deac
/
ruby-net-ldap
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

One LdapError-class => Specific errors for every exception.

master
Denis Knauf 2013-03-16 13:10:02 +01:00
parent 8a182675f4
commit 7438a2ab45
5 changed files with 62 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
lib/net/ldap.rb
View File

@ -244,6 +244,33 @@ class Net::LDAP
VERSION = "0.4.0" VERSION = "0.4.0"
class LdapError < StandardError; end class LdapError < StandardError; end
class AlreadyOpenedError < LdapError; end
class SocketError < LdapError; end
class ConnectionRefusedError < LdapError; end
class NoOpenSSLError < LdapError; end
class NoStartTLSResultError < LdapError; end
class StartTLSError < LdapError; end
class EncryptionUnsupportedError < LdapError; end
class EncMethodUnsupportedError < LdapError; end
class AuthMethodUnsupportedError < LdapError; end
class BindingInformationInvalidError < LdapError; end
class NoBindResultError < LdapError; end
class SASLChallengeOverflowError < LdapError; end
class SearchSizeInvalidError < LdapError; end
class SearchScopeInvalidError < LdapError; end
class ResponseTypeInvalidError < LdapError; end
class ResponseMissingOrInvalidError < LdapError; end
class EmptyDNError < LdapError; end
class HashTypeUnsupportedError < LdapError; end
class OperatorError < LdapError; end
class SubstringFilterError < LdapError; end
class SearchFilterError < LdapError; end
class BERInvalidError < LdapError; end
class SearchFilterTypeUnknownError < LdapError; end
class BadAttributeError < LdapError; end
class FilterTypeUnknownError < LdapError; end
class FilterSyntaxInvalidError < LdapError; end
class EntryOverflowError < LdapError; end
SearchScope_BaseObject = 0 SearchScope_BaseObject = 0
SearchScope_SingleLevel = 1 SearchScope_SingleLevel = 1
@ -563,7 +590,7 @@ class Net::LDAP
# anything with the bind results. We then pass self to the caller's # anything with the bind results. We then pass self to the caller's
# block, where he will execute his LDAP operations. Of course they will # block, where he will execute his LDAP operations. Of course they will
# all generate auth failures if the bind was unsuccessful. # all generate auth failures if the bind was unsuccessful.
raise Net::LDAP::LdapError, "Open already in progress" if @open_connection raise Net::LDAP::AlreadyOpenedError, "Open already in progress" if @open_connection
begin begin
@open_connection = Net::LDAP::Connection.new(:host => @host, @open_connection = Net::LDAP::Connection.new(:host => @host,
@ -1134,9 +1161,9 @@ class Net::LDAP::Connection #:nodoc:
begin begin
@conn = TCPSocket.new(server[:host], server[:port]) @conn = TCPSocket.new(server[:host], server[:port])
rescue SocketError rescue SocketError
raise Net::LDAP::LdapError, "No such address or other socket error." raise Net::LDAP::SocketError, "No such address or other socket error."
rescue Errno::ECONNREFUSED rescue Errno::ECONNREFUSED
raise Net::LDAP::LdapError, "Server #{server[:host]} refused connection on port #{server[:port]}." raise Net::LDAP::ConnectionRefusedError, "Server #{server[:host]} refused connection on port #{server[:port]}."
end end
if server[:encryption] if server[:encryption]
@ -1153,7 +1180,7 @@ class Net::LDAP::Connection #:nodoc:
end end
def self.wrap_with_ssl(io) def self.wrap_with_ssl(io)
raise Net::LDAP::LdapError, "OpenSSL is unavailable" unless Net::LDAP::HasOpenSSL raise Net::LDAP::NoOpenSSLError, "OpenSSL is unavailable" unless Net::LDAP::HasOpenSSL
ctx = OpenSSL::SSL::SSLContext.new ctx = OpenSSL::SSL::SSLContext.new
conn = OpenSSL::SSL::SSLSocket.new(io, ctx) conn = OpenSSL::SSL::SSLSocket.new(io, ctx)
conn.connect conn.connect
@ -1202,16 +1229,16 @@ class Net::LDAP::Connection #:nodoc:
request_pkt = [msgid, request].to_ber_sequence request_pkt = [msgid, request].to_ber_sequence
@conn.write request_pkt @conn.write request_pkt
be = @conn.read_ber(Net::LDAP::AsnSyntax) be = @conn.read_ber(Net::LDAP::AsnSyntax)
raise Net::LDAP::LdapError, "no start_tls result" if be.nil? raise Net::LDAP::NoStartTLSResultError, "no start_tls result" if be.nil?
pdu = Net::LDAP::PDU.new(be) pdu = Net::LDAP::PDU.new(be)
raise Net::LDAP::LdapError, "no start_tls result" if pdu.nil? raise Net::LDAP::NoStartTLSResultError, "no start_tls result" if pdu.nil?
if pdu.result_code.zero? if pdu.result_code.zero?
@conn = self.class.wrap_with_ssl(@conn) @conn = self.class.wrap_with_ssl(@conn)
else else
raise Net::LDAP::LdapError, "start_tls failed: #{pdu.result_code}" raise Net::LDAP::StartTLSError, "start_tls failed: #{pdu.result_code}"
end end
else else
raise Net::LDAP::LdapError, "unsupported encryption method #{args[:method]}" raise Net::LDAP::EncryptionUnsupportedError, "unsupported encryption method #{args[:method]}"
end end
end end
@ -1239,7 +1266,7 @@ class Net::LDAP::Connection #:nodoc:
elsif meth == :gss_spnego elsif meth == :gss_spnego
bind_gss_spnego(auth) bind_gss_spnego(auth)
else else
raise Net::LDAP::LdapError, "Unsupported auth method (#{meth})" raise Net::LDAP::AuthMethodUnsupportedError, "Unsupported auth method (#{meth})"
end end
end end
@ -1254,7 +1281,7 @@ class Net::LDAP::Connection #:nodoc:
["", ""] ["", ""]
end end
raise Net::LDAP::LdapError, "Invalid binding information" unless (user && psw) raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw)
msgid = next_msgid.to_ber msgid = next_msgid.to_ber
request = [LdapVersion.to_ber, user.to_ber, request = [LdapVersion.to_ber, user.to_ber,
@ -1262,7 +1289,7 @@ class Net::LDAP::Connection #:nodoc:
request_pkt = [msgid, request].to_ber_sequence request_pkt = [msgid, request].to_ber_sequence
@conn.write request_pkt @conn.write request_pkt
(be = @conn.read_ber(Net::LDAP::AsnSyntax) and pdu = Net::LDAP::PDU.new(be)) or raise Net::LDAP::LdapError, "no bind result" (be = @conn.read_ber(Net::LDAP::AsnSyntax) and pdu = Net::LDAP::PDU.new(be)) or raise Net::LDAP::NoBindResultError, "no bind result"
pdu pdu
end end
@ -1291,7 +1318,7 @@ class Net::LDAP::Connection #:nodoc:
def bind_sasl(auth) def bind_sasl(auth)
mech, cred, chall = auth[:mechanism], auth[:initial_credential], mech, cred, chall = auth[:mechanism], auth[:initial_credential],
auth[:challenge_response] auth[:challenge_response]
raise Net::LDAP::LdapError, "Invalid binding information" unless (mech && cred && chall) raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (mech && cred && chall)
n = 0 n = 0
loop { loop {
@ -1301,9 +1328,9 @@ class Net::LDAP::Connection #:nodoc:
request_pkt = [msgid, request].to_ber_sequence request_pkt = [msgid, request].to_ber_sequence
@conn.write request_pkt @conn.write request_pkt
(be = @conn.read_ber(Net::LDAP::AsnSyntax) and pdu = Net::LDAP::PDU.new(be)) or raise Net::LDAP::LdapError, "no bind result" (be = @conn.read_ber(Net::LDAP::AsnSyntax) and pdu = Net::LDAP::PDU.new(be)) or raise Net::LDAP::NoBindResultError, "no bind result"
return pdu unless pdu.result_code == 14 # saslBindInProgress return pdu unless pdu.result_code == 14 # saslBindInProgress
raise Net::LDAP::LdapError, "sasl-challenge overflow" if ((n += 1) > MaxSaslChallenges) raise Net::LDAP::SASLChallengeOverflowError, "sasl-challenge overflow" if ((n += 1) > MaxSaslChallenges)
cred = chall.call(pdu.result_server_sasl_creds) cred = chall.call(pdu.result_server_sasl_creds)
} }
@ -1327,7 +1354,7 @@ class Net::LDAP::Connection #:nodoc:
require 'ntlm' require 'ntlm'
user, psw = [auth[:username] || auth[:dn], auth[:password]] user, psw = [auth[:username] || auth[:dn], auth[:password]]
raise Net::LDAP::LdapError, "Invalid binding information" unless (user && psw) raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw)
nego = proc { |challenge| nego = proc { |challenge|
t2_msg = NTLM::Message.parse(challenge) t2_msg = NTLM::Message.parse(challenge)
@ -1389,12 +1416,12 @@ class Net::LDAP::Connection #:nodoc:
search_attributes = ((args && args[:attributes]) || []).map { |attr| attr.to_s.to_ber} search_attributes = ((args && args[:attributes]) || []).map { |attr| attr.to_s.to_ber}
return_referrals = args && args[:return_referrals] == true return_referrals = args && args[:return_referrals] == true
sizelimit = (args && args[:size].to_i) || 0 sizelimit = (args && args[:size].to_i) || 0
raise Net::LDAP::LdapError, "invalid search-size" unless sizelimit >= 0 raise Net::LDAP::SearchSizeInvalidError, "invalid search-size" unless sizelimit >= 0
paged_searches_supported = (args && args[:paged_searches_supported]) paged_searches_supported = (args && args[:paged_searches_supported])
attributes_only = (args and args[:attributes_only] == true) attributes_only = (args and args[:attributes_only] == true)
scope = args[:scope] || Net::LDAP::SearchScope_WholeSubtree scope = args[:scope] || Net::LDAP::SearchScope_WholeSubtree
raise Net::LDAP::LdapError, "invalid search scope" unless Net::LDAP::SearchScopes.include?(scope) raise Net::LDAP::SearchScopeInvalidError, "invalid search scope" unless Net::LDAP::SearchScopes.include?(scope)
sort_control = encode_sort_controls(args.fetch(:sort_controls){ false }) sort_control = encode_sort_controls(args.fetch(:sort_controls){ false })
# An interesting value for the size limit would be close to A/D's # An interesting value for the size limit would be close to A/D's
@ -1490,7 +1517,7 @@ class Net::LDAP::Connection #:nodoc:
end end
break break
else else
raise Net::LDAP::LdapError, "invalid response-type in search: #{pdu.app_tag}" raise Net::LDAP::ResponseTypeInvalidError, "invalid response-type in search: #{pdu.app_tag}"
end end
end end
@ -1563,7 +1590,7 @@ class Net::LDAP::Connection #:nodoc:
pkt = [ next_msgid.to_ber, request ].to_ber_sequence pkt = [ next_msgid.to_ber, request ].to_ber_sequence
@conn.write pkt @conn.write pkt
(be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (pdu = Net::LDAP::PDU.new(be)) && (pdu.app_tag == 7) or raise Net::LDAP::LdapError, "response missing or invalid" (be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (pdu = Net::LDAP::PDU.new(be)) && (pdu.app_tag == 7) or raise Net::LDAP::ResponseMissingOrInvalidError, "response missing or invalid"
pdu pdu
end end
@ -1576,7 +1603,7 @@ class Net::LDAP::Connection #:nodoc:
# to the error message and the matched-DN returned by the server. # to the error message and the matched-DN returned by the server.
#++ #++
def add(args) def add(args)
add_dn = args[:dn] or raise Net::LDAP::LdapError, "Unable to add empty DN" add_dn = args[:dn] or raise Net::LDAP::EmptyDNError, "Unable to add empty DN"
add_attrs = [] add_attrs = []
a = args[:attributes] and a.each { |k, v| a = args[:attributes] and a.each { |k, v|
add_attrs << [ k.to_s.to_ber, Array(v).map { |m| m.to_ber}.to_ber_set ].to_ber_sequence add_attrs << [ k.to_s.to_ber, Array(v).map { |m| m.to_ber}.to_ber_set ].to_ber_sequence
@ -1589,7 +1616,7 @@ class Net::LDAP::Connection #:nodoc:
(be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (be = @conn.read_ber(Net::LDAP::AsnSyntax)) &&
(pdu = Net::LDAP::PDU.new(be)) && (pdu = Net::LDAP::PDU.new(be)) &&
(pdu.app_tag == 9) or (pdu.app_tag == 9) or
raise Net::LDAP::LdapError, "response missing or invalid" raise Net::LDAP::ResponseMissingOrInvalidError, "response missing or invalid"
pdu pdu
end end
@ -1611,7 +1638,7 @@ class Net::LDAP::Connection #:nodoc:
(be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (be = @conn.read_ber(Net::LDAP::AsnSyntax)) &&
(pdu = Net::LDAP::PDU.new( be )) && (pdu.app_tag == 13) or (pdu = Net::LDAP::PDU.new( be )) && (pdu.app_tag == 13) or
raise Net::LDAP::LdapError.new( "response missing or invalid" ) raise Net::LDAP::ResponseMissingOrInvalidError.new( "response missing or invalid" )
pdu pdu
end end
@ -1626,7 +1653,7 @@ class Net::LDAP::Connection #:nodoc:
pkt = [next_msgid.to_ber, request, controls].compact.to_ber_sequence pkt = [next_msgid.to_ber, request, controls].compact.to_ber_sequence
@conn.write pkt @conn.write pkt
(be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (pdu = Net::LDAP::PDU.new(be)) && (pdu.app_tag == 11) or raise Net::LDAP::LdapError, "response missing or invalid" (be = @conn.read_ber(Net::LDAP::AsnSyntax)) && (pdu = Net::LDAP::PDU.new(be)) && (pdu.app_tag == 11) or raise Net::LDAP::ResponseMissingOrInvalidError, "response missing or invalid"
pdu pdu
end end

2
lib/net/ldap/entry.rb
View File

@ -71,7 +71,7 @@ class Net::LDAP::Entry
return nil if ds.empty? return nil if ds.empty?
raise Net::LDAP::LdapError, "Too many LDIF entries" unless ds.size == 1 raise Net::LDAP::EntryOverflowError, "Too many LDIF entries" unless ds.size == 1
entry = ds.to_entries.first entry = ds.to_entries.first

16
lib/net/ldap/filter.rb
View File

@ -27,7 +27,7 @@ class Net::LDAP::Filter
def initialize(op, left, right) #:nodoc: def initialize(op, left, right) #:nodoc:
unless FilterTypes.include?(op) unless FilterTypes.include?(op)
raise Net::LDAP::LdapError, "Invalid or unsupported operator #{op.inspect} in LDAP Filter." raise Net::LDAP::OperatorError, "Invalid or unsupported operator #{op.inspect} in LDAP Filter."
end end
@op = op @op = op
@left = left @left = left
@ -290,7 +290,7 @@ class Net::LDAP::Filter
ber.last.each { |b| ber.last.each { |b|
case b.ber_identifier case b.ber_identifier
when 0x80 # context-specific primitive 0, SubstringFilter "initial" when 0x80 # context-specific primitive 0, SubstringFilter "initial"
raise Net::LDAP::LdapError, "Unrecognized substring filter; bad initial value." if str.length > 0 raise Net::LDAP::SubstringFilterError, "Unrecognized substring filter; bad initial value." if str.length > 0
str += b str += b
when 0x81 # context-specific primitive 0, SubstringFilter "any" when 0x81 # context-specific primitive 0, SubstringFilter "any"
str += "*#{b}" str += "*#{b}"
@ -309,7 +309,7 @@ class Net::LDAP::Filter
# call to_s to get rid of the BER-identifiedness of the incoming string. # call to_s to get rid of the BER-identifiedness of the incoming string.
present?(ber.to_s) present?(ber.to_s)
when 0xa9 # context-specific constructed 9, "extensible comparison" when 0xa9 # context-specific constructed 9, "extensible comparison"
raise Net::LDAP::LdapError, "Invalid extensible search filter, should be at least two elements" if ber.size<2 raise Net::LDAP::SearchFilterError, "Invalid extensible search filter, should be at least two elements" if ber.size<2
# Reassembles the extensible filter parts # Reassembles the extensible filter parts
# (["sn", "2.4.6.8.10", "Barbara Jones", '1']) # (["sn", "2.4.6.8.10", "Barbara Jones", '1'])
@ -330,7 +330,7 @@ class Net::LDAP::Filter
ex(attribute, value) ex(attribute, value)
else else
raise Net::LDAP::LdapError, "Invalid BER tag-value (#{ber.ber_identifier}) in search filter." raise Net::LDAP::BERInvalidError, "Invalid BER tag-value (#{ber.ber_identifier}) in search filter."
end end
end end
@ -357,7 +357,7 @@ class Net::LDAP::Filter
when 0xa3 # equalityMatch. context-specific constructed 3. when 0xa3 # equalityMatch. context-specific constructed 3.
eq(obj[0], obj[1]) eq(obj[0], obj[1])
else else
raise Net::LDAP::LdapError, "Unknown LDAP search-filter type: #{obj.ber_identifier}" raise Net::LDAP::SearchFilterTypeUnknownError, "Unknown LDAP search-filter type: #{obj.ber_identifier}"
end end
end end
end end
@ -534,7 +534,7 @@ class Net::LDAP::Filter
seq = [] seq = []
unless @left =~ /^([-;\w]*)(:dn)?(:(\w+|[.\w]+))?$/ unless @left =~ /^([-;\w]*)(:dn)?(:(\w+|[.\w]+))?$/
raise Net::LDAP::LdapError, "Bad attribute #{@left}" raise Net::LDAP::BadAttributeError, "Bad attribute #{@left}"
end end
type, dn, rule = $1, $2, $4 type, dn, rule = $1, $2, $4
@ -641,7 +641,7 @@ class Net::LDAP::Filter
l = entry[@left] and l = Array(l) and l.index(@right) l = entry[@left] and l = Array(l) and l.index(@right)
end end
else else
raise Net::LDAP::LdapError, "Unknown filter type in match: #{@op}" raise Net::LDAP::FilterTypeUnknownError, "Unknown filter type in match: #{@op}"
end end
end end
@ -674,7 +674,7 @@ class Net::LDAP::Filter
def initialize(str) def initialize(str)
require 'strscan' # Don't load strscan until we need it. require 'strscan' # Don't load strscan until we need it.
@filter = parse(StringScanner.new(str)) @filter = parse(StringScanner.new(str))
raise Net::LDAP::LdapError, "Invalid filter syntax." unless @filter raise Net::LDAP::FilterSyntaxInvalidError, "Invalid filter syntax." unless @filter
end end
## ##

2
lib/net/ldap/password.rb
View File

@ -29,7 +29,7 @@ class Net::LDAP::Password
srand; salt = (rand * 1000).to_i.to_s srand; salt = (rand * 1000).to_i.to_s
attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp! attribute_value = '{SSHA}' + Base64.encode64(Digest::SHA1.digest(str + salt) + salt).chomp!
else else
raise Net::LDAP::LdapError, "Unsupported password-hash type (#{type})" raise Net::LDAP::HashTypeUnsupportedError, "Unsupported password-hash type (#{type})"
end end
return attribute_value return attribute_value
end end

4
test/test_filter.rb
View File

@ -9,11 +9,11 @@ class TestFilter < Test::Unit::TestCase
end end
def test_invalid_filter_string def test_invalid_filter_string
assert_raises(Net::LDAP::LdapError) { Filter.from_rfc2254("") } assert_raises(Net::LDAP::FilterSyntaxInvalidError) { Filter.from_rfc2254("") }
end end
def test_invalid_filter def test_invalid_filter
assert_raises(Net::LDAP::LdapError) { assert_raises(Net::LDAP::OperatorError) {
# This test exists to prove that our constructor blocks unknown filter # This test exists to prove that our constructor blocks unknown filter
# types. All filters must be constructed using helpers. # types. All filters must be constructed using helpers.
Filter.__send__(:new, :xx, nil, nil) Filter.__send__(:new, :xx, nil, nil)