ldapjs - npm Package Compare versions

Comparing version 2.3.0 to 2.3.1

lib/client/client.js

@@ -241,2 +241,4 @@ 'use strict'
         })
+      } else if (Buffer.isBuffer(save[k])) {
+        attr.addValue(save[k])
       } else {
@@ -243,0 +245,0 @@ attr.addValue(save[k].toString())

lib/messages/moddn_request.js

@@ -63,3 +63,3 @@ // Copyright 2011 Mark Cavage, Inc.  All rights reserved.
     ber.writeByte(0x80) // MODIFY_DN_REQUEST_NEW_SUPERIOR_TAG
-    ber.writeByte(len)
+    ber.writeLength(len)
     ber._ensure(len)
@@ -66,0 +66,0 @@ ber._buf.write(s, ber._offset)

lib/server.js

@@ -409,4 +409,17 @@ // Copyright 2011 Mark Cavage, Inc.  All rights reserved.
 
-          if (req.protocolOp === Protocol.LDAP_REQ_BIND && res.status === 0) { conn.ldap.bindDN = req.dn }
+          if (req.protocolOp === Protocol.LDAP_REQ_BIND && res.status === 0) {
+            // 0 length == anonymous bind
+            if (req.dn.length === 0 && req.credentials === '') {
+              conn.ldap.bindDN = new DN([new dn.RDN({ cn: 'anonymous' })])
+            } else {
+              conn.ldap.bindDN = req.dn
+            }
+          }
 
+          // unbind clear bindDN for safety
+          // conn should terminate on unbind (RFC4511 4.3)
+          if (req.protocolOp === Protocol.LDAP_REQ_UNBIND && res.status === 0) {
+            conn.ldap.bindDN = new DN([new dn.RDN({ cn: 'anonymous' })])
+          }
+
           return after()
@@ -413,0 +426,0 @@ } catch (e) {

package.json

@@ -6,3 +6,3 @@ {
   "description": "LDAP client and server APIs",
-  "version": "2.3.0",
+  "version": "2.3.1",
   "license": "MIT",
@@ -35,6 +35,6 @@ "repository": {
     "eslint-plugin-node": "^11.1.0",
-    "eslint-plugin-promise": "^4.3.1",
+    "eslint-plugin-promise": "^5.1.0",
     "front-matter": "^4.0.2",
     "get-port": "^5.1.1",
-    "highlight.js": "^10.6.0",
+    "highlight.js": "^11.0.1",
     "husky": "^4.2.5",
@@ -41,0 +41,0 @@ "marked": "^2.0.0",

test/client.test.js

@@ -511,2 +511,36 @@ 'use strict'
 
+tap.test('add buffer', function (t) {
+  const { BerReader } = require('asn1')
+  const dn = `cn=add, ${SUFFIX}`
+  const attribute = 'thumbnailPhoto'
+  const binary = 0xa5
+  const entry = {
+    [attribute]: Buffer.from([binary])
+  }
+  const write = t.context.client._socket.write
+  t.context.client._socket.write = (data, encoding, cb) => {
+    const reader = new BerReader(data)
+    t.equal(data.byteLength, 49)
+    t.ok(reader.readSequence())
+    t.equal(reader.readInt(), 0x1)
+    t.equal(reader.readSequence(), 0x68)
+    t.equal(reader.readString(), dn)
+    t.ok(reader.readSequence())
+    t.ok(reader.readSequence())
+    t.equal(reader.readString(), attribute)
+    t.equal(reader.readSequence(), 0x31)
+    t.equal(reader.readByte(), 0x4)
+    t.equal(reader.readByte(), 1)
+    t.equal(reader.readByte(), binary)
+    t.context.client._socket.write = write
+    t.context.client._socket.write(data, encoding, cb)
+  }
+  t.context.client.add(dn, entry, function (err, res) {
+    t.error(err)
+    t.ok(res)
+    t.equal(res.status, 0)
+    t.end()
+  })
+})
+
 tap.test('compare success', function (t) {
@@ -698,2 +732,30 @@ t.context.client.compare('cn=compare, ' + SUFFIX, 'cn', 'test', function (err, matched, res) {
 
+tap.test('modify DN excessive superior length', function (t) {
+  const { BerReader, BerWriter } = require('asn1')
+  const ModifyDNRequest = require('../lib/messages/moddn_request')
+  const ber = new BerWriter()
+  const entry = 'cn=Test     User,ou=A Long OU                  ,ou=Another Long OU                ,ou=Another Long OU              ,dc=acompany,DC=io'
+  const newSuperior = 'ou=A New Long OU              , ou=Another New Long OU                                   , ou=An OU               , dc=acompany, dc=io'
+  const newRdn = entry.replace(/(.*?),.*/, '$1')
+  const deleteOldRdn = true
+  const req = new ModifyDNRequest({
+    entry: entry,
+    deleteOldRdn: deleteOldRdn,
+    controls: []
+  })
+  req.newRdn = newRdn
+  req.newSuperior = newSuperior
+  req._toBer(ber)
+  const reader = new BerReader(ber.buffer)
+  t.equal(reader.readString(), entry)
+  t.equal(reader.readString(), newRdn)
+  t.equal(reader.readBoolean(), deleteOldRdn)
+  t.equal(reader.readByte(), 0x80)
+  reader.readLength()
+  t.equal(reader._len, newSuperior.length)
+  reader._buf[--reader._offset] = 0x4
+  t.equal(reader.readString(), newSuperior)
+  t.end()
+})
+
 tap.test('search basic', function (t) {
@@ -700,0 +762,0 @@ t.context.client.search('cn=test, ' + SUFFIX, '(objectclass=*)', function (err, res) {

test/server.test.js

@@ -207,2 +207,95 @@ 'use strict'
 
+tap.test('bind/unbind identity anonymous', function (t) {
+  const server = ldap.createServer({
+    connectionRouter: function (c) {
+      server.newConnection(c)
+      server.emit('testconnection', c)
+    }
+  })
+
+  server.unbind(function (req, res, next) {
+    t.ok(true, 'server unbind successful')
+    res.end()
+    return next()
+  })
+
+  server.bind('', function (req, res, next) {
+    t.ok(true, 'server bind successful')
+    res.end()
+    return next()
+  })
+
+  const anonDN = ldap.dn.parse('cn=anonymous')
+
+  server.listen(t.context.sock, function () {
+    t.ok(true, 'server startup')
+
+    const client = ldap.createClient({ socketPath: t.context.sock })
+    server.once('testconnection', (c) => {
+      t.ok(anonDN.equals(c.ldap.bindDN), 'pre bind dn is correct')
+      client.bind('', '', function (err) {
+        t.error(err, 'client anon bind error')
+        t.ok(anonDN.equals(c.ldap.bindDN), 'anon bind dn is correct')
+        client.unbind(function (err) {
+          t.error(err, 'client anon unbind error')
+          t.ok(anonDN.equals(c.ldap.bindDN), 'anon unbind dn is correct')
+          server.close(() => t.end())
+        })
+      })
+    })
+  })
+})
+
+tap.test('bind/unbind identity user', function (t) {
+  const server = ldap.createServer({
+    connectionRouter: function (c) {
+      server.newConnection(c)
+      server.emit('testconnection', c)
+    }
+  })
+
+  server.unbind(function (req, res, next) {
+    t.ok(true, 'server unbind successful')
+    res.end()
+    return next()
+  })
+
+  server.bind('', function (req, res, next) {
+    t.ok(true, 'server bind successful')
+    res.end()
+    return next()
+  })
+
+  const anonDN = ldap.dn.parse('cn=anonymous')
+  const testDN = ldap.dn.parse('cn=anotheruser')
+
+  server.listen(t.context.sock, function () {
+    t.ok(true, 'server startup')
+
+    const client = ldap.createClient({ socketPath: t.context.sock })
+    server.once('testconnection', (c) => {
+      t.ok(anonDN.equals(c.ldap.bindDN), 'pre bind dn is correct')
+      client.bind(testDN.toString(), 'somesecret', function (err) {
+        t.error(err, 'user bind error')
+        t.ok(testDN.equals(c.ldap.bindDN), 'user bind dn is correct')
+        // check rebinds too
+        client.bind('', '', function (err) {
+          t.error(err, 'client anon bind error')
+          t.ok(anonDN.equals(c.ldap.bindDN), 'anon bind dn is correct')
+          // user rebind
+          client.bind(testDN.toString(), 'somesecret', function (err) {
+            t.error(err, 'user bind error')
+            t.ok(testDN.equals(c.ldap.bindDN), 'user rebind dn is correct')
+            client.unbind(function (err) {
+              t.error(err, 'user unbind error')
+              t.ok(anonDN.equals(c.ldap.bindDN), 'user unbind dn is correct')
+              server.close(() => t.end())
+            })
+          })
+        })
+      })
+    })
+  })
+})
+
 tap.test('strict routing', function (t) {
@@ -209,0 +302,0 @@ const testDN = 'cn=valid'

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

499964

increased by1.14%

Lines of code

13391

increased by1.17%

No dependency changes