From 6332a223e7f8941179daa88fd0383a89b56a2618 Mon Sep 17 00:00:00 2001
From: renovate <renovate-bot@autistici.org>
Date: Tue, 6 Apr 2021 00:26:04 +0000
Subject: [PATCH] Update module go-ldap/ldap/v3 to v3.3.0
---
go.mod | 2 +-
go.sum | 2 +
vendor/github.com/go-ldap/ldap/v3/bind.go | 2 +-
vendor/github.com/go-ldap/ldap/v3/client.go | 1 +
vendor/github.com/go-ldap/ldap/v3/conn.go | 6 +-
vendor/github.com/go-ldap/ldap/v3/control.go | 46 ++++++++--
vendor/github.com/go-ldap/ldap/v3/moddn.go | 26 +++++-
vendor/github.com/go-ldap/ldap/v3/whoami.go | 91 ++++++++++++++++++++
vendor/modules.txt | 2 +-
9 files changed, 165 insertions(+), 13 deletions(-)
create mode 100644 vendor/github.com/go-ldap/ldap/v3/whoami.go
diff --git a/go.mod b/go.mod
index cba91be..d1d43ef 100644
--- a/go.mod
+++ b/go.mod
@@ -5,6 +5,6 @@ go 1.14
require (
git.autistici.org/ai3/go-common v0.0.0-20210118064555-73f00db54723
github.com/coreos/go-systemd/v22 v22.2.0
- github.com/go-ldap/ldap/v3 v3.2.4
+ github.com/go-ldap/ldap/v3 v3.3.0
gopkg.in/yaml.v3 v3.0.0-20200506231410-2ff61e1afc86
)
diff --git a/go.sum b/go.sum
index bc4bbd0..ac9a839 100644
--- a/go.sum
+++ b/go.sum
@@ -84,6 +84,8 @@ github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2
github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
github.com/go-ldap/ldap/v3 v3.2.4 h1:PFavAq2xTgzo/loE8qNXcQaofAaqIpI4WgaLdv+1l3E=
github.com/go-ldap/ldap/v3 v3.2.4/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg=
+github.com/go-ldap/ldap/v3 v3.3.0 h1:lwx+SJpgOHd8tG6SumBQZXCmNX51zM8B1cfxJ5gv4tQ=
+github.com/go-ldap/ldap/v3 v3.3.0/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg=
github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
diff --git a/vendor/github.com/go-ldap/ldap/v3/bind.go b/vendor/github.com/go-ldap/ldap/v3/bind.go
index a7194c9..9bc5748 100644
--- a/vendor/github.com/go-ldap/ldap/v3/bind.go
+++ b/vendor/github.com/go-ldap/ldap/v3/bind.go
@@ -486,7 +486,7 @@ func (l *Conn) NTLMChallengeBind(ntlmBindRequest *NTLMBindRequest) (*NTLMBindRes
child := packet.Children[1].Children[1]
ntlmsspChallenge = child.ByteValue
// Check to make sure we got the right message. It will always start with NTLMSSP
- if !bytes.Equal(ntlmsspChallenge[:7], []byte("NTLMSSP")) {
+ if len(ntlmsspChallenge) < 7 || !bytes.Equal(ntlmsspChallenge[:7], []byte("NTLMSSP")) {
return result, GetLDAPError(packet)
}
l.Debug.Printf("%d: found ntlmssp challenge", msgCtx.id)
diff --git a/vendor/github.com/go-ldap/ldap/v3/client.go b/vendor/github.com/go-ldap/ldap/v3/client.go
index 619677c..f31cf9c 100644
--- a/vendor/github.com/go-ldap/ldap/v3/client.go
+++ b/vendor/github.com/go-ldap/ldap/v3/client.go
@@ -10,6 +10,7 @@ type Client interface {
Start()
StartTLS(*tls.Config) error
Close()
+ IsClosing() bool
SetTimeout(time.Duration)
Bind(username, password string) error
diff --git a/vendor/github.com/go-ldap/ldap/v3/conn.go b/vendor/github.com/go-ldap/ldap/v3/conn.go
index 8b8c41e..64e4bab 100644
--- a/vendor/github.com/go-ldap/ldap/v3/conn.go
+++ b/vendor/github.com/go-ldap/ldap/v3/conn.go
@@ -1,6 +1,7 @@
package ldap
import (
+ "bufio"
"crypto/tls"
"errors"
"fmt"
@@ -506,7 +507,7 @@ func (l *Conn) processMessages() {
// All reads will return immediately
if msgCtx, ok := l.messageContexts[message.MessageID]; ok {
l.Debug.Printf("Receiving message timeout for %d", message.MessageID)
- msgCtx.sendResponse(&PacketResponse{message.Packet, errors.New("ldap: connection timed out")})
+ msgCtx.sendResponse(&PacketResponse{message.Packet, NewError(ErrorNetwork, errors.New("ldap: connection timed out"))})
delete(l.messageContexts, message.MessageID)
close(msgCtx.responses)
}
@@ -532,12 +533,13 @@ func (l *Conn) reader() {
}
}()
+ bufConn := bufio.NewReader(l.conn)
for {
if cleanstop {
l.Debug.Printf("reader clean stopping (without closing the connection)")
return
}
- packet, err := ber.ReadPacket(l.conn)
+ packet, err := ber.ReadPacket(bufConn)
if err != nil {
// A read error is expected here if we are closing the connection...
if !l.IsClosing() {
diff --git a/vendor/github.com/go-ldap/ldap/v3/control.go b/vendor/github.com/go-ldap/ldap/v3/control.go
index 7d7999c..64fb002 100644
--- a/vendor/github.com/go-ldap/ldap/v3/control.go
+++ b/vendor/github.com/go-ldap/ldap/v3/control.go
@@ -18,20 +18,25 @@ const (
ControlTypeVChuPasswordWarning = "2.16.840.1.113730.3.4.5"
// ControlTypeManageDsaIT - https://tools.ietf.org/html/rfc3296
ControlTypeManageDsaIT = "2.16.840.1.113730.3.4.2"
+ // ControlTypeWhoAmI - https://tools.ietf.org/html/rfc4532
+ ControlTypeWhoAmI = "1.3.6.1.4.1.4203.1.11.3"
// ControlTypeMicrosoftNotification - https://msdn.microsoft.com/en-us/library/aa366983(v=vs.85).aspx
ControlTypeMicrosoftNotification = "1.2.840.113556.1.4.528"
// ControlTypeMicrosoftShowDeleted - https://msdn.microsoft.com/en-us/library/aa366989(v=vs.85).aspx
ControlTypeMicrosoftShowDeleted = "1.2.840.113556.1.4.417"
+ // ControlTypeMicrosoftServerLinkTTL - https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/f4f523a8-abc0-4b3a-a471-6b2fef135481?redirectedfrom=MSDN
+ ControlTypeMicrosoftServerLinkTTL = "1.2.840.113556.1.4.2309"
)
// ControlTypeMap maps controls to text descriptions
var ControlTypeMap = map[string]string{
- ControlTypePaging: "Paging",
- ControlTypeBeheraPasswordPolicy: "Password Policy - Behera Draft",
- ControlTypeManageDsaIT: "Manage DSA IT",
- ControlTypeMicrosoftNotification: "Change Notification - Microsoft",
- ControlTypeMicrosoftShowDeleted: "Show Deleted Objects - Microsoft",
+ ControlTypePaging: "Paging",
+ ControlTypeBeheraPasswordPolicy: "Password Policy - Behera Draft",
+ ControlTypeManageDsaIT: "Manage DSA IT",
+ ControlTypeMicrosoftNotification: "Change Notification - Microsoft",
+ ControlTypeMicrosoftShowDeleted: "Show Deleted Objects - Microsoft",
+ ControlTypeMicrosoftServerLinkTTL: "Return TTL-DNs for link values with associated expiry times - Microsoft",
}
// Control defines an interface controls provide to encode and describe themselves
@@ -305,6 +310,35 @@ func NewControlMicrosoftShowDeleted() *ControlMicrosoftShowDeleted {
return &ControlMicrosoftShowDeleted{}
}
+// ControlMicrosoftServerLinkTTL implements the control described in https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/f4f523a8-abc0-4b3a-a471-6b2fef135481?redirectedfrom=MSDN
+type ControlMicrosoftServerLinkTTL struct{}
+
+// GetControlType returns the OID
+func (c *ControlMicrosoftServerLinkTTL) GetControlType() string {
+ return ControlTypeMicrosoftServerLinkTTL
+}
+
+// Encode returns the ber packet representation
+func (c *ControlMicrosoftServerLinkTTL) Encode() *ber.Packet {
+ packet := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "Control")
+ packet.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, ControlTypeMicrosoftServerLinkTTL, "Control Type ("+ControlTypeMap[ControlTypeMicrosoftServerLinkTTL]+")"))
+
+ return packet
+}
+
+// String returns a human-readable description
+func (c *ControlMicrosoftServerLinkTTL) String() string {
+ return fmt.Sprintf(
+ "Control Type: %s (%q)",
+ ControlTypeMap[ControlTypeMicrosoftServerLinkTTL],
+ ControlTypeMicrosoftServerLinkTTL)
+}
+
+// NewControlMicrosoftServerLinkTTL returns a ControlMicrosoftServerLinkTTL control
+func NewControlMicrosoftServerLinkTTL() *ControlMicrosoftServerLinkTTL {
+ return &ControlMicrosoftServerLinkTTL{}
+}
+
// FindControl returns the first control of the given type in the list, or nil
func FindControl(controls []Control, controlType string) Control {
for _, c := range controls {
@@ -449,6 +483,8 @@ func DecodeControl(packet *ber.Packet) (Control, error) {
return NewControlMicrosoftNotification(), nil
case ControlTypeMicrosoftShowDeleted:
return NewControlMicrosoftShowDeleted(), nil
+ case ControlTypeMicrosoftServerLinkTTL:
+ return NewControlMicrosoftServerLinkTTL(), nil
default:
c := new(ControlString)
c.ControlType = ControlType
diff --git a/vendor/github.com/go-ldap/ldap/v3/moddn.go b/vendor/github.com/go-ldap/ldap/v3/moddn.go
index b4865f8..71cdcd0 100644
--- a/vendor/github.com/go-ldap/ldap/v3/moddn.go
+++ b/vendor/github.com/go-ldap/ldap/v3/moddn.go
@@ -12,6 +12,8 @@ type ModifyDNRequest struct {
NewRDN string
DeleteOldRDN bool
NewSuperior string
+ // Controls hold optional controls to send with the request
+ Controls []Control
}
// NewModifyDNRequest creates a new request which can be passed to ModifyDN().
@@ -35,21 +37,39 @@ func NewModifyDNRequest(dn string, rdn string, delOld bool, newSup string) *Modi
}
}
+// NewModifyDNWithControlsRequest creates a new request which can be passed to ModifyDN()
+// and also allows setting LDAP request controls.
+//
+// Refer NewModifyDNRequest for other parameters
+func NewModifyDNWithControlsRequest(dn string, rdn string, delOld bool,
+ newSup string, controls []Control) *ModifyDNRequest {
+ return &ModifyDNRequest{
+ DN: dn,
+ NewRDN: rdn,
+ DeleteOldRDN: delOld,
+ NewSuperior: newSup,
+ Controls: controls,
+ }
+}
+
func (req *ModifyDNRequest) appendTo(envelope *ber.Packet) error {
pkt := ber.Encode(ber.ClassApplication, ber.TypeConstructed, ApplicationModifyDNRequest, nil, "Modify DN Request")
pkt.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, req.DN, "DN"))
pkt.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, req.NewRDN, "New RDN"))
if req.DeleteOldRDN {
buf := []byte{0xff}
- pkt.AppendChild(ber.NewString(ber.ClassUniversal,ber.TypePrimitive,ber.TagBoolean, string(buf),"Delete old RDN"))
- }else{
+ pkt.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagBoolean, string(buf), "Delete old RDN"))
+ } else {
pkt.AppendChild(ber.NewBoolean(ber.ClassUniversal, ber.TypePrimitive, ber.TagBoolean, req.DeleteOldRDN, "Delete old RDN"))
- }
+ }
if req.NewSuperior != "" {
pkt.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 0, req.NewSuperior, "New Superior"))
}
envelope.AppendChild(pkt)
+ if len(req.Controls) > 0 {
+ envelope.AppendChild(encodeControls(req.Controls))
+ }
return nil
}
diff --git a/vendor/github.com/go-ldap/ldap/v3/whoami.go b/vendor/github.com/go-ldap/ldap/v3/whoami.go
new file mode 100644
index 0000000..10c523d
--- /dev/null
+++ b/vendor/github.com/go-ldap/ldap/v3/whoami.go
@@ -0,0 +1,91 @@
+package ldap
+
+// This file contains the "Who Am I?" extended operation as specified in rfc 4532
+//
+// https://tools.ietf.org/html/rfc4532
+
+import (
+ "errors"
+ "fmt"
+
+ ber "github.com/go-asn1-ber/asn1-ber"
+)
+
+type whoAmIRequest bool
+
+// WhoAmIResult is returned by the WhoAmI() call
+type WhoAmIResult struct {
+ AuthzID string
+}
+
+func (r whoAmIRequest) encode() (*ber.Packet, error) {
+ request := ber.Encode(ber.ClassApplication, ber.TypeConstructed, ApplicationExtendedRequest, nil, "Who Am I? Extended Operation")
+ request.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 0, ControlTypeWhoAmI, "Extended Request Name: Who Am I? OID"))
+ return request, nil
+}
+
+// WhoAmI returns the authzId the server thinks we are, you may pass controls
+// like a Proxied Authorization control
+func (l *Conn) WhoAmI(controls []Control) (*WhoAmIResult, error) {
+ packet := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "LDAP Request")
+ packet.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, l.nextMessageID(), "MessageID"))
+ req := whoAmIRequest(true)
+ encodedWhoAmIRequest, err := req.encode()
+ if err != nil {
+ return nil, err
+ }
+ packet.AppendChild(encodedWhoAmIRequest)
+
+ if len(controls) != 0 {
+ packet.AppendChild(encodeControls(controls))
+ }
+
+ l.Debug.PrintPacket(packet)
+
+ msgCtx, err := l.sendMessage(packet)
+ if err != nil {
+ return nil, err
+ }
+ defer l.finishMessage(msgCtx)
+
+ result := &WhoAmIResult{}
+
+ l.Debug.Printf("%d: waiting for response", msgCtx.id)
+ packetResponse, ok := <-msgCtx.responses
+ if !ok {
+ return nil, NewError(ErrorNetwork, errors.New("ldap: response channel closed"))
+ }
+ packet, err = packetResponse.ReadPacket()
+ l.Debug.Printf("%d: got response %p", msgCtx.id, packet)
+ if err != nil {
+ return nil, err
+ }
+
+ if packet == nil {
+ return nil, NewError(ErrorNetwork, errors.New("ldap: could not retrieve message"))
+ }
+
+ if l.Debug {
+ if err := addLDAPDescriptions(packet); err != nil {
+ return nil, err
+ }
+ ber.PrintPacket(packet)
+ }
+
+ if packet.Children[1].Tag == ApplicationExtendedResponse {
+ if err := GetLDAPError(packet); err != nil {
+ return nil, err
+ }
+ } else {
+ return nil, NewError(ErrorUnexpectedResponse, fmt.Errorf("Unexpected Response: %d", packet.Children[1].Tag))
+ }
+
+ extendedResponse := packet.Children[1]
+ for _, child := range extendedResponse.Children {
+ if child.Tag == 11 {
+ result.AuthzID = ber.DecodeString(child.Data.Bytes())
+ }
+ }
+
+ return result, nil
+}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 4ac7fd3..21b6cde 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -16,7 +16,7 @@ github.com/coreos/go-systemd/v22/activation
github.com/coreos/go-systemd/v22/daemon
# github.com/go-asn1-ber/asn1-ber v1.5.3
github.com/go-asn1-ber/asn1-ber
-# github.com/go-ldap/ldap/v3 v3.2.4
+# github.com/go-ldap/ldap/v3 v3.3.0
## explicit
github.com/go-ldap/ldap/v3
# github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e
--
GitLab