lib/net/ldap/connection.rb in net-ldap-0.10.1 vs lib/net/ldap/connection.rb in net-ldap-0.11
- old
+ new
@@ -10,17 +10,17 @@
@instrumentation_service = server[:instrumentation_service]
begin
@conn = server[:socket] || TCPSocket.new(server[:host], server[:port])
rescue SocketError
- raise Net::LDAP::LdapError, "No such address or other socket error."
+ raise Net::LDAP::Error, "No such address or other socket error."
rescue Errno::ECONNREFUSED
- raise Net::LDAP::LdapError, "Server #{server[:host]} refused connection on port #{server[:port]}."
+ raise Net::LDAP::Error, "Server #{server[:host]} refused connection on port #{server[:port]}."
rescue Errno::EHOSTUNREACH => error
- raise Net::LDAP::LdapError, "Host #{server[:host]} was unreachable (#{error.message})"
+ raise Net::LDAP::Error, "Host #{server[:host]} was unreachable (#{error.message})"
rescue Errno::ETIMEDOUT
- raise Net::LDAP::LdapError, "Connection to #{server[:host]} timed out."
+ raise Net::LDAP::Error, "Connection to #{server[:host]} timed out."
end
if server[:encryption]
setup_encryption server[:encryption]
end
@@ -40,11 +40,11 @@
io.close
end
end
def self.wrap_with_ssl(io, tls_options = {})
- raise Net::LDAP::LdapError, "OpenSSL is unavailable" unless Net::LDAP::HasOpenSSL
+ raise Net::LDAP::NoOpenSSLError, "OpenSSL is unavailable" unless Net::LDAP::HasOpenSSL
ctx = OpenSSL::SSL::SSLContext.new
# By default, we do not verify certificates. For a 1.0 release, this should probably be changed at some point.
# See discussion in https://github.com/ruby-ldap/ruby-net-ldap/pull/161
@@ -65,11 +65,11 @@
#--
# Helper method called only from new, and only after we have a
# successfully-opened @conn instance variable, which is a TCP connection.
# Depending on the received arguments, we establish SSL, potentially
# replacing the value of @conn accordingly. Don't generate any errors here
- # if no encryption is requested. DO raise Net::LDAP::LdapError objects if encryption
+ # if no encryption is requested. DO raise Net::LDAP::Error objects if encryption
# is requested and we have trouble setting it up. That includes if OpenSSL
# is not set up on the machine. (Question: how does the Ruby OpenSSL
# wrapper react in that case?) DO NOT filter exceptions raised by the
# OpenSSL library. Let them pass back to the user. That should make it
# easier for us to debug the problem reports. Presumably (hopefully?) that
@@ -87,10 +87,11 @@
# port. It does not require an alternative port for encrypted
# communications, as with simple_tls. Thanks for Kouhei Sutou for
# generously contributing the :start_tls path.
#++
def setup_encryption(args)
+ args[:tls_options] ||= {}
case args[:method]
when :simple_tls
@conn = self.class.wrap_with_ssl(@conn, args[:tls_options])
# additional branches requiring server validation and peer certs, etc.
# go here.
@@ -102,20 +103,20 @@
write(request, nil, message_id)
pdu = queued_read(message_id)
if pdu.nil? || pdu.app_tag != Net::LDAP::PDU::ExtendedResponse
- raise Net::LDAP::LdapError, "no start_tls result"
+ raise Net::LDAP::NoStartTLSResultError, "no start_tls result"
end
if pdu.result_code.zero?
@conn = self.class.wrap_with_ssl(@conn, args[:tls_options])
else
- raise Net::LDAP::LdapError, "start_tls failed: #{pdu.result_code}"
+ raise Net::LDAP::StartTlSError, "start_tls failed: #{pdu.result_code}"
end
else
- raise Net::LDAP::LdapError, "unsupported encryption method #{args[:method]}"
+ raise Net::LDAP::EncMethodUnsupportedError, "unsupported encryption method #{args[:method]}"
end
end
#--
# This is provided as a convenience method to make sure a connection
@@ -222,11 +223,11 @@
elsif meth == :sasl
bind_sasl(auth)
elsif meth == :gss_spnego
bind_gss_spnego(auth)
else
- raise Net::LDAP::LdapError, "Unsupported auth method (#{meth})"
+ raise Net::LDAP::AuthMethodUnsupportedError, "Unsupported auth method (#{meth})"
end
end
end
#--
@@ -238,11 +239,11 @@
[auth[:username] || auth[:dn], auth[:password]]
else
["", ""]
end
- raise Net::LDAP::LdapError, "Invalid binding information" unless (user && psw)
+ raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw)
message_id = next_msgid
request = [
LdapVersion.to_ber, user.to_ber,
psw.to_ber_contextspecific(0)
@@ -250,11 +251,11 @@
write(request, nil, message_id)
pdu = queued_read(message_id)
if !pdu || pdu.app_tag != Net::LDAP::PDU::BindResult
- raise Net::LDAP::LdapError, "no bind result"
+ raise Net::LDAP::NoBindResultError, "no bind result"
end
pdu
end
@@ -280,11 +281,11 @@
# data in the next BindRequest packet.
#++
def bind_sasl(auth)
mech, cred, chall = auth[:mechanism], auth[:initial_credential],
auth[:challenge_response]
- raise Net::LDAP::LdapError, "Invalid binding information" unless (mech && cred && chall)
+ raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (mech && cred && chall)
message_id = next_msgid
n = 0
loop {
@@ -295,20 +296,20 @@
write(request, nil, message_id)
pdu = queued_read(message_id)
if !pdu || pdu.app_tag != Net::LDAP::PDU::BindResult
- raise Net::LDAP::LdapError, "no bind result"
+ raise Net::LDAP::NoBindResultError, "no bind result"
end
return pdu unless pdu.result_code == Net::LDAP::ResultCodeSaslBindInProgress
- raise Net::LDAP::LdapError, "sasl-challenge overflow" if ((n += 1) > MaxSaslChallenges)
+ raise Net::LDAP::SASLChallengeOverflowError, "sasl-challenge overflow" if ((n += 1) > MaxSaslChallenges)
cred = chall.call(pdu.result_server_sasl_creds)
}
- raise Net::LDAP::LdapError, "why are we here?"
+ raise Net::LDAP::SASLChallengeOverflowError, "why are we here?"
end
private :bind_sasl
#--
# PROVISIONAL, only for testing SASL implementations. DON'T USE THIS YET.
@@ -323,11 +324,11 @@
#++
def bind_gss_spnego(auth)
require 'ntlm'
user, psw = [auth[:username] || auth[:dn], auth[:password]]
- raise Net::LDAP::LdapError, "Invalid binding information" unless (user && psw)
+ raise Net::LDAP::BindingInformationInvalidError, "Invalid binding information" unless (user && psw)
nego = proc { |challenge|
t2_msg = NTLM::Message.parse(challenge)
t3_msg = t2_msg.response({ :user => user, :password => psw },
{ :ntlmv2 => true })
@@ -409,14 +410,14 @@
time = args[:time].to_i
paged = args[:paged_searches_supported]
sort = args.fetch(:sort_controls, false)
# arg validation
- raise Net::LDAP::LdapError, "search base is required" unless base
- raise Net::LDAP::LdapError, "invalid search-size" unless size >= 0
- raise Net::LDAP::LdapError, "invalid search scope" unless Net::LDAP::SearchScopes.include?(scope)
- raise Net::LDAP::LdapError, "invalid alias dereferencing value" unless Net::LDAP::DerefAliasesArray.include?(deref)
+ raise ArgumentError, "search base is required" unless base
+ raise ArgumentError, "invalid search-size" unless size >= 0
+ raise ArgumentError, "invalid search scope" unless Net::LDAP::SearchScopes.include?(scope)
+ raise ArgumentError, "invalid alias dereferencing value" unless Net::LDAP::DerefAliasesArray.include?(deref)
# arg transforms
filter = Net::LDAP::Filter.construct(filter) if filter.is_a?(String)
ber_attrs = attrs.map { |attr| attr.to_s.to_ber }
ber_sort = encode_sort_controls(sort)
@@ -524,11 +525,11 @@
yield se
end
end
break
else
- raise Net::LDAP::LdapError, "invalid response-type in search: #{pdu.app_tag}"
+ raise Net::LDAP::ResponseTypeInvalidError, "invalid response-type in search: #{pdu.app_tag}"
end
end
# count number of pages of results
payload[:page_count] ||= 0
@@ -568,16 +569,17 @@
payload[:result_count] = n_results
result_pdu || OpenStruct.new(:status => :failure, :result_code => Net::LDAP::ResultCodeOperationsError, :message => "Invalid search")
end # instrument
ensure
+
# clean up message queue for this search
messages = message_queue.delete(message_id)
# in the exceptional case some messages were *not* consumed from the queue,
# instrument the event but do not fail.
- unless messages.empty?
+ if !messages.nil? && !messages.empty?
instrument "search_messages_unread.net_ldap_connection",
message_id: message_id, messages: messages
end
end
@@ -621,11 +623,11 @@
write(request, nil, message_id)
pdu = queued_read(message_id)
if !pdu || pdu.app_tag != Net::LDAP::PDU::ModifyResponse
- raise Net::LDAP::LdapError, "response missing or invalid"
+ raise Net::LDAP::ResponseMissingOrInvalidError, "response missing or invalid"
end
pdu
end
@@ -635,11 +637,11 @@
# rather than a simple result number. This is experimental, and eventually
# we'll want to do this with all the others. The point is to have access
# to the error message and the matched-DN returned by the server.
#++
def add(args)
- add_dn = args[:dn] or raise Net::LDAP::LdapError, "Unable to add empty DN"
+ add_dn = args[:dn] or raise Net::LDAP::EmptyDNError, "Unable to add empty DN"
add_attrs = []
a = args[:attributes] and a.each { |k, v|
add_attrs << [ k.to_s.to_ber, Array(v).map { |m| m.to_ber}.to_ber_set ].to_ber_sequence
}
@@ -648,11 +650,11 @@
write(request, nil, message_id)
pdu = queued_read(message_id)
if !pdu || pdu.app_tag != Net::LDAP::PDU::AddResponse
- raise Net::LDAP::LdapError, "response missing or invalid"
+ raise Net::LDAP::ResponseMissingError, "response missing or invalid"
end
pdu
end
@@ -671,11 +673,11 @@
write(request.to_ber_appsequence(Net::LDAP::PDU::ModifyRDNRequest), nil, message_id)
pdu = queued_read(message_id)
if !pdu || pdu.app_tag != Net::LDAP::PDU::ModifyRDNResponse
- raise Net::LDAP::LdapError.new "response missing or invalid"
+ raise Net::LDAP::ResponseMissingOrInvalidError.new "response missing or invalid"
end
pdu
end
@@ -690,10 +692,10 @@
write(request, controls, message_id)
pdu = queued_read(message_id)
if !pdu || pdu.app_tag != Net::LDAP::PDU::DeleteResponse
- raise Net::LDAP::LdapError, "response missing or invalid"
+ raise Net::LDAP::ResponseMissingOrInvalidError, "response missing or invalid"
end
pdu
end
end # class Connection