From b268cf343c5e49400c343cbbb0c060ee15cd7803 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vi=CC=81ctor=20Rolda=CC=81n=20Betancort?= Date: Tue, 12 Nov 2019 21:17:04 +0100 Subject: [PATCH 1/5] demonstrates Net::LDAP#open does not expose bind results we identified that clients cannot safely rely on Net::LDAP#get_operation_result when using Net::LDAP#open because @result is not set. As a consequence,clients calling Net::LDAP#get_operation_result would get the previous last cached result @result. --- test/integration/test_return_codes.rb | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/integration/test_return_codes.rb b/test/integration/test_return_codes.rb index 0e381a0a..a752ded8 100644 --- a/test/integration/test_return_codes.rb +++ b/test/integration/test_return_codes.rb @@ -4,6 +4,14 @@ # See: section 12.12 http://www.openldap.org/doc/admin24/overlays.html class TestReturnCodeIntegration < LDAPIntegrationTestCase + def test_open_error + @ldap.authenticate "fake", "creds" + @ldap.open do + result = @ldap.get_operation_result + assert_equal Net::LDAP::ResultCodeInvalidCredentials, result.code + end + end + def test_operations_error refute @ldap.search(filter: "cn=operationsError", base: "ou=Retcodes,dc=rubyldap,dc=com") assert result = @ldap.get_operation_result From 6c929d244032018253cab84415143756919b934e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vi=CC=81ctor=20Rolda=CC=81n=20Betancort?= Date: Tue, 12 Nov 2019 21:26:37 +0100 Subject: [PATCH 2/5] ignore RubyMine metadata --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 9c2842d9..281f0b89 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ publish/ Gemfile.lock .bundle bin/ +.idea From 8135bbe7ef5fe8beb5767d69c9467cb7b401cde7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vi=CC=81ctor=20Rolda=CC=81n=20Betancort?= Date: Tue, 12 Nov 2019 21:53:04 +0100 Subject: [PATCH 3/5] attempt to fix broken "install-openldap" in travis may have broken in the most recent slapd version for Ubuntu Xenial? --- script/install-openldap | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/install-openldap b/script/install-openldap index 3e391d87..47aa4bfe 100755 --- a/script/install-openldap +++ b/script/install-openldap @@ -15,7 +15,7 @@ TMPDIR=$(mktemp -d) cd $TMPDIR # Delete data and reconfigure. -cp -v /var/lib/ldap/DB_CONFIG ./DB_CONFIG +cp -v /usr/share/slapd/DB_CONFIG ./DB_CONFIG rm -rf /etc/ldap/slapd.d/* rm -rf /var/lib/ldap/* cp -v ./DB_CONFIG /var/lib/ldap/DB_CONFIG From cb4b48cb5012ed25176f978900b4357a858819e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vi=CC=81ctor=20Rolda=CC=81n=20Betancort?= Date: Tue, 12 Nov 2019 22:15:25 +0100 Subject: [PATCH 4/5] caches bind result aligns implementation of open with other methods, so the result becomes accessible via get_operation_result --- lib/net/ldap.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/net/ldap.rb b/lib/net/ldap.rb index f7a98ef5..9c13a97d 100644 --- a/lib/net/ldap.rb +++ b/lib/net/ldap.rb @@ -712,7 +712,7 @@ def open begin @open_connection = new_connection payload[:connection] = @open_connection - payload[:bind] = @open_connection.bind(@auth) + payload[:bind] = @result = @open_connection.bind(@auth) yield self ensure @open_connection.close if @open_connection From dd2a880bcfc2c4433f8de855eb24a455039f396b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vi=CC=81ctor=20Rolda=CC=81n=20Betancort?= Date: Tue, 12 Nov 2019 22:21:04 +0100 Subject: [PATCH 5/5] the test environment expects a valid DNS as username --- test/integration/test_return_codes.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/test_return_codes.rb b/test/integration/test_return_codes.rb index a752ded8..eccd260e 100644 --- a/test/integration/test_return_codes.rb +++ b/test/integration/test_return_codes.rb @@ -5,7 +5,7 @@ class TestReturnCodeIntegration < LDAPIntegrationTestCase def test_open_error - @ldap.authenticate "fake", "creds" + @ldap.authenticate "cn=fake", "creds" @ldap.open do result = @ldap.get_operation_result assert_equal Net::LDAP::ResultCodeInvalidCredentials, result.code