From b0d319a92f87ff7c1c7f384e8bfeeeae8d34d361 Mon Sep 17 00:00:00 2001 From: anupamasingh10 Date: Thu, 23 Feb 2023 11:11:06 +0100 Subject: Add new api conn_info for SSL connections to LDAP server --- lib/eldap/doc/src/eldap.xml | 26 +++++++++++++++++ lib/eldap/src/eldap.erl | 29 ++++++++++++++++++- lib/eldap/test/eldap_basic_SUITE.erl | 56 ++++++++++++++++++++++++++++++++++-- 3 files changed, 107 insertions(+), 4 deletions(-) diff --git a/lib/eldap/doc/src/eldap.xml b/lib/eldap/doc/src/eldap.xml index 4d9ec96a70..8f08514886 100644 --- a/lib/eldap/doc/src/eldap.xml +++ b/lib/eldap/doc/src/eldap.xml @@ -548,6 +548,32 @@ Control2 = eldap:paged_result_control(PageSize, Cookie1), the series.

+ + conn_info(Handle) -> {ok, Data} | {error, Reason} + Returns all the connection information. + + + Handle = handle() + Data = ssl:connection_info() + +

Returns the most relevant information for SSL connection to an LDAP server, ssl options + that are undefined will be filtered out. Note that values that affect the security of the + connection will only be returned if explicitly requested by conn_info/2.

+ + + + conn_info(Handle, Items) -> {ok, Data} | {error, Reason} + Returns the requested connection information. + + + Handle = handle() + Items = ssl:connection_info_items() + Data = ssl:connection_info() + +

Returns the requested information items about the SSL connection to LDAP server, + if they are defined.

+ + diff --git a/lib/eldap/src/eldap.erl b/lib/eldap/src/eldap.erl index 22d816c8c8..cc27a31966 100644 --- a/lib/eldap/src/eldap.erl +++ b/lib/eldap/src/eldap.erl @@ -30,7 +30,9 @@ parse_ldap_url/1, paged_result_control/1, paged_result_control/2, - paged_result_cookie/1]). + paged_result_cookie/1, + conn_info/1, + conn_info/2]). -export([neverDerefAliases/0, derefInSearching/0, derefFindingBaseObj/0, derefAlways/0]). @@ -154,6 +156,16 @@ controlling_process(Handle, Pid) when is_pid(Handle), is_pid(Pid) -> send(Handle, {cnt_proc, Pid}), recv(Handle). +%%% -------------------------------------------------------------------- +%%% Return LDAP connection information +%%% -------------------------------------------------------------------- +conn_info(Handle) when is_pid(Handle) -> + conn_info(Handle, []). + +conn_info(Handle, Items) when is_pid(Handle) -> + send(Handle, {conn_info, Items}), + recv(Handle). + %%% -------------------------------------------------------------------- %%% Authenticate ourselves to the Directory %%% using simple authentication. @@ -608,6 +620,17 @@ loop(Cpid, Data) -> send(From, Result), ?MODULE:loop(Cpid, Data); + {From, {conn_info, Items}} -> + Res = + case Data#eldap.ldaps of + true -> + get_ssl_conn_info(Data#eldap.fd, Items); + false -> + {error, "Not an SSL connection"} + end, + send(From, Res), + ?MODULE:loop(Cpid, Data); + {Cpid, 'EXIT', Reason} -> ?PRINT("Got EXIT from Cpid, reason=~p~n",[Reason]), exit(Reason); @@ -618,6 +641,10 @@ loop(Cpid, Data) -> end. +get_ssl_conn_info(SockFd, []) -> + ssl:connection_information(SockFd); +get_ssl_conn_info(SockFd, Items) -> + ssl:connection_information(SockFd, Items). %%% -------------------------------------------------------------------- %%% startTLS Request diff --git a/lib/eldap/test/eldap_basic_SUITE.erl b/lib/eldap/test/eldap_basic_SUITE.erl index 5fa6d4ca69..1c283a1f82 100644 --- a/lib/eldap/test/eldap_basic_SUITE.erl +++ b/lib/eldap/test/eldap_basic_SUITE.erl @@ -46,6 +46,7 @@ more_add/1, open_ret_val_error/1, open_ret_val_success/1, + plain_ldap_conn_info_error/1, search_filter_and/1, search_filter_and_not/1, search_filter_equalityMatch/1, @@ -63,6 +64,8 @@ search_extensible_match_without_dn/1, search_paged_results/1, ssl_connection/1, + ssl_conn_info/1, + ssl_conn_info_items/1, start_tls_on_ssl_should_fail/1, start_tls_twice_should_fail/1, tcp_connection/1, @@ -81,8 +84,8 @@ suite/0 ]). -%%-include_lib("common_test/include/ct.hrl"). -include_lib("common_test/include/ct.hrl"). +-include_lib("stdlib/include/assert.hrl"). -include_lib("eldap/include/eldap.hrl"). -include_lib("eldap/ebin/ELDAPv3.hrl"). @@ -159,7 +162,10 @@ connection_tests() -> client_side_bind_timeout, client_side_add_timeout, client_side_search_timeout, - close_after_tcp_error + close_after_tcp_error, + ssl_conn_info, + ssl_conn_info_items, + plain_ldap_conn_info_error ]. @@ -259,7 +265,7 @@ end_per_group(start_tls_api, Config) -> clear_db(Config); end_per_group(_Group, Config) -> Config. -init_per_testcase(ssl_connection, Config) -> +init_per_testcase(TC, Config) when TC == ssl_connection; TC == ssl_conn_info; TC == ssl_conn_info_items -> case proplists:get_value(ssl_available,Config) of true -> SSL_Port = 9999, @@ -422,6 +428,50 @@ ssl_connection(Config) -> Other -> ct:fail("eldap:open failed: ~p",[Other]) end. +%%%---------------------------------------------------------------- +ssl_conn_info(Config) -> + Host = proplists:get_value(listen_host, Config), + Port = proplists:get_value(ssl_listen_port, Config), + Opts = proplists:get_value(tcp_connect_opts, Config), + SSLOpts = proplists:get_value(ssl_connect_opts, Config), + case eldap:open([Host], [{port,Port}, + {ssl,true}, + {timeout,5000}, + {sslopts,SSLOpts}|Opts]) of + {ok,H} -> + ?assertMatch({ok, _Data}, eldap:conn_info(H)); + Other -> ct:fail("eldap:open failed: ~p",[Other]) + end. + +%%%---------------------------------------------------------------- +ssl_conn_info_items(Config) -> + Host = proplists:get_value(listen_host, Config), + Port = proplists:get_value(ssl_listen_port, Config), + Opts = proplists:get_value(tcp_connect_opts, Config), + SSLOpts = proplists:get_value(ssl_connect_opts, Config), + case eldap:open([Host], [{port,Port}, + {ssl,true}, + {timeout,5000}, + {sslopts,SSLOpts}|Opts]) of + {ok,H} -> + ?assertEqual({ok, [{protocol, 'tlsv1.3'}, {session_resumption, false}]}, + eldap:conn_info(H, [protocol, session_resumption])); + Other -> ct:fail("eldap:open failed: ~p",[Other]) + end. + +%%%---------------------------------------------------------------- +plain_ldap_conn_info_error(Config) -> + Host = proplists:get_value(listen_host, Config), + Port = proplists:get_value(listen_port, Config), + Opts = proplists:get_value(tcp_connect_opts, Config), + T = 1000, + case eldap:open([Host], [{timeout,T},{port,Port}|Opts]) of + {ok,H} -> + ?assertMatch({error, "Not an SSL connection"}, + eldap:conn_info(H)); + Other -> ct:fail("eldap:open failed: ~p",[Other]) + end. + %%%---------------------------------------------------------------- client_side_add_timeout(Config) -> client_timeout( -- cgit v1.2.1 From f1ac6ef8274009612774b63c1bb7259ee8abdb7b Mon Sep 17 00:00:00 2001 From: anupamasingh10 Date: Mon, 27 Feb 2023 10:22:10 +0100 Subject: Add new api conn_info for SSL connections to LDAP server --- lib/eldap/doc/src/eldap.xml | 12 ++++++------ lib/ssl/src/ssl.erl | 4 +++- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/lib/eldap/doc/src/eldap.xml b/lib/eldap/doc/src/eldap.xml index 8f08514886..5efcbd4c86 100644 --- a/lib/eldap/doc/src/eldap.xml +++ b/lib/eldap/doc/src/eldap.xml @@ -550,20 +550,20 @@ Control2 = eldap:paged_result_control(PageSize, Cookie1), conn_info(Handle) -> {ok, Data} | {error, Reason} - Returns all the connection information. + When LDAP is run over TLS, returns information about the TLS connection. Handle = handle() Data = ssl:connection_info() -

Returns the most relevant information for SSL connection to an LDAP server, ssl options - that are undefined will be filtered out. Note that values that affect the security of the - connection will only be returned if explicitly requested by conn_info/2.

+

Returns the most relevant information for SSL connection to an LDAP server. + See also ssl:connection_information/1.

 conn_info(Handle, Items) -> {ok, Data} | {error, Reason} - Returns the requested connection information. + When LDAP is run over TLS, returns requested information items about the TLS + connection. Handle = handle() @@ -571,7 +571,7 @@ Control2 = eldap:paged_result_control(PageSize, Cookie1), Data = ssl:connection_info()

Returns the requested information items about the SSL connection to LDAP server, - if they are defined.

+ if they are defined. See also ssl:connection_information/2.

 diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index ad5028655d..08ebfae269 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -138,7 +138,9 @@ srp_param_type/0, named_curve/0, sign_scheme/0, - group/0]). + group/0, + connection_info/0, + connection_info_items/0]). %% ------------------------------------------------------------------------------------------------------- -- cgit v1.2.1 From 474317eeb9cf929cb6a2a0a181b0c1ced2aa034d Mon Sep 17 00:00:00 2001 From: anupamasingh10 Date: Thu, 9 Mar 2023 12:17:27 +0100 Subject: Add new api eldap:info/1 --- lib/eldap/doc/src/eldap.xml | 25 +++++------------------ lib/eldap/src/eldap.erl | 23 +++++++-------------- lib/eldap/test/eldap_basic_SUITE.erl | 39 ++++++++++-------------------------- lib/ssl/src/ssl.erl | 4 +--- 4 files changed, 24 insertions(+), 67 deletions(-) diff --git a/lib/eldap/doc/src/eldap.xml b/lib/eldap/doc/src/eldap.xml index 5efcbd4c86..edc308ba52 100644 --- a/lib/eldap/doc/src/eldap.xml +++ b/lib/eldap/doc/src/eldap.xml @@ -549,29 +549,14 @@ Control2 = eldap:paged_result_control(PageSize, Cookie1), - conn_info(Handle) -> {ok, Data} | {error, Reason} - When LDAP is run over TLS, returns information about the TLS connection. + info(Handle) -> #{socket := Socket, socket_type := tcp | ssl} + Returns the SSL or TCP socket for LDAP connection. - Handle = handle() - Data = ssl:connection_info() - -

Returns the most relevant information for SSL connection to an LDAP server. - See also ssl:connection_information/1.

- - - - conn_info(Handle, Items) -> {ok, Data} | {error, Reason} - When LDAP is run over TLS, returns requested information items about the TLS - connection. - - - Handle = handle() - Items = ssl:connection_info_items() - Data = ssl:connection_info() + Socket = ssl:sslsocket() | gen_tcp:socket() -

Returns the requested information items about the SSL connection to LDAP server, - if they are defined. See also ssl:connection_information/2.

+

Returns the socket type and socket for a TCP/SSL connection + to an LDAP server

 diff --git a/lib/eldap/src/eldap.erl b/lib/eldap/src/eldap.erl index cc27a31966..ab6363a28b 100644 --- a/lib/eldap/src/eldap.erl +++ b/lib/eldap/src/eldap.erl @@ -31,8 +31,7 @@ paged_result_control/1, paged_result_control/2, paged_result_cookie/1, - conn_info/1, - conn_info/2]). + info/1]). -export([neverDerefAliases/0, derefInSearching/0, derefFindingBaseObj/0, derefAlways/0]). @@ -157,13 +156,10 @@ controlling_process(Handle, Pid) when is_pid(Handle), is_pid(Pid) -> recv(Handle). %%% -------------------------------------------------------------------- -%%% Return LDAP connection information +%%% Return LDAP socket information %%% -------------------------------------------------------------------- -conn_info(Handle) when is_pid(Handle) -> - conn_info(Handle, []). - -conn_info(Handle, Items) when is_pid(Handle) -> - send(Handle, {conn_info, Items}), +info(Handle) when is_pid(Handle) -> + send(Handle, info), recv(Handle). %%% -------------------------------------------------------------------- @@ -620,13 +616,13 @@ loop(Cpid, Data) -> send(From, Result), ?MODULE:loop(Cpid, Data); - {From, {conn_info, Items}} -> + {From, info} -> Res = case Data#eldap.ldaps of true -> - get_ssl_conn_info(Data#eldap.fd, Items); + #{socket => Data#eldap.fd, socket_type => ssl}; false -> - {error, "Not an SSL connection"} + #{socket => Data#eldap.fd, socket_type => tcp} end, send(From, Res), ?MODULE:loop(Cpid, Data); @@ -641,11 +637,6 @@ loop(Cpid, Data) -> end. -get_ssl_conn_info(SockFd, []) -> - ssl:connection_information(SockFd); -get_ssl_conn_info(SockFd, Items) -> - ssl:connection_information(SockFd, Items). - %%% -------------------------------------------------------------------- %%% startTLS Request %%% -------------------------------------------------------------------- diff --git a/lib/eldap/test/eldap_basic_SUITE.erl b/lib/eldap/test/eldap_basic_SUITE.erl index 1c283a1f82..2b26ed52bd 100644 --- a/lib/eldap/test/eldap_basic_SUITE.erl +++ b/lib/eldap/test/eldap_basic_SUITE.erl @@ -46,7 +46,7 @@ more_add/1, open_ret_val_error/1, open_ret_val_success/1, - plain_ldap_conn_info_error/1, + plain_ldap_socket_info/1, search_filter_and/1, search_filter_and_not/1, search_filter_equalityMatch/1, @@ -64,8 +64,7 @@ search_extensible_match_without_dn/1, search_paged_results/1, ssl_connection/1, - ssl_conn_info/1, - ssl_conn_info_items/1, + ssl_conn_socket_info/1, start_tls_on_ssl_should_fail/1, start_tls_twice_should_fail/1, tcp_connection/1, @@ -163,9 +162,8 @@ connection_tests() -> client_side_add_timeout, client_side_search_timeout, close_after_tcp_error, - ssl_conn_info, - ssl_conn_info_items, - plain_ldap_conn_info_error + ssl_conn_socket_info, + plain_ldap_socket_info ]. @@ -265,7 +263,7 @@ end_per_group(start_tls_api, Config) -> clear_db(Config); end_per_group(_Group, Config) -> Config. -init_per_testcase(TC, Config) when TC == ssl_connection; TC == ssl_conn_info; TC == ssl_conn_info_items -> +init_per_testcase(TC, Config) when TC == ssl_connection; TC == ssl_conn_socket_info -> case proplists:get_value(ssl_available,Config) of true -> SSL_Port = 9999, @@ -429,7 +427,7 @@ ssl_connection(Config) -> end. %%%---------------------------------------------------------------- -ssl_conn_info(Config) -> +ssl_conn_socket_info(Config) -> Host = proplists:get_value(listen_host, Config), Port = proplists:get_value(ssl_listen_port, Config), Opts = proplists:get_value(tcp_connect_opts, Config), @@ -439,36 +437,21 @@ ssl_conn_info(Config) -> {timeout,5000}, {sslopts,SSLOpts}|Opts]) of {ok,H} -> - ?assertMatch({ok, _Data}, eldap:conn_info(H)); + #{socket := Socket, socket_type := ssl} = eldap:info(H), + ?assertMatch({ok, _Data}, ssl:connection_information(Socket)); Other -> ct:fail("eldap:open failed: ~p",[Other]) end. %%%---------------------------------------------------------------- -ssl_conn_info_items(Config) -> - Host = proplists:get_value(listen_host, Config), - Port = proplists:get_value(ssl_listen_port, Config), - Opts = proplists:get_value(tcp_connect_opts, Config), - SSLOpts = proplists:get_value(ssl_connect_opts, Config), - case eldap:open([Host], [{port,Port}, - {ssl,true}, - {timeout,5000}, - {sslopts,SSLOpts}|Opts]) of - {ok,H} -> - ?assertEqual({ok, [{protocol, 'tlsv1.3'}, {session_resumption, false}]}, - eldap:conn_info(H, [protocol, session_resumption])); - Other -> ct:fail("eldap:open failed: ~p",[Other]) - end. - -%%%---------------------------------------------------------------- -plain_ldap_conn_info_error(Config) -> +plain_ldap_socket_info(Config) -> Host = proplists:get_value(listen_host, Config), Port = proplists:get_value(listen_port, Config), Opts = proplists:get_value(tcp_connect_opts, Config), T = 1000, case eldap:open([Host], [{timeout,T},{port,Port}|Opts]) of {ok,H} -> - ?assertMatch({error, "Not an SSL connection"}, - eldap:conn_info(H)); + ?assertMatch(#{socket := _, socket_type := tcp}, + eldap:info(H)); Other -> ct:fail("eldap:open failed: ~p",[Other]) end. diff --git a/lib/ssl/src/ssl.erl b/lib/ssl/src/ssl.erl index 08ebfae269..ad5028655d 100644 --- a/lib/ssl/src/ssl.erl +++ b/lib/ssl/src/ssl.erl @@ -138,9 +138,7 @@ srp_param_type/0, named_curve/0, sign_scheme/0, - group/0, - connection_info/0, - connection_info_items/0]). + group/0]). %% ------------------------------------------------------------------------------------------------------- -- cgit v1.2.1 From 6706de788689d4b65f2190fb047641a6d94a6131 Mon Sep 17 00:00:00 2001 From: anupamasingh10 Date: Fri, 10 Mar 2023 19:25:11 +0100 Subject: Update eldap:info/1 documentation --- lib/eldap/doc/src/eldap.xml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/eldap/doc/src/eldap.xml b/lib/eldap/doc/src/eldap.xml index edc308ba52..aae0f346b9 100644 --- a/lib/eldap/doc/src/eldap.xml +++ b/lib/eldap/doc/src/eldap.xml @@ -549,14 +549,15 @@ Control2 = eldap:paged_result_control(PageSize, Cookie1), - info(Handle) -> #{socket := Socket, socket_type := tcp | ssl} - Returns the SSL or TCP socket for LDAP connection. + info(Handle) -> connection_info() + Returns information about the LDAP connection. + connection_info() = #{socket := Socket, socket_type := tcp | ssl} Socket = ssl:sslsocket() | gen_tcp:socket() -

Returns the socket type and socket for a TCP/SSL connection - to an LDAP server

+

Currently available information reveals the socket and the transport + protocol, TCP or TLS (SSL), used by the LDAP connection.

 -- cgit v1.2.1 From 45aabdf3015126b6448d9c286b01f5814f680cce Mon Sep 17 00:00:00 2001 From: anupamasingh10 <31176057+anupamasingh10@users.noreply.github.com> Date: Wed, 15 Mar 2023 12:14:49 +0100 Subject: Update lib/eldap/src/eldap.erl Co-authored-by: Kenneth Lundin --- lib/eldap/src/eldap.erl | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/lib/eldap/src/eldap.erl b/lib/eldap/src/eldap.erl index ab6363a28b..b9a2891fa7 100644 --- a/lib/eldap/src/eldap.erl +++ b/lib/eldap/src/eldap.erl @@ -617,13 +617,14 @@ loop(Cpid, Data) -> ?MODULE:loop(Cpid, Data); {From, info} -> - Res = + SocketType = case Data#eldap.ldaps of - true -> - #{socket => Data#eldap.fd, socket_type => ssl}; - false -> - #{socket => Data#eldap.fd, socket_type => tcp} + true -> + ssl; + false -> + tcp end, + Res = #{socket => Data#eldap.fd, socket_type => SocketType} , send(From, Res), ?MODULE:loop(Cpid, Data); -- cgit v1.2.1 From 7ade6057647861cfd00e8dc5ee31544102d3b15c Mon Sep 17 00:00:00 2001 From: anupamasingh10 <31176057+anupamasingh10@users.noreply.github.com> Date: Wed, 15 Mar 2023 13:27:52 +0100 Subject: Update lib/eldap/src/eldap.erl Co-authored-by: Viacheslav Katsuba --- lib/eldap/src/eldap.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/eldap/src/eldap.erl b/lib/eldap/src/eldap.erl index b9a2891fa7..8c34a45c6a 100644 --- a/lib/eldap/src/eldap.erl +++ b/lib/eldap/src/eldap.erl @@ -619,7 +619,7 @@ loop(Cpid, Data) -> {From, info} -> SocketType = case Data#eldap.ldaps of - true -> + true -> ssl; false -> tcp -- cgit v1.2.1 From be0a3cc13a599f981f5d1f5e2532a2be0df3c4d1 Mon Sep 17 00:00:00 2001 From: anupamasingh10 <31176057+anupamasingh10@users.noreply.github.com> Date: Wed, 15 Mar 2023 13:27:59 +0100 Subject: Update lib/eldap/src/eldap.erl Co-authored-by: Viacheslav Katsuba --- lib/eldap/src/eldap.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/eldap/src/eldap.erl b/lib/eldap/src/eldap.erl index 8c34a45c6a..2ac6e3d3cf 100644 --- a/lib/eldap/src/eldap.erl +++ b/lib/eldap/src/eldap.erl @@ -621,7 +621,7 @@ loop(Cpid, Data) -> case Data#eldap.ldaps of true -> ssl; - false -> + false -> tcp end, Res = #{socket => Data#eldap.fd, socket_type => SocketType} , -- cgit v1.2.1 From b5259a1036663de459859be4d74d03884ce8c9dc Mon Sep 17 00:00:00 2001 From: anupamasingh10 <31176057+anupamasingh10@users.noreply.github.com> Date: Wed, 15 Mar 2023 13:28:08 +0100 Subject: Update lib/eldap/src/eldap.erl Co-authored-by: Viacheslav Katsuba --- lib/eldap/src/eldap.erl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/eldap/src/eldap.erl b/lib/eldap/src/eldap.erl index 2ac6e3d3cf..7edd012263 100644 --- a/lib/eldap/src/eldap.erl +++ b/lib/eldap/src/eldap.erl @@ -624,7 +624,7 @@ loop(Cpid, Data) -> false -> tcp end, - Res = #{socket => Data#eldap.fd, socket_type => SocketType} , + Res = #{socket => Data#eldap.fd, socket_type => SocketType}, send(From, Res), ?MODULE:loop(Cpid, Data); -- cgit v1.2.1 From 58771d0171e1ecbe51528070731f56d29218c793 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Tue, 25 Apr 2023 16:32:26 +0200 Subject: eldap:Fix since tag --- lib/eldap/doc/src/eldap.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/eldap/doc/src/eldap.xml b/lib/eldap/doc/src/eldap.xml index aae0f346b9..b3b8dc0a9b 100644 --- a/lib/eldap/doc/src/eldap.xml +++ b/lib/eldap/doc/src/eldap.xml @@ -549,7 +549,7 @@ Control2 = eldap:paged_result_control(PageSize, Cookie1), - info(Handle) -> connection_info() + info(Handle) -> connection_info() Returns information about the LDAP connection. -- cgit v1.2.1