From a5e74f92aecfe11b6139205d4731f798711fa869 Mon Sep 17 00:00:00 2001 From: merlinz01 <158784988+merlinz01@users.noreply.github.com> Date: Mon, 15 Apr 2024 15:53:54 -0400 Subject: [PATCH] remove predefined results in favor of LDAPResultCode.AsResult --- handler.go | 24 ++++++++++++++++-------- result.go | 18 ------------------ server.go | 21 ++++++++++++++------- test/main.go | 36 +++++++++++++++++++++++++++--------- 4 files changed, 57 insertions(+), 42 deletions(-) diff --git a/handler.go b/handler.go index ba24471..072b0d6 100644 --- a/handler.go +++ b/handler.go @@ -41,31 +41,38 @@ func (*BaseHandler) Abandon(conn *Conn, msg *Message, messageID MessageID) { } func (*BaseHandler) Add(conn *Conn, msg *Message, req *AddRequest) { - conn.SendResult(msg.MessageID, nil, TypeAddResponseOp, UnsupportedOperation) + conn.SendResult(msg.MessageID, nil, TypeAddResponseOp, + LDAPResultUnwillingToPerform.AsResult("the Add operation not supported by this server")) } func (*BaseHandler) Bind(conn *Conn, msg *Message, req *BindRequest) { - conn.SendResult(msg.MessageID, nil, TypeBindResponseOp, UnsupportedOperation) + conn.SendResult(msg.MessageID, nil, TypeBindResponseOp, + LDAPResultUnwillingToPerform.AsResult("the Bind operation not supported by this server")) } func (*BaseHandler) Compare(conn *Conn, msg *Message, req *CompareRequest) { - conn.SendResult(msg.MessageID, nil, TypeCompareResponseOp, UnsupportedOperation) + conn.SendResult(msg.MessageID, nil, TypeCompareResponseOp, + LDAPResultUnwillingToPerform.AsResult("the Compare operation not supported by this server")) } func (*BaseHandler) Delete(conn *Conn, msg *Message, dn string) { - conn.SendResult(msg.MessageID, nil, TypeDeleteResponseOp, UnsupportedOperation) + conn.SendResult(msg.MessageID, nil, TypeDeleteResponseOp, + LDAPResultUnwillingToPerform.AsResult("the Delete operation not supported by this server")) } func (*BaseHandler) Modify(conn *Conn, msg *Message, req *ModifyRequest) { - conn.SendResult(msg.MessageID, nil, TypeModifyResponseOp, UnsupportedOperation) + conn.SendResult(msg.MessageID, nil, TypeModifyResponseOp, + LDAPResultUnwillingToPerform.AsResult("the Modify operation not supported by this server")) } func (*BaseHandler) ModifyDN(conn *Conn, msg *Message, req *ModifyDNRequest) { - conn.SendResult(msg.MessageID, nil, TypeModifyDNResponseOp, UnsupportedOperation) + conn.SendResult(msg.MessageID, nil, TypeModifyDNResponseOp, + LDAPResultUnwillingToPerform.AsResult("the ModifyDN operation not supported by this server")) } func (*BaseHandler) Search(conn *Conn, msg *Message, req *SearchRequest) { - conn.SendResult(msg.MessageID, nil, TypeSearchResultDoneOp, UnsupportedOperation) + conn.SendResult(msg.MessageID, nil, TypeSearchResultDoneOp, + LDAPResultUnwillingToPerform.AsResult("the Search operation not supported by this server")) } // Implementers should provide their own Extended method that defaults to calling this @@ -113,5 +120,6 @@ func (*BaseHandler) StartTLS(conn *Conn, msg *Message) { } func (*BaseHandler) Other(conn *Conn, msg *Message) { - conn.SendResult(msg.MessageID, nil, BerTypeSequence, UnsupportedOperation) + conn.SendResult(msg.MessageID, nil, BerTypeSequence, + LDAPResultUnwillingToPerform.AsResult("the requested operation was not recognized")) } diff --git a/result.go b/result.go index bcaf945..40de2a0 100644 --- a/result.go +++ b/result.go @@ -161,21 +161,3 @@ func (r LDAPResultCode) AsResult(diagnosticMessage string) *Result { } return res } - -// Result returned for protocol errors -var ProtocolError = &Result{ - ResultCode: LDAPResultProtocolError, - DiagnosticMessage: "the server could not understand the request", -} - -// Result returned for unsupported requests -var UnsupportedOperation = &Result{ - ResultCode: LDAPResultUnwillingToPerform, - DiagnosticMessage: "the operation requested is not supported by the server", -} - -// Result returned for denied permission -var PermissionDenied = &Result{ - ResultCode: LDAPResultInsufficientAccessRights, - DiagnosticMessage: "client has insufficient access rights to the requested resource", -} diff --git a/server.go b/server.go index 3b16f88..3c6374f 100644 --- a/server.go +++ b/server.go @@ -156,7 +156,8 @@ func (s *LDAPServer) handleMessage(conn *Conn, msg *Message) { req, err := GetAddRequest(msg.ProtocolOp.Data) if err != nil { log.Println("Error parsing Add request:", err) - conn.SendResult(msg.MessageID, nil, TypeAddResponseOp, ProtocolError) + conn.SendResult(msg.MessageID, nil, TypeAddResponseOp, + LDAPResultProtocolError.AsResult("invalid Add request received")) return } conn.asyncOperations.Add(1) @@ -168,7 +169,8 @@ func (s *LDAPServer) handleMessage(conn *Conn, msg *Message) { req, err := GetBindRequest(msg.ProtocolOp.Data) if err != nil { log.Println("Error parsing Bind request:", err) - conn.SendResult(msg.MessageID, nil, TypeBindResponseOp, ProtocolError) + conn.SendResult(msg.MessageID, nil, TypeBindResponseOp, + LDAPResultProtocolError.AsResult("invalid Bind request received")) return } conn.asyncOperations.Wait() @@ -177,7 +179,8 @@ func (s *LDAPServer) handleMessage(conn *Conn, msg *Message) { req, err := GetCompareRequest(msg.ProtocolOp.Data) if err != nil { log.Println("Error parsing Compare request:", err) - conn.SendResult(msg.MessageID, nil, TypeCompareResponseOp, ProtocolError) + conn.SendResult(msg.MessageID, nil, TypeCompareResponseOp, + LDAPResultProtocolError.AsResult("invalid Compare request received")) return } conn.asyncOperations.Add(1) @@ -196,7 +199,8 @@ func (s *LDAPServer) handleMessage(conn *Conn, msg *Message) { req, err := GetExtendedRequest(msg.ProtocolOp.Data) if err != nil { log.Println("Error parsing Extended request:", err) - conn.SendResult(msg.MessageID, nil, TypeExtendedResponseOp, &ExtendedResult{Result: *ProtocolError}) + conn.SendResult(msg.MessageID, nil, TypeExtendedResponseOp, + &ExtendedResult{Result: *LDAPResultProtocolError.AsResult("invalid Extended request received")}) return } // This is not concurrent in case it is a StartTLS request @@ -205,7 +209,8 @@ func (s *LDAPServer) handleMessage(conn *Conn, msg *Message) { req, err := GetModifyRequest(msg.ProtocolOp.Data) if err != nil { log.Println("Error parsing Modify request:", err) - conn.SendResult(msg.MessageID, nil, TypeModifyResponseOp, ProtocolError) + conn.SendResult(msg.MessageID, nil, TypeModifyResponseOp, + LDAPResultProtocolError.AsResult("invalid Modify request received")) return } conn.asyncOperations.Add(1) @@ -217,7 +222,8 @@ func (s *LDAPServer) handleMessage(conn *Conn, msg *Message) { req, err := GetModifyDNRequest(msg.ProtocolOp.Data) if err != nil { log.Println("Error parsing ModifyDN request:", err) - conn.SendResult(msg.MessageID, nil, TypeModifyDNResponseOp, ProtocolError) + conn.SendResult(msg.MessageID, nil, TypeModifyDNResponseOp, + LDAPResultProtocolError.AsResult("invalid ModifyDN request received")) return } conn.asyncOperations.Add(1) @@ -229,7 +235,8 @@ func (s *LDAPServer) handleMessage(conn *Conn, msg *Message) { req, err := GetSearchRequest(msg.ProtocolOp.Data) if err != nil { log.Println("Error parsing Search request:", err) - conn.SendResult(msg.MessageID, nil, TypeSearchResultDoneOp, &ExtendedResult{Result: *ProtocolError}) + conn.SendResult(msg.MessageID, nil, TypeSearchResultDoneOp, + LDAPResultProtocolError.AsResult("invalid Search request received")) return } conn.asyncOperations.Add(1) diff --git a/test/main.go b/test/main.go index 0a6b39a..ac12ab9 100644 --- a/test/main.go +++ b/test/main.go @@ -19,8 +19,12 @@ func main() { log.Println("Error setting up TLS:", err) return } - println("Serving.") - server.ListenAndServe("localhost:389") + log.Println("Serving.") + err = server.ListenAndServe("localhost:389") + if err != nil { + log.Println("Error starting server:", err) + return + } } type TestHandler struct { @@ -54,7 +58,9 @@ func (t *TestHandler) Add(conn *ldapserver.Conn, msg *ldapserver.Message, req *l auth := getAuth(conn) if auth != "uid=authorizeduser,ou=users,dc=example,dc=com" { log.Println("Not an authorized connection!", auth) - conn.SendResult(msg.MessageID, nil, ldapserver.TypeAddResponseOp, ldapserver.PermissionDenied) + conn.SendResult(msg.MessageID, nil, ldapserver.TypeAddResponseOp, + ldapserver.LDAPResultInsufficientAccessRights.AsResult( + "the connection is not authorized to perform the requested operation")) return } log.Println("Add DN:", req.Entry) @@ -120,7 +126,9 @@ func (t *TestHandler) Compare(conn *ldapserver.Conn, msg *ldapserver.Message, re auth := getAuth(conn) if auth != "uid=authorizeduser,ou=users,dc=example,dc=com" { log.Println("Not an authorized connection!", auth) - conn.SendResult(msg.MessageID, nil, ldapserver.TypeCompareResponseOp, ldapserver.PermissionDenied) + conn.SendResult(msg.MessageID, nil, ldapserver.TypeCompareResponseOp, + ldapserver.LDAPResultInsufficientAccessRights.AsResult( + "the connection is not authorized to perform the requested operation")) return } // Pretend to take a while @@ -143,7 +151,9 @@ func (t *TestHandler) Delete(conn *ldapserver.Conn, msg *ldapserver.Message, dn auth := getAuth(conn) if auth != "uid=authorizeduser,ou=users,dc=example,dc=com" { log.Println("Not an authorized connection!", auth) - conn.SendResult(msg.MessageID, nil, ldapserver.TypeDeleteResponseOp, ldapserver.PermissionDenied) + conn.SendResult(msg.MessageID, nil, ldapserver.TypeDeleteResponseOp, + ldapserver.LDAPResultInsufficientAccessRights.AsResult( + "the connection is not authorized to perform the requested operation")) return } log.Println("Delete DN:", dn) @@ -158,7 +168,9 @@ func (t *TestHandler) Modify(conn *ldapserver.Conn, msg *ldapserver.Message, req auth := getAuth(conn) if auth != "uid=authorizeduser,ou=users,dc=example,dc=com" { log.Println("Not an authorized connection!", auth) - conn.SendResult(msg.MessageID, nil, ldapserver.TypeModifyResponseOp, ldapserver.PermissionDenied) + conn.SendResult(msg.MessageID, nil, ldapserver.TypeModifyResponseOp, + ldapserver.LDAPResultInsufficientAccessRights.AsResult( + "the connection is not authorized to perform the requested operation")) return } log.Println("Modify DN:", req.Object) @@ -178,7 +190,9 @@ func (t *TestHandler) ModifyDN(conn *ldapserver.Conn, msg *ldapserver.Message, r auth := getAuth(conn) if auth != "uid=authorizeduser,ou=users,dc=example,dc=com" { log.Println("Not an authorized connection!", auth) - conn.SendResult(msg.MessageID, nil, ldapserver.TypeModifyResponseOp, ldapserver.PermissionDenied) + conn.SendResult(msg.MessageID, nil, ldapserver.TypeModifyResponseOp, + ldapserver.LDAPResultInsufficientAccessRights.AsResult( + "the connection is not authorized to perform the requested operation")) return } log.Println("Old DN:", req.Object) @@ -204,12 +218,16 @@ func (t *TestHandler) Search(conn *ldapserver.Conn, msg *ldapserver.Message, req auth := getAuth(conn) if auth != "uid=authorizeduser,ou=users,dc=example,dc=com" { log.Println("Not an authorized connection!", auth) - conn.SendResult(msg.MessageID, nil, ldapserver.TypeModifyResponseOp, ldapserver.PermissionDenied) + conn.SendResult(msg.MessageID, nil, ldapserver.TypeModifyResponseOp, + ldapserver.LDAPResultInsufficientAccessRights.AsResult( + "the connection is not authorized to perform the requested operation")) return } if auth != "uid=authorizeduser,ou=users,dc=example,dc=com" { log.Println("Not an authorized connection!", auth) - conn.SendResult(msg.MessageID, nil, ldapserver.TypeSearchResultDoneOp, ldapserver.PermissionDenied) + conn.SendResult(msg.MessageID, nil, ldapserver.TypeSearchResultDoneOp, + ldapserver.LDAPResultInsufficientAccessRights.AsResult( + "the connection is not authorized to perform the requested operation")) return } log.Println("Base object:", req.BaseObject)