Use github url for ldap pkg

README.md

@@ -38,8 +38,9 @@ functionality and user backends.
 
 The authentication server data model is based on the concept of a
 *user account*. The server knows how to retrieve user accounts stored
-in LDAP, but it has to be told the specific details of how to find
-them and how to map the information there to what it needs.
+in LDAP or SQL databases, but it has to be told the specific details
+of how to find them and how to map the information there to what it
+needs.
 
 ## Other Dependencies
 

backend/ldap/ldap.go

@@ -10,7 +10,7 @@ import (
 	ldaputil "git.autistici.org/ai3/go-common/ldap"
 	ct "git.autistici.org/ai3/go-common/ldap/compositetypes"
 	"github.com/tstranex/u2f"
-	"gopkg.in/ldap.v3"
+	"github.com/go-ldap/ldap/v3"
 	"gopkg.in/yaml.v2"
 
 	"git.autistici.org/id/auth/backend"

vendor/contrib.go.opencensus.io/exporter/zipkin/.travis.yml

+language: go
+
+go_import_path: contrib.go.opencensus.io
+
+go:
+  - 1.11.x
+
+env:
+  global:
+    GO111MODULE=on
+
+before_script:
+  - make install-tools
+
+script:
+  - make travis-ci
+

vendor/git.autistici.org/ai3/go-common/clientutil/backend_test.go

+package clientutil
+
+import (
+	"context"
+	"io"
+	"log"
+	"math/rand"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"testing"
+	"time"
+)
+
+type tcpHandler interface {
+	Handle(net.Conn)
+}
+
+type tcpHandlerFunc func(net.Conn)
+
+func (f tcpHandlerFunc) Handle(c net.Conn) { f(c) }
+
+// Base TCP server type (to build fake LDAP servers).
+type tcpServer struct {
+	l       net.Listener
+	handler tcpHandler
+}
+
+func newTCPServer(t testing.TB, handler tcpHandler) *tcpServer {
+	l, err := net.Listen("tcp", "localhost:0")
+	if err != nil {
+		t.Fatal("Listen():", err)
+	}
+	log.Printf("started new tcp server on %s", l.Addr().String())
+	s := &tcpServer{l: l, handler: handler}
+	go s.serve()
+	return s
+}
+
+func (s *tcpServer) serve() {
+	for {
+		conn, err := s.l.Accept()
+		if err != nil {
+			return
+		}
+		go func(c net.Conn) {
+			s.handler.Handle(c)
+			c.Close()
+		}(conn)
+	}
+}
+
+func (s *tcpServer) Addr() string {
+	return s.l.Addr().String()
+}
+
+func (s *tcpServer) Close() {
+	s.l.Close()
+}
+
+// A test server that will close all incoming connections right away.
+func newConnFailServer(t testing.TB) *tcpServer {
+	return newTCPServer(t, tcpHandlerFunc(func(c net.Conn) {}))
+}
+
+// A test server that will close all connections after a 1s delay.
+func newConnFailDelayServer(t testing.TB) *tcpServer {
+	return newTCPServer(t, tcpHandlerFunc(func(c net.Conn) { time.Sleep(1 * time.Second) }))
+}
+
+type httpServer struct {
+	*httptest.Server
+}
+
+func (s *httpServer) Addr() string {
+	u, _ := url.Parse(s.Server.URL)
+	return u.Host
+}
+
+// An HTTP server that will always return a specific HTTP status using
+// http.Error().
+func newErrorHTTPServer(statusCode int) *httpServer {
+	return &httpServer{httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		w.Header().Set("Connection", "close")
+		http.Error(w, "oh no", statusCode)
+	}))}
+}
+
+func newJSONHTTPServer() *httpServer {
+	return &httpServer{httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Content-Type", "application/json")
+		io.WriteString(w, "{\"value\": 42}") // nolint
+	}))}
+}
+
+func newHostCountingJSONHTTPServer() (*httpServer, map[string]int) {
+	counters := make(map[string]int)
+	return &httpServer{httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		counters[r.Host]++
+		w.Header().Set("Content-Type", "application/json")
+		io.WriteString(w, "{\"value\": 42}") // nolint
+	}))}, counters
+}
+
+type testServer interface {
+	Addr() string
+	Close()
+}
+
+type testBackends struct {
+	servers []testServer
+	addrs   []string
+}
+
+func newTestBackends(servers ...testServer) *testBackends {
+	b := new(testBackends)
+	for _, s := range servers {
+		b.servers = append(b.servers, s)
+		b.addrs = append(b.addrs, s.Addr())
+	}
+	return b
+}
+
+func (b *testBackends) ResolveIP(_ string) []string {
+	return b.addrs
+}
+
+func (b *testBackends) stop(i int) {
+	b.servers[i].Close()
+}
+
+func (b *testBackends) close() {
+	for _, s := range b.servers {
+		s.Close()
+	}
+}
+
+// Do a number of fake requests to a test JSONHTTPServer. If shards is
+// not nil, set up a fake sharded service and pick one of the given
+// shards randomly on every request.
+func doJSONRequests(backends *testBackends, u string, n int, shards []string) (int, int) {
+	b, err := newBalancedBackend(&BackendConfig{
+		URL:     u,
+		Debug:   true,
+		Sharded: len(shards) > 0,
+	}, backends)
+	if err != nil {
+		panic(err)
+	}
+	defer b.Close()
+
+	var errs, oks int
+	for i := 0; i < n; i++ {
+		ctx, cancel := context.WithTimeout(context.Background(), 500*time.Millisecond)
+
+		var resp struct {
+			Value int `json:"value"`
+		}
+		var shard string
+		if len(shards) > 0 {
+			shard = shards[rand.Intn(len(shards))]
+		}
+		err = b.Call(ctx, shard, "/", struct{}{}, &resp)
+		cancel()
+		if err != nil {
+			errs++
+			log.Printf("request error: %v", err)
+		} else if resp.Value != 42 {
+			errs++
+		} else {
+			oks++
+		}
+	}
+
+	return oks, errs
+}
+
+func TestBackend_TargetsDown(t *testing.T) {
+	b := newTestBackends(newJSONHTTPServer(), newJSONHTTPServer(), newJSONHTTPServer())
+	defer b.close()
+
+	oks, errs := doJSONRequests(b, "http://test/", 10, nil)
+	if errs > 0 {
+		t.Fatalf("errs=%d", errs)
+	}
+	if oks == 0 {
+		t.Fatal("oks=0")
+	}
+
+	// Stop the first two backends, request should still succeed.
+	b.stop(0)
+	b.stop(1)
+
+	oks, errs = doJSONRequests(b, "http://test/", 10, nil)
+	if errs > 0 {
+		t.Fatalf("errs=%d", errs)
+	}
+	if oks < 10 {
+		t.Fatalf("oks=%d", oks)
+	}
+}
+
+func TestBackend_OverloadedTargets(t *testing.T) {
+	b := newTestBackends(newErrorHTTPServer(http.StatusTooManyRequests), newJSONHTTPServer())
+	defer b.close()
+
+	oks, errs := doJSONRequests(b, "http://test/", 10, nil)
+	if errs > 0 {
+		t.Fatalf("errs=%d", errs)
+	}
+	if oks < 10 {
+		t.Fatalf("oks=%d", oks)
+	}
+}
+
+func TestBackend_BrokenTarget(t *testing.T) {
+	b := newTestBackends(newConnFailServer(t), newJSONHTTPServer())
+	defer b.close()
+
+	oks, errs := doJSONRequests(b, "http://test/", 10, nil)
+	if errs > 0 {
+		t.Fatalf("errs=%d", errs)
+	}
+	if oks == 0 {
+		t.Fatal("oks=0")
+	}
+}
+
+func TestBackend_HighLatencyTarget(t *testing.T) {
+	b := newTestBackends(newConnFailDelayServer(t), newJSONHTTPServer())
+	defer b.close()
+
+	oks, errs := doJSONRequests(b, "http://test/", 10, nil)
+	// At most one request should fail (timing out).
+	if errs > 1 {
+		t.Fatalf("errs=%d", errs)
+	}
+	if oks == 0 {
+		t.Fatal("oks=0")
+	}
+}
+
+func TestBackend_Sharded(t *testing.T) {
+	srv, counters := newHostCountingJSONHTTPServer()
+	b := newTestBackends(srv)
+	defer b.close()
+
+	// Make some requests to two different shards (simulated by a
+	// single http server), and count the Host headers seen.
+	shards := []string{"s1", "s2"}
+	oks, errs := doJSONRequests(b, "http://test/", 10, shards)
+	if errs > 0 {
+		t.Fatalf("errs=%d", errs)
+	}
+	if oks == 0 {
+		t.Fatal("oks=0")
+	}
+
+	for _, s := range shards {
+		n := counters[s+".test"]
+		if n == 0 {
+			t.Errorf("no requests for shard %s", s)
+		}
+	}
+}

vendor/git.autistici.org/ai3/go-common/clientutil/dns_test.go

+package clientutil
+
+import "testing"
+
+type fakeResolver struct {
+	addrs    []string
+	requests int
+}
+
+func (r *fakeResolver) ResolveIP(host string) []string {
+	r.requests++
+	return r.addrs
+}
+
+func TestDNSCache(t *testing.T) {
+	r := &fakeResolver{addrs: []string{"1.2.3.4"}}
+	c := newDNSCache(r)
+	for i := 0; i < 5; i++ {
+		addrs := c.ResolveIP("a.b.c.d")
+		if len(addrs) != 1 {
+			t.Errorf("ResolveIP returned bad response: %v", addrs)
+		}
+	}
+	if r.requests != 1 {
+		t.Errorf("cached resolver has wrong number of requests: %d, expecting 1", r.requests)
+	}
+}

vendor/git.autistici.org/ai3/go-common/go.mod

 module git.autistici.org/ai3/go-common
 
-go 1.14
+go 1.11
 
 require (
-	contrib.go.opencensus.io/exporter/zipkin v0.1.1
+	contrib.go.opencensus.io/exporter/zipkin v0.1.2
 	github.com/amoghe/go-crypt v0.0.0-20191109212615-b2ff80594b7f
-	github.com/bbrks/wrap v2.3.0+incompatible
+	github.com/bbrks/wrap/v2 v2.5.0
 	github.com/cenkalti/backoff v2.2.1+incompatible
 	github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf
-	github.com/emersion/go-textwrapper v0.0.0-20160606182133-d0e65e56babe
+	github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594
+	github.com/go-ldap/ldap/v3 v3.2.4
+	github.com/gofrs/flock v0.8.0 // indirect
 	github.com/google/go-cmp v0.4.0
 	github.com/gorilla/handlers v1.4.2
-	github.com/lunixbochs/struc v0.0.0-20190916212049-a5c72983bc42
+	github.com/lunixbochs/struc v0.0.0-20200707160740-784aaebc1d40
 	github.com/miscreant/miscreant.go v0.0.0-20200214223636-26d376326b75
 	github.com/openzipkin/zipkin-go v0.2.2
 	github.com/prometheus/client_golang v1.5.1
@@ -19,9 +21,8 @@ require (
 	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
 	github.com/theckman/go-flock v0.7.1
 	github.com/tstranex/u2f v1.0.0
-	go.opencensus.io v0.22.3
-	golang.org/x/crypto v0.0.0-20200403201458-baeed622b8d8
-	golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a
+	go.opencensus.io v0.22.5
+	golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad
+	golang.org/x/sync v0.0.0-20201207232520-09787c993a3a
 	gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d
-	gopkg.in/ldap.v3 v3.1.0
 )

vendor/git.autistici.org/ai3/go-common/go.sum

 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
 contrib.go.opencensus.io/exporter/zipkin v0.1.1 h1:PR+1zWqY8ceXs1qDQQIlgXe+sdiwCf0n32bH4+Epk8g=
 contrib.go.opencensus.io/exporter/zipkin v0.1.1/go.mod h1:GMvdSl3eJ2gapOaLKzTKE3qDgUkJ86k9k3yY2eqwkzc=
+github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c h1:/IBSNwUN8+eKzUzbJPqhK839ygXJ82sde8x3ogr6R28=
+github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
 github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
@@ -10,13 +12,12 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/amoghe/go-crypt v0.0.0-20191109212615-b2ff80594b7f h1:JxPBJknH9/9Yp0BPLZII8Cn4vaWPNsFOdkmpIwPhO8A=
 github.com/amoghe/go-crypt v0.0.0-20191109212615-b2ff80594b7f/go.mod h1:eFiR01PwTcpbzXtdMces7zxg6utvFM5puiWHpWB8D/k=
-github.com/bbrks/wrap v2.3.0+incompatible h1:9ebLuiUC/fBSu6OeOdD6XG8WRjf3G+wSJO1YZPU2O9I=
-github.com/bbrks/wrap v2.3.0+incompatible/go.mod h1:rc//8Fguf02+4sm0fBMyG1TrAaEhe6VTYM35MY10oO4=
+github.com/bbrks/wrap/v2 v2.5.0 h1:2gn3SiiwgttdyW9CFJz1M/WbDKPsN857x7Era5/oAPI=
+github.com/bbrks/wrap/v2 v2.5.0/go.mod h1:FdEamYFrsjX8zlv3UXgnT3JxirrDv67jCDYaE0Q/qww=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/cenkalti/backoff v1.1.0 h1:QnvVp8ikKCDWOsFheytRCoYWYPO/ObCTBGxT19Hc+yE=
 github.com/cenkalti/backoff v2.2.1+incompatible h1:tNowT99t7UNflLxfYYSlKYsBpXdEet03Pg2g16Swow4=
 github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
@@ -29,15 +30,21 @@ github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
 github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
 github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
-github.com/emersion/go-textwrapper v0.0.0-20160606182133-d0e65e56babe h1:40SWqY0zE3qCi6ZrtTf5OUdNm5lDnGnjRSq9GgmeTrg=
-github.com/emersion/go-textwrapper v0.0.0-20160606182133-d0e65e56babe/go.mod h1:aqO8z8wPrjkscevZJFVE1wXJrLpC5LtJG7fqLOsPb2U=
+github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594 h1:IbFBtwoTQyw0fIM5xv1HF+Y+3ZijDR839WMulgxCcUY=
+github.com/emersion/go-textwrapper v0.0.0-20200911093747-65d896831594/go.mod h1:aqO8z8wPrjkscevZJFVE1wXJrLpC5LtJG7fqLOsPb2U=
 github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/go-asn1-ber/asn1-ber v1.5.1 h1:pDbRAunXzIUXfx4CB2QJFv5IuPiuoW+sWvr/Us009o8=
+github.com/go-asn1-ber/asn1-ber v1.5.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=