, "start_tls failed: #{pdu.result_code}" end From b5b6d5a41dcb900a9c109cf75452f75fea534f56 Mon Sep 17 00:00:00 2001 From: Aman Gupta Date: Wed, 15 Jun 2016 17:49:39 -0700 Subject: [PATCH 086/146] fix test mock --- test/test_ldap_connection.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index 6bb027ac..ba6289b3 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -291,7 +291,7 @@ def test_queued_read_setup_encryption_with_start_tls and_return(result2) mock.should_receive(:write) conn = Net::LDAP::Connection.new(:socket => mock) - flexmock(Net::LDAP::Connection).should_receive(:wrap_with_ssl).with(mock, {}). + flexmock(Net::LDAP::Connection).should_receive(:wrap_with_ssl).with(mock, {}, nil). and_return(mock) conn.next_msgid # simulates ongoing query From 8ba479633cb23e18d36b2cff16ede33b60637caf Mon Sep 17 00:00:00 2001 From: Aman Gupta Date: Wed, 15 Jun 2016 18:09:50 -0700 Subject: [PATCH 087/146] use non-blocking connect only when timeout is set --- lib/net/ldap/connection.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 5a38bba9..e3b51427 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -89,7 +89,11 @@ def self.wrap_with_ssl(io, tls_options = {}, timeout=nil) conn = OpenSSL::SSL::SSLSocket.new(io, ctx) begin - conn.connect_nonblock + if timeout + conn.connect_nonblock + else + conn.connect + end rescue IO::WaitReadable if IO.select([conn], nil, nil, timeout) retry From 21ffe8f38a3b6074ade886531072ea8c4cdfb0a5 Mon Sep 17 00:00:00 2001 From: Aman Gupta Date: Thu, 16 Jun 2016 11:11:13 -0700 Subject: [PATCH 088/146] use Net::LDAP::SocketError on openssl timeouts --- lib/net/ldap/connection.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index e3b51427..6f54b4ab 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -98,13 +98,13 @@ def self.wrap_with_ssl(io, tls_options = {}, timeout=nil) if IO.select([conn], nil, nil, timeout) retry else - raise Net::LDAP::LdapError, "OpenSSL connection read timeout" + raise Net::LDAP::SocketError, "OpenSSL connection read timeout" end rescue IO::WaitWritable if IO.select(nil, [conn], nil, timeout) retry else - raise Net::LDAP::LdapError, "OpenSSL connection write timeout" + raise Net::LDAP::SocketError, "OpenSSL connection write timeout" end end From 749c22b4e5514ead10c92bcaec1c5a1eb49db455 Mon Sep 17 00:00:00 2001 From: Aman Gupta Date: Fri, 17 Jun 2016 12:24:26 -0700 Subject: [PATCH 089/146] use ETIMEDOUT for openssl timeouts --- lib/net/ldap/connection.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 6f54b4ab..1cbcbb67 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -98,13 +98,13 @@ def self.wrap_with_ssl(io, tls_options = {}, timeout=nil) if IO.select([conn], nil, nil, timeout) retry else - raise Net::LDAP::SocketError, "OpenSSL connection read timeout" + raise Errno::ETIMEDOUT, "OpenSSL connection read timeout" end rescue IO::WaitWritable if IO.select(nil, [conn], nil, timeout) retry else - raise Net::LDAP::SocketError, "OpenSSL connection write timeout" + raise Errno::ETIMEDOUT, "OpenSSL connection write timeout" end end From daae984b680c59ca1b462d2ebf966e61cca2b999 Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Wed, 13 Jul 2016 09:19:51 -0700 Subject: [PATCH 090/146] release 0.15.0 --- History.rdoc | 4 ++++ lib/net/ldap/version.rb | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/History.rdoc b/History.rdoc index 27444a12..dd69d07c 100644 --- a/History.rdoc +++ b/History.rdoc @@ -1,3 +1,7 @@ +=== Net::LDAP 0.15.0 + +* Respect connect_timeout when establishing SSL connections {#273}[https://github.com/ruby-ldap/ruby-net-ldap/pull/273] + === Net::LDAP 0.14.0 * Normalize the encryption parameter passed to the LDAP constructor {#264}[https://github.com/ruby-ldap/ruby-net-ldap/pull/264] diff --git a/lib/net/ldap/version.rb b/lib/net/ldap/version.rb index 3aa9482a..7e80d4fd 100644 --- a/lib/net/ldap/version.rb +++ b/lib/net/ldap/version.rb @@ -1,5 +1,5 @@ module Net class LDAP - VERSION = "0.14.0" + VERSION = "0.15.0" end end From 4ea3982733ad955d76200b4efcae37632fc8a95a Mon Sep 17 00:00:00 2001 From: Ben Slusky Date: Thu, 4 Aug 2016 15:19:56 -0400 Subject: [PATCH 091/146] Fix misplaced constant --- lib/net/ldap/auth_adapter/sasl.rb | 2 ++ lib/net/ldap/connection.rb | 1 - 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/net/ldap/auth_adapter/sasl.rb b/lib/net/ldap/auth_adapter/sasl.rb index ebbe4e63..0bfc701d 100644 --- a/lib/net/ldap/auth_adapter/sasl.rb +++ b/lib/net/ldap/auth_adapter/sasl.rb @@ -4,6 +4,8 @@ module Net class LDAP class AuthAdapter class Sasl < Net::LDAP::AuthAdapter + MaxSaslChallenges = 10 + #-- # Required parameters: :mechanism, :initial_credential and # :challenge_response diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 1cbcbb67..87fcb4c6 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -7,7 +7,6 @@ class Net::LDAP::Connection #:nodoc: DefaultConnectTimeout = 5 LdapVersion = 3 - MaxSaslChallenges = 10 # Initialize a connection to an LDAP server # From d5fba08e71c4090056550e9b98c4b107e04de98f Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Wed, 17 Aug 2016 14:56:46 -0700 Subject: [PATCH 092/146] update to rubocop 0.42.0 --- net-ldap.gemspec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net-ldap.gemspec b/net-ldap.gemspec index 66bd5c8a..7516759b 100644 --- a/net-ldap.gemspec +++ b/net-ldap.gemspec @@ -31,7 +31,7 @@ the most recent LDAP RFCs (4510-4519, plutions of 4520-4532).} s.add_development_dependency("flexmock", "~> 1.3") s.add_development_dependency("rake", "~> 10.0") - s.add_development_dependency("rubocop", "~> 0.28.0") + s.add_development_dependency("rubocop", "~> 0.42.0") s.add_development_dependency("test-unit") s.add_development_dependency("byebug") end From 68154889d2aaca156b7727a8dd91e13cc3c80d91 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Wed, 17 Aug 2016 14:57:52 -0700 Subject: [PATCH 093/146] rename stale cop --- .rubocop.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.rubocop.yml b/.rubocop.yml index 9870d13e..df0365a5 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -13,5 +13,5 @@ Lint/AssignmentInCondition: Style/ParallelAssignment: Enabled: false -Style/TrailingComma: +Style/TrailingCommaInLiteral: EnforcedStyleForMultiline: comma From c3642b65096d69033d4c86472137c8acd459f969 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Wed, 17 Aug 2016 14:59:07 -0700 Subject: [PATCH 094/146] re-generate .rubocop_todo.yaml from latest rubocop gem --- .rubocop_todo.yml | 344 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 261 insertions(+), 83 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 8acc029e..00de519e 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -1,6 +1,6 @@ # This configuration was generated by # `rubocop --auto-gen-config` -# on 2016-01-08 11:47:42 -0800 using RuboCop version 0.35.0. +# on 2016-08-17 14:58:12 -0700 using RuboCop version 0.42.0. # The point is for the user to remove these configuration records # one by one as the offenses are removed from the code base. # Note that changes in the inspected code, or installation of new @@ -9,8 +9,15 @@ # Offense count: 1 # Cop supports --auto-correct. # Configuration parameters: AlignWith, SupportedStyles, AutoCorrect. +# SupportedStyles: keyword, variable, start_of_line Lint/EndAlignment: - Enabled: false + Exclude: + - 'testserver/ldapserver.rb' + +# Offense count: 30 +Lint/ImplicitStringConcatenation: + Exclude: + - 'test/test_filter.rb' # Offense count: 1 Lint/NonLocalExitFromIterator: @@ -29,22 +36,30 @@ Lint/ShadowingOuterLocalVariable: # Offense count: 10 # Cop supports --auto-correct. -# Configuration parameters: IgnoreEmptyBlocks. +# Configuration parameters: IgnoreEmptyBlocks, AllowUnusedKeywordArguments. Lint/UnusedBlockArgument: Exclude: - 'lib/net/ldap.rb' - 'lib/net/snmp.rb' - 'test/support/vm/openldap/Vagrantfile' -# Offense count: 3 +# Offense count: 7 # Cop supports --auto-correct. # Configuration parameters: AllowUnusedKeywordArguments, IgnoreEmptyMethods. Lint/UnusedMethodArgument: Exclude: - 'lib/net/ldap/entry.rb' - 'lib/net/ldap/pdu.rb' + - 'test/test_ldap.rb' + - 'test/test_ldap_connection.rb' - 'test/test_search.rb' +# Offense count: 1 +# Configuration parameters: ContextCreatingMethods. +Lint/UselessAccessModifier: + Exclude: + - 'lib/net/ldap/connection.rb' + # Offense count: 9 Lint/UselessAssignment: Exclude: @@ -55,7 +70,7 @@ Lint/UselessAssignment: - 'test/test_search.rb' - 'test/test_snmp.rb' -# Offense count: 48 +# Offense count: 47 Metrics/AbcSize: Max: 114 @@ -66,18 +81,19 @@ Metrics/BlockNesting: # Offense count: 10 # Configuration parameters: CountComments. Metrics/ClassLength: - Max: 423 + Max: 431 -# Offense count: 21 +# Offense count: 22 Metrics/CyclomaticComplexity: Max: 41 -# Offense count: 229 -# Configuration parameters: AllowURI, URISchemes. +# Offense count: 225 +# Configuration parameters: AllowHeredoc, AllowURI, URISchemes. +# URISchemes: http, https Metrics/LineLength: Max: 360 -# Offense count: 71 +# Offense count: 70 # Configuration parameters: CountComments. Metrics/MethodLength: Max: 130 @@ -87,7 +103,7 @@ Metrics/MethodLength: Metrics/ModuleLength: Max: 104 -# Offense count: 13 +# Offense count: 14 Metrics/PerceivedComplexity: Max: 37 @@ -96,6 +112,18 @@ Style/AccessorMethodName: Exclude: - 'lib/net/ldap.rb' +# Offense count: 10 +# Cop supports --auto-correct. +# Configuration parameters: EnforcedStyle, SupportedStyles. +# SupportedStyles: prefer_alias, prefer_alias_method +Style/Alias: + Exclude: + - 'lib/net/ber/core_ext/array.rb' + - 'lib/net/ldap.rb' + - 'lib/net/ldap/entry.rb' + - 'lib/net/ldap/filter.rb' + - 'lib/net/ldap/pdu.rb' + # Offense count: 4 # Cop supports --auto-correct. Style/AlignArray: @@ -106,7 +134,8 @@ Style/AlignArray: # Offense count: 10 # Cop supports --auto-correct. -# Configuration parameters: EnforcedStyle, SupportedStyles. +# Configuration parameters: EnforcedStyle, SupportedStyles, IndentationWidth. +# SupportedStyles: with_first_parameter, with_fixed_indentation Style/AlignParameters: Exclude: - 'test/ber/test_ber.rb' @@ -117,6 +146,7 @@ Style/AlignParameters: # Offense count: 37 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. +# SupportedStyles: always, conditionals Style/AndOr: Exclude: - 'lib/net/ber/ber_parser.rb' @@ -130,6 +160,7 @@ Style/AndOr: # Offense count: 1 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. +# SupportedStyles: percent_q, bare_percent Style/BarePercentLiterals: Exclude: - 'test/test_entry.rb' @@ -140,21 +171,23 @@ Style/BlockComments: Exclude: - 'test/test_rename.rb' -# Offense count: 9 +# Offense count: 6 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. +# SupportedStyles: braces, no_braces, context_dependent Style/BracesAroundHashParameters: Exclude: - 'lib/net/ldap/auth_adapter/gss_spnego.rb' - 'lib/net/snmp.rb' - - 'test/test_auth_adapter.rb' - - 'test/test_ldap_connection.rb' + - 'test/test_ldap.rb' # Offense count: 4 # Cop supports --auto-correct. -# Configuration parameters: IndentWhenRelativeTo, SupportedStyles, IndentOneStep. +# Configuration parameters: IndentWhenRelativeTo, SupportedStyles, IndentOneStep, IndentationWidth. +# SupportedStyles: case, end Style/CaseIndentation: - Enabled: false + Exclude: + - 'lib/net/ldap/filter.rb' # Offense count: 4 # Cop supports --auto-correct. @@ -170,12 +203,14 @@ Style/ClassAndModuleCamelCase: # Offense count: 23 # Configuration parameters: EnforcedStyle, SupportedStyles. +# SupportedStyles: nested, compact Style/ClassAndModuleChildren: Enabled: false # Offense count: 2 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. +# SupportedStyles: is_a?, kind_of? Style/ClassCheck: Exclude: - 'lib/net/ber/core_ext/array.rb' @@ -191,10 +226,19 @@ Style/ColonMethodCall: # Offense count: 1 # Cop supports --auto-correct. # Configuration parameters: Keywords. +# Keywords: TODO, FIXME, OPTIMIZE, HACK, REVIEW Style/CommentAnnotation: Exclude: - 'lib/net/ber.rb' +# Offense count: 1 +# Cop supports --auto-correct. +# Configuration parameters: EnforcedStyle, SupportedStyles, SingleLineConditionsOnly. +# SupportedStyles: assign_to_condition, assign_inside_condition +Style/ConditionalAssignment: + Exclude: + - 'lib/net/ldap/dn.rb' + # Offense count: 88 Style/ConstantName: Exclude: @@ -206,13 +250,11 @@ Style/ConstantName: - 'test/test_ldif.rb' - 'testserver/ldapserver.rb' -# Offense count: 21 -# Configuration parameters: Exclude. +# Offense count: 17 Style/Documentation: Exclude: - 'spec/**/*' - 'test/**/*' - - 'lib/net/ber.rb' - 'lib/net/ber/core_ext.rb' - 'lib/net/ldap.rb' - 'lib/net/ldap/auth_adapter.rb' @@ -223,15 +265,17 @@ Style/Documentation: - 'lib/net/ldap/instrumentation.rb' - 'lib/net/ldap/password.rb' - 'lib/net/ldap/pdu.rb' - - 'lib/net/ldap/version.rb' - 'lib/net/snmp.rb' - 'testserver/ldapserver.rb' -# Offense count: 23 +# Offense count: 19 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. +# SupportedStyles: leading, trailing Style/DotPosition: - Enabled: false + Exclude: + - 'test/test_ldap_connection.rb' + - 'test/test_ssl_ber.rb' # Offense count: 1 # Cop supports --auto-correct. @@ -255,16 +299,19 @@ Style/EmptyLines: - 'lib/net/snmp.rb' - 'testserver/ldapserver.rb' -# Offense count: 1 +# Offense count: 2 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. +# SupportedStyles: empty_lines, no_empty_lines Style/EmptyLinesAroundClassBody: Exclude: + - 'lib/net/ldap.rb' - 'test/test_snmp.rb' # Offense count: 2 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. +# SupportedStyles: empty_lines, no_empty_lines Style/EmptyLinesAroundModuleBody: Exclude: - 'testserver/ldapserver.rb' @@ -276,7 +323,7 @@ Style/EvenOdd: - 'lib/net/ldap/dn.rb' # Offense count: 1 -# Configuration parameters: Exclude. +# Configuration parameters: ExpectMatchingDefinition, Regex, IgnoreExecutableScripts. Style/FileName: Exclude: - 'lib/net-ldap.rb' @@ -287,19 +334,38 @@ Style/GlobalVars: Exclude: - 'testserver/ldapserver.rb' -# Offense count: 4 +# Offense count: 2 # Configuration parameters: MinBodyLength. Style/GuardClause: Exclude: - - 'lib/net/ber.rb' - - 'lib/net/ldap/entry.rb' - - 'lib/net/ldap/filter.rb' + - 'lib/net/ldap/connection.rb' + - 'test/test_ldap_connection.rb' -# Offense count: 149 +# Offense count: 161 # Cop supports --auto-correct. -# Configuration parameters: EnforcedStyle, SupportedStyles, UseHashRocketsWithSymbolValues. +# Configuration parameters: EnforcedStyle, SupportedStyles, UseHashRocketsWithSymbolValues, PreferHashRocketsForNonAlnumEndingSymbols. +# SupportedStyles: ruby19, ruby19_no_mixed_keys, hash_rockets Style/HashSyntax: - Enabled: false + Exclude: + - 'lib/net/ber.rb' + - 'lib/net/ber/ber_parser.rb' + - 'lib/net/ldap.rb' + - 'lib/net/ldap/auth_adapter/gss_spnego.rb' + - 'lib/net/ldap/connection.rb' + - 'lib/net/ldap/pdu.rb' + - 'lib/net/snmp.rb' + - 'test/integration/test_bind.rb' + - 'test/test_auth_adapter.rb' + - 'test/test_ldap.rb' + - 'test/test_ldap_connection.rb' + - 'test/test_search.rb' + - 'test/test_ssl_ber.rb' + - 'testserver/ldapserver.rb' + +# Offense count: 1 +Style/IfInsideElse: + Exclude: + - 'lib/net/ldap/instrumentation.rb' # Offense count: 7 # Cop supports --auto-correct. @@ -311,10 +377,19 @@ Style/IfUnlessModifier: - 'lib/net/ldap.rb' - 'lib/net/ldap/filter.rb' - 'lib/net/snmp.rb' + - 'test/test_ldap_connection.rb' + +# Offense count: 2 +# Cop supports --auto-correct. +# Configuration parameters: SupportedStyles, IndentationWidth. +# SupportedStyles: special_inside_parentheses, consistent, align_brackets +Style/IndentArray: + EnforcedStyle: consistent # Offense count: 2 # Cop supports --auto-correct. -# Configuration parameters: SupportedStyles. +# Configuration parameters: SupportedStyles, IndentationWidth. +# SupportedStyles: special_inside_parentheses, consistent, align_braces Style/IndentHash: EnforcedStyle: consistent @@ -340,25 +415,65 @@ Style/LeadingCommentSpace: # Offense count: 21 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. +# SupportedStyles: require_parentheses, require_no_parentheses, require_no_parentheses_except_multiline Style/MethodDefParentheses: - Enabled: false + Exclude: + - 'lib/net/ber.rb' + - 'lib/net/ldap/pdu.rb' + - 'lib/net/snmp.rb' + - 'testserver/ldapserver.rb' + +# Offense count: 2 +Style/MethodMissing: + Exclude: + - 'lib/net/ldap/dn.rb' + - 'lib/net/ldap/entry.rb' # Offense count: 1 # Configuration parameters: EnforcedStyle, SupportedStyles. +# SupportedStyles: snake_case, camelCase Style/MethodName: - Enabled: false + Exclude: + - 'lib/net/ldap/filter.rb' -# Offense count: 5 +# Offense count: 4 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. -Style/MultilineOperationIndentation: - Enabled: false +# SupportedStyles: symmetrical, new_line, same_line +Style/MultilineMethodCallBraceLayout: + Exclude: + - 'lib/net/ldap/filter.rb' + - 'test/test_entry.rb' + - 'test/test_ldap_connection.rb' + +# Offense count: 1 +# Cop supports --auto-correct. +# Configuration parameters: EnforcedStyle, SupportedStyles, IndentationWidth. +# SupportedStyles: aligned, indented, indented_relative_to_receiver +Style/MultilineMethodCallIndentation: + Exclude: + - 'test/test_ldap_connection.rb' # Offense count: 1 Style/MultilineTernaryOperator: Exclude: - 'lib/net/ldap/connection.rb' +# Offense count: 26 +# Cop supports --auto-correct. +Style/MutableConstant: + Exclude: + - 'lib/net/ber.rb' + - 'lib/net/ldap.rb' + - 'lib/net/ldap/connection.rb' + - 'lib/net/ldap/dn.rb' + - 'lib/net/ldap/filter.rb' + - 'lib/net/ldap/version.rb' + - 'lib/net/snmp.rb' + - 'test/support/vm/openldap/Vagrantfile' + - 'test/test_ldif.rb' + - 'testserver/ldapserver.rb' + # Offense count: 1 # Cop supports --auto-correct. Style/NegatedIf: @@ -374,6 +489,7 @@ Style/NegatedWhile: # Offense count: 3 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, MinBodyLength, SupportedStyles. +# SupportedStyles: skip_modifier_ifs, always Style/Next: Exclude: - 'lib/net/ldap/connection.rb' @@ -403,6 +519,16 @@ Style/Not: Style/NumericLiterals: MinDigits: 8 +# Offense count: 4 +# Cop supports --auto-correct. +# Configuration parameters: EnforcedStyle, SupportedStyles. +# SupportedStyles: predicate, comparison +Style/NumericPredicate: + Exclude: + - 'lib/net/ber/core_ext/integer.rb' + - 'lib/net/ldap/dn.rb' + - 'testserver/ldapserver.rb' + # Offense count: 3 Style/OpMethod: Exclude: @@ -435,9 +561,14 @@ Style/PerlBackrefs: - 'testserver/ldapserver.rb' # Offense count: 10 +# Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles. +# SupportedStyles: compact, exploded Style/RaiseArgs: - Enabled: false + Exclude: + - 'lib/net/ldap/connection.rb' + - 'lib/net/ldap/pdu.rb' + - 'lib/net/snmp.rb' # Offense count: 1 # Cop supports --auto-correct. @@ -445,6 +576,13 @@ Style/RedundantBegin: Exclude: - 'lib/net/snmp.rb' +# Offense count: 4 +# Cop supports --auto-correct. +Style/RedundantParentheses: + Exclude: + - 'lib/net/ldap/filter.rb' + - 'test/test_filter.rb' + # Offense count: 4 # Cop supports --auto-correct. # Configuration parameters: AllowMultipleReturnValues. @@ -455,7 +593,7 @@ Style/RedundantReturn: - 'lib/net/ldap/entry.rb' - 'lib/net/ldap/password.rb' -# Offense count: 6 +# Offense count: 8 # Cop supports --auto-correct. Style/RedundantSelf: Exclude: @@ -467,6 +605,7 @@ Style/RedundantSelf: # Offense count: 2 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles, AllowInnerSlashes. +# SupportedStyles: slashes, percent_r, mixed Style/RegexpLiteral: Exclude: - 'lib/net/ldap/filter.rb' @@ -487,73 +626,59 @@ Style/Semicolon: - 'lib/net/ldap/error.rb' - 'testserver/ldapserver.rb' -# Offense count: 66 -# Cop supports --auto-correct. -# Configuration parameters: EnforcedStyle, SupportedStyles. -Style/SignalException: - Exclude: - - 'lib/net/ber/ber_parser.rb' - - 'lib/net/ber/core_ext/array.rb' - - 'lib/net/ldap.rb' - - 'lib/net/ldap/auth_adapter.rb' - - 'lib/net/ldap/auth_adapter/gss_spnego.rb' - - 'lib/net/ldap/auth_adapter/sasl.rb' - - 'lib/net/ldap/auth_adapter/simple.rb' - - 'lib/net/ldap/connection.rb' - - 'lib/net/ldap/dn.rb' - - 'lib/net/ldap/entry.rb' - - 'lib/net/ldap/filter.rb' - - 'lib/net/ldap/password.rb' - - 'lib/net/ldap/pdu.rb' - - 'lib/net/snmp.rb' - # Offense count: 2 # Configuration parameters: Methods. +# Methods: {"reduce"=>["a", "e"]}, {"inject"=>["a", "e"]} Style/SingleLineBlockParams: Exclude: - 'lib/net/ldap/filter.rb' -# Offense count: 2 +# Offense count: 5 # Cop supports --auto-correct. -Style/SingleSpaceBeforeFirstArg: +# Configuration parameters: EnforcedStyle, SupportedStyles. +# SupportedStyles: space, no_space +Style/SpaceAroundEqualsInParameterDefault: Exclude: - - 'lib/net/ldap/dataset.rb' - - 'lib/net/ldap/instrumentation.rb' + - 'lib/net/ldap/connection.rb' + - 'lib/net/snmp.rb' -# Offense count: 2 +# Offense count: 4 # Cop supports --auto-correct. -# Configuration parameters: EnforcedStyle, SupportedStyles. -Style/SpaceAroundEqualsInParameterDefault: - Enabled: false +Style/SpaceAroundKeyword: + Exclude: + - 'lib/net/ldap/entry.rb' + - 'lib/net/snmp.rb' # Offense count: 9 # Cop supports --auto-correct. -# Configuration parameters: MultiSpaceAllowedForOperators. +# Configuration parameters: AllowForAlignment. Style/SpaceAroundOperators: Exclude: + - 'lib/net/ber/ber_parser.rb' - 'lib/net/ldap/connection.rb' - 'lib/net/ldap/entry.rb' - 'lib/net/ldap/filter.rb' - 'test/test_entry.rb' - 'test/test_ldap_connection.rb' -# Offense count: 2 -# Cop supports --auto-correct. -# Configuration parameters: EnforcedStyle, SupportedStyles. -Style/SpaceBeforeBlockBraces: - Enabled: false - -# Offense count: 18 +# Offense count: 5 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles, EnforcedStyleForEmptyBraces, SpaceBeforeBlockParameters. +# SupportedStyles: space, no_space Style/SpaceInsideBlockBraces: - Enabled: false + Exclude: + - 'lib/net/ldap/dataset.rb' + - 'test/test_snmp.rb' + - 'testserver/ldapserver.rb' -# Offense count: 1 +# Offense count: 13 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, EnforcedStyleForEmptyBraces, SupportedStyles. +# SupportedStyles: space, no_space, compact Style/SpaceInsideHashLiteralBraces: - Enabled: false + Exclude: + - 'lib/net/ldap/dataset.rb' + - 'test/test_ldap.rb' # Offense count: 20 # Cop supports --auto-correct. @@ -566,18 +691,61 @@ Style/SpaceInsideParens: # Offense count: 5 # Cop supports --auto-correct. +# Configuration parameters: EnforcedStyle, SupportedStyles. +# SupportedStyles: use_perl_names, use_english_names Style/SpecialGlobalVars: Exclude: - 'lib/net/snmp.rb' - 'net-ldap.gemspec' - 'testserver/ldapserver.rb' -# Offense count: 663 +# Offense count: 679 # Cop supports --auto-correct. -# Configuration parameters: EnforcedStyle, SupportedStyles. +# Configuration parameters: EnforcedStyle, SupportedStyles, ConsistentQuotesInMultiline. +# SupportedStyles: single_quotes, double_quotes Style/StringLiterals: Enabled: false +# Offense count: 1 +Style/StructInheritance: + Exclude: + - 'test/test_ldap.rb' + +# Offense count: 1 +# Cop supports --auto-correct. +# Configuration parameters: IgnoredMethods. +# IgnoredMethods: respond_to, define_method +Style/SymbolProc: + Exclude: + - 'test/test_ldif.rb' + +# Offense count: 4 +# Cop supports --auto-correct. +# Configuration parameters: EnforcedStyle, SupportedStyles, AllowSafeAssignment. +# SupportedStyles: require_parentheses, require_no_parentheses +Style/TernaryParentheses: + Exclude: + - 'lib/net/ber/core_ext/integer.rb' + - 'lib/net/ldap/connection.rb' + - 'lib/net/ldap/dataset.rb' + +# Offense count: 2 +# Cop supports --auto-correct. +# Configuration parameters: EnforcedStyleForMultiline, SupportedStyles. +# SupportedStyles: comma, consistent_comma, no_comma +Style/TrailingCommaInArguments: + Exclude: + - 'test/integration/test_ber.rb' + - 'test/test_ldap_connection.rb' + +# Offense count: 1 +# Cop supports --auto-correct. +# Configuration parameters: ExactNameMatch, AllowPredicates, AllowDSLWriters, IgnoreClassMethods, Whitelist. +# Whitelist: to_ary, to_a, to_c, to_enum, to_h, to_hash, to_i, to_int, to_io, to_open, to_path, to_proc, to_r, to_regexp, to_str, to_s, to_sym +Style/TrivialAccessors: + Exclude: + - 'lib/net/ldap/connection.rb' + # Offense count: 5 # Cop supports --auto-correct. Style/UnneededPercentQ: @@ -594,6 +762,16 @@ Style/WhileUntilModifier: # Offense count: 1 # Cop supports --auto-correct. -# Configuration parameters: WordRegex. +# Configuration parameters: SupportedStyles, WordRegex. +# SupportedStyles: percent, brackets Style/WordArray: - MinSize: 2 + EnforcedStyle: percent + MinSize: 3 + +# Offense count: 6 +# Cop supports --auto-correct. +Style/ZeroLengthPredicate: + Exclude: + - 'lib/net/ldap/connection.rb' + - 'lib/net/ldap/filter.rb' + - 'testserver/ldapserver.rb' From b66eb1ed0abcca1c4078879050c39b8e2fd9a98f Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Wed, 17 Aug 2016 15:10:01 -0700 Subject: [PATCH 095/146] rubocop: fix Style/SymbolProc --- .rubocop_todo.yml | 8 -------- test/test_ldif.rb | 2 +- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 00de519e..9f2a5129 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -711,14 +711,6 @@ Style/StructInheritance: Exclude: - 'test/test_ldap.rb' -# Offense count: 1 -# Cop supports --auto-correct. -# Configuration parameters: IgnoredMethods. -# IgnoredMethods: respond_to, define_method -Style/SymbolProc: - Exclude: - - 'test/test_ldif.rb' - # Offense count: 4 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles, AllowSafeAssignment. diff --git a/test/test_ldif.rb b/test/test_ldif.rb index b86eb2fb..cc1ee2bf 100644 --- a/test/test_ldif.rb +++ b/test/test_ldif.rb @@ -76,7 +76,7 @@ def test_ldif # Must test folded lines and base64-encoded lines as well as normal ones. def test_to_ldif - data = File.open(TestLdifFilename, "rb") { |f| f.read } + data = File.open(TestLdifFilename, "rb", &:read) io = StringIO.new(data) # added .lines to turn to array because 1.9 doesn't have From d2d85365d02f00bc74318c859d05af8898d188bc Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Wed, 17 Aug 2016 15:17:05 -0700 Subject: [PATCH 096/146] rubocop: fix TrailingCommaInArguments, which is new --- .rubocop.yml | 3 +++ .rubocop_todo.yml | 9 --------- 2 files changed, 3 insertions(+), 9 deletions(-) diff --git a/.rubocop.yml b/.rubocop.yml index df0365a5..7bdfa631 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -15,3 +15,6 @@ Style/ParallelAssignment: Style/TrailingCommaInLiteral: EnforcedStyleForMultiline: comma + +Style/TrailingCommaInArguments: + EnforcedStyleForMultiline: comma diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index 9f2a5129..bee5f8f2 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -721,15 +721,6 @@ Style/TernaryParentheses: - 'lib/net/ldap/connection.rb' - 'lib/net/ldap/dataset.rb' -# Offense count: 2 -# Cop supports --auto-correct. -# Configuration parameters: EnforcedStyleForMultiline, SupportedStyles. -# SupportedStyles: comma, consistent_comma, no_comma -Style/TrailingCommaInArguments: - Exclude: - - 'test/integration/test_ber.rb' - - 'test/test_ldap_connection.rb' - # Offense count: 1 # Cop supports --auto-correct. # Configuration parameters: ExactNameMatch, AllowPredicates, AllowDSLWriters, IgnoreClassMethods, Whitelist. From 8b8ae9b04b1c33e04e749d7b02c894582513c72a Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Wed, 17 Aug 2016 15:40:31 -0700 Subject: [PATCH 097/146] rubocop: fix Style/GuardClause --- .rubocop_todo.yml | 7 ------- lib/net/ber.rb | 7 +++---- lib/net/ber/ber_parser.rb | 6 +++--- lib/net/ldap.rb | 8 +++----- lib/net/ldap/connection.rb | 34 +++++++++++++--------------------- lib/net/ldap/dn.rb | 9 ++++----- lib/net/ldap/entry.rb | 9 ++++----- test/test_ldap_connection.rb | 4 +--- 8 files changed, 31 insertions(+), 53 deletions(-) diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml index bee5f8f2..50c86e74 100644 --- a/.rubocop_todo.yml +++ b/.rubocop_todo.yml @@ -334,13 +334,6 @@ Style/GlobalVars: Exclude: - 'testserver/ldapserver.rb' -# Offense count: 2 -# Configuration parameters: MinBodyLength. -Style/GuardClause: - Exclude: - - 'lib/net/ldap/connection.rb' - - 'test/test_ldap_connection.rb' - # Offense count: 161 # Cop supports --auto-correct. # Configuration parameters: EnforcedStyle, SupportedStyles, UseHashRocketsWithSymbolValues, PreferHashRocketsForNonAlnumEndingSymbols. diff --git a/lib/net/ber.rb b/lib/net/ber.rb index 88f8862e..eb6f04b3 100644 --- a/lib/net/ber.rb +++ b/lib/net/ber.rb @@ -327,11 +327,10 @@ def initialize args # Check the encoding of the newly created String and set the encoding # to 'UTF-8' (NOTE: we do NOT change the bytes, but only set the # encoding to 'UTF-8'). + return unless encoding == Encoding::BINARY current_encoding = encoding - if current_encoding == Encoding::BINARY - force_encoding('UTF-8') - force_encoding(current_encoding) unless valid_encoding? - end + force_encoding('UTF-8') + force_encoding(current_encoding) unless valid_encoding? end end diff --git a/lib/net/ber/ber_parser.rb b/lib/net/ber/ber_parser.rb index ee69eed8..39d3737e 100644 --- a/lib/net/ber/ber_parser.rb +++ b/lib/net/ber/ber_parser.rb @@ -172,10 +172,10 @@ def read_ber(syntax = nil) yield id, content_length if block_given? if -1 == content_length - raise Net::BER::BerError, "Indeterminite BER content length not implemented." - else - data = read(content_length) + raise Net::BER::BerError, + "Indeterminite BER content length not implemented." end + data = read(content_length) parse_ber_object(syntax, id, data) end diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 4ba27339..bcaa579c 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -1286,11 +1286,9 @@ def use_connection(args) else begin conn = new_connection - if (result = conn.bind(args[:auth] || @auth)).result_code == Net::LDAP::ResultCodeSuccess - yield conn - else - return result - end + result = conn.bind(args[:auth] || @auth) + return result unless result.code == Net::LDAP::ResultCodeSuccess + yield conn ensure conn.close if conn end diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 1cbcbb67..05f676cc 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -95,17 +95,13 @@ def self.wrap_with_ssl(io, tls_options = {}, timeout=nil) conn.connect end rescue IO::WaitReadable - if IO.select([conn], nil, nil, timeout) - retry - else - raise Errno::ETIMEDOUT, "OpenSSL connection read timeout" - end + raise Errno::ETIMEDOUT, "OpenSSL connection read timeout" unless + IO.select([conn], nil, nil, timeout) + retry rescue IO::WaitWritable - if IO.select(nil, [conn], nil, timeout) - retry - else - raise Errno::ETIMEDOUT, "OpenSSL connection write timeout" - end + raise Errno::ETIMEDOUT, "OpenSSL connection write timeout" unless + IO.select(nil, [conn], nil, timeout) + retry end # Doesn't work: @@ -163,11 +159,9 @@ def setup_encryption(args, timeout=nil) raise Net::LDAP::NoStartTLSResultError, "no start_tls result" end - if pdu.result_code.zero? - @conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout) - else - raise Net::LDAP::StartTLSError, "start_tls failed: #{pdu.result_code}" - end + raise Net::LDAP::StartTLSError, + "start_tls failed: #{pdu.result_code}" unless pdu.result_code.zero? + @conn = self.class.wrap_with_ssl(@conn, args[:tls_options], timeout) else raise Net::LDAP::EncMethodUnsupportedError, "unsupported encryption method #{args[:method]}" end @@ -197,12 +191,10 @@ def queued_read(message_id) # read messages until we have a match for the given message_id while pdu = read - if pdu.message_id == message_id - return pdu - else - message_queue[pdu.message_id].push pdu - next - end + return pdu if pdu.message_id == message_id + + message_queue[pdu.message_id].push pdu + next end pdu diff --git a/lib/net/ldap/dn.rb b/lib/net/ldap/dn.rb index 3037eefd..e314b80e 100644 --- a/lib/net/ldap/dn.rb +++ b/lib/net/ldap/dn.rb @@ -169,11 +169,10 @@ def each_pair end # Last pair - if [:value, :value_normal, :value_hexstring, :value_end].include? state - yield key.string.strip, value.string.rstrip - else - raise "DN badly formed" - end + raise "DN badly formed" unless + [:value, :value_normal, :value_hexstring, :value_end].include? state + + yield key.string.strip, value.string.rstrip end ## diff --git a/lib/net/ldap/entry.rb b/lib/net/ldap/entry.rb index d5068dde..10965c7c 100644 --- a/lib/net/ldap/entry.rb +++ b/lib/net/ldap/entry.rb @@ -140,11 +140,10 @@ def attribute_names # arguments to the block: a Symbol giving the name of the attribute, and a # (possibly empty) \Array of data values. def each # :yields: attribute-name, data-values-array - if block_given? - attribute_names.each do|a| - attr_name, values = a, self[a] - yield attr_name, values - end + return unless block_given? + attribute_names.each do|a| + attr_name, values = a, self[a] + yield attr_name, values end end alias_method :each_attribute, :each diff --git a/test/test_ldap_connection.rb b/test/test_ldap_connection.rb index ba6289b3..8489c377 100644 --- a/test/test_ldap_connection.rb +++ b/test/test_ldap_connection.rb @@ -16,9 +16,7 @@ def capture_stderr class FakeTCPSocket def initialize(host, port, socket_opts = {}) status, error = host.split(".") - if status == "fail" - raise Object.const_get(error) - end + raise Object.const_get(error) if status == "fail" end end From 6564aab642a67096d43ae9cb2ced0ffb9a3e7841 Mon Sep 17 00:00:00 2001 From: Tatsuya Sato Date: Fri, 19 Aug 2016 13:15:40 +0900 Subject: [PATCH 098/146] Fix the bug #278 --- lib/net/ldap.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index bcaa579c..a79d6c55 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -1287,7 +1287,7 @@ def use_connection(args) begin conn = new_connection result = conn.bind(args[:auth] || @auth) - return result unless result.code == Net::LDAP::ResultCodeSuccess + return result unless result.result_code == Net::LDAP::ResultCodeSuccess yield conn ensure conn.close if conn From 84ab4c2bd5a66fdf682dd9d543692236fd969a9c Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 18:44:21 -0700 Subject: [PATCH 099/146] fix iptables blackholing for macOS --- script/install-openldap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/install-openldap b/script/install-openldap index efb0cbaa..2d551109 100755 --- a/script/install-openldap +++ b/script/install-openldap @@ -110,6 +110,6 @@ chmod g+r /etc/ssl/private/ldap01_slapd_key.pem chmod o-r /etc/ssl/private/ldap01_slapd_key.pem # Drop packets on a secondary port used to specific timeout tests -iptables -A OUTPUT -p tcp -j DROP --dport 8389 +iptables -A INPUT -p tcp -j DROP --dport 8389 service slapd restart From 7b2bb0284d3df4bfeb0b56f114bf1aad6dc90a0d Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 19:13:55 -0700 Subject: [PATCH 100/146] new fixture CA, now with private key --- script/install-openldap | 37 ++++++++++++++++++++++--------------- test/fixtures/ca/ca.info | 4 ++++ test/fixtures/ca/cacert.pem | 18 ++++++++++++++++++ test/fixtures/ca/cakey.pem | 27 +++++++++++++++++++++++++++ 4 files changed, 71 insertions(+), 15 deletions(-) create mode 100644 test/fixtures/ca/ca.info create mode 100644 test/fixtures/ca/cacert.pem create mode 100644 test/fixtures/ca/cakey.pem diff --git a/script/install-openldap b/script/install-openldap index 2d551109..f356b61a 100755 --- a/script/install-openldap +++ b/script/install-openldap @@ -48,20 +48,20 @@ chown -R openldap.openldap /var/lib/ldap rm -rf $TMPDIR # SSL +export CA_CERT="/etc/ssl/certs/cacert.pem" +export CA_KEY="/etc/ssl/private/cakey.pem" +export CA_INFO="/etc/ssl/ca.info" -sh -c "certtool --generate-privkey > /etc/ssl/private/cakey.pem" +# If you ever need to regenerate these... +# certtool --generate-privkey > /path/to/cakey.pem +# certtool --generate-self-signed \ +# --load-privkey /path/to/cakey.pem +# --template /path/to/ca.info +# --outfile /path/to/cacert.pem -sh -c "cat > /etc/ssl/ca.info < /etc/ssl/ldap01.info <> /etc/hosts +grep ldap02 /etc/hosts || echo "127.0.0.1 ldap02.example.com" >> /etc/hosts +grep bogus /etc/hosts || echo "127.0.0.1 bogus.example.com" >> /etc/hosts + service slapd restart diff --git a/test/fixtures/ca/ca.info b/test/fixtures/ca/ca.info new file mode 100644 index 00000000..c0fd3629 --- /dev/null +++ b/test/fixtures/ca/ca.info @@ -0,0 +1,4 @@ +cn = rubyldap +ca +cert_signing_key +expiration_days = 7200 diff --git a/test/fixtures/ca/cacert.pem b/test/fixtures/ca/cacert.pem new file mode 100644 index 00000000..c4f5b0fc --- /dev/null +++ b/test/fixtures/ca/cacert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC7zCCAdegAwIBAgIMV7ur2wQbbBBUX/gBMA0GCSqGSIb3DQEBCwUAMBMxETAP +BgNVBAMTCHJ1YnlsZGFwMB4XDTE2MDgyMzAxNTAxOVoXDTM2MDUxMDAxNTAxOVow +EzERMA8GA1UEAxMIcnVieWxkYXAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDIXIIUk/PJ8UnmthzX1ZC5pej7qwQDILA/o4/EkU1rBfGkHNhJihzOoW+1 +QjixcxjVM8pZXM0+bkOr/UY4ymqQnnW7a8U6Rc1+4Mhz7jKtjChfjWkAX857alL7 +2F5M1pUBvQ1WdXXFOwO0vyDT54UzkFMr/lvKXrd4/kNJYQE87+B0igICEDocFLO3 +SchtH0YpSzE80b0Fn1O1noS3LU9Eo+XsMoBMHVVrKOb/Yzs5Z1hfPrHOpB+z3VTe +4/LcbbcMoc20Ypjq+kamuYo6uGoy0lzgmgwQgJtmxl8EhsIrZuUw80yJZqi3bLht +8UZbVM1dV1/Hh7danmlWqZnI579FAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8w +DwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUZ4HlXJgf2tIxLhDOB07SC200XG8w +DQYJKoZIhvcNAQELBQADggEBAIee6oT01p6e300scQTo/VPELf14ebrZXDqtJ7HR +egHZRrSzyQgxnnyFfoazG9bmgX/xgDvH8CxW4Q7OHH2ybGA5z2FfK+uSAjKHPR2y +8EjAKfQUDo0CBlcU0otvk8KhyNmu3sbCO6QGlnDDnWo78UDOdfeflvCp4HH+wdnU +ZSKTxaJe7BbBPMm6VZGhqa4O7MOOiupcGUt0emsyA1mVixkhr+6/aO2FLdiXwclX +GhYBZg5xxbM5Hn8LbjfRsaqCjBpOXLKnuUGDQSQj1TtRFzRuiGU4tHpoBnQGCYNa +bhFP7hjfwcjKUSizHM89KugrVgpnDh6oKn+xrhSdcKTmlag= +-----END CERTIFICATE----- diff --git a/test/fixtures/ca/cakey.pem b/test/fixtures/ca/cakey.pem new file mode 100644 index 00000000..325f36c7 --- /dev/null +++ b/test/fixtures/ca/cakey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAyFyCFJPzyfFJ5rYc19WQuaXo+6sEAyCwP6OPxJFNawXxpBzY +SYoczqFvtUI4sXMY1TPKWVzNPm5Dq/1GOMpqkJ51u2vFOkXNfuDIc+4yrYwoX41p +AF/Oe2pS+9heTNaVAb0NVnV1xTsDtL8g0+eFM5BTK/5byl63eP5DSWEBPO/gdIoC +AhA6HBSzt0nIbR9GKUsxPNG9BZ9TtZ6Ety1PRKPl7DKATB1Vayjm/2M7OWdYXz6x +zqQfs91U3uPy3G23DKHNtGKY6vpGprmKOrhqMtJc4JoMEICbZsZfBIbCK2blMPNM +iWaot2y4bfFGW1TNXVdfx4e3Wp5pVqmZyOe/RQIDAQABAoIBAALhQYVmMwTeEP/d +8kAv86qXdefYJ3CcEax4f2KF7CTzqut+9qTn9U4LB/4E+6ehTeQSoH/0U4boMtTQ +CShb0HhPrsWI4QbbZf7C4F66N8RC1Xm6IJ4+wksH1jWEgKZ+Fxo1S3HIsm6pUH5S +mPgyxbleA7QILe2UuvJkRTdSy5/ClGROTXAZfA7NE/yL+cUjAOyQfxs/SxcMwnxK +phGZaAfYRpvExtRO9CAdlmkC9RgYWOdC/r7wHehpY7fi/FqBd46w+AV3ougKGt9r +yOEcXVrJRQtDR5UWivUOs34MCPQa2T+XHn/WLgeWE6bNaw5SyLr4oolb10Iue+Hw +v23W5oECgYEA7rEE7/6rTkHodVI9wrYg007WDQmeR6Y0gwiX6oGQpftXExfHjHio +yr0qwbL/UOFkWfJ8ORNXa6hHIDfxI2Kkg7vgt8SaLK8c0zhszJpcYmAx63Kk+BUO +/S863Ptz28rGmXJxjo5GYUHR7rjvRefauV6SSUo9rbocFcyeV/UlXpUCgYEA1uPx +TSXt2MBRiGp+E4tNPj+16QaF+4ety3+a4vlsY2ALejkjC3I5Lf1s4b0SW6eEn/U2 +PYFzm3FqsDqYhSas64b2s3Cw8x2yQ7rCD3SKGoiJqUSPwLkZjgUXC1gDaMkJXzEX +L9yBEBVfNRYCCk4EY/Wz1C5gJ4PFtLb8NbXGofECgYEAr506PsEmlItVVoxNuGZ7 +vDxyrGD5PUoBtK6r5vOw0w4bQIbsYGOd/Jw1SxJBWuaaCLupveyHE0RaIFBIcHpx +BCNE8LALpvinwpfvJJIlipOv5sUQrx3/SzRmoJO46GtGtztGZVY0XfYpWPRjxxER +EfWMt7ORsbIOW9OSZLCO8AkCgYA1c/HcDOlDF2OwmTzPQ8FtEJABbPv6+18B1bYD +a6PIfGWee4P6HumWRQnGhS+B2QOmfmqFliPZsLanK4ww4tP0qlfHfuqlLufe7R/E +lGqd+wSzNDjF6cUvjJiU28nNUOSh5yYrY6A/DfHm1JihU5LIAqA+0WJdseuF7laC +TbshIQKBgGhwjXS/A0twYMTZwc/H/JGik8yBXK/GZ4BAlIv5hryRmKMbik8sLtEF +Lq/Jt9qsQ6Zob2XZFAi+vZJykvX0ySxngHEOkiHxwyQNQTEfBPifFPkOIKhVKt9t +D4w2FfF4Bai36Wdaa97VXiBBgafIe7z5VDJXRS2HK9SHuYH3kmJu +-----END RSA PRIVATE KEY----- From 21373615cae10c3123d415d83938a65dee410b43 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 19:19:35 -0700 Subject: [PATCH 101/146] vagrant fix for macOS v Linux? --- test/integration/test_bind.rb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index b7fa35bc..e6eb89b4 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -10,7 +10,9 @@ def test_bind_timeout error = assert_raise Net::LDAP::Error do @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "passworD1") end - assert_equal('Connection timed out - user specified timeout', error.message) + msgs = ['Operation timed out - user specified timeout', + 'Connection timed out - user specified timeout'] + assert_send([msgs, :include?, error.message]) end def test_bind_anonymous_fail From 38b6147ac77f0e071df2b93002d30fde95d40a6c Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 19:26:07 -0700 Subject: [PATCH 102/146] helper should use the new CA --- test/test_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test_helper.rb b/test/test_helper.rb index cd34017c..580a2916 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -14,7 +14,7 @@ if File.exist?("/etc/ssl/certs/cacert.pem") "/etc/ssl/certs/cacert.pem" else - File.expand_path("fixtures/cacert.pem", File.dirname(__FILE__)) + File.expand_path("fixtures/ca/cacert.pem", File.dirname(__FILE__)) end end From b42e931359ec2c42efb8bc72a37209a59d7ea816 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 19:42:17 -0700 Subject: [PATCH 103/146] rubocop fix --- lib/net/ldap/connection.rb | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 05f676cc..ef8341ae 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -392,12 +392,11 @@ def search(args = nil) # should collect this into a private helper to clarify the structure query_limit = 0 if size > 0 - if paged - query_limit = (((size - n_results) < 126) ? (size - - n_results) : 0) - else - query_limit = size - end + query_limit = if paged + (((size - n_results) < 126) ? (size - n_results) : 0) + else + size + end end request = [ From 22eaf7caf0e5800a7517688760dc807c5f7de230 Mon Sep 17 00:00:00 2001 From: "jean-pierre.vanriel" Date: Fri, 15 Jan 2016 01:26:10 +0200 Subject: [PATCH 104/146] cherry pick from https://github.com/ruby-ldap/ruby-net-ldap/pull/259 --- lib/net/ldap/connection.rb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index ef8341ae..a89da562 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -52,6 +52,9 @@ def open_connection(server) hosts.each do |host, port| begin prepare_socket(server.merge(socket: @socket_class.new(host, port, socket_opts)), timeout) + if encryption[:tls_options][:verify_mode] != OpenSSL::SSL::VERIFY_NONE + @conn.post_connection_check(host) + end return rescue Net::LDAP::Error, SocketError, SystemCallError, OpenSSL::SSL::SSLError => e From d7b36d1c8e9f8457e9aca4fa1ea0c7929baab5b6 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 20:38:47 -0700 Subject: [PATCH 105/146] check that the encryption hash is defined before using it --- lib/net/ldap/connection.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index a89da562..43ff72c9 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -52,7 +52,8 @@ def open_connection(server) hosts.each do |host, port| begin prepare_socket(server.merge(socket: @socket_class.new(host, port, socket_opts)), timeout) - if encryption[:tls_options][:verify_mode] != OpenSSL::SSL::VERIFY_NONE + if encryption && encryption[:tls_options] && + encryption[:tls_options][:verify_mode] != OpenSSL::SSL::VERIFY_NONE @conn.post_connection_check(host) end return From 748f1b9fae8cf7947930578b0dcf4250bce3d9bf Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 20:47:52 -0700 Subject: [PATCH 106/146] add tests for cert/hostname mismatch --- test/integration/test_bind.rb | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index e6eb89b4..2c2c71fb 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -37,8 +37,31 @@ def test_bind_tls_with_cafile end def test_bind_tls_with_verify_none - tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(:verify_mode => OpenSSL::SSL::VERIFY_NONE) + @ldap.host = '127.0.0.1' + @ldap.port = 9389 + tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge( + :verify_mode => OpenSSL::SSL::VERIFY_NONE, + ) @ldap.encryption(method: :start_tls, tls_options: tls_options) assert @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "passworD1"), @ldap.get_operation_result.inspect end + + def test_bind_tls_with_bad_hostname + @ldap.host = '127.0.0.1' + @ldap.port = 9389 + tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge( + :verify_mode => OpenSSL::SSL::VERIFY_PEER, + :ca_file => CA_FILE, + ) + @ldap.encryption(method: :start_tls, tls_options: tls_options) + error = assert_raise Net::LDAP::Error do + @ldap.bind(method: :simple, + username: "uid=user1,ou=People,dc=rubyldap,dc=com", + password: "passworD1") + end + assert_equal( + "hostname \"#{@ldap.host}\" does not match the server certificate", + error.message, + ) + end end From 9bab5a5d49bfd7747fa8996009a7b9c14c34e52d Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 20:48:18 -0700 Subject: [PATCH 107/146] stupid portforwarding tricks for local testing --- script/install-openldap | 12 ++++++++++++ test/support/vm/openldap/Vagrantfile | 1 + 2 files changed, 13 insertions(+) diff --git a/script/install-openldap b/script/install-openldap index f356b61a..935af304 100755 --- a/script/install-openldap +++ b/script/install-openldap @@ -79,6 +79,15 @@ signing_key expiration_days = 3650 EOF" +# The integration server may be accessed by IP address, in which case +# we want some of the IPs included in the cert. We skip loopback (127.0.0.1) +# because that's the IP we use in the integration test for cert name mismatches. +ADDRS=$(ifconfig -a | grep 'inet addr:' | cut -f 2 -d : | cut -f 1 -d ' ') +for ip in $ADDRS; do + if [ "x$ip" = 'x127.0.0.1' ]; then continue; fi + echo "ip_address = $ip" >> /etc/ssl/ldap01.info +done + # Create the server certificate certtool --generate-certificate \ --load-privkey /etc/ssl/private/ldap01_slapd_key.pem \ @@ -114,6 +123,9 @@ chmod o-r /etc/ssl/private/ldap01_slapd_key.pem # Drop packets on a secondary port used to specific timeout tests iptables -A INPUT -p tcp -j DROP --dport 8389 +# Forward a port for Vagrant +iptables -t nat -A PREROUTING -p tcp --dport 9389 -j REDIRECT --to-port 389 + # fix up /etc/hosts for cert validation grep ldap01 /etc/hosts || echo "127.0.0.1 ldap01.example.com" >> /etc/hosts grep ldap02 /etc/hosts || echo "127.0.0.1 ldap02.example.com" >> /etc/hosts diff --git a/test/support/vm/openldap/Vagrantfile b/test/support/vm/openldap/Vagrantfile index 96233e92..1f375e76 100644 --- a/test/support/vm/openldap/Vagrantfile +++ b/test/support/vm/openldap/Vagrantfile @@ -10,6 +10,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| config.vm.box = "hashicorp/precise64" config.vm.network "private_network", type: :dhcp + config.vm.network "forwarded_port", guest: 389, host: 9389 config.ssh.forward_agent = true From 381fdf4fed5c39d36ada17ec8b2f07b3165cd003 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 20:54:02 -0700 Subject: [PATCH 108/146] omit example --- test/integration/test_bind.rb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index 2c2c71fb..9efb8479 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -64,4 +64,9 @@ def test_bind_tls_with_bad_hostname error.message, ) end + + def test_bind_tls_with_good_hostname + omit_if true + assert_true false + end end From fd1c8237f6523e3164f718e0773053670cd170a0 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 21:12:04 -0700 Subject: [PATCH 109/146] doc tweak --- README.rdoc | 9 +++------ test/support/vm/openldap/README.md | 27 +++++++++++++++++++++++++-- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/README.rdoc b/README.rdoc index 53e2d468..df27b969 100644 --- a/README.rdoc +++ b/README.rdoc @@ -52,12 +52,9 @@ This task will run the test suite and the rake rubotest -To run the integration tests against an LDAP server: - - cd test/support/vm/openldap - vagrant up - cd ../../../.. - INTEGRATION=openldap bundle exec rake rubotest +CI takes too long? If your local box supports +{Vagrant}(https://www.vagrantup.com/), you can run most of the tests +in a VM on your local box. For more details and setup instructions, see {test/support/vm/openldap/README.md}(https://github.com/ruby-ldap/ruby-net-ldap/tree/master/test/support/vm/openldap/README.md) == Release diff --git a/test/support/vm/openldap/README.md b/test/support/vm/openldap/README.md index a2769567..31a17cda 100644 --- a/test/support/vm/openldap/README.md +++ b/test/support/vm/openldap/README.md @@ -1,8 +1,27 @@ # Local OpenLDAP Integration Testing -Set up a [Vagrant](http://www.vagrantup.com/) VM to run integration tests against OpenLDAP locally. +Set up a [Vagrant](http://www.vagrantup.com/) VM to run integration +tests against OpenLDAP locally. *NOTE*: To support some of the SSL tests, +Vagrant forwards localhost port 9389 to VM host port 9389. The port mapping +goes away when you run `vagrant destroy`. -To run integration tests locally: +## Install Vagrant + +*NOTE*: The Vagrant gem (`gem install vagrant`) is +[no longer supported](https://www.vagrantup.com/docs/installation/) + +If you use Homebrew on macOS: +``` bash +$ brew update +$ brew cask install virtualbox +$ brew cask install vagrant +$ brew cask install vagrant-manager +``` + +Installing Vagrant and virtualbox on other operating systems is left +as an exercise to the reader. + +## Run the tests ``` bash # start VM (from the correct directory) @@ -27,6 +46,10 @@ $ export INTEGRATION_HOST=$ip # now run tests without having to set ENV variables $ time bundle exec rake + +# Once you're all done +$ cd test/support/vm/openldap +$ vagrant destroy ``` You may need to `gem install vagrant` first in order to provision the VM. From 7593af13d61a3976619febb7a02bc84706d33559 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 21:14:53 -0700 Subject: [PATCH 110/146] too many markdown syntaxes --- README.rdoc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/README.rdoc b/README.rdoc index df27b969..f1b1ea36 100644 --- a/README.rdoc +++ b/README.rdoc @@ -53,8 +53,9 @@ This task will run the test suite and the rake rubotest CI takes too long? If your local box supports -{Vagrant}(https://www.vagrantup.com/), you can run most of the tests -in a VM on your local box. For more details and setup instructions, see {test/support/vm/openldap/README.md}(https://github.com/ruby-ldap/ruby-net-ldap/tree/master/test/support/vm/openldap/README.md) +{Vagrant}[https://www.vagrantup.com/], you can run most of the tests +in a VM on your local box. For more details and setup instructions, see +{test/support/vm/openldap/README.md}[https://github.com/ruby-ldap/ruby-net-ldap/tree/master/test/support/vm/openldap/README.md] == Release From 052f90d29fc28ba406db44e713a47b13c3139d9e Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 21:16:05 -0700 Subject: [PATCH 111/146] remove stale reference to gem --- test/support/vm/openldap/README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/test/support/vm/openldap/README.md b/test/support/vm/openldap/README.md index 31a17cda..9b37ed5e 100644 --- a/test/support/vm/openldap/README.md +++ b/test/support/vm/openldap/README.md @@ -51,5 +51,3 @@ $ time bundle exec rake $ cd test/support/vm/openldap $ vagrant destroy ``` - -You may need to `gem install vagrant` first in order to provision the VM. From ca4e39078848b04e071b2b1a17039fdb35607bca Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 21:43:00 -0700 Subject: [PATCH 112/146] extra ldap object for multiple host tests --- test/test_helper.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/test_helper.rb b/test/test_helper.rb index 580a2916..b1c2e07d 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -62,5 +62,13 @@ def setup search_domains: %w(dc=rubyldap,dc=com), uid: 'uid', instrumentation_service: @service + + @ldap_multi = Net::LDAP.new \ + hosts: [['ldap01.example.com', 389], ['ldap02.example.com', 389]], + admin_user: 'uid=admin,dc=rubyldap,dc=com', + admin_password: 'passworD1', + search_domains: %w(dc=rubyldap,dc=com), + uid: 'uid', + instrumentation_service: @service end end From c6a465fbb86707ed6315a4871927d59bc033a20c Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 21:43:44 -0700 Subject: [PATCH 113/146] add multi-host SSL checks --- test/integration/test_bind.rb | 73 +++++++++++++++++++++++++++++++++-- 1 file changed, 70 insertions(+), 3 deletions(-) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index 9efb8479..7c3ed59b 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -65,8 +65,75 @@ def test_bind_tls_with_bad_hostname ) end - def test_bind_tls_with_good_hostname - omit_if true - assert_true false + def test_bind_tls_with_valid_hostname + @ldap.host = 'localhost' + @ldap.port = 9389 + tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge( + :verify_mode => OpenSSL::SSL::VERIFY_PEER, + :ca_file => CA_FILE, + ) + @ldap.encryption(method: :start_tls, tls_options: tls_options) + assert @ldap.bind(method: :simple, + username: "uid=user1,ou=People,dc=rubyldap,dc=com", + password: "passworD1") + @ldap.get_operation_result.inspect + end + + # The following depend on /etc/hosts hacking. + # We can do that on CI, but it's less than cool on people's dev boxes + def test_bind_tls_with_multiple_hosts + omit_unless ENV['TRAVIS'] == 'true' + tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge( + :verify_mode => OpenSSL::SSL::VERIFY_PEER, + :ca_file => CA_FILE, + ) + @ldap_multi.encryption(method: :start_tls, tls_options: tls_options) + assert @ldap_multi.bind(method: :simple, + username: "uid=user1,ou=People,dc=rubyldap,dc=com", + password: "passworD1") + @ldap_multi.get_operation_result.inspect + end + + def test_bind_tls_with_multiple_bogus_hosts + omit_unless ENV['TRAVIS'] == 'true' + tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge( + :verify_mode => OpenSSL::SSL::VERIFY_PEER, + :ca_file => CA_FILE, + ) + @ldap_multi.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]] + @ldap_multi.encryption(method: :start_tls, tls_options: tls_options) + error = assert_raise Net::LDAP::Error do + @ldap_multi.bind(method: :simple, + username: "uid=user1,ou=People,dc=rubyldap,dc=com", + password: "passworD1") + end + assert_equal("TODO - fix this", + error.message) + end + + def test_bind_tls_with_multiple_bogus_hosts_no_verification + omit_unless ENV['TRAVIS'] == 'true' + tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge( + :verify_mode => OpenSSL::SSL::VERIFY_NONE, + ) + @ldap_multi.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]] + @ldap_multi.encryption(method: :start_tls, tls_options: tls_options) + assert @ldap_multi.bind(method: :simple, + username: "uid=user1,ou=People,dc=rubyldap,dc=com", + password: "passworD1") + @ldap_multi.get_operation_result.inspect + end + + def test_bind_tls_with_multiple_bogus_hosts_ca_check_only + omit_unless ENV['TRAVIS'] == 'true' + tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge( + :ca_file => CA_FILE, + ) + @ldap_multi.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]] + @ldap_multi.encryption(method: :start_tls, tls_options: tls_options) + assert @ldap_multi.bind(method: :simple, + username: "uid=user1,ou=People,dc=rubyldap,dc=com", + password: "passworD1") + @ldap_multi.get_operation_result.inspect end end From 1300bc0944a019b8f21431433dbb64c15f80a1aa Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 21:53:36 -0700 Subject: [PATCH 114/146] include "localhost" as valid cert name --- script/install-openldap | 1 + 1 file changed, 1 insertion(+) diff --git a/script/install-openldap b/script/install-openldap index 935af304..83a09153 100755 --- a/script/install-openldap +++ b/script/install-openldap @@ -73,6 +73,7 @@ organization = Example Company cn = ldap01.example.com dns_name = ldap01.example.com dns_name = ldap02.example.com +dns_name = localhost tls_www_server encryption_key signing_key From 440ce7f01126983c5e368322e531db60007faedf Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 22:36:29 -0700 Subject: [PATCH 115/146] tidy up the TLS tests --- test/integration/test_bind.rb | 120 ++++++++++++++++++---------------- test/test_helper.rb | 16 ++--- 2 files changed, 70 insertions(+), 66 deletions(-) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index 7c3ed59b..a0738f16 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -2,13 +2,14 @@ class TestBindIntegration < LDAPIntegrationTestCase def test_bind_success - assert @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "passworD1"), @ldap.get_operation_result.inspect + assert @ldap.bind(BIND_CREDS), + @ldap.get_operation_result.inspect end def test_bind_timeout @ldap.port = 8389 error = assert_raise Net::LDAP::Error do - @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "passworD1") + @ldap.bind BIND_CREDS end msgs = ['Operation timed out - user specified timeout', 'Connection timed out - user specified timeout'] @@ -16,7 +17,8 @@ def test_bind_timeout end def test_bind_anonymous_fail - refute @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: ""), @ldap.get_operation_result.inspect + refute @ldap.bind(BIND_CREDS.merge(password: '')), + @ldap.get_operation_result.inspect result = @ldap.get_operation_result assert_equal Net::LDAP::ResultCodeUnwillingToPerform, result.code @@ -27,37 +29,40 @@ def test_bind_anonymous_fail end def test_bind_fail - refute @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "not my password"), @ldap.get_operation_result.inspect + refute @ldap.bind(BIND_CREDS.merge(password: "not my password")), + @ldap.get_operation_result.inspect end def test_bind_tls_with_cafile - tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge(:ca_file => CA_FILE) - @ldap.encryption(method: :start_tls, tls_options: tls_options) - assert @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "passworD1"), @ldap.get_operation_result.inspect + @ldap.encryption( + method: :start_tls, + tls_options: TLS_OPTS.merge(ca_file: CA_FILE), + ) + assert @ldap.bind(BIND_CREDS), + @ldap.get_operation_result.inspect end def test_bind_tls_with_verify_none @ldap.host = '127.0.0.1' @ldap.port = 9389 - tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge( - :verify_mode => OpenSSL::SSL::VERIFY_NONE, + @ldap.encryption( + method: :start_tls, + tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE), ) - @ldap.encryption(method: :start_tls, tls_options: tls_options) - assert @ldap.bind(method: :simple, username: "uid=user1,ou=People,dc=rubyldap,dc=com", password: "passworD1"), @ldap.get_operation_result.inspect + assert @ldap.bind(BIND_CREDS), + @ldap.get_operation_result.inspect end def test_bind_tls_with_bad_hostname @ldap.host = '127.0.0.1' @ldap.port = 9389 - tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge( - :verify_mode => OpenSSL::SSL::VERIFY_PEER, - :ca_file => CA_FILE, + @ldap.encryption( + method: :start_tls, + tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER, + ca_file: CA_FILE), ) - @ldap.encryption(method: :start_tls, tls_options: tls_options) error = assert_raise Net::LDAP::Error do - @ldap.bind(method: :simple, - username: "uid=user1,ou=People,dc=rubyldap,dc=com", - password: "passworD1") + @ldap.bind BIND_CREDS end assert_equal( "hostname \"#{@ldap.host}\" does not match the server certificate", @@ -68,44 +73,43 @@ def test_bind_tls_with_bad_hostname def test_bind_tls_with_valid_hostname @ldap.host = 'localhost' @ldap.port = 9389 - tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge( - :verify_mode => OpenSSL::SSL::VERIFY_PEER, - :ca_file => CA_FILE, + @ldap.encryption( + method: :start_tls, + tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER, + ca_file: CA_FILE), ) - @ldap.encryption(method: :start_tls, tls_options: tls_options) - assert @ldap.bind(method: :simple, - username: "uid=user1,ou=People,dc=rubyldap,dc=com", - password: "passworD1") - @ldap.get_operation_result.inspect + assert @ldap.bind(BIND_CREDS), + @ldap.get_operation_result.inspect end # The following depend on /etc/hosts hacking. # We can do that on CI, but it's less than cool on people's dev boxes def test_bind_tls_with_multiple_hosts omit_unless ENV['TRAVIS'] == 'true' - tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge( - :verify_mode => OpenSSL::SSL::VERIFY_PEER, - :ca_file => CA_FILE, + + @ldap.host = nil + @ldap.hosts = [['ldap01.example.com', 389], ['ldap02.example.com', 389]] + @ldap.encryption( + method: :start_tls, + tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER, + ca_file: CA_FILE), ) - @ldap_multi.encryption(method: :start_tls, tls_options: tls_options) - assert @ldap_multi.bind(method: :simple, - username: "uid=user1,ou=People,dc=rubyldap,dc=com", - password: "passworD1") - @ldap_multi.get_operation_result.inspect + assert @ldap.bind(BIND_CREDS), + @ldap.get_operation_result.inspect end def test_bind_tls_with_multiple_bogus_hosts omit_unless ENV['TRAVIS'] == 'true' - tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge( - :verify_mode => OpenSSL::SSL::VERIFY_PEER, - :ca_file => CA_FILE, + + @ldap.host = nil + @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]] + @ldap.encryption( + method: :start_tls, + tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER, + ca_file: CA_FILE), ) - @ldap_multi.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]] - @ldap_multi.encryption(method: :start_tls, tls_options: tls_options) error = assert_raise Net::LDAP::Error do - @ldap_multi.bind(method: :simple, - username: "uid=user1,ou=People,dc=rubyldap,dc=com", - password: "passworD1") + @ldap.bind BIND_CREDS end assert_equal("TODO - fix this", error.message) @@ -113,27 +117,27 @@ def test_bind_tls_with_multiple_bogus_hosts def test_bind_tls_with_multiple_bogus_hosts_no_verification omit_unless ENV['TRAVIS'] == 'true' - tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge( - :verify_mode => OpenSSL::SSL::VERIFY_NONE, + + @ldap.host = nil + @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]] + @ldap.encryption( + method: :start_tls, + tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE), ) - @ldap_multi.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]] - @ldap_multi.encryption(method: :start_tls, tls_options: tls_options) - assert @ldap_multi.bind(method: :simple, - username: "uid=user1,ou=People,dc=rubyldap,dc=com", - password: "passworD1") - @ldap_multi.get_operation_result.inspect + assert @ldap.bind(BIND_CREDS), + @ldap.get_operation_result.inspect end def test_bind_tls_with_multiple_bogus_hosts_ca_check_only omit_unless ENV['TRAVIS'] == 'true' - tls_options = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge( - :ca_file => CA_FILE, + + @ldap.host = nil + @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]] + @ldap.encryption( + method: :start_tls, + tls_options: TLS_OPTS.merge(ca_file: CA_FILE), ) - @ldap_multi.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]] - @ldap_multi.encryption(method: :start_tls, tls_options: tls_options) - assert @ldap_multi.bind(method: :simple, - username: "uid=user1,ou=People,dc=rubyldap,dc=com", - password: "passworD1") - @ldap_multi.get_operation_result.inspect + assert @ldap.bind(BIND_CREDS), + @ldap.get_operation_result.inspect end end diff --git a/test/test_helper.rb b/test/test_helper.rb index b1c2e07d..0a976be4 100644 --- a/test/test_helper.rb +++ b/test/test_helper.rb @@ -18,6 +18,14 @@ end end +BIND_CREDS = { + method: :simple, + username: "uid=user1,ou=People,dc=rubyldap,dc=com", + password: "passworD1", +}.freeze + +TLS_OPTS = OpenSSL::SSL::SSLContext::DEFAULT_PARAMS.merge({}).freeze + if RUBY_VERSION < "2.0" class String def b @@ -62,13 +70,5 @@ def setup search_domains: %w(dc=rubyldap,dc=com), uid: 'uid', instrumentation_service: @service - - @ldap_multi = Net::LDAP.new \ - hosts: [['ldap01.example.com', 389], ['ldap02.example.com', 389]], - admin_user: 'uid=admin,dc=rubyldap,dc=com', - admin_password: 'passworD1', - search_domains: %w(dc=rubyldap,dc=com), - uid: 'uid', - instrumentation_service: @service end end From 199f429bcf3b5cf13e075eb99d63a87e3b9188a6 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 22:45:43 -0700 Subject: [PATCH 116/146] fix up to look like https://github.com/ruby-ldap/ruby-net-ldap/pull/259#discussion-diff-57030107 --- lib/net/ldap/connection.rb | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 43ff72c9..4f311748 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -52,9 +52,14 @@ def open_connection(server) hosts.each do |host, port| begin prepare_socket(server.merge(socket: @socket_class.new(host, port, socket_opts)), timeout) - if encryption && encryption[:tls_options] && - encryption[:tls_options][:verify_mode] != OpenSSL::SSL::VERIFY_NONE - @conn.post_connection_check(host) + if encryption + if encryption[:tls_options] && + encryption[:tls_options][:verify_mode] && + encryption[:tls_options][:verify_mode] == OpenSSL::SSL::VERIFY_NONE + warn "not verifying SSL hostname of LDAPS server '#{host}:#{port}'" + else + @conn.post_connection_check(host) + end end return rescue Net::LDAP::Error, SocketError, SystemCallError, From caf191102f5d04cb1e4222b6b75c15a44470134e Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 22:49:16 -0700 Subject: [PATCH 117/146] remove useless test CA --- test/fixtures/cacert.pem | 20 -------------------- 1 file changed, 20 deletions(-) delete mode 100644 test/fixtures/cacert.pem diff --git a/test/fixtures/cacert.pem b/test/fixtures/cacert.pem deleted file mode 100644 index f8b134e1..00000000 --- a/test/fixtures/cacert.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDRzCCAf+gAwIBAgIEVHpbmjANBgkqhkiG9w0BAQsFADATMREwDwYDVQQDEwhy -dWJ5bGRhcDAeFw0xNDExMjkyMzQ5NDZaFw0xNTExMjkyMzQ5NDZaMBMxETAPBgNV -BAMTCHJ1YnlsZGFwMIIBUjANBgkqhkiG9w0BAQEFAAOCAT8AMIIBOgKCATEA4pKe -cDCNuL53fkpO/WSAS+gmMTsOs+oOK71kZlk2QT/MBz8TxC6m358qCADjnXcMVVxa -ySQbQlVKZMkIvLNciZbiLDgC5II0NbHACNa8rqenoKRjS4J9W3OhA8EmnXn/Me+8 -uMCI9tfnKNRZYdkQZlra4I+Idn+xYfl/5q5b/7ZjPS2zY/585hFEYE+5vfOZVBSU -3HMNSeuJvTehLv7dD7aQfXNM4cRgHXequkJQ/HLLFAO4AgJ+LJrFWpj7GWz3crgr -9G5px4T78wJH3NQiOsG6UBXPw8c4T+Z6GAWX2l1zs1gZsaiCVbAraqK3404lL7yp -+ThbsW3ifzgNPhmjScXBLdbEDrrAKosW7kkTOGzxiMCBmNlj2SKhcztoduAtfF1f -Fs2Jk8MRTHwO8ThD7wIDAQABo0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB -/wQFAwMHBAAwHQYDVR0OBBYEFJDm67ekyFu4/Z7VcO6Vk/5pinGcMA0GCSqGSIb3 -DQEBCwUAA4IBMQDHeEPzfYRtjynpUKyrtxx/6ZVOfCLuz4eHkBZggz/pJacDCv/a -I//W03XCk8RWq/fWVVUzvxXgPwnYcw992PLM7XW81zp6ruRUDWooYnjHZZz3bRhe -kC4QvM2mZhcsMVmhmWWKZn81qXgVdUY1XNRhk87cuXjF/UTpEieFvWAsCUkFZkqB -AmySCuI/FuPaauT1YAltkIlYAEIGNJGZDMf2BTVUQpXhTXeS9/AZWLNDBwiq+fwo -YYnsr9MnBXCEmg1gVSR/Ay2AZmbYfiYtb5kU8uq2lSWAUb4LX6HZl82wo3OilrJ2 -WXl6Qf+Fcy4qqkRt4AKHjtzizpEDCOVYuuG0Zoy+QnxNXRsEzpb8ymnJFrcgYfk/ -6Lv2gWAFl5FqCZp7gBWg55eL2coT4C+mbNTF ------END CERTIFICATE----- From c801132db0a692acabe56dd50c57ef6e80b2f1af Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 23:16:47 -0700 Subject: [PATCH 118/146] only use tcp/9389 with vagrant, use the right exception for bad TLS connections --- test/integration/test_bind.rb | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index a0738f16..d034b1fd 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -44,7 +44,7 @@ def test_bind_tls_with_cafile def test_bind_tls_with_verify_none @ldap.host = '127.0.0.1' - @ldap.port = 9389 + @ldap.port = 9389 unless ENV['TRAVIS'] == 'true' @ldap.encryption( method: :start_tls, tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE), @@ -55,13 +55,13 @@ def test_bind_tls_with_verify_none def test_bind_tls_with_bad_hostname @ldap.host = '127.0.0.1' - @ldap.port = 9389 + @ldap.port = 9389 unless ENV['TRAVIS'] == 'true' @ldap.encryption( method: :start_tls, tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER, ca_file: CA_FILE), ) - error = assert_raise Net::LDAP::Error do + error = assert_raise Net::LDAP::ConnectionRefusedError do @ldap.bind BIND_CREDS end assert_equal( @@ -72,7 +72,7 @@ def test_bind_tls_with_bad_hostname def test_bind_tls_with_valid_hostname @ldap.host = 'localhost' - @ldap.port = 9389 + @ldap.port = 9389 unless ENV['TRAVIS'] == 'true' @ldap.encryption( method: :start_tls, tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER, @@ -108,7 +108,7 @@ def test_bind_tls_with_multiple_bogus_hosts tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER, ca_file: CA_FILE), ) - error = assert_raise Net::LDAP::Error do + error = assert_raise Net::LDAP::ConnectionRefusedError do @ldap.bind BIND_CREDS end assert_equal("TODO - fix this", From 80bab6c769329f1d7b9c0ec246f3056fd0eeeeae Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 23:19:41 -0700 Subject: [PATCH 119/146] handle both exceptions --- test/integration/test_bind.rb | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index d034b1fd..a046e2ec 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -61,7 +61,8 @@ def test_bind_tls_with_bad_hostname tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER, ca_file: CA_FILE), ) - error = assert_raise Net::LDAP::ConnectionRefusedError do + error = assert_raise Net::LDAP::Error, + Net::LDAP::ConnectionRefusedError do @ldap.bind BIND_CREDS end assert_equal( @@ -108,7 +109,8 @@ def test_bind_tls_with_multiple_bogus_hosts tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER, ca_file: CA_FILE), ) - error = assert_raise Net::LDAP::ConnectionRefusedError do + error = assert_raise Net::LDAP::Error, + Net::LDAP::ConnectionRefusedError do @ldap.bind BIND_CREDS end assert_equal("TODO - fix this", From eeb7a6d0ab591bba045d9765ba5313089db67b0a Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 23:31:49 -0700 Subject: [PATCH 120/146] single vs multiple hosts throw different exceptions --- test/integration/test_bind.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index a046e2ec..3938973a 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -110,7 +110,7 @@ def test_bind_tls_with_multiple_bogus_hosts ca_file: CA_FILE), ) error = assert_raise Net::LDAP::Error, - Net::LDAP::ConnectionRefusedError do + Net::LDAP::ConnectionError do @ldap.bind BIND_CREDS end assert_equal("TODO - fix this", From c5f212605f0cfbe6d162d527089f67ad614fab0d Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 23:45:51 -0700 Subject: [PATCH 121/146] more TLS tests around merging vs not merging the default options --- test/integration/test_bind.rb | 52 +++++++++++++++++++++++++++++++---- 1 file changed, 46 insertions(+), 6 deletions(-) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index 3938973a..c54809c7 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -42,7 +42,18 @@ def test_bind_tls_with_cafile @ldap.get_operation_result.inspect end - def test_bind_tls_with_verify_none + def test_bind_tls_with_bad_hostname_verify_none_no_ca_passes + @ldap.host = '127.0.0.1' + @ldap.port = 9389 unless ENV['TRAVIS'] == 'true' + @ldap.encryption( + method: :start_tls, + tls_options: { verify_mode: OpenSSL::SSL::VERIFY_NONE }, + ) + assert @ldap.bind(BIND_CREDS), + @ldap.get_operation_result.inspect + end + + def test_bind_tls_with_bad_hostname_verify_none_no_ca_opt_merge_passes @ldap.host = '127.0.0.1' @ldap.port = 9389 unless ENV['TRAVIS'] == 'true' @ldap.encryption( @@ -53,13 +64,13 @@ def test_bind_tls_with_verify_none @ldap.get_operation_result.inspect end - def test_bind_tls_with_bad_hostname + def test_bind_tls_with_bad_hostname_verify_peer_ca_fails @ldap.host = '127.0.0.1' @ldap.port = 9389 unless ENV['TRAVIS'] == 'true' @ldap.encryption( method: :start_tls, - tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER, - ca_file: CA_FILE), + tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER, + ca_file: CA_FILE }, ) error = assert_raise Net::LDAP::Error, Net::LDAP::ConnectionRefusedError do @@ -71,7 +82,24 @@ def test_bind_tls_with_bad_hostname ) end - def test_bind_tls_with_valid_hostname + def test_bind_tls_with_bad_hostname_ca_default_opt_merge_fails + @ldap.host = '127.0.0.1' + @ldap.port = 9389 unless ENV['TRAVIS'] == 'true' + @ldap.encryption( + method: :start_tls, + tls_options: TLS_OPTS.merge(ca_file: CA_FILE), + ) + error = assert_raise Net::LDAP::Error, + Net::LDAP::ConnectionRefusedError do + @ldap.bind BIND_CREDS + end + assert_equal( + "hostname \"#{@ldap.host}\" does not match the server certificate", + error.message, + ) + end + + def test_bind_tls_with_valid_hostname_default_opts_passes @ldap.host = 'localhost' @ldap.port = 9389 unless ENV['TRAVIS'] == 'true' @ldap.encryption( @@ -83,6 +111,18 @@ def test_bind_tls_with_valid_hostname @ldap.get_operation_result.inspect end + def test_bind_tls_with_valid_hostname_just_verify_peer_ca_passes + @ldap.host = 'localhost' + @ldap.port = 9389 unless ENV['TRAVIS'] == 'true' + @ldap.encryption( + method: :start_tls, + tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER, + ca_file: CA_FILE }, + ) + assert @ldap.bind(BIND_CREDS), + @ldap.get_operation_result.inspect + end + # The following depend on /etc/hosts hacking. # We can do that on CI, but it's less than cool on people's dev boxes def test_bind_tls_with_multiple_hosts @@ -137,7 +177,7 @@ def test_bind_tls_with_multiple_bogus_hosts_ca_check_only @ldap.hosts = [['127.0.0.1', 389], ['bogus.example.com', 389]] @ldap.encryption( method: :start_tls, - tls_options: TLS_OPTS.merge(ca_file: CA_FILE), + tls_options: { ca_file: CA_FILE }, ) assert @ldap.bind(BIND_CREDS), @ldap.get_operation_result.inspect From d2ba5e6801d745f5a169ab102788d67c57e15f05 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Mon, 22 Aug 2016 23:54:31 -0700 Subject: [PATCH 122/146] fix bogus multi-host check --- test/integration/test_bind.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index c54809c7..0caf24e9 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -153,8 +153,8 @@ def test_bind_tls_with_multiple_bogus_hosts Net::LDAP::ConnectionError do @ldap.bind BIND_CREDS end - assert_equal("TODO - fix this", - error.message) + assert_equal("Unable to connect to any given server: ", + error.message.split("\n").shift) end def test_bind_tls_with_multiple_bogus_hosts_no_verification From 41881aa2efe6e4c00365b36680abb40f81983423 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Tue, 23 Aug 2016 00:00:14 -0700 Subject: [PATCH 123/146] remove vagrant port override, because $INTEGRATION_PORT --- test/integration/test_bind.rb | 6 ------ test/support/vm/openldap/README.md | 3 +++ 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index 0caf24e9..5ba5237e 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -44,7 +44,6 @@ def test_bind_tls_with_cafile def test_bind_tls_with_bad_hostname_verify_none_no_ca_passes @ldap.host = '127.0.0.1' - @ldap.port = 9389 unless ENV['TRAVIS'] == 'true' @ldap.encryption( method: :start_tls, tls_options: { verify_mode: OpenSSL::SSL::VERIFY_NONE }, @@ -55,7 +54,6 @@ def test_bind_tls_with_bad_hostname_verify_none_no_ca_passes def test_bind_tls_with_bad_hostname_verify_none_no_ca_opt_merge_passes @ldap.host = '127.0.0.1' - @ldap.port = 9389 unless ENV['TRAVIS'] == 'true' @ldap.encryption( method: :start_tls, tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_NONE), @@ -66,7 +64,6 @@ def test_bind_tls_with_bad_hostname_verify_none_no_ca_opt_merge_passes def test_bind_tls_with_bad_hostname_verify_peer_ca_fails @ldap.host = '127.0.0.1' - @ldap.port = 9389 unless ENV['TRAVIS'] == 'true' @ldap.encryption( method: :start_tls, tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER, @@ -84,7 +81,6 @@ def test_bind_tls_with_bad_hostname_verify_peer_ca_fails def test_bind_tls_with_bad_hostname_ca_default_opt_merge_fails @ldap.host = '127.0.0.1' - @ldap.port = 9389 unless ENV['TRAVIS'] == 'true' @ldap.encryption( method: :start_tls, tls_options: TLS_OPTS.merge(ca_file: CA_FILE), @@ -101,7 +97,6 @@ def test_bind_tls_with_bad_hostname_ca_default_opt_merge_fails def test_bind_tls_with_valid_hostname_default_opts_passes @ldap.host = 'localhost' - @ldap.port = 9389 unless ENV['TRAVIS'] == 'true' @ldap.encryption( method: :start_tls, tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER, @@ -113,7 +108,6 @@ def test_bind_tls_with_valid_hostname_default_opts_passes def test_bind_tls_with_valid_hostname_just_verify_peer_ca_passes @ldap.host = 'localhost' - @ldap.port = 9389 unless ENV['TRAVIS'] == 'true' @ldap.encryption( method: :start_tls, tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER, diff --git a/test/support/vm/openldap/README.md b/test/support/vm/openldap/README.md index 9b37ed5e..e8b9ff92 100644 --- a/test/support/vm/openldap/README.md +++ b/test/support/vm/openldap/README.md @@ -34,6 +34,9 @@ $ ip=$(vagrant ssh -- "ifconfig eth1 | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+\.[0-9] # change back to root project directory $ cd ../../../.. +# set the TCP port for testing +$ export INTEGRATION_PORT=9389 + # run all tests, including integration tests $ time INTEGRATION=openldap INTEGRATION_HOST=$ip bundle exec rake From 19f9c7da13c937d27405609686f51213eccef8fb Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Tue, 23 Aug 2016 00:09:32 -0700 Subject: [PATCH 124/146] more no-merge-default-opts tests, done properly --- test/integration/test_bind.rb | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index 5ba5237e..55979e6b 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -95,6 +95,22 @@ def test_bind_tls_with_bad_hostname_ca_default_opt_merge_fails ) end + def test_bind_tls_with_bad_hostname_ca_no_opt_merge_fails + @ldap.host = '127.0.0.1' + @ldap.encryption( + method: :start_tls, + tls_options: { ca_file: CA_FILE }, + ) + error = assert_raise Net::LDAP::Error, + Net::LDAP::ConnectionRefusedError do + @ldap.bind BIND_CREDS + end + assert_equal( + "hostname \"#{@ldap.host}\" does not match the server certificate", + error.message, + ) + end + def test_bind_tls_with_valid_hostname_default_opts_passes @ldap.host = 'localhost' @ldap.encryption( @@ -164,7 +180,7 @@ def test_bind_tls_with_multiple_bogus_hosts_no_verification @ldap.get_operation_result.inspect end - def test_bind_tls_with_multiple_bogus_hosts_ca_check_only + def test_bind_tls_with_multiple_bogus_hosts_ca_check_only_fails omit_unless ENV['TRAVIS'] == 'true' @ldap.host = nil @@ -173,7 +189,11 @@ def test_bind_tls_with_multiple_bogus_hosts_ca_check_only method: :start_tls, tls_options: { ca_file: CA_FILE }, ) - assert @ldap.bind(BIND_CREDS), - @ldap.get_operation_result.inspect + error = assert_raise Net::LDAP::Error, + Net::LDAP::ConnectionError do + @ldap.bind BIND_CREDS + end + assert_equal("Unable to connect to any given server: ", + error.message.split("\n").shift) end end From 3c18b1e438fd566ee3b25a781dbb7818bcf38d4b Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Tue, 23 Aug 2016 15:39:05 -0700 Subject: [PATCH 125/146] more docs about vagrant setup --- test/support/vm/openldap/README.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/test/support/vm/openldap/README.md b/test/support/vm/openldap/README.md index e8b9ff92..f79f4dc6 100644 --- a/test/support/vm/openldap/README.md +++ b/test/support/vm/openldap/README.md @@ -8,7 +8,9 @@ goes away when you run `vagrant destroy`. ## Install Vagrant *NOTE*: The Vagrant gem (`gem install vagrant`) is -[no longer supported](https://www.vagrantup.com/docs/installation/) +[no longer supported](https://www.vagrantup.com/docs/installation/). If you've +previously installed it, run `gem uninstall vagrant`. If you're an rbenv +user, you probably want to follow that up with `rbenv rehash; hash -r`. If you use Homebrew on macOS: ``` bash @@ -16,10 +18,12 @@ $ brew update $ brew cask install virtualbox $ brew cask install vagrant $ brew cask install vagrant-manager +$ vagrant plugin install vagrant-vbguest ``` Installing Vagrant and virtualbox on other operating systems is left -as an exercise to the reader. +as an exercise to the reader. Note the `vagrant-vbguest` plugin is required +to update the VirtualBox guest extensions in the guest VM image. ## Run the tests @@ -54,3 +58,7 @@ $ time bundle exec rake $ cd test/support/vm/openldap $ vagrant destroy ``` + +If at any point your VM appears to have broken itself, `vagrant destroy` +from the `test/support/vm/openldap` directory will blow it away. You can +then do `vagrant up` and start over. From 0f51b5680c273bc19d751ed7cdd87d3c30eedfce Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Tue, 23 Aug 2016 16:04:59 -0700 Subject: [PATCH 126/146] add script to generate fixture --- script/generate-fixture-ca | 48 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100755 script/generate-fixture-ca diff --git a/script/generate-fixture-ca b/script/generate-fixture-ca new file mode 100755 index 00000000..89eb3d8d --- /dev/null +++ b/script/generate-fixture-ca @@ -0,0 +1,48 @@ +#!/bin/bash + +BASE_PATH=$( cd "`dirname $0`/../test/fixtures/ca" && pwd ) +cd "${BASE_PATH}" || exit 4 + +USAGE=$( cat << EOS +Usage: + $0 --regenerate + +Generates a new self-signed CA, for integration testing. This should only need +to be run if you are writing new TLS/SSL tests, and need to generate +additional fixtuer CAs. + +This script uses the GnuTLS certtool CLI. If you are on macOS, +'brew install gnutls', and it will be installed as 'gnutls-certtool'. +Apple unfortunately ships with an incompatible /usr/bin/certtool that does +different things. +EOS +) + +if [ "x$1" != 'x--regenerate' ]; then + echo "${USAGE}" + exit 1 +fi + +TOOL=`type -p certtool` +if [ "$(uname)" = "Darwin" ]; then + TOOL=`type -p gnutls-certtool` + if [ ! -x "${TOOL}" ]; then + echo "Sorry, Darwin requires gnutls-certtool; try `brew install gnutls`" + exit 2 + fi +fi + +if [ ! -x "${TOOL}" ]; then + echo "Sorry, no certtool found!" + exit 3 +fi +export TOOL + + +${TOOL} --generate-privkey > ./cakey.pem +${TOOL} --generate-self-signed \ + --load-privkey ./cakey.pem \ + --template ./ca.info \ + --outfile ./cacert.pem + +echo "cert and private key generated! Don't forget to check them in" From 02a29ea52651918ef1d37af34b1e41d90042209f Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Tue, 23 Aug 2016 16:05:20 -0700 Subject: [PATCH 127/146] use script-generated fixture CA --- test/fixtures/ca/cacert.pem | 38 ++++--- test/fixtures/ca/cakey.pem | 213 +++++++++++++++++++++++++++++++----- 2 files changed, 210 insertions(+), 41 deletions(-) diff --git a/test/fixtures/ca/cacert.pem b/test/fixtures/ca/cacert.pem index c4f5b0fc..0218dd8a 100644 --- a/test/fixtures/ca/cacert.pem +++ b/test/fixtures/ca/cacert.pem @@ -1,18 +1,24 @@ -----BEGIN CERTIFICATE----- -MIIC7zCCAdegAwIBAgIMV7ur2wQbbBBUX/gBMA0GCSqGSIb3DQEBCwUAMBMxETAP -BgNVBAMTCHJ1YnlsZGFwMB4XDTE2MDgyMzAxNTAxOVoXDTM2MDUxMDAxNTAxOVow -EzERMA8GA1UEAxMIcnVieWxkYXAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK -AoIBAQDIXIIUk/PJ8UnmthzX1ZC5pej7qwQDILA/o4/EkU1rBfGkHNhJihzOoW+1 -QjixcxjVM8pZXM0+bkOr/UY4ymqQnnW7a8U6Rc1+4Mhz7jKtjChfjWkAX857alL7 -2F5M1pUBvQ1WdXXFOwO0vyDT54UzkFMr/lvKXrd4/kNJYQE87+B0igICEDocFLO3 -SchtH0YpSzE80b0Fn1O1noS3LU9Eo+XsMoBMHVVrKOb/Yzs5Z1hfPrHOpB+z3VTe -4/LcbbcMoc20Ypjq+kamuYo6uGoy0lzgmgwQgJtmxl8EhsIrZuUw80yJZqi3bLht -8UZbVM1dV1/Hh7danmlWqZnI579FAgMBAAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8w -DwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4EFgQUZ4HlXJgf2tIxLhDOB07SC200XG8w -DQYJKoZIhvcNAQELBQADggEBAIee6oT01p6e300scQTo/VPELf14ebrZXDqtJ7HR -egHZRrSzyQgxnnyFfoazG9bmgX/xgDvH8CxW4Q7OHH2ybGA5z2FfK+uSAjKHPR2y -8EjAKfQUDo0CBlcU0otvk8KhyNmu3sbCO6QGlnDDnWo78UDOdfeflvCp4HH+wdnU -ZSKTxaJe7BbBPMm6VZGhqa4O7MOOiupcGUt0emsyA1mVixkhr+6/aO2FLdiXwclX -GhYBZg5xxbM5Hn8LbjfRsaqCjBpOXLKnuUGDQSQj1TtRFzRuiGU4tHpoBnQGCYNa -bhFP7hjfwcjKUSizHM89KugrVgpnDh6oKn+xrhSdcKTmlag= +MIID7zCCAlegAwIBAgIMV7zWei6SNfABx6jMMA0GCSqGSIb3DQEBCwUAMBMxETAP +BgNVBAMTCHJ1YnlsZGFwMB4XDTE2MDgyMzIzMDQyNloXDTM2MDUxMDIzMDQyNlow +EzERMA8GA1UEAxMIcnVieWxkYXAwggGiMA0GCSqGSIb3DQEBAQUAA4IBjwAwggGK +AoIBgQDGe9wziGHZJhIf+IEKSk1tpT9Mu7YgsUwjrlutvkoO1Q6K+amTAVDXizPf +1DVSDpZP5+CfBOznhgLMsPvrQ02w4qx5/6X9L+zJcMk8jTNYSKj5uIKpK52E7Uok +aygMXeaqroPONGkoJIZiVGgdbWfTvcffTm8FOhztXUbMrMXJNinFsocGHEoMNN8b +vqgAyG4+DFHoK4L0c6eQjE4nZBChieZdShUhaBpV7r2qSNbPw67cvAKuEzml58mV +1ZF1F73Ua8gPWXHEfUe2GEfG0NnRq6sGbsDYe/DIKxC7AZ89udZF3WZXNrPhvXKj +ZT7njwcMQemns4dNPQ0k2V4vAQ8pD8r8Qvb65FiSopUhVaGQswAnIMS1DnFq88AQ +KJTKIXbBuMwuaNNSs6R/qTS2RDk1w+CGpRXAg7+1SX5NKdrEsu1IaABA/tQ/zKKk +OLLJaD0giX1weBVmNeFcKxIoT34VS59eEt5APmPcguJnx+aBrA9TLzSO788apBN0 +4lGAmR0CAwEAAaNDMEEwDwYDVR0TAQH/BAUwAwEB/zAPBgNVHQ8BAf8EBQMDBwQA +MB0GA1UdDgQWBBRTvXSkge03oqLu7UUjFI+oLYwnujANBgkqhkiG9w0BAQsFAAOC +AYEATSZQWH+uSN5GvOUvJ8LHWkeVovn0UhboK0K7GzmMeGz+dp/Xrj6eQ4ONK0zI +RCJyoo/nCR7CfQ5ujVXr03XD2SUgyD565ulXuhw336DasL5//fucmQYDeqhwbKML +FTzsF9H9dO4J5TjxJs7e5dRJ0wrP/XEY+WFhXXdSHTl8vGCI6QqWc7TvDpmbS4iX +uTzjJswu9Murt9JUJNMN2DlDi/vBBeruaj4c2cMMnKMvkfj14kd8wMocmzj+gVQl +r+fRQbKAJNec65lA4/Zeb6sD9SAi0ZIVgxA4a7g8/sdNWHIAxPicpJkIJf30TsyY +F+8+Hd5mBtCbvFfAVkT6bHBP1OiAgNke+Rh/j/sQbyWbKCKw0+jpFJgO9KUNGfC0 +O/CqX+J4G7HqL8VJqrLnBvOdhfetAvNQtf1gcw5ZwpeEFM+Kvx/lsILaIYdAUSjX +ePOc5gI2Bi9WXq+T9AuhSf+TWUR874m/rdTWe5fM8mXCNl7C4I5zCqLltEDkSoMP +jDj/ -----END CERTIFICATE----- diff --git a/test/fixtures/ca/cakey.pem b/test/fixtures/ca/cakey.pem index 325f36c7..d75ab299 100644 --- a/test/fixtures/ca/cakey.pem +++ b/test/fixtures/ca/cakey.pem @@ -1,27 +1,190 @@ +Public Key Info: + Public Key Algorithm: RSA + Key Security Level: High (3072 bits) + +modulus: + 00:c6:7b:dc:33:88:61:d9:26:12:1f:f8:81:0a:4a:4d + 6d:a5:3f:4c:bb:b6:20:b1:4c:23:ae:5b:ad:be:4a:0e + d5:0e:8a:f9:a9:93:01:50:d7:8b:33:df:d4:35:52:0e + 96:4f:e7:e0:9f:04:ec:e7:86:02:cc:b0:fb:eb:43:4d + b0:e2:ac:79:ff:a5:fd:2f:ec:c9:70:c9:3c:8d:33:58 + 48:a8:f9:b8:82:a9:2b:9d:84:ed:4a:24:6b:28:0c:5d + e6:aa:ae:83:ce:34:69:28:24:86:62:54:68:1d:6d:67 + d3:bd:c7:df:4e:6f:05:3a:1c:ed:5d:46:cc:ac:c5:c9 + 36:29:c5:b2:87:06:1c:4a:0c:34:df:1b:be:a8:00:c8 + 6e:3e:0c:51:e8:2b:82:f4:73:a7:90:8c:4e:27:64:10 + a1:89:e6:5d:4a:15:21:68:1a:55:ee:bd:aa:48:d6:cf + c3:ae:dc:bc:02:ae:13:39:a5:e7:c9:95:d5:91:75:17 + bd:d4:6b:c8:0f:59:71:c4:7d:47:b6:18:47:c6:d0:d9 + d1:ab:ab:06:6e:c0:d8:7b:f0:c8:2b:10:bb:01:9f:3d + b9:d6:45:dd:66:57:36:b3:e1:bd:72:a3:65:3e:e7:8f + 07:0c:41:e9:a7:b3:87:4d:3d:0d:24:d9:5e:2f:01:0f + 29:0f:ca:fc:42:f6:fa:e4:58:92:a2:95:21:55:a1:90 + b3:00:27:20:c4:b5:0e:71:6a:f3:c0:10:28:94:ca:21 + 76:c1:b8:cc:2e:68:d3:52:b3:a4:7f:a9:34:b6:44:39 + 35:c3:e0:86:a5:15:c0:83:bf:b5:49:7e:4d:29:da:c4 + b2:ed:48:68:00:40:fe:d4:3f:cc:a2:a4:38:b2:c9:68 + 3d:20:89:7d:70:78:15:66:35:e1:5c:2b:12:28:4f:7e + 15:4b:9f:5e:12:de:40:3e:63:dc:82:e2:67:c7:e6:81 + ac:0f:53:2f:34:8e:ef:cf:1a:a4:13:74:e2:51:80:99 + 1d: + +public exponent: + 01:00:01: + +private exponent: + 1d:0d:9a:50:ec:c0:ad:e1:75:bb:ba:4b:61:2f:39:20 + 38:95:08:6d:5d:9e:71:75:5c:af:b3:f9:bd:a5:e7:7f + e6:4e:0f:77:73:ee:38:60:24:9f:26:3f:50:c2:bf:21 + df:76:68:99:be:45:d3:29:f9:94:ee:bf:21:53:cb:b6 + 7d:a7:93:80:09:53:03:45:dc:c2:a6:a2:37:64:f1:a2 + 49:21:ac:91:6b:a3:d7:bd:d2:62:0c:ec:a6:83:10:e7 + a7:ca:3d:be:dc:4b:1c:36:24:79:96:33:5b:43:5d:74 + 50:0e:46:b0:9b:6d:9f:71:06:89:a5:c8:65:ed:d9:a3 + 15:00:3c:3e:a9:75:50:9d:72:cb:c9:aa:e1:ba:a3:9c + 07:77:14:32:30:d4:4d:65:f4:7c:23:1d:79:84:9b:2e + 9a:19:df:43:ed:cd:e3:08:1f:d5:ff:6b:42:98:36:f7 + 44:cc:48:b4:f7:b8:16:b3:23:37:8d:b8:22:3f:8a:86 + db:71:b3:85:2d:6d:42:44:b7:dc:c1:36:e0:c4:0f:fe + cb:76:84:81:e2:83:f5:82:76:a9:7b:35:d5:44:00:d1 + 1a:fc:ef:b9:a4:2b:62:aa:f8:56:eb:60:e5:16:33:f1 + 28:e1:da:91:50:e3:a4:c7:d6:30:21:cf:04:07:cd:8c + b6:9e:b0:a7:6c:96:57:2e:09:5b:39:26:d0:60:be:e3 + 90:59:a3:8e:e7:6e:3f:62:7e:b4:2a:e1:8f:00:37:7a + 83:9e:7a:9c:d2:ae:ba:50:84:73:65:3a:64:95:d8:48 + f9:fd:0e:c3:5b:6e:08:3b:c5:c9:1c:29:55:bb:67:e8 + fa:50:40:30:2a:d1:b7:cf:54:a8:f0:f0:76:89:ad:19 + e7:a0:3a:56:6c:75:c5:bc:d8:46:ce:1e:66:f2:61:96 + 11:e4:57:cc:52:ff:e4:ed:6b:2c:ce:78:15:ba:b7:ed + 31:f2:68:88:79:bf:7c:29:3c:2f:66:71:0b:09:b7:41 + + +prime1: + 00:fd:c2:37:b9:6f:77:88:51:a2:f7:4f:c2:3c:a4:57 + bf:ba:71:14:f3:61:f4:39:78:22:3d:bc:d8:d2:4e:c0 + 4b:9e:c2:6d:38:a8:21:e2:70:1a:96:48:95:18:85:01 + 46:fb:62:a4:81:09:f8:2a:3a:87:78:07:5d:93:54:ce + 2a:51:b3:51:6f:61:0a:2e:9d:b0:51:37:e3:13:bd:81 + 23:2b:61:53:fa:ac:08:dc:a0:e6:63:a3:b0:cc:cf:73 + 1d:65:b7:11:bc:29:70:fb:72:ea:63:9d:67:02:d6:35 + 24:13:1d:bc:72:fb:9e:3d:ab:0b:57:6e:bd:a1:51:56 + f9:bc:96:15:74:a3:31:16:c6:b8:98:1b:0a:a2:59:7c + c8:b7:14:b8:5b:f3:2e:26:b4:f0:46:c4:3d:27:dd:41 + 31:52:a7:15:a8:af:6a:98:a5:9c:20:17:f9:1d:54:54 + ff:10:91:a3:a5:ca:ac:63:e7:16:2b:71:3c:3a:cd:4f + ed: + +prime2: + 00:c8:3c:a8:9f:8a:db:42:b5:8d:cf:2a:a1:2f:e5:73 + 05:de:30:d8:17:b9:5c:9d:08:60:02:c9:66:9d:88:50 + ac:cd:0f:b5:47:b4:a8:73:3b:7d:65:79:bf:4c:6f:d0 + e2:03:ed:d4:28:4e:00:07:23:00:01:4f:05:de:9b:44 + 1a:84:ae:09:4a:d6:ed:61:5d:77:e2:fa:13:99:4c:b7 + 76:72:3d:f8:53:93:69:78:e8:bd:26:cb:b0:f9:01:f4 + 1d:20:4f:60:f5:ab:3c:19:85:73:34:f3:ec:d2:67:ef + 56:b8:5d:93:73:8e:d9:3e:28:ff:87:f5:4a:26:fa:b1 + ae:c6:d3:9d:03:e3:fd:c2:24:48:af:85:2a:8e:3b:5b + 93:07:38:91:21:ae:49:cb:6d:e3:30:81:15:ed:65:eb + dc:01:df:3b:9d:43:fd:a6:e1:df:ef:ad:22:42:34:f1 + 3f:81:5e:57:0a:e0:56:94:f2:2a:00:d0:cc:c5:50:67 + f1: + +coefficient: + 00:bd:23:8c:2e:a7:7b:6b:1e:85:77:db:7d:77:f6:e5 + b0:15:c6:e1:9e:35:57:72:df:35:6d:93:89:7f:83:9f + 63:7f:08:0a:b3:d4:ba:63:9b:10:7f:0f:d3:55:e9:38 + cf:90:37:3d:85:3d:a7:97:8c:33:f2:c2:b1:38:2b:db + 39:ca:a8:d0:23:d7:89:cc:8d:02:7d:61:9b:b6:04:69 + 14:e8:c9:84:34:36:6c:fb:84:58:cc:9a:53:74:a4:42 + bd:1d:25:1b:ba:82:c0:fb:23:2c:90:bb:35:4b:5b:b0 + 98:d0:ab:9d:61:6e:ea:e8:84:e7:a7:6c:ae:1b:2c:00 + cb:0f:1a:f8:e2:7c:fd:42:1a:e2:13:52:c7:50:fa:65 + c9:5f:ed:40:a8:7f:46:0e:ce:f6:56:83:6f:0e:8e:39 + f8:33:5f:83:de:be:be:ef:8c:66:ad:16:c8:ec:98:d4 + b2:b2:55:66:a2:9e:27:6a:84:f1:31:07:e8:bf:a7:a7 + bd: + +exp1: + 00:b6:50:0c:53:19:07:8b:14:03:fe:a4:fa:0b:31:93 + ad:b7:18:b9:91:a6:c5:9d:68:77:49:5d:dd:75:33:89 + 2a:8b:54:6a:be:32:e5:ad:57:17:72:f3:90:d2:fd:f4 + 0d:f8:5c:45:8e:44:08:5c:e6:92:1f:a5:43:10:af:f4 + 33:29:61:a8:d7:59:a3:c4:1c:1c:ea:2d:39:e3:1b:da + a4:d6:ec:e5:36:0a:d5:8f:15:b6:90:cd:b1:1f:64:c7 + f2:cd:fa:3a:2e:b2:a3:6e:b4:80:3b:b3:81:a7:e3:18 + 68:e3:a7:10:96:97:ba:77:d9:e4:9b:1b:7f:f8:5f:85 + 1a:85:e8:5a:5f:e3:43:48:76:db:76:c4:ae:de:37:66 + d4:99:dc:b4:1b:b3:da:6b:8a:c1:ba:46:11:1e:0b:f3 + 63:a9:5b:4b:cf:56:c0:42:0d:71:df:08:fa:3c:9d:33 + 37:d1:c2:a1:0d:63:50:79:b2:34:16:60:13:82:b7:b1 + 7d: + +exp2: + 00:98:38:2c:c4:24:4e:2c:b7:52:17:a4:43:a6:e2:99 + ff:62:fa:e4:bb:9c:49:40:83:66:61:97:f3:af:5c:3a + 60:32:ff:77:03:0c:de:65:c3:5a:bf:72:bf:2f:7f:6d + 5e:f4:37:af:69:f8:69:e3:03:03:74:fb:3a:ee:10:40 + c4:9c:0a:a5:bb:c4:09:ef:53:9b:d8:eb:dd:4c:53:da + c0:6b:76:9a:ba:06:3d:4f:12:37:01:30:25:d8:16:59 + 1a:6f:3e:88:ea:19:83:75:af:52:76:75:dc:99:d3:33 + 4a:4c:9b:ae:85:51:99:ea:bc:46:0d:78:36:27:cd:ba + 97:b0:44:9c:7f:a1:a9:7e:16:11:3f:85:4f:65:92:d0 + 39:c4:6a:87:42:00:79:ce:f1:39:9d:dc:f3:eb:65:e8 + d8:76:7f:da:94:e2:64:08:a2:7b:97:7b:99:a8:95:10 + b5:03:46:d1:8a:ce:22:63:d6:78:81:e8:39:52:e2:9e + 31: + + +Public Key ID: 53:BD:74:A4:81:ED:37:A2:A2:EE:ED:45:23:14:8F:A8:2D:8C:27:BA +Public key's random art: ++--[ RSA 3072]----+ +| . o. . | +| . +...+ | +| . o o.+ . | +| o o . . .ooo | +| o = . S o..o . | +| . o . .+.. | +|. . .. | +| . .. . | +|E oo.o | ++-----------------+ + -----BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAyFyCFJPzyfFJ5rYc19WQuaXo+6sEAyCwP6OPxJFNawXxpBzY -SYoczqFvtUI4sXMY1TPKWVzNPm5Dq/1GOMpqkJ51u2vFOkXNfuDIc+4yrYwoX41p -AF/Oe2pS+9heTNaVAb0NVnV1xTsDtL8g0+eFM5BTK/5byl63eP5DSWEBPO/gdIoC -AhA6HBSzt0nIbR9GKUsxPNG9BZ9TtZ6Ety1PRKPl7DKATB1Vayjm/2M7OWdYXz6x -zqQfs91U3uPy3G23DKHNtGKY6vpGprmKOrhqMtJc4JoMEICbZsZfBIbCK2blMPNM -iWaot2y4bfFGW1TNXVdfx4e3Wp5pVqmZyOe/RQIDAQABAoIBAALhQYVmMwTeEP/d -8kAv86qXdefYJ3CcEax4f2KF7CTzqut+9qTn9U4LB/4E+6ehTeQSoH/0U4boMtTQ -CShb0HhPrsWI4QbbZf7C4F66N8RC1Xm6IJ4+wksH1jWEgKZ+Fxo1S3HIsm6pUH5S -mPgyxbleA7QILe2UuvJkRTdSy5/ClGROTXAZfA7NE/yL+cUjAOyQfxs/SxcMwnxK -phGZaAfYRpvExtRO9CAdlmkC9RgYWOdC/r7wHehpY7fi/FqBd46w+AV3ougKGt9r -yOEcXVrJRQtDR5UWivUOs34MCPQa2T+XHn/WLgeWE6bNaw5SyLr4oolb10Iue+Hw -v23W5oECgYEA7rEE7/6rTkHodVI9wrYg007WDQmeR6Y0gwiX6oGQpftXExfHjHio -yr0qwbL/UOFkWfJ8ORNXa6hHIDfxI2Kkg7vgt8SaLK8c0zhszJpcYmAx63Kk+BUO -/S863Ptz28rGmXJxjo5GYUHR7rjvRefauV6SSUo9rbocFcyeV/UlXpUCgYEA1uPx -TSXt2MBRiGp+E4tNPj+16QaF+4ety3+a4vlsY2ALejkjC3I5Lf1s4b0SW6eEn/U2 -PYFzm3FqsDqYhSas64b2s3Cw8x2yQ7rCD3SKGoiJqUSPwLkZjgUXC1gDaMkJXzEX -L9yBEBVfNRYCCk4EY/Wz1C5gJ4PFtLb8NbXGofECgYEAr506PsEmlItVVoxNuGZ7 -vDxyrGD5PUoBtK6r5vOw0w4bQIbsYGOd/Jw1SxJBWuaaCLupveyHE0RaIFBIcHpx -BCNE8LALpvinwpfvJJIlipOv5sUQrx3/SzRmoJO46GtGtztGZVY0XfYpWPRjxxER -EfWMt7ORsbIOW9OSZLCO8AkCgYA1c/HcDOlDF2OwmTzPQ8FtEJABbPv6+18B1bYD -a6PIfGWee4P6HumWRQnGhS+B2QOmfmqFliPZsLanK4ww4tP0qlfHfuqlLufe7R/E -lGqd+wSzNDjF6cUvjJiU28nNUOSh5yYrY6A/DfHm1JihU5LIAqA+0WJdseuF7laC -TbshIQKBgGhwjXS/A0twYMTZwc/H/JGik8yBXK/GZ4BAlIv5hryRmKMbik8sLtEF -Lq/Jt9qsQ6Zob2XZFAi+vZJykvX0ySxngHEOkiHxwyQNQTEfBPifFPkOIKhVKt9t -D4w2FfF4Bai36Wdaa97VXiBBgafIe7z5VDJXRS2HK9SHuYH3kmJu +MIIG5QIBAAKCAYEAxnvcM4hh2SYSH/iBCkpNbaU/TLu2ILFMI65brb5KDtUOivmp +kwFQ14sz39Q1Ug6WT+fgnwTs54YCzLD760NNsOKsef+l/S/syXDJPI0zWEio+biC +qSudhO1KJGsoDF3mqq6DzjRpKCSGYlRoHW1n073H305vBToc7V1GzKzFyTYpxbKH +BhxKDDTfG76oAMhuPgxR6CuC9HOnkIxOJ2QQoYnmXUoVIWgaVe69qkjWz8Ou3LwC +rhM5pefJldWRdRe91GvID1lxxH1HthhHxtDZ0aurBm7A2HvwyCsQuwGfPbnWRd1m +Vzaz4b1yo2U+548HDEHpp7OHTT0NJNleLwEPKQ/K/EL2+uRYkqKVIVWhkLMAJyDE +tQ5xavPAECiUyiF2wbjMLmjTUrOkf6k0tkQ5NcPghqUVwIO/tUl+TSnaxLLtSGgA +QP7UP8yipDiyyWg9IIl9cHgVZjXhXCsSKE9+FUufXhLeQD5j3ILiZ8fmgawPUy80 +ju/PGqQTdOJRgJkdAgMBAAECggGAHQ2aUOzAreF1u7pLYS85IDiVCG1dnnF1XK+z ++b2l53/mTg93c+44YCSfJj9Qwr8h33Zomb5F0yn5lO6/IVPLtn2nk4AJUwNF3MKm +ojdk8aJJIayRa6PXvdJiDOymgxDnp8o9vtxLHDYkeZYzW0NddFAORrCbbZ9xBoml +yGXt2aMVADw+qXVQnXLLyarhuqOcB3cUMjDUTWX0fCMdeYSbLpoZ30PtzeMIH9X/ +a0KYNvdEzEi097gWsyM3jbgiP4qG23GzhS1tQkS33ME24MQP/st2hIHig/WCdql7 +NdVEANEa/O+5pCtiqvhW62DlFjPxKOHakVDjpMfWMCHPBAfNjLaesKdsllcuCVs5 +JtBgvuOQWaOO524/Yn60KuGPADd6g556nNKuulCEc2U6ZJXYSPn9DsNbbgg7xckc +KVW7Z+j6UEAwKtG3z1So8PB2ia0Z56A6Vmx1xbzYRs4eZvJhlhHkV8xS/+TtayzO +eBW6t+0x8miIeb98KTwvZnELCbdBAoHBAP3CN7lvd4hRovdPwjykV7+6cRTzYfQ5 +eCI9vNjSTsBLnsJtOKgh4nAalkiVGIUBRvtipIEJ+Co6h3gHXZNUzipRs1FvYQou +nbBRN+MTvYEjK2FT+qwI3KDmY6OwzM9zHWW3EbwpcPty6mOdZwLWNSQTHbxy+549 +qwtXbr2hUVb5vJYVdKMxFsa4mBsKoll8yLcUuFvzLia08EbEPSfdQTFSpxWor2qY +pZwgF/kdVFT/EJGjpcqsY+cWK3E8Os1P7QKBwQDIPKifittCtY3PKqEv5XMF3jDY +F7lcnQhgAslmnYhQrM0PtUe0qHM7fWV5v0xv0OID7dQoTgAHIwABTwXem0QahK4J +StbtYV134voTmUy3dnI9+FOTaXjovSbLsPkB9B0gT2D1qzwZhXM08+zSZ+9WuF2T +c47ZPij/h/VKJvqxrsbTnQPj/cIkSK+FKo47W5MHOJEhrknLbeMwgRXtZevcAd87 +nUP9puHf760iQjTxP4FeVwrgVpTyKgDQzMVQZ/ECgcEAtlAMUxkHixQD/qT6CzGT +rbcYuZGmxZ1od0ld3XUziSqLVGq+MuWtVxdy85DS/fQN+FxFjkQIXOaSH6VDEK/0 +MylhqNdZo8QcHOotOeMb2qTW7OU2CtWPFbaQzbEfZMfyzfo6LrKjbrSAO7OBp+MY +aOOnEJaXunfZ5Jsbf/hfhRqF6Fpf40NIdtt2xK7eN2bUmdy0G7Paa4rBukYRHgvz +Y6lbS89WwEINcd8I+jydMzfRwqENY1B5sjQWYBOCt7F9AoHBAJg4LMQkTiy3Uhek +Q6bimf9i+uS7nElAg2Zhl/OvXDpgMv93AwzeZcNav3K/L39tXvQ3r2n4aeMDA3T7 +Ou4QQMScCqW7xAnvU5vY691MU9rAa3aaugY9TxI3ATAl2BZZGm8+iOoZg3WvUnZ1 +3JnTM0pMm66FUZnqvEYNeDYnzbqXsEScf6GpfhYRP4VPZZLQOcRqh0IAec7xOZ3c +8+tl6Nh2f9qU4mQIonuXe5molRC1A0bRis4iY9Z4geg5UuKeMQKBwQC9I4wup3tr +HoV323139uWwFcbhnjVXct81bZOJf4OfY38ICrPUumObEH8P01XpOM+QNz2FPaeX +jDPywrE4K9s5yqjQI9eJzI0CfWGbtgRpFOjJhDQ2bPuEWMyaU3SkQr0dJRu6gsD7 +IyyQuzVLW7CY0KudYW7q6ITnp2yuGywAyw8a+OJ8/UIa4hNSx1D6Zclf7UCof0YO +zvZWg28Ojjn4M1+D3r6+74xmrRbI7JjUsrJVZqKeJ2qE8TEH6L+np70= -----END RSA PRIVATE KEY----- From 7de633526b319d54d361265ac22e66bab492e709 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Tue, 23 Aug 2016 16:17:57 -0700 Subject: [PATCH 128/146] describe where fixture CA comes from; also indent --- script/install-openldap | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/script/install-openldap b/script/install-openldap index 83a09153..9eea3039 100755 --- a/script/install-openldap +++ b/script/install-openldap @@ -52,12 +52,10 @@ export CA_CERT="/etc/ssl/certs/cacert.pem" export CA_KEY="/etc/ssl/private/cakey.pem" export CA_INFO="/etc/ssl/ca.info" -# If you ever need to regenerate these... -# certtool --generate-privkey > /path/to/cakey.pem -# certtool --generate-self-signed \ -# --load-privkey /path/to/cakey.pem -# --template /path/to/ca.info -# --outfile /path/to/cacert.pem +# The self-signed fixture CA cert & key are generated by +# `script/generate-fiuxture-ca` and checked into version control. +# You shouldn't need to muck with these unless you're writing more +# TLS/SSL integration tests, and need special magic values in the cert. cp "${SEED_PATH}/ca/cacert.pem" "${CA_CERT}" cp "${SEED_PATH}/ca/cakey.pem" "${CA_KEY}" @@ -65,8 +63,8 @@ cp "${SEED_PATH}/ca/ca.info" "${CA_INFO}" # Make a private key for the server: certtool --generate-privkey \ ---bits 1024 \ ---outfile /etc/ssl/private/ldap01_slapd_key.pem + --bits 1024 \ + --outfile /etc/ssl/private/ldap01_slapd_key.pem sh -c "cat > /etc/ssl/ldap01.info < Date: Tue, 23 Aug 2016 16:21:52 -0700 Subject: [PATCH 129/146] linter quoting complaint --- script/install-openldap | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/script/install-openldap b/script/install-openldap index 9eea3039..22c4d856 100755 --- a/script/install-openldap +++ b/script/install-openldap @@ -2,8 +2,8 @@ set -e set -x -BASE_PATH="$( cd `dirname $0`/../test/fixtures/openldap && pwd )" -SEED_PATH="$( cd `dirname $0`/../test/fixtures && pwd )" +BASE_PATH=$( cd "`dirname $0`/../test/fixtures/openldap" && pwd ) +SEED_PATH=$( cd "`dirname $0`/../test/fixtures" && pwd ) dpkg -s slapd time ldap-utils gnutls-bin ssl-cert > /dev/null ||\ DEBIAN_FRONTEND=noninteractive apt-get update -y --force-yes && \ From 3aebc3d906d4817c5262765ccb0c1a3490a6e5d6 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Tue, 23 Aug 2016 17:02:25 -0700 Subject: [PATCH 130/146] test that no tls_options means we get the system CA bundle --- test/integration/test_bind.rb | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index 55979e6b..6c906487 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -133,6 +133,19 @@ def test_bind_tls_with_valid_hostname_just_verify_peer_ca_passes @ldap.get_operation_result.inspect end + def test_bind_tls_with_bogus_hostname_system_ca_fails + @ldap.host = '127.0.0.1' + @ldap.encryption(method: :start_tls, tls_options: {}) + error = assert_raise Net::LDAP::Error, + Net::LDAP::ConnectionRefusedError do + @ldap.bind BIND_CREDS + end + assert_equal( + "hostname \"#{@ldap.host}\" does not match the server certificate", + error.message, + ) + end + # The following depend on /etc/hosts hacking. # We can do that on CI, but it's less than cool on people's dev boxes def test_bind_tls_with_multiple_hosts @@ -196,4 +209,14 @@ def test_bind_tls_with_multiple_bogus_hosts_ca_check_only_fails assert_equal("Unable to connect to any given server: ", error.message.split("\n").shift) end + + # This test is CI-only because we can't add the fixture CA + # to the system CA store on people's dev boxes. + def test_bind_tls_valid_hostname_system_ca_on_travis_passes + omit_unless ENV['TRAVIS'] == 'true' + + @ldap.encryption(method: :start_tls, tls_options: {}) + assert @ldap.bind(BIND_CREDS), + @ldap.get_operation_result.inspect + end end From 4e5a8e7e0a52642a5e25ca75c99f8b322da35226 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Tue, 23 Aug 2016 17:48:34 -0700 Subject: [PATCH 131/146] improve system store tests --- test/integration/test_bind.rb | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index 6c906487..bd1281e2 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -215,8 +215,30 @@ def test_bind_tls_with_multiple_bogus_hosts_ca_check_only_fails def test_bind_tls_valid_hostname_system_ca_on_travis_passes omit_unless ENV['TRAVIS'] == 'true' - @ldap.encryption(method: :start_tls, tls_options: {}) + @ldap.encryption( + method: :start_tls, + tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER }, + ) assert @ldap.bind(BIND_CREDS), @ldap.get_operation_result.inspect end + + # Inverse of the above! Don't run this on Travis, only on Vagrant. + # Since Vagrant's hypervisor *won't* have the CA in the system + # x509 store, we can assume validation will fail + def test_bind_tls_valid_hostname_system_on_vagrant_fails + omit_if ENV['TRAVIS'] == 'true' + + @ldap.encryption( + method: :start_tls, + tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER }, + ) + error = assert_raise Net::LDAP::Error do + @ldap.bind BIND_CREDS + end + assert_equal( + "SSL_connect returned=1 errno=0 state=error: certificate verify failed", + error.message, + ) + end end From 0a8c09940a008fafba72337423cccb1ec97d8f60 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Tue, 23 Aug 2016 17:52:47 -0700 Subject: [PATCH 132/146] use default tls opts for validation --- test/integration/test_bind.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index bd1281e2..a3fecf3f 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -217,7 +217,7 @@ def test_bind_tls_valid_hostname_system_ca_on_travis_passes @ldap.encryption( method: :start_tls, - tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER }, + tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER), ) assert @ldap.bind(BIND_CREDS), @ldap.get_operation_result.inspect @@ -231,7 +231,7 @@ def test_bind_tls_valid_hostname_system_on_vagrant_fails @ldap.encryption( method: :start_tls, - tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER }, + tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER), ) error = assert_raise Net::LDAP::Error do @ldap.bind BIND_CREDS From 8ed4dca1f1db95dd6d264b733288d40e70cbc355 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Tue, 23 Aug 2016 18:17:18 -0700 Subject: [PATCH 133/146] properly add the fixture CA to CI system store --- script/install-openldap | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/script/install-openldap b/script/install-openldap index 22c4d856..77af4924 100755 --- a/script/install-openldap +++ b/script/install-openldap @@ -48,9 +48,8 @@ chown -R openldap.openldap /var/lib/ldap rm -rf $TMPDIR # SSL -export CA_CERT="/etc/ssl/certs/cacert.pem" -export CA_KEY="/etc/ssl/private/cakey.pem" -export CA_INFO="/etc/ssl/ca.info" +export CA_CERT="/usr/local/share/ca-certificates/rubyldap-ca.crt" +export CA_KEY="/etc/ssl/private/rubyldap-ca.key" # The self-signed fixture CA cert & key are generated by # `script/generate-fiuxture-ca` and checked into version control. @@ -59,7 +58,9 @@ export CA_INFO="/etc/ssl/ca.info" cp "${SEED_PATH}/ca/cacert.pem" "${CA_CERT}" cp "${SEED_PATH}/ca/cakey.pem" "${CA_KEY}" -cp "${SEED_PATH}/ca/ca.info" "${CA_INFO}" + +# actually add the fake CA to the system store +update-ca-certificates # Make a private key for the server: certtool --generate-privkey \ From efd354a83bcd8f13c89cd40ac7b694c06574f266 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Tue, 23 Aug 2016 18:51:56 -0700 Subject: [PATCH 134/146] names matter --- script/install-openldap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/install-openldap b/script/install-openldap index 77af4924..3e391d87 100755 --- a/script/install-openldap +++ b/script/install-openldap @@ -59,7 +59,7 @@ export CA_KEY="/etc/ssl/private/rubyldap-ca.key" cp "${SEED_PATH}/ca/cacert.pem" "${CA_CERT}" cp "${SEED_PATH}/ca/cakey.pem" "${CA_KEY}" -# actually add the fake CA to the system store +# actually add the fixture CA to the system store update-ca-certificates # Make a private key for the server: From 09262743e03e950cc6acb947765856de4c754909 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Tue, 23 Aug 2016 18:53:31 -0700 Subject: [PATCH 135/146] don't need the whole default hash for a verify? --- test/integration/test_bind.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/integration/test_bind.rb b/test/integration/test_bind.rb index a3fecf3f..bd1281e2 100644 --- a/test/integration/test_bind.rb +++ b/test/integration/test_bind.rb @@ -217,7 +217,7 @@ def test_bind_tls_valid_hostname_system_ca_on_travis_passes @ldap.encryption( method: :start_tls, - tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER), + tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER }, ) assert @ldap.bind(BIND_CREDS), @ldap.get_operation_result.inspect @@ -231,7 +231,7 @@ def test_bind_tls_valid_hostname_system_on_vagrant_fails @ldap.encryption( method: :start_tls, - tls_options: TLS_OPTS.merge(verify_mode: OpenSSL::SSL::VERIFY_PEER), + tls_options: { verify_mode: OpenSSL::SSL::VERIFY_PEER }, ) error = assert_raise Net::LDAP::Error do @ldap.bind BIND_CREDS From 72ba381853e71620e9a82071eff522a144dd10df Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Tue, 23 Aug 2016 19:36:37 -0700 Subject: [PATCH 136/146] add docs on how to actually validate an LDAP server cert --- lib/net/ldap.rb | 84 ++++++++++++++++++++++++++++--------------------- 1 file changed, 48 insertions(+), 36 deletions(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index a79d6c55..69440c90 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -476,61 +476,73 @@ def self.result2string(code) #:nodoc: # specify a treebase. If you give a treebase value in any particular # call to #search, that value will override any treebase value you give # here. + # * :force_no_page => Set to true to prevent paged results even if your + # server says it supports them. This is a fix for MS Active Directory + # * :instrumentation_service => An object responsible for instrumenting + # operations, compatible with ActiveSupport::Notifications' public API. # * :encryption => specifies the encryption to be used in communicating # with the LDAP server. The value must be a Hash containing additional # parameters, which consists of two keys: # method: - :simple_tls or :start_tls - # options: - Hash of options for that method + # tls_options: - Hash of options for that method # The :simple_tls encryption method encrypts all communications # with the LDAP server. It completely establishes SSL/TLS encryption with # the LDAP server before any LDAP-protocol data is exchanged. There is no # plaintext negotiation and no special encryption-request controls are # sent to the server. The :simple_tls option is the simplest, easiest # way to encrypt communications between Net::LDAP and LDAP servers. - # It's intended for cases where you have an implicit level of trust in the - # authenticity of the LDAP server. No validation of the LDAP server's SSL - # certificate is performed. This means that :simple_tls will not produce - # errors if the LDAP server's encryption certificate is not signed by a - # well-known Certification Authority. If you get communications or - # protocol errors when using this option, check with your LDAP server - # administrator. Pay particular attention to the TCP port you are - # connecting to. It's impossible for an LDAP server to support plaintext - # LDAP communications and simple TLS connections on the same port. - # The standard TCP port for unencrypted LDAP connections is 389, but the - # standard port for simple-TLS encrypted connections is 636. Be sure you - # are using the correct port. - # + # If you get communications or protocol errors when using this option, + # check with your LDAP server administrator. Pay particular attention + # to the TCP port you are connecting to. It's impossible for an LDAP + # server to support plaintext LDAP communications and simple TLS + # connections on the same port. The standard TCP port for unencrypted + # LDAP connections is 389, but the standard port for simple-TLS + # encrypted connections is 636. Be sure you are using the correct port. # The :start_tls like the :simple_tls encryption method also encrypts all # communcations with the LDAP server. With the exception that it operates # over the standard TCP port. # - # In order to verify certificates and enable other TLS options, the - # :tls_options hash can be passed alongside :simple_tls or :start_tls. - # This hash contains any options that can be passed to - # OpenSSL::SSL::SSLContext#set_params(). The most common options passed - # should be OpenSSL::SSL::SSLContext::DEFAULT_PARAMS, or the :ca_file option, - # which contains a path to a Certificate Authority file (PEM-encoded). - # - # Example for a default setup without custom settings: - # { - # :method => :simple_tls, - # :tls_options => OpenSSL::SSL::SSLContext::DEFAULT_PARAMS - # } + # To validate the LDAP server's certificate (a security must if you're + # talking over the public internet), you need to set :tls_options + # something like this... # - # Example for specifying a CA-File and only allowing TLSv1.1 connections: - # - # { - # :method => :start_tls, - # :tls_options => { :ca_file => "/etc/cafile.pem", :ssl_version => "TLSv1_1" } + # Net::LDAP.new( + # # ... set host, bind dn, etc ... + # encryption: { + # method: :simple_tls, + # tls_options: { OpenSSL::SSL::SSLContext::DEFAULT_PARAMS }, # } - # * :force_no_page => Set to true to prevent paged results even if your - # server says it supports them. This is a fix for MS Active Directory - # * :instrumentation_service => An object responsible for instrumenting - # operations, compatible with ActiveSupport::Notifications' public API. + # ) + # + # The above will use the operating system-provided store of CA + # certificates to validate your LDAP server's cert. + # If cert validation fails, it'll happen during the #bind + # whenever you first try to open a connection to the server. + # Those methods will throw Net::LDAP::ConnectionError with + # a message about certificate verify failing. If your + # LDAP server's certificate is signed by DigiCert, Comodo, etc., + # you're probably good. If you've got a self-signed cert but it's + # been added to the host's OS-maintained CA store (e.g. on Debian + # add foobar.crt to /usr/local/share/ca-certificates/ and run + # `update-ca-certificates`), then the cert should pass validation. + # To ignore the OS's CA store, put your CA in a PEM-encoded file and... + # + # encryption: { + # method: :simple_tls, + # tls_options: { ca_file: '/path/to/my-little-ca.pem', + # ssl_version: 'TLSv1_1' }, + # } + # + # As you might guess, the above example also fails the connection + # if the client can't negotiate TLS v1.1. + # tls_options is ultimately passed to OpenSSL::SSL::SSLContext#set_params + # For more details, see + # http://ruby-doc.org/stdlib-2.0.0/libdoc/openssl/rdoc/OpenSSL/SSL/SSLContext.html # # Instantiating a Net::LDAP object does not result in network # traffic to the LDAP server. It simply stores the connection and binding - # parameters in the object. + # parameters in the object. That's why Net::LDAP.new doesn't throw + # cert validation errors itself; #bind does instead. def initialize(args = {}) @host = args[:host] || DefaultHost @port = args[:port] || DefaultPort From 435332d8235960c0081f91784aeb2b33ad059e31 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Tue, 23 Aug 2016 19:58:24 -0700 Subject: [PATCH 137/146] whoops, DEFAULT_PARAMS is already a hash --- lib/net/ldap.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 69440c90..f7a98ef5 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -510,7 +510,7 @@ def self.result2string(code) #:nodoc: # # ... set host, bind dn, etc ... # encryption: { # method: :simple_tls, - # tls_options: { OpenSSL::SSL::SSLContext::DEFAULT_PARAMS }, + # tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS, # } # ) # From 5bcde6eb483deae5a7fe77d652593024fdd7e849 Mon Sep 17 00:00:00 2001 From: Tom Maher Date: Thu, 25 Aug 2016 19:51:16 -0700 Subject: [PATCH 138/146] MaxSaslChallenges => MAX_SASL_CHALLENGES, because it's a constant and Rubocop --- lib/net/ldap/auth_adapter/sasl.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/net/ldap/auth_adapter/sasl.rb b/lib/net/ldap/auth_adapter/sasl.rb index 0bfc701d..139e8593 100644 --- a/lib/net/ldap/auth_adapter/sasl.rb +++ b/lib/net/ldap/auth_adapter/sasl.rb @@ -4,7 +4,7 @@ module Net class LDAP class AuthAdapter class Sasl < Net::LDAP::AuthAdapter - MaxSaslChallenges = 10 + MAX_SASL_CHALLENGES = 10 #-- # Required parameters: :mechanism, :initial_credential and @@ -49,7 +49,7 @@ def bind(auth) end return pdu unless pdu.result_code == Net::LDAP::ResultCodeSaslBindInProgress - raise Net::LDAP::SASLChallengeOverflowError, "sasl-challenge overflow" if ((n += 1) > MaxSaslChallenges) + raise Net::LDAP::SASLChallengeOverflowError, "sasl-challenge overflow" if ((n += 1) > MAX_SASL_CHALLENGES) cred = chall.call(pdu.result_server_sasl_creds) end From 7a605f55adca268fe1cfa0d637ff8de0855b07c8 Mon Sep 17 00:00:00 2001 From: Jonas Weber Date: Wed, 18 May 2016 11:17:51 +0200 Subject: [PATCH 139/146] Send DN and newPassword with password_modify request --- lib/net/ldap/connection.rb | 10 +++++----- test/integration/test_password_modify.rb | 15 ++++++++++++++- 2 files changed, 19 insertions(+), 6 deletions(-) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 4f311748..15993113 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -593,11 +593,11 @@ def password_modify(args) ext_seq = [Net::LDAP::PasswdModifyOid.to_ber_contextspecific(0)] - unless args[:old_password].nil? - pwd_seq = [args[:old_password].to_ber(0x81)] - pwd_seq << args[:new_password].to_ber(0x82) unless args[:new_password].nil? - ext_seq << pwd_seq.to_ber_sequence.to_ber(0x81) - end + pwd_seq = [] + pwd_seq << dn.to_ber(0x80) + pwd_seq << args[:old_password].to_ber(0x81) unless args[:old_password].nil? + pwd_seq << args[:new_password].to_ber(0x82) unless args[:new_password].nil? + ext_seq << pwd_seq.to_ber_sequence.to_ber(0x81) request = ext_seq.to_ber_appsequence(Net::LDAP::PDU::ExtendedRequest) diff --git a/test/integration/test_password_modify.rb b/test/integration/test_password_modify.rb index 1f1c72a9..ed8d4f5b 100644 --- a/test/integration/test_password_modify.rb +++ b/test/integration/test_password_modify.rb @@ -3,7 +3,8 @@ class TestPasswordModifyIntegration < LDAPIntegrationTestCase def setup super - @ldap.authenticate 'cn=admin,dc=rubyldap,dc=com', 'passworD1' + @admin_account = {dn: 'cn=admin,dc=rubyldap,dc=com', password: 'passworD1', method: :simple} + @ldap.authenticate @admin_account[:dn], @admin_account[:password] @dn = 'uid=modify-password-user1,ou=People,dc=rubyldap,dc=com' @@ -74,6 +75,18 @@ def test_password_modify_generate_no_old_password 'New password should be valid' end + def test_password_modify_overwrite_old_password + assert @ldap.password_modify(dn: @dn, + auth: @admin_account, + new_password: 'passworD3') + + refute @ldap.bind(username: @dn, password: 'passworD1', method: :simple), + 'Old password should no longer be valid' + + assert @ldap.bind(username: @dn, password: 'passworD3', method: :simple), + 'New password should be valid' + end + def teardown @ldap.delete dn: @dn end From 50b6cbc701afd04475ef071f9f733d7b605af96b Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Fri, 24 Feb 2017 10:54:39 -0800 Subject: [PATCH 140/146] bump version --- lib/net/ldap/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/net/ldap/version.rb b/lib/net/ldap/version.rb index 7e80d4fd..3f3098e5 100644 --- a/lib/net/ldap/version.rb +++ b/lib/net/ldap/version.rb @@ -1,5 +1,5 @@ module Net class LDAP - VERSION = "0.15.0" + VERSION = "0.16.0" end end From 8466539b45357832af0d30042f135ad0d9fe2bbc Mon Sep 17 00:00:00 2001 From: Jerry Cheung Date: Fri, 24 Feb 2017 10:54:47 -0800 Subject: [PATCH 141/146] update history.rdoc --- History.rdoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/History.rdoc b/History.rdoc index dd69d07c..024cfc9b 100644 --- a/History.rdoc +++ b/History.rdoc @@ -1,3 +1,9 @@ +=== Net::LDAP 0.16.0 + +* Sasl fix {#281}[https://github.com/ruby-ldap/ruby-net-ldap/pull/281] +* enable TLS hostname validation {#279}[https://github.com/ruby-ldap/ruby-net-ldap/pull/279] +* update rubocop to 0.42.0 {#278}[https://github.com/ruby-ldap/ruby-net-ldap/pull/278] + === Net::LDAP 0.15.0 * Respect connect_timeout when establishing SSL connections {#273}[https://github.com/ruby-ldap/ruby-net-ldap/pull/273] From 61890b51e874eccc9e6d4e271cbaa6befed5809c Mon Sep 17 00:00:00 2001 From: Anuj Patel Date: Sat, 25 Mar 2017 13:35:40 -0700 Subject: [PATCH 142/146] Update filter.rb Fixed Exception: incompatible character encodings: ASCII-8BIT and UTF-8 The binary form of 5936AE79-664F-44EA-BCCB-5C39399514C6 triggers a BINARY -> UTF-8 conversion error --- lib/net/ldap/filter.rb | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/net/ldap/filter.rb b/lib/net/ldap/filter.rb index 7f418ae3..6f064488 100644 --- a/lib/net/ldap/filter.rb +++ b/lib/net/ldap/filter.rb @@ -645,8 +645,15 @@ def match(entry) ## # Converts escaped characters (e.g., "\\28") to unescaped characters + # @note slawson20170317: Don't attempt to unescape 16 byte binary data which we assume are objectGUIDs + # The binary form of 5936AE79-664F-44EA-BCCB-5C39399514C6 triggers a BINARY -> UTF-8 conversion error def unescape(right) - right.to_s.gsub(/\\([a-fA-F\d]{2})/) { [$1.hex].pack("U") } + right = right.to_s + if right.length == 16 && right.encoding == Encoding::BINARY + right + else + right.to_s.gsub(/\\([a-fA-F\d]{2})/) { [$1.hex].pack("U") } + end end private :unescape From eb6e48ad7b92254ae133e8a2175654668bf44f0e Mon Sep 17 00:00:00 2001 From: Matt Todd Date: Mon, 30 Oct 2017 21:54:50 -0400 Subject: [PATCH 143/146] Bump version --- lib/net/ldap/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/net/ldap/version.rb b/lib/net/ldap/version.rb index 3f3098e5..0a57d621 100644 --- a/lib/net/ldap/version.rb +++ b/lib/net/ldap/version.rb @@ -1,5 +1,5 @@ module Net class LDAP - VERSION = "0.16.0" + VERSION = "0.16.1" end end From 075ae5f086689059c91592ef7338a7cb5e4b5794 Mon Sep 17 00:00:00 2001 From: Matt Todd Date: Mon, 30 Oct 2017 21:56:51 -0400 Subject: [PATCH 144/146] Update changelog --- History.rdoc | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/History.rdoc b/History.rdoc index 024cfc9b..3fcc291b 100644 --- a/History.rdoc +++ b/History.rdoc @@ -1,3 +1,7 @@ +=== Net::LDAP 0.16.1 + +* Send DN and newPassword with password_modify request {#271}[https://github.com/ruby-ldap/ruby-net-ldap/pull/271] + === Net::LDAP 0.16.0 * Sasl fix {#281}[https://github.com/ruby-ldap/ruby-net-ldap/pull/281] From 258bf078b52d40f04a30e185cc75e11f7a658d89 Mon Sep 17 00:00:00 2001 From: Matt Todd Date: Tue, 31 Oct 2017 08:46:58 -0400 Subject: [PATCH 145/146] Release 0.16.1 From 07f64bdfb9da2abcfd0b77ee43c564e262a46fe3 Mon Sep 17 00:00:00 2001 From: Guilherme William Date: Tue, 15 May 2018 13:42:37 -0300 Subject: [PATCH 146/146] bugfix result_code on connection lost --- lib/net/ldap/connection.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/net/ldap/connection.rb b/lib/net/ldap/connection.rb index 61aacb53..b01984f4 100644 --- a/lib/net/ldap/connection.rb +++ b/lib/net/ldap/connection.rb @@ -467,6 +467,10 @@ def search(args = nil) end end + if result_pdu.nil? + raise Net::LDAP::ResponseMissingOrInvalidError, "response missing" + end + # count number of pages of results payload[:page_count] ||= 0 payload[:page_count] += 1