diff options
author | anupamasingh10 <anupamasingh31@gmail.com> | 2023-02-23 11:11:06 +0100 |
---|---|---|
committer | Ingela Anderton Andin <ingela@erlang.org> | 2023-04-25 16:18:23 +0200 |
commit | b0d319a92f87ff7c1c7f384e8bfeeeae8d34d361 (patch) | |
tree | c7e73e05fa007c7e7de3666c019539a97bee6455 | |
parent | 5400ccf243a31d664153a4b9ceb9de3edfce1e0e (diff) | |
download | erlang-b0d319a92f87ff7c1c7f384e8bfeeeae8d34d361.tar.gz |
Add new api conn_info for SSL connections to LDAP server
-rw-r--r-- | lib/eldap/doc/src/eldap.xml | 26 | ||||
-rw-r--r-- | lib/eldap/src/eldap.erl | 29 | ||||
-rw-r--r-- | lib/eldap/test/eldap_basic_SUITE.erl | 56 |
3 files changed, 107 insertions, 4 deletions
diff --git a/lib/eldap/doc/src/eldap.xml b/lib/eldap/doc/src/eldap.xml index 4d9ec96a70..8f08514886 100644 --- a/lib/eldap/doc/src/eldap.xml +++ b/lib/eldap/doc/src/eldap.xml @@ -548,6 +548,32 @@ Control2 = eldap:paged_result_control(PageSize, Cookie1), the series.</p> </desc> </func> + <func> + <name since="@OTP-XXXX@">conn_info(Handle) -> {ok, Data} | {error, Reason}</name> + <fsummary>Returns all the connection information. + </fsummary> + <type> + <v>Handle = handle()</v> + <v>Data = ssl:connection_info()</v> + </type> + <desc><p>Returns the most relevant information for SSL connection to an LDAP server, ssl options + that are undefined will be filtered out. Note that values that affect the security of the + connection will only be returned if explicitly requested by conn_info/2.</p> + </desc> + </func> + <func> + <name since="@OTP-XXXX@">conn_info(Handle, Items) -> {ok, Data} | {error, Reason}</name> + <fsummary>Returns the requested connection information. + </fsummary> + <type> + <v>Handle = handle()</v> + <v>Items = ssl:connection_info_items()</v> + <v>Data = ssl:connection_info()</v> + </type> + <desc><p>Returns the requested information items about the SSL connection to LDAP server, + if they are defined.</p> + </desc> + </func> </funcs> diff --git a/lib/eldap/src/eldap.erl b/lib/eldap/src/eldap.erl index 22d816c8c8..cc27a31966 100644 --- a/lib/eldap/src/eldap.erl +++ b/lib/eldap/src/eldap.erl @@ -30,7 +30,9 @@ parse_ldap_url/1, paged_result_control/1, paged_result_control/2, - paged_result_cookie/1]). + paged_result_cookie/1, + conn_info/1, + conn_info/2]). -export([neverDerefAliases/0, derefInSearching/0, derefFindingBaseObj/0, derefAlways/0]). @@ -155,6 +157,16 @@ controlling_process(Handle, Pid) when is_pid(Handle), is_pid(Pid) -> recv(Handle). %%% -------------------------------------------------------------------- +%%% Return LDAP connection information +%%% -------------------------------------------------------------------- +conn_info(Handle) when is_pid(Handle) -> + conn_info(Handle, []). + +conn_info(Handle, Items) when is_pid(Handle) -> + send(Handle, {conn_info, Items}), + recv(Handle). + +%%% -------------------------------------------------------------------- %%% Authenticate ourselves to the Directory %%% using simple authentication. %%% @@ -608,6 +620,17 @@ loop(Cpid, Data) -> send(From, Result), ?MODULE:loop(Cpid, Data); + {From, {conn_info, Items}} -> + Res = + case Data#eldap.ldaps of + true -> + get_ssl_conn_info(Data#eldap.fd, Items); + false -> + {error, "Not an SSL connection"} + end, + send(From, Res), + ?MODULE:loop(Cpid, Data); + {Cpid, 'EXIT', Reason} -> ?PRINT("Got EXIT from Cpid, reason=~p~n",[Reason]), exit(Reason); @@ -618,6 +641,10 @@ loop(Cpid, Data) -> end. +get_ssl_conn_info(SockFd, []) -> + ssl:connection_information(SockFd); +get_ssl_conn_info(SockFd, Items) -> + ssl:connection_information(SockFd, Items). %%% -------------------------------------------------------------------- %%% startTLS Request diff --git a/lib/eldap/test/eldap_basic_SUITE.erl b/lib/eldap/test/eldap_basic_SUITE.erl index 5fa6d4ca69..1c283a1f82 100644 --- a/lib/eldap/test/eldap_basic_SUITE.erl +++ b/lib/eldap/test/eldap_basic_SUITE.erl @@ -46,6 +46,7 @@ more_add/1, open_ret_val_error/1, open_ret_val_success/1, + plain_ldap_conn_info_error/1, search_filter_and/1, search_filter_and_not/1, search_filter_equalityMatch/1, @@ -63,6 +64,8 @@ search_extensible_match_without_dn/1, search_paged_results/1, ssl_connection/1, + ssl_conn_info/1, + ssl_conn_info_items/1, start_tls_on_ssl_should_fail/1, start_tls_twice_should_fail/1, tcp_connection/1, @@ -81,8 +84,8 @@ suite/0 ]). -%%-include_lib("common_test/include/ct.hrl"). -include_lib("common_test/include/ct.hrl"). +-include_lib("stdlib/include/assert.hrl"). -include_lib("eldap/include/eldap.hrl"). -include_lib("eldap/ebin/ELDAPv3.hrl"). @@ -159,7 +162,10 @@ connection_tests() -> client_side_bind_timeout, client_side_add_timeout, client_side_search_timeout, - close_after_tcp_error + close_after_tcp_error, + ssl_conn_info, + ssl_conn_info_items, + plain_ldap_conn_info_error ]. @@ -259,7 +265,7 @@ end_per_group(start_tls_api, Config) -> clear_db(Config); end_per_group(_Group, Config) -> Config. -init_per_testcase(ssl_connection, Config) -> +init_per_testcase(TC, Config) when TC == ssl_connection; TC == ssl_conn_info; TC == ssl_conn_info_items -> case proplists:get_value(ssl_available,Config) of true -> SSL_Port = 9999, @@ -423,6 +429,50 @@ ssl_connection(Config) -> end. %%%---------------------------------------------------------------- +ssl_conn_info(Config) -> + Host = proplists:get_value(listen_host, Config), + Port = proplists:get_value(ssl_listen_port, Config), + Opts = proplists:get_value(tcp_connect_opts, Config), + SSLOpts = proplists:get_value(ssl_connect_opts, Config), + case eldap:open([Host], [{port,Port}, + {ssl,true}, + {timeout,5000}, + {sslopts,SSLOpts}|Opts]) of + {ok,H} -> + ?assertMatch({ok, _Data}, eldap:conn_info(H)); + Other -> ct:fail("eldap:open failed: ~p",[Other]) + end. + +%%%---------------------------------------------------------------- +ssl_conn_info_items(Config) -> + Host = proplists:get_value(listen_host, Config), + Port = proplists:get_value(ssl_listen_port, Config), + Opts = proplists:get_value(tcp_connect_opts, Config), + SSLOpts = proplists:get_value(ssl_connect_opts, Config), + case eldap:open([Host], [{port,Port}, + {ssl,true}, + {timeout,5000}, + {sslopts,SSLOpts}|Opts]) of + {ok,H} -> + ?assertEqual({ok, [{protocol, 'tlsv1.3'}, {session_resumption, false}]}, + eldap:conn_info(H, [protocol, session_resumption])); + Other -> ct:fail("eldap:open failed: ~p",[Other]) + end. + +%%%---------------------------------------------------------------- +plain_ldap_conn_info_error(Config) -> + Host = proplists:get_value(listen_host, Config), + Port = proplists:get_value(listen_port, Config), + Opts = proplists:get_value(tcp_connect_opts, Config), + T = 1000, + case eldap:open([Host], [{timeout,T},{port,Port}|Opts]) of + {ok,H} -> + ?assertMatch({error, "Not an SSL connection"}, + eldap:conn_info(H)); + Other -> ct:fail("eldap:open failed: ~p",[Other]) + end. + +%%%---------------------------------------------------------------- client_side_add_timeout(Config) -> client_timeout( fun(H) -> |