From 7438a2ab45b6aabfbcb1b078fc72419d7b0442ba Mon Sep 17 00:00:00 2001 From: Denis Knauf Date: Sat, 16 Mar 2013 13:10:02 +0100 Subject: [PATCH] One LdapError-class => Specific errors for every exception. --- lib/net/ldap.rb | 73 +++++++++++++++++++++++++++------------- lib/net/ldap/entry.rb | 2 +- lib/net/ldap/filter.rb | 16 ++++----- lib/net/ldap/password.rb | 2 +- test/test_filter.rb | 4 +-- 5 files changed, 62 insertions(+), 35 deletions(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index 680526d..559c9e3 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -244,6 +244,33 @@ class Net::LDAP VERSION = "0.4.0" class LdapError < StandardError; end + class AlreadyOpenedError < LdapError; end + class SocketError < LdapError; end + class ConnectionRefusedError < LdapError; end + class NoOpenSSLError < LdapError; end + class NoStartTLSResultError < LdapError; end + class StartTLSError < LdapError; end + class EncryptionUnsupportedError < LdapError; end + class EncMethodUnsupportedError < LdapError; end + class AuthMethodUnsupportedError < LdapError; end + class BindingInformationInvalidError < LdapError; end + class NoBindResultError < LdapError; end + class SASLChallengeOverflowError < LdapError; end + class SearchSizeInvalidError < LdapError; end + class SearchScopeInvalidError < LdapError; end + class ResponseTypeInvalidError < LdapError; end + class ResponseMissingOrInvalidError < LdapError; end + class EmptyDNError < LdapError; end + class HashTypeUnsupportedError < LdapError; end + class OperatorError < LdapError; end + class SubstringFilterError < LdapError; end + class SearchFilterError < LdapError; end + class BERInvalidError < LdapError; end + class SearchFilterTypeUnknownError < LdapError; end + class BadAttributeError < LdapError; end + class FilterTypeUnknownError < LdapError; end + class FilterSyntaxInvalidError < LdapError; end + class EntryOverflowError < LdapError; end SearchScope_BaseObject = 0 SearchScope_SingleLevel = 1 @@ -563,7 +590,7 @@ class Net::LDAP # anything with the bind results. We then pass self to the caller's # block, where he will execute his LDAP operations. Of course they will # all generate auth failures if the bind was unsuccessful. - raise Net::LDAP::LdapError, "Open already in progress" if @open_connection + raise Net::LDAP::AlreadyOpenedError, "Open already in progress" if @open_connection begin @open_connection = Net::LDAP::Connection.new(:host => @host, @@ -1134,9 +1161,9 @@ class Net::LDAP::Connection #:nodoc: begin @conn = TCPSocket.new(server[:host], server[:port]) rescue SocketError - raise Net::LDAP::LdapError, "No such address or other socket error." + raise Net::LDAP::SocketError, "No such address or other socket error." rescue Errno::ECONNREFUSED - raise Net::LDAP::LdapError, "Server #{server[:host]} refused connection on port #{server[:port]}." + raise Net::LDAP::ConnectionRefusedError, "Server #{server[:host]} refused connection on port #{server[:port]}." end if server[:encryption] @@ -1153,7 +1180,7 @@ class Net::LDAP::Connection #:nodoc: end def self.wrap_with_ssl(io) - raise Net::LDAP::LdapError, "OpenSSL is unavailable" unless Net::LDAP::HasOpenSSL + raise Net::LDAP::NoOpenSSLError, "OpenSSL is unavailable" unless Net::LDAP::HasOpenSSL ctx = OpenSSL::SSL::SSLContext.new conn = OpenSSL::SSL::SSLSocket.new(io, ctx) conn.connect @@ -1202,16 +1229,16 @@ class Net::LDAP::Connection #:nodoc: request_pkt = [msgid, request].to_ber_sequence @conn.write request_pkt be = @conn.read_ber(Net::LDAP::AsnSyntax) - raise Net::LDAP::LdapError, "no start_tls result" if be.nil? + raise Net::LDAP::NoStartTLSResultError, "no start_tls result" if be.nil? pdu = Net::LDAP::PDU.new(be) - raise Net::LDAP::LdapError, "no start_tls result" if pdu.nil? + raise Net::LDAP::NoStartTLSResultError, "no start_tls result" if pdu.nil? if pdu.result_code.zero? @conn = self.class.wrap_with_ssl(@conn) else - raise Net::LDAP::LdapError, "start_tls failed: #{pdu.result_code}" + raise Net::LDAP::StartTLSError, "start_tls failed: #{pdu.result_code}" end else - raise Net::LDAP::LdapError, "unsupported encryption method #{args[:method]}" + raise Net::LDAP::EncryptionUnsupportedError, "unsupported encryption method #{args[:method]}" end end @@ -1239,7 +1266,7 @@ class Net::LDAP::Connection #:nodoc: elsif meth == :gss_spnego bind_gss_spnego(auth) else - raise Net::LDAP::LdapError, "Unsupported auth method (#{meth})" + raise Net::LDAP::AuthMethodUnsupportedError, "Unsupported auth method (#{meth})" end end @@ -1254,7 +1281,7 @@ class Net::LDAP::Connection #:nodoc: ["", ""] end - raise Net::LDAP::LdapError, "Invalid binding information" unless (user && psw) + raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw) msgid = next_msgid.to_ber request = [LdapVersion.to_ber, user.to_ber, @@ -1262,7 +1289,7 @@ class Net::LDAP::Connection #:nodoc: request_pkt = [msgid, request].to_ber_sequence @conn.write request_pkt - (be = @conn.read_ber(Net::LDAP::AsnSyntax) and pdu = Net::LDAP::PDU.new(be)) or raise Net::LDAP::LdapError, "no bind result" + (be = @conn.read_ber(Net::LDAP::AsnSyntax) and pdu = Net::LDAP::PDU.new(be)) or raise Net::LDAP::NoBindResultError, "no bind result" pdu end @@ -1291,7 +1318,7 @@ class Net::LDAP::Connection #:nodoc: def bind_sasl(auth) mech, cred, chall = auth[:mechanism], auth[:initial_credential], auth[:challenge_response] - raise Net::LDAP::LdapError, "Invalid binding information" unless (mech && cred && chall) + raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (mech && cred && chall) n = 0 loop { @@ -1301,9 +1328,9 @@ class Net::LDAP::Connection #:nodoc: request_pkt = [msgid, request].to_ber_sequence @conn.write request_pkt - (be = @conn.read_ber(Net::LDAP::AsnSyntax) and pdu = Net::LDAP::PDU.new(be)) or raise Net::LDAP::LdapError, "no bind result" + (be = @conn.read_ber(Net::LDAP::AsnSyntax) and pdu = Net::LDAP::PDU.new(be)) or raise Net::LDAP::NoBindResultError, "no bind result" return pdu unless pdu.result_code == 14 # saslBindInProgress - raise Net::LDAP::LdapError, "sasl-challenge overflow" if ((n += 1) > MaxSaslChallenges) + raise Net::LDAP::SASLChallengeOverflowError, "sasl-challenge overflow" if ((n += 1) > MaxSaslChallenges) cred = chall.call(pdu.result_server_sasl_creds) } @@ -1327,7 +1354,7 @@ class Net::LDAP::Connection #:nodoc: require 'ntlm' user, psw = [auth[:username] || auth[:dn], auth[:password]] - raise Net::LDAP::LdapError, "Invalid binding information" unless (user && psw) + raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw) nego = proc { |challenge| t2_msg = NTLM::Message.parse(challenge) @@ -1389,12 +1416,12 @@ class Net::LDAP::Connection #:nodoc: search_attributes = ((args && args[:attributes]) || []).map { |attr| attr.to_s.to_ber} return_referrals = args && args[:return_referrals] == true sizelimit = (args && args[:size].to_i) || 0 - raise Net::LDAP::LdapError, "invalid search-size" unless sizelimit >= 0 + raise Net::LDAP::SearchSizeInvalidError, "invalid search-size" unless sizelimit >= 0 paged_searches_supported = (args && args[:paged_searches_supported]) attributes_only = (args and args[:attributes_only] == true) scope = args[:scope] || Net::LDAP::SearchScope_WholeSubtree - raise Net::LDAP::LdapError, "invalid search scope" unless Net::LDAP::SearchScopes.include?(scope) + raise Net::LDAP::SearchScopeInvalidError, "invalid search scope" unless Net::LDAP::SearchScopes.include?(scope) sort_control = encode_sort_controls(args.fetch(:sort_controls){ false }) # An interesting value for the size limit would be close to A/D's @@ -1490,7 +1517,7 @@ class Net::LDAP::Connection #:nodoc: end break else - raise Net::LDAP::LdapError, "invalid response-type in search: #{pdu.app_tag}" + raise Net::LDAP::ResponseTypeInvalidError, "invalid response-type in search: #{pdu.app_tag}" end end @@ -1563,7 +1590,7 @@ class Net::LDAP::Connection #:nodoc: pkt = [ next_msgid.to_ber, request ].to_ber_sequence @conn.write pkt - (be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (pdu = Net::LDAP::PDU.new(be)) && (pdu.app_tag == 7) or raise Net::LDAP::LdapError, "response missing or invalid" + (be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (pdu = Net::LDAP::PDU.new(be)) && (pdu.app_tag == 7) or raise Net::LDAP::ResponseMissingOrInvalidError, "response missing or invalid" pdu end @@ -1576,7 +1603,7 @@ class Net::LDAP::Connection #:nodoc: # to the error message and the matched-DN returned by the server. #++ def add(args) - add_dn = args[:dn] or raise Net::LDAP::LdapError, "Unable to add empty DN" + add_dn = args[:dn] or raise Net::LDAP::EmptyDNError, "Unable to add empty DN" add_attrs = [] a = args[:attributes] and a.each { |k, v| add_attrs << [ k.to_s.to_ber, Array(v).map { |m| m.to_ber}.to_ber_set ].to_ber_sequence @@ -1589,7 +1616,7 @@ class Net::LDAP::Connection #:nodoc: (be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (pdu = Net::LDAP::PDU.new(be)) && (pdu.app_tag == 9) or - raise Net::LDAP::LdapError, "response missing or invalid" + raise Net::LDAP::ResponseMissingOrInvalidError, "response missing or invalid" pdu end @@ -1611,7 +1638,7 @@ class Net::LDAP::Connection #:nodoc: (be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (pdu = Net::LDAP::PDU.new( be )) && (pdu.app_tag == 13) or - raise Net::LDAP::LdapError.new( "response missing or invalid" ) + raise Net::LDAP::ResponseMissingOrInvalidError.new( "response missing or invalid" ) pdu end @@ -1626,7 +1653,7 @@ class Net::LDAP::Connection #:nodoc: pkt = [next_msgid.to_ber, request, controls].compact.to_ber_sequence @conn.write pkt - (be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (pdu = Net::LDAP::PDU.new(be)) && (pdu.app_tag == 11) or raise Net::LDAP::LdapError, "response missing or invalid" + (be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (pdu = Net::LDAP::PDU.new(be)) && (pdu.app_tag == 11) or raise Net::LDAP::ResponseMissingOrInvalidError, "response missing or invalid" pdu end diff --git a/lib/net/ldap/entry.rb b/lib/net/ldap/entry.rb index 616ffe7..18bfd05 100644 --- a/lib/net/ldap/entry.rb +++ b/lib/net/ldap/entry.rb @@ -71,7 +71,7 @@ class Net::LDAP::Entry return nil if ds.empty? - raise Net::LDAP::LdapError, "Too many LDIF entries" unless ds.size == 1 + raise Net::LDAP::EntryOverflowError, "Too many LDIF entries" unless ds.size == 1 entry = ds.to_entries.first diff --git a/lib/net/ldap/filter.rb b/lib/net/ldap/filter.rb index f77c5e2..3f1ff6d 100644 --- a/lib/net/ldap/filter.rb +++ b/lib/net/ldap/filter.rb @@ -27,7 +27,7 @@ class Net::LDAP::Filter def initialize(op, left, right) #:nodoc: unless FilterTypes.include?(op) - raise Net::LDAP::LdapError, "Invalid or unsupported operator #{op.inspect} in LDAP Filter." + raise Net::LDAP::OperatorError, "Invalid or unsupported operator #{op.inspect} in LDAP Filter." end @op = op @left = left @@ -290,7 +290,7 @@ class Net::LDAP::Filter ber.last.each { |b| case b.ber_identifier when 0x80 # context-specific primitive 0, SubstringFilter "initial" - raise Net::LDAP::LdapError, "Unrecognized substring filter; bad initial value." if str.length > 0 + raise Net::LDAP::SubstringFilterError, "Unrecognized substring filter; bad initial value." if str.length > 0 str += b when 0x81 # context-specific primitive 0, SubstringFilter "any" str += "*#{b}" @@ -309,7 +309,7 @@ class Net::LDAP::Filter # call to_s to get rid of the BER-identifiedness of the incoming string. present?(ber.to_s) when 0xa9 # context-specific constructed 9, "extensible comparison" - raise Net::LDAP::LdapError, "Invalid extensible search filter, should be at least two elements" if ber.size<2 + raise Net::LDAP::SearchFilterError, "Invalid extensible search filter, should be at least two elements" if ber.size<2 # Reassembles the extensible filter parts # (["sn", "2.4.6.8.10", "Barbara Jones", '1']) @@ -330,7 +330,7 @@ class Net::LDAP::Filter ex(attribute, value) else - raise Net::LDAP::LdapError, "Invalid BER tag-value (#{ber.ber_identifier}) in search filter." + raise Net::LDAP::BERInvalidError, "Invalid BER tag-value (#{ber.ber_identifier}) in search filter." end end @@ -357,7 +357,7 @@ class Net::LDAP::Filter when 0xa3 # equalityMatch. context-specific constructed 3. eq(obj[0], obj[1]) else - raise Net::LDAP::LdapError, "Unknown LDAP search-filter type: #{obj.ber_identifier}" + raise Net::LDAP::SearchFilterTypeUnknownError, "Unknown LDAP search-filter type: #{obj.ber_identifier}" end end end @@ -534,7 +534,7 @@ class Net::LDAP::Filter seq = [] unless @left =~ /^([-;\w]*)(:dn)?(:(\w+|[.\w]+))?$/ - raise Net::LDAP::LdapError, "Bad attribute #{@left}" + raise Net::LDAP::BadAttributeError, "Bad attribute #{@left}" end type, dn, rule = $1, $2, $4 @@ -641,7 +641,7 @@ class Net::LDAP::Filter l = entry[@left] and l = Array(l) and l.index(@right) end else - raise Net::LDAP::LdapError, "Unknown filter type in match: #{@op}" + raise Net::LDAP::FilterTypeUnknownError, "Unknown filter type in match: #{@op}" end end @@ -674,7 +674,7 @@ class Net::LDAP::Filter def initialize(str) require 'strscan' # Don't load strscan until we need it. @filter = parse(StringScanner.new(str)) - raise Net::LDAP::LdapError, "Invalid filter syntax." unless @filter + raise Net::LDAP::FilterSyntaxInvalidError, "Invalid filter syntax." unless @filter end ## diff --git a/lib/net/ldap/password.rb b/lib/net/ldap/password.rb index 9c87302..c7ca8e0 100644 --- a/lib/net/ldap/password.rb +++ b/lib/net/ldap/password.rb @@ -29,7 +29,7 @@ class Net::LDAP::Password srand; salt = (rand * 1000).to_i.to_s attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp! else - raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})" + raise Net::LDAP::HashTypeUnsupportedError, "Unsupported password-hash type (#{type})" end return attribute_value end diff --git a/test/test_filter.rb b/test/test_filter.rb index 03436e0..1ac40ed 100644 --- a/test/test_filter.rb +++ b/test/test_filter.rb @@ -9,11 +9,11 @@ class TestFilter < Test::Unit::TestCase end def test_invalid_filter_string - assert_raises(Net::LDAP::LdapError) { Filter.from_rfc2254("") } + assert_raises(Net::LDAP::FilterSyntaxInvalidError) { Filter.from_rfc2254("") } end def test_invalid_filter - assert_raises(Net::LDAP::LdapError) { + assert_raises(Net::LDAP::OperatorError) { # This test exists to prove that our constructor blocks unknown filter # types. All filters must be constructed using helpers. Filter.__send__(:new, :xx, nil, nil)