node-ldapjs/lib/client/client.js

1299 lines
37 KiB
JavaScript
Raw Normal View History

'use strict'
const requestQueueFactory = require('./request-queue')
const messageTrackerFactory = require('./message-tracker')
const { MAX_MSGID } = require('./constants')
2020-10-31 21:07:32 +00:00
const EventEmitter = require('events').EventEmitter
const net = require('net')
const tls = require('tls')
const util = require('util')
const once = require('once')
const backoff = require('backoff')
const vasync = require('vasync')
const assert = require('assert-plus')
const VError = require('verror').VError
const Attribute = require('../attribute')
const Change = require('../change')
const Control = require('../controls/index').Control
const { Control: LdapControl } = require('@ldapjs/controls')
2020-10-31 21:07:32 +00:00
const SearchPager = require('./search_pager')
2022-06-06 02:01:40 +00:00
const Protocol = require('@ldapjs/protocol')
2020-10-31 21:07:32 +00:00
const dn = require('../dn')
const errors = require('../errors')
const filters = require('@ldapjs/filter')
2020-10-31 21:07:32 +00:00
const messages = require('../messages')
const url = require('../url')
const CorkedEmitter = require('../corked_emitter')
/// --- Globals
2020-10-31 21:07:32 +00:00
const AbandonRequest = messages.AbandonRequest
const AddRequest = messages.AddRequest
const BindRequest = messages.BindRequest
const CompareRequest = messages.CompareRequest
const DeleteRequest = messages.DeleteRequest
const ExtendedRequest = messages.ExtendedRequest
const ModifyRequest = messages.ModifyRequest
const ModifyDNRequest = messages.ModifyDNRequest
const SearchRequest = messages.SearchRequest
const UnbindRequest = messages.UnbindRequest
const UnbindResponse = messages.UnbindResponse
const LDAPResult = messages.LDAPResult
const SearchEntry = messages.SearchEntry
const SearchReference = messages.SearchReference
// var SearchResponse = messages.SearchResponse
2020-10-31 21:07:32 +00:00
const Parser = messages.Parser
2020-10-31 21:07:32 +00:00
const PresenceFilter = filters.PresenceFilter
2020-10-31 21:07:32 +00:00
const ConnectionError = errors.ConnectionError
2020-10-31 21:07:32 +00:00
const CMP_EXPECT = [errors.LDAP_COMPARE_TRUE, errors.LDAP_COMPARE_FALSE]
2011-08-04 20:32:01 +00:00
// node 0.6 got rid of FDs, so make up a client id for logging
2020-10-31 21:07:32 +00:00
let CLIENT_ID = 0
/// --- Internal Helpers
2011-08-04 20:32:01 +00:00
function nextClientId () {
if (++CLIENT_ID === MAX_MSGID) { return 1 }
2011-08-04 20:32:01 +00:00
return CLIENT_ID
}
2011-08-04 20:32:01 +00:00
function validateControls (controls) {
2011-08-04 20:32:01 +00:00
if (Array.isArray(controls)) {
2012-02-24 00:02:52 +00:00
controls.forEach(function (c) {
if (!(c instanceof Control) && !(c instanceof LdapControl)) { throw new TypeError('controls must be [Control]') }
})
} else if (controls instanceof Control || controls instanceof LdapControl) {
controls = [controls]
2011-08-04 20:32:01 +00:00
} else {
throw new TypeError('controls must be [Control]')
2011-08-04 20:32:01 +00:00
}
return controls
2011-08-04 20:32:01 +00:00
}
function ensureDN (input, strict) {
if (dn.DN.isDN(input)) {
return dn
} else if (strict) {
return dn.parse(input)
} else if (typeof (input) === 'string') {
return input
} else {
throw new Error('invalid DN')
}
}
/// --- API
2011-08-04 20:32:01 +00:00
/**
* Constructs a new client.
*
* The options object is required, and must contain either a URL (string) or
* a socketPath (string); the socketPath is only if you want to talk to an LDAP
2012-02-18 08:54:22 +00:00
* server over a Unix Domain Socket. Additionally, you can pass in a bunyan
* option that is the result of `new Logger()`, presumably after you've
2011-08-04 20:32:01 +00:00
* configured it.
*
* @param {Object} options must have either url or socketPath.
* @throws {TypeError} on bad input.
*/
function Client (options) {
assert.ok(options)
EventEmitter.call(this, options)
2020-10-31 21:07:32 +00:00
const self = this
2020-09-17 14:46:34 +00:00
this.urls = options.url ? [].concat(options.url).map(url.parse) : []
2020-09-18 13:31:58 +00:00
this._nextServer = 0
2020-09-17 14:46:34 +00:00
// updated in connectSocket() after each connect
this.host = undefined
2020-09-18 04:15:25 +00:00
this.port = undefined
this.secure = undefined
2020-09-17 14:46:34 +00:00
this.url = undefined
this.tlsOptions = options.tlsOptions
this.socketPath = options.socketPath || false
this.log = options.log.child({ clazz: 'Client' }, true)
this.timeout = parseInt((options.timeout || 0), 10)
this.connectTimeout = parseInt((options.connectTimeout || 0), 10)
this.idleTimeout = parseInt((options.idleTimeout || 0), 10)
if (options.reconnect) {
// Fall back to defaults if options.reconnect === true
2020-10-31 21:07:32 +00:00
const rOpts = (typeof (options.reconnect) === 'object')
2020-10-24 16:22:11 +00:00
? options.reconnect
: {}
this.reconnect = {
initialDelay: parseInt(rOpts.initialDelay || 100, 10),
maxDelay: parseInt(rOpts.maxDelay || 10000, 10),
failAfter: parseInt(rOpts.failAfter, 10) || Infinity
}
}
this.strictDN = (options.strictDN !== undefined) ? options.strictDN : true
this.queue = requestQueueFactory({
size: parseInt((options.queueSize || 0), 10),
timeout: parseInt((options.queueTimeout || 0), 10)
})
if (options.queueDisable) {
this.queue.freeze()
}
// Implicitly configure setup action to bind the client if bindDN and
// bindCredentials are passed in. This will more closely mimic PooledClient
// auto-login behavior.
if (options.bindDN !== undefined &&
options.bindCredentials !== undefined) {
this.on('setup', function (clt, cb) {
clt.bind(options.bindDN, options.bindCredentials, function (err) {
if (err) {
2016-11-22 18:19:59 +00:00
if (self._socket) {
self._socket.destroy()
}
self.emit('error', err)
}
cb(err)
})
})
}
this._socket = null
this.connected = false
this.connect()
2011-08-04 20:32:01 +00:00
}
util.inherits(Client, EventEmitter)
module.exports = Client
2011-08-04 20:32:01 +00:00
/**
* Sends an abandon request to the LDAP server.
*
* The callback will be invoked as soon as the data is flushed out to the
* network, as there is never a response from abandon.
*
* @param {Number} messageID the messageID to abandon.
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err).
* @throws {TypeError} on invalid input.
*/
Client.prototype.abandon = function abandon (messageID, controls, callback) {
assert.number(messageID, 'messageID')
if (typeof (controls) === 'function') {
callback = controls
controls = []
} else {
controls = validateControls(controls)
}
assert.func(callback, 'callback')
2020-10-31 21:07:32 +00:00
const req = new AbandonRequest({
abandonID: messageID,
controls: controls
})
return this._send(req, 'abandon', null, callback)
}
2011-08-04 20:32:01 +00:00
/**
* Adds an entry to the LDAP server.
*
* Entry can be either [Attribute] or a plain JS object where the
* values are either a plain value or an array of values. Any value (that's
* not an array) will get converted to a string, so keep that in mind.
*
2011-08-04 20:32:01 +00:00
* @param {String} name the DN of the entry to add.
* @param {Object} entry an array of Attributes to be added or a JS object.
2011-08-04 20:32:01 +00:00
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.add = function add (name, entry, controls, callback) {
assert.ok(name !== undefined, 'name')
assert.object(entry, 'entry')
if (typeof (controls) === 'function') {
callback = controls
controls = []
2011-08-04 20:32:01 +00:00
} else {
controls = validateControls(controls)
2011-08-04 20:32:01 +00:00
}
assert.func(callback, 'callback')
2011-08-04 20:32:01 +00:00
if (Array.isArray(entry)) {
2012-02-24 00:02:52 +00:00
entry.forEach(function (a) {
if (!Attribute.isAttribute(a)) { throw new TypeError('entry must be an Array of Attributes') }
})
} else {
2020-10-31 21:07:32 +00:00
const save = entry
entry = []
2012-02-24 00:02:52 +00:00
Object.keys(save).forEach(function (k) {
2020-10-31 21:07:32 +00:00
const attr = new Attribute({ type: k })
if (Array.isArray(save[k])) {
2012-02-24 00:02:52 +00:00
save[k].forEach(function (v) {
attr.addValue(v.toString())
})
} else if (Buffer.isBuffer(save[k])) {
2021-07-29 17:13:47 +00:00
attr.addValue(save[k])
} else {
attr.addValue(save[k].toString())
}
entry.push(attr)
})
}
2020-10-31 21:07:32 +00:00
const req = new AddRequest({
entry: ensureDN(name, this.strictDN),
attributes: entry,
2011-08-04 20:32:01 +00:00
controls: controls
})
return this._send(req, [errors.LDAP_SUCCESS], null, callback)
}
/**
* Performs a simple authentication against the server.
*
* @param {String} name the DN to bind as.
* @param {String} credentials the userPassword associated with name.
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.bind = function bind (name,
credentials,
controls,
callback,
_bypass) {
if (typeof (name) !== 'string' && !(name instanceof dn.DN)) { throw new TypeError('name (string) required') }
assert.optionalString(credentials, 'credentials')
if (typeof (controls) === 'function') {
callback = controls
controls = []
} else {
controls = validateControls(controls)
}
assert.func(callback, 'callback')
2020-10-31 21:07:32 +00:00
const req = new BindRequest({
name: name || '',
authentication: 'Simple',
credentials: credentials || '',
controls: controls
})
2011-08-04 20:32:01 +00:00
// Connection errors will be reported to the bind callback too (useful when the LDAP server is not available)
2020-10-31 21:07:32 +00:00
const self = this
function callbackWrapper (err, ret) {
self.removeListener('connectError', callbackWrapper)
callback(err, ret)
}
this.addListener('connectError', callbackWrapper)
return this._send(req, [errors.LDAP_SUCCESS], null, callbackWrapper, _bypass)
}
2011-08-04 20:32:01 +00:00
/**
* Compares an attribute/value pair with an entry on the LDAP server.
*
* @param {String} name the DN of the entry to compare attributes with.
* @param {String} attr name of an attribute to check.
2011-08-04 20:32:01 +00:00
* @param {String} value value of an attribute to check.
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, boolean, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.compare = function compare (name,
attr,
value,
controls,
callback) {
assert.ok(name !== undefined, 'name')
assert.string(attr, 'attr')
assert.string(value, 'value')
if (typeof (controls) === 'function') {
callback = controls
controls = []
2011-08-04 20:32:01 +00:00
} else {
controls = validateControls(controls)
2011-08-04 20:32:01 +00:00
}
assert.func(callback, 'callback')
2011-08-04 20:32:01 +00:00
2020-10-31 21:07:32 +00:00
const req = new CompareRequest({
entry: ensureDN(name, this.strictDN),
attribute: attr,
2011-08-04 20:32:01 +00:00
value: value,
controls: controls
})
2011-08-04 20:32:01 +00:00
2012-02-24 00:02:52 +00:00
return this._send(req, CMP_EXPECT, null, function (err, res) {
if (err) { return callback(err) }
2011-08-04 20:32:01 +00:00
return callback(null, (res.status === errors.LDAP_COMPARE_TRUE), res)
})
}
2011-08-04 20:32:01 +00:00
/**
* Deletes an entry from the LDAP server.
*
* @param {String} name the DN of the entry to delete.
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.del = function del (name, controls, callback) {
assert.ok(name !== undefined, 'name')
if (typeof (controls) === 'function') {
callback = controls
controls = []
2011-08-04 20:32:01 +00:00
} else {
controls = validateControls(controls)
2011-08-04 20:32:01 +00:00
}
assert.func(callback, 'callback')
2011-08-04 20:32:01 +00:00
2020-10-31 21:07:32 +00:00
const req = new DeleteRequest({
entry: ensureDN(name, this.strictDN),
2011-08-04 20:32:01 +00:00
controls: controls
})
2011-08-04 20:32:01 +00:00
return this._send(req, [errors.LDAP_SUCCESS], null, callback)
}
2011-08-04 20:32:01 +00:00
/**
* Performs an extended operation on the LDAP server.
*
* Pretty much none of the LDAP extended operations return an OID
* (responseName), so I just don't bother giving it back in the callback.
* It's on the third param in `res` if you need it.
*
* @param {String} name the OID of the extended operation to perform.
* @param {String} value value to pass in for this operation.
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, value, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.exop = function exop (name, value, controls, callback) {
assert.string(name, 'name')
if (typeof (value) === 'function') {
callback = value
controls = []
value = undefined
2011-08-04 20:32:01 +00:00
}
if (typeof (controls) === 'function') {
callback = controls
controls = []
2011-08-04 20:32:01 +00:00
} else {
controls = validateControls(controls)
2011-08-04 20:32:01 +00:00
}
assert.func(callback, 'callback')
2011-08-04 20:32:01 +00:00
2020-10-31 21:07:32 +00:00
const req = new ExtendedRequest({
2011-08-04 20:32:01 +00:00
requestName: name,
requestValue: value,
controls: controls
})
2011-08-04 20:32:01 +00:00
2012-02-24 00:02:52 +00:00
return this._send(req, [errors.LDAP_SUCCESS], null, function (err, res) {
if (err) { return callback(err) }
2011-08-04 20:32:01 +00:00
return callback(null, res.responseValue || '', res)
})
}
2011-08-04 20:32:01 +00:00
/**
* Performs an LDAP modify against the server.
*
* @param {String} name the DN of the entry to modify.
* @param {Change} change update to perform (can be [Change]).
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.modify = function modify (name, change, controls, callback) {
assert.ok(name !== undefined, 'name')
assert.object(change, 'change')
2020-10-31 21:07:32 +00:00
const changes = []
2020-12-05 23:58:13 +00:00
function changeFromObject (obj) {
if (!obj.operation && !obj.type) { throw new Error('change.operation required') }
if (typeof (obj.modification) !== 'object') { throw new Error('change.modification (object) required') }
2020-12-05 23:58:13 +00:00
if (Object.keys(obj.modification).length === 2 &&
typeof (obj.modification.type) === 'string' &&
Array.isArray(obj.modification.vals)) {
// Use modification directly if it's already normalized:
changes.push(new Change({
2020-12-05 23:58:13 +00:00
operation: obj.operation || obj.type,
modification: obj.modification
}))
} else {
// Normalize the modification object
2020-12-05 23:58:13 +00:00
Object.keys(obj.modification).forEach(function (k) {
2020-10-31 21:07:32 +00:00
const mod = {}
2020-12-05 23:58:13 +00:00
mod[k] = obj.modification[k]
changes.push(new Change({
2020-12-05 23:58:13 +00:00
operation: obj.operation || obj.type,
modification: mod
}))
})
}
2011-08-04 20:32:01 +00:00
}
if (Change.isChange(change)) {
changes.push(change)
} else if (Array.isArray(change)) {
2012-02-24 00:02:52 +00:00
change.forEach(function (c) {
if (Change.isChange(c)) {
changes.push(c)
} else {
changeFromObject(c)
}
})
} else {
changeFromObject(change)
}
if (typeof (controls) === 'function') {
callback = controls
controls = []
2011-08-04 20:32:01 +00:00
} else {
controls = validateControls(controls)
2011-08-04 20:32:01 +00:00
}
assert.func(callback, 'callback')
2011-08-04 20:32:01 +00:00
2020-10-31 21:07:32 +00:00
const req = new ModifyRequest({
object: ensureDN(name, this.strictDN),
changes: changes,
2011-08-04 20:32:01 +00:00
controls: controls
})
2011-08-04 20:32:01 +00:00
return this._send(req, [errors.LDAP_SUCCESS], null, callback)
}
2011-08-04 20:32:01 +00:00
/**
* Performs an LDAP modifyDN against the server.
*
* This does not allow you to keep the old DN, as while the LDAP protocol
* has a facility for that, it's stupid. Just Search/Add.
*
* This will automatically deal with "new superior" logic.
*
* @param {String} name the DN of the entry to modify.
* @param {String} newName the new DN to move this entry to.
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.modifyDN = function modifyDN (name,
newName,
controls,
callback) {
assert.ok(name !== undefined, 'name')
assert.string(newName, 'newName')
if (typeof (controls) === 'function') {
callback = controls
controls = []
2011-08-04 20:32:01 +00:00
} else {
controls = validateControls(controls)
2011-08-04 20:32:01 +00:00
}
assert.func(callback)
2011-08-04 20:32:01 +00:00
2020-10-31 21:07:32 +00:00
const DN = ensureDN(name)
// TODO: is non-strict handling desired here?
2020-10-31 21:07:32 +00:00
const newDN = dn.parse(newName)
2011-08-04 20:32:01 +00:00
2020-10-31 21:07:32 +00:00
const req = new ModifyDNRequest({
2011-08-04 20:32:01 +00:00
entry: DN,
deleteOldRdn: true,
controls: controls
})
2011-08-04 20:32:01 +00:00
if (newDN.length !== 1) {
req.newRdn = dn.parse(newDN.rdns.shift().toString())
req.newSuperior = newDN
2011-08-04 20:32:01 +00:00
} else {
req.newRdn = newDN
2011-08-04 20:32:01 +00:00
}
return this._send(req, [errors.LDAP_SUCCESS], null, callback)
}
2011-08-04 20:32:01 +00:00
/**
* Performs an LDAP search against the server.
*
* Note that the defaults for options are a 'base' search, if that's what
* you want you can just pass in a string for options and it will be treated
* as the search filter. Also, you can either pass in programatic Filter
* objects or a filter string as the filter option.
*
* Note that this method is 'special' in that the callback 'res' param will
* have two important events on it, namely 'entry' and 'end' that you can hook
* to. The former will emit a SearchEntry object for each record that comes
* back, and the latter will emit a normal LDAPResult object.
*
* @param {String} base the DN in the tree to start searching at.
* @param {Object} options parameters:
* - {String} scope default of 'base'.
* - {String} filter default of '(objectclass=*)'.
* - {Array} attributes [string] to return.
* - {Boolean} attrsOnly whether to return values.
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.search = function search (base,
options,
controls,
callback,
_bypass) {
assert.ok(base !== undefined, 'search base')
2011-08-04 20:32:01 +00:00
if (Array.isArray(options) || (options instanceof Control)) {
controls = options
options = {}
} else if (typeof (options) === 'function') {
callback = options
controls = []
2011-08-04 20:32:01 +00:00
options = {
filter: new PresenceFilter({ attribute: 'objectclass' })
}
} else if (typeof (options) === 'string') {
options = { filter: filters.parseString(options) }
} else if (typeof (options) !== 'object') {
throw new TypeError('options (object) required')
2011-08-04 20:32:01 +00:00
}
if (typeof (options.filter) === 'string') {
options.filter = filters.parseString(options.filter)
} else if (!options.filter) {
options.filter = new PresenceFilter({ attribute: 'objectclass' })
} else if (Object.prototype.toString.call(options.filter) !== '[object FilterString]') {
throw new TypeError('options.filter (Filter) required')
}
if (typeof (controls) === 'function') {
callback = controls
controls = []
2011-08-04 20:32:01 +00:00
} else {
controls = validateControls(controls)
2011-08-04 20:32:01 +00:00
}
assert.func(callback, 'callback')
2011-08-04 20:32:01 +00:00
if (options.attributes) {
if (!Array.isArray(options.attributes)) {
if (typeof (options.attributes) === 'string') {
options.attributes = [options.attributes]
} else {
throw new TypeError('options.attributes must be an Array of Strings')
}
}
}
2020-10-31 21:07:32 +00:00
const self = this
const baseDN = ensureDN(base, this.strictDN)
2015-04-26 03:36:36 +00:00
function sendRequest (ctrls, emitter, cb) {
2020-10-31 21:07:32 +00:00
const req = new SearchRequest({
baseObject: baseDN,
scope: options.scope || 'base',
filter: options.filter,
2022-06-06 02:01:40 +00:00
derefAliases: options.derefAliases || Protocol.search.NEVER_DEREF_ALIASES,
sizeLimit: options.sizeLimit || 0,
timeLimit: options.timeLimit || 10,
typesOnly: options.typesOnly || false,
attributes: options.attributes || [],
controls: ctrls
})
2011-08-04 20:32:01 +00:00
return self._send(req,
[errors.LDAP_SUCCESS],
emitter,
cb,
_bypass)
}
if (options.paged) {
// Perform automated search paging
2020-10-31 21:07:32 +00:00
const pageOpts = typeof (options.paged) === 'object' ? options.paged : {}
let size = 100 // Default page size
if (pageOpts.pageSize > 0) {
size = pageOpts.pageSize
} else if (options.sizeLimit > 1) {
// According to the RFC, servers should ignore the paging control if
2014-07-25 18:21:02 +00:00
// pageSize >= sizelimit. Some might still send results, but it's safer
// to stay under that figure when assigning a default value.
size = options.sizeLimit - 1
}
2020-10-31 21:07:32 +00:00
const pager = new SearchPager({
callback: callback,
controls: controls,
pageSize: size,
pagePause: pageOpts.pagePause,
sendRequest: sendRequest
})
pager.begin()
} else {
sendRequest(controls, new CorkedEmitter(), callback)
}
}
2011-08-04 20:32:01 +00:00
/**
* Unbinds this client from the LDAP server.
*
* Note that unbind does not have a response, so this callback is actually
* optional; either way, the client is disconnected.
*
* @param {Function} callback of the form f(err).
* @throws {TypeError} if you pass in callback as not a function.
*/
Client.prototype.unbind = function unbind (callback) {
if (!callback) { callback = function () {} }
2011-08-04 20:32:01 +00:00
if (typeof (callback) !== 'function') { throw new TypeError('callback must be a function') }
2011-09-26 23:45:49 +00:00
// When the socket closes, it is useful to know whether it was due to a
// user-initiated unbind or something else.
this.unbound = true
if (!this._socket) { return callback() }
2011-08-04 20:32:01 +00:00
2020-10-31 21:07:32 +00:00
const req = new UnbindRequest()
return this._send(req, 'unbind', null, callback)
}
2011-08-04 20:32:01 +00:00
2015-04-26 03:36:36 +00:00
/**
* Attempt to secure connection with StartTLS.
*/
Client.prototype.starttls = function starttls (options,
controls,
callback,
_bypass) {
assert.optionalObject(options)
options = options || {}
callback = once(callback)
2020-10-31 21:07:32 +00:00
const self = this
2015-04-26 03:36:36 +00:00
if (this._starttls) {
return callback(new Error('STARTTLS already in progress or active'))
2015-04-26 03:36:36 +00:00
}
2020-12-05 23:58:13 +00:00
function onSend (sendErr, emitter) {
if (sendErr) {
callback(sendErr)
return
2015-04-26 03:36:36 +00:00
}
/*
* Now that the request has been sent, block all outgoing messages
* until an error is received or we successfully complete the setup.
*/
// TODO: block traffic
self._starttls = {
started: true
}
2015-04-26 03:36:36 +00:00
emitter.on('error', function (err) {
self._starttls = null
callback(err)
})
2020-12-07 01:26:27 +00:00
emitter.on('end', function (_res) {
2020-10-31 21:07:32 +00:00
const sock = self._socket
2015-04-26 03:36:36 +00:00
/*
* Unplumb socket data during SSL negotiation.
* This will prevent the LDAP parser from stumbling over the TLS
* handshake and raising a ruckus.
*/
sock.removeAllListeners('data')
2015-04-26 03:36:36 +00:00
options.socket = sock
2020-10-31 21:07:32 +00:00
const secure = tls.connect(options)
2015-04-26 03:36:36 +00:00
secure.once('secureConnect', function () {
/*
* Wire up 'data' and 'error' handlers like the normal socket.
* Handling 'end' events isn't necessary since the underlying socket
* will handle those.
*/
secure.removeAllListeners('error')
secure.on('data', function onData (data) {
self.log.trace('data event: %s', util.inspect(data))
self._tracker.parser.write(data)
})
secure.on('error', function (err) {
self.log.trace({ err: err }, 'error event: %s', new Error().stack)
self.emit('error', err)
sock.destroy()
})
callback(null)
})
2015-04-26 03:36:36 +00:00
secure.once('error', function (err) {
// If the SSL negotiation failed, to back to plain mode.
self._starttls = null
secure.removeAllListeners()
callback(err)
})
self._starttls.success = true
self._socket = secure
})
2015-04-26 03:36:36 +00:00
}
2020-10-31 21:07:32 +00:00
const req = new ExtendedRequest({
2015-04-26 03:36:36 +00:00
requestName: '1.3.6.1.4.1.1466.20037',
requestValue: null,
controls: controls
})
2015-04-26 03:36:36 +00:00
return this._send(req,
[errors.LDAP_SUCCESS],
new EventEmitter(),
onSend,
_bypass)
}
2015-04-26 03:36:36 +00:00
/**
* Disconnect from the LDAP server and do not allow reconnection.
*
* If the client is instantiated with proper reconnection options, it's
* possible to initiate new requests after a call to unbind since the client
* will attempt to reconnect in order to fulfill the request.
*
* Calling destroy will prevent any further reconnection from occurring.
*
* @param {Object} err (Optional) error that was cause of client destruction
*/
Client.prototype.destroy = function destroy (err) {
this.destroyed = true
this.queue.freeze()
// Purge any queued requests which are now meaningless
this.queue.flush(function (msg, expect, emitter, cb) {
if (typeof (cb) === 'function') {
cb(new Error('client destroyed'))
}
})
if (this.connected) {
this.unbind()
2022-02-11 00:52:48 +00:00
}
if (this._socket) {
this._socket.destroy()
}
2022-02-11 00:52:48 +00:00
this.emit('destroy', err)
}
/**
* Initiate LDAP connection.
*/
Client.prototype.connect = function connect () {
if (this.connecting || this.connected) {
return
}
2020-10-31 21:07:32 +00:00
const self = this
const log = this.log
let socket
let tracker
2012-01-24 17:43:46 +00:00
// Establish basic socket connection
function connectSocket (cb) {
2020-10-31 21:07:32 +00:00
const server = self.urls[self._nextServer]
2020-09-18 13:36:12 +00:00
self._nextServer = (self._nextServer + 1) % self.urls.length
2020-09-17 14:46:34 +00:00
cb = once(cb)
2012-01-24 17:43:46 +00:00
function onResult (err, res) {
if (err) {
if (self.connectTimer) {
clearTimeout(self.connectTimer)
self.connectTimer = null
}
self.emit('connectError', err)
}
cb(err, res)
}
function onConnect () {
if (self.connectTimer) {
clearTimeout(self.connectTimer)
self.connectTimer = null
}
socket.removeAllListeners('error')
.removeAllListeners('connect')
.removeAllListeners('secureConnect')
tracker.id = nextClientId() + '__' + tracker.id
self.log = self.log.child({ ldap_id: tracker.id }, true)
// Move on to client setup
setupClient(cb)
}
2020-10-31 21:07:32 +00:00
const port = (server && server.port) || self.socketPath
const host = server && server.hostname
2020-09-18 04:15:25 +00:00
if (server && server.secure) {
2020-09-17 15:49:58 +00:00
socket = tls.connect(port, host, self.tlsOptions)
socket.once('secureConnect', onConnect)
} else {
2020-09-17 15:49:58 +00:00
socket = net.connect(port, host)
socket.once('connect', onConnect)
}
socket.once('error', onResult)
2020-09-17 15:49:58 +00:00
initSocket(server)
// Setup connection timeout handling, if desired
if (self.connectTimeout) {
self.connectTimer = setTimeout(function onConnectTimeout () {
if (!socket || !socket.readable || !socket.writeable) {
socket.destroy()
self._socket = null
onResult(new ConnectionError('connection timeout'))
}
}, self.connectTimeout)
}
}
// Initialize socket events and LDAP parser.
2020-12-05 23:58:13 +00:00
function initSocket (server) {
tracker = messageTrackerFactory({
2020-12-05 23:58:13 +00:00
id: server ? server.href : self.socketPath,
parser: new Parser({ log: log })
})
// This won't be set on TLS. So. Very. Annoying.
if (typeof (socket.setKeepAlive) !== 'function') {
socket.setKeepAlive = function setKeepAlive (enable, delay) {
return socket.socket
2020-10-24 16:22:11 +00:00
? socket.socket.setKeepAlive(enable, delay)
: false
}
}
socket.on('data', function onData (data) {
log.trace('data event: %s', util.inspect(data))
tracker.parser.write(data)
})
// The "router"
tracker.parser.on('message', function onMessage (message) {
message.connection = self._socket
2020-10-31 21:07:32 +00:00
const callback = tracker.fetch(message.messageID)
if (!callback) {
log.error({ message: message.json }, 'unsolicited message')
return false
}
return callback(message)
})
tracker.parser.on('error', function onParseError (err) {
self.emit('error', new VError(err, 'Parser error for %s',
tracker.id))
self.connected = false
socket.end()
})
}
// After connect, register socket event handlers and run any setup actions
function setupClient (cb) {
cb = once(cb)
// Indicate failure if anything goes awry during setup
function bail (err) {
socket.destroy()
cb(err || new Error('client error during setup'))
}
// Work around lack of close event on tls.socket in node < 0.11
((socket.socket) ? socket.socket : socket).once('close', bail)
socket.once('error', bail)
socket.once('end', bail)
socket.once('timeout', bail)
socket.once('cleanupSetupListeners', function onCleanup () {
socket.removeListener('error', bail)
.removeListener('close', bail)
.removeListener('end', bail)
.removeListener('timeout', bail)
})
self._socket = socket
self._tracker = tracker
// Run any requested setup (such as automatically performing a bind) on
// socket before signalling successful connection.
// This setup needs to bypass the request queue since all other activity is
// blocked until the connection is considered fully established post-setup.
2015-05-25 00:56:16 +00:00
// Only allow bind/search/starttls for now.
2020-10-31 21:07:32 +00:00
const basicClient = {
bind: function bindBypass (name, credentials, controls, callback) {
return self.bind(name, credentials, controls, callback, true)
},
search: function searchBypass (base, options, controls, callback) {
return self.search(base, options, controls, callback, true)
},
starttls: function starttlsBypass (options, controls, callback) {
return self.starttls(options, controls, callback, true)
2015-05-25 00:56:16 +00:00
},
unbind: self.unbind.bind(self)
}
vasync.forEachPipeline({
func: function (f, callback) {
f(basicClient, callback)
},
inputs: self.listeners('setup')
2020-12-07 01:26:27 +00:00
}, function (err, _res) {
if (err) {
self.emit('setupError', err)
}
cb(err)
})
2012-07-10 22:40:34 +00:00
}
// Wire up "official" event handlers after successful connect/setup
function postSetup () {
// cleanup the listeners we attached in setup phrase.
socket.emit('cleanupSetupListeners');
// Work around lack of close event on tls.socket in node < 0.11
((socket.socket) ? socket.socket : socket).once('close',
self._onClose.bind(self))
socket.on('end', function onEnd () {
log.trace('end event')
self.emit('end')
socket.end()
})
socket.on('error', function onSocketError (err) {
log.trace({ err: err }, 'error event: %s', new Error().stack)
self.emit('error', err)
socket.destroy()
})
socket.on('timeout', function onTimeout () {
log.trace('timeout event')
self.emit('socketTimeout')
socket.end()
})
2020-09-17 15:49:58 +00:00
2020-10-31 21:07:32 +00:00
const server = self.urls[self._nextServer]
2020-09-17 15:49:58 +00:00
if (server) {
self.host = server.hostname
self.port = server.port
self.secure = server.secure
}
}
2020-10-31 21:07:32 +00:00
let retry
let failAfter
if (this.reconnect) {
retry = backoff.exponential({
initialDelay: this.reconnect.initialDelay,
maxDelay: this.reconnect.maxDelay
})
failAfter = this.reconnect.failAfter
2020-09-17 14:46:34 +00:00
if (this.urls.length > 1 && failAfter) {
failAfter *= this.urls.length
2020-09-16 12:06:26 +00:00
}
} else {
retry = backoff.exponential({
initialDelay: 1,
maxDelay: 2
})
2020-09-18 04:15:25 +00:00
failAfter = this.urls.length || 1
}
retry.failAfter(failAfter)
2020-12-07 01:26:27 +00:00
retry.on('ready', function (num, _delay) {
if (self.destroyed) {
// Cease connection attempts if destroyed
return
}
connectSocket(function (err) {
if (!err) {
postSetup()
self.connecting = false
self.connected = true
self.emit('connect', socket)
self.log.debug('connected after %d attempt(s)', num + 1)
// Flush any queued requests
self._flushQueue()
self._connectRetry = null
} else {
retry.backoff(err)
}
})
})
retry.on('fail', function (err) {
if (self.destroyed) {
// Silence any connect/setup errors if destroyed
return
}
self.log.debug('failed to connect after %d attempts', failAfter)
// Communicate the last-encountered error
if (err instanceof ConnectionError) {
self.emitError('connectTimeout', err)
} else if (err.code === 'ECONNREFUSED') {
self.emitError('connectRefused', err)
} else {
self.emit('error', err)
}
})
this._connectRetry = retry
this.connecting = true
retry.backoff()
}
/// --- Private API
/**
* Flush queued requests out to the socket.
*/
Client.prototype._flushQueue = function _flushQueue () {
// Pull items we're about to process out of the queue.
this.queue.flush(this._send.bind(this))
}
/**
* Clean up socket/parser resources after socket close.
*/
Client.prototype._onClose = function _onClose (closeError) {
2020-10-31 21:07:32 +00:00
const socket = this._socket
const tracker = this._tracker
socket.removeAllListeners('connect')
.removeAllListeners('data')
.removeAllListeners('drain')
.removeAllListeners('end')
.removeAllListeners('error')
.removeAllListeners('timeout')
this._socket = null
this.connected = false;
((socket.socket) ? socket.socket : socket).removeAllListeners('close')
2011-09-26 23:45:49 +00:00
this.log.trace('close event had_err=%s', closeError ? 'yes' : 'no')
this.emit('close', closeError)
// On close we have to walk the outstanding messages and go invoke their
// callback with an error.
tracker.purge(function (msgid, cb) {
if (socket.unbindMessageID !== msgid) {
return cb(new ConnectionError(tracker.id + ' closed'))
} else {
// Unbinds will be communicated as a success since we're closed
2020-10-31 21:07:32 +00:00
const unbind = new UnbindResponse({ messageID: msgid })
unbind.status = 'unbind'
return cb(unbind)
}
})
2015-04-26 03:36:36 +00:00
// Trash any parser or starttls state
this._tracker = null
delete this._starttls
// Automatically fire reconnect logic if the socket was closed for any reason
// other than a user-initiated unbind.
if (this.reconnect && !this.unbound) {
this.connect()
}
this.unbound = false
return false
}
/**
* Maintain idle timer for client.
*
* Will start timer to fire 'idle' event if conditions are satisfied. If
* conditions are not met and a timer is running, it will be cleared.
*
* @param {Boolean} override explicitly disable timer.
*/
Client.prototype._updateIdle = function _updateIdle (override) {
if (this.idleTimeout === 0) {
return
}
// Client must be connected but not waiting on any request data
2020-10-31 21:07:32 +00:00
const self = this
function isIdle (disable) {
return ((disable !== true) &&
2015-04-26 03:36:36 +00:00
(self._socket && self.connected) &&
(self._tracker.pending === 0))
}
if (isIdle(override)) {
if (!this._idleTimer) {
this._idleTimer = setTimeout(function () {
// Double-check idleness in case socket was torn down
if (isIdle()) {
self.emit('idle')
}
}, this.idleTimeout)
}
} else {
if (this._idleTimer) {
clearTimeout(this._idleTimer)
this._idleTimer = null
}
}
}
/**
* Attempt to send an LDAP request.
*/
Client.prototype._send = function _send (message,
expect,
emitter,
callback,
_bypass) {
assert.ok(message)
assert.ok(expect)
assert.optionalObject(emitter)
assert.ok(callback)
// Allow connect setup traffic to bypass checks
2015-04-26 03:36:36 +00:00
if (_bypass && this._socket && this._socket.writable) {
return this._sendSocket(message, expect, emitter, callback)
}
2015-04-26 03:36:36 +00:00
if (!this._socket || !this.connected) {
if (!this.queue.enqueue(message, expect, emitter, callback)) {
callback(new ConnectionError('connection unavailable'))
}
// Initiate reconnect if needed
if (this.reconnect) {
this.connect()
}
return false
} else {
this._flushQueue()
return this._sendSocket(message, expect, emitter, callback)
}
}
Client.prototype._sendSocket = function _sendSocket (message,
expect,
emitter,
callback) {
2020-10-31 21:07:32 +00:00
const conn = this._socket
const tracker = this._tracker
const log = this.log
const self = this
let timer = false
let sentEmitter = false
function sendResult (event, obj) {
if (event === 'error') {
self.emit('resultError', obj)
}
2012-07-09 12:23:53 +00:00
if (emitter) {
if (event === 'error') {
// Error will go unhandled if emitter hasn't been sent via callback.
// Execute callback with the error instead.
if (!sentEmitter) { return callback(obj) }
}
return emitter.emit(event, obj)
2012-07-09 12:23:53 +00:00
}
if (event === 'error') { return callback(obj) }
return callback(null, obj)
}
function messageCallback (msg) {
if (timer) { clearTimeout(timer) }
log.trace({ msg: msg ? msg.json : null }, 'response received')
if (expect === 'abandon') { return sendResult('end', null) }
if (msg instanceof SearchEntry || msg instanceof SearchReference) {
2020-10-31 21:07:32 +00:00
let event = msg.constructor.name
event = event[0].toLowerCase() + event.slice(1)
return sendResult(event, msg)
} else {
tracker.remove(message.messageID)
// Potentially mark client as idle
self._updateIdle()
if (msg instanceof LDAPResult) {
if (expect.indexOf(msg.status) === -1) {
return sendResult('error', errors.getError(msg))
}
return sendResult('end', msg)
} else if (msg instanceof Error) {
return sendResult('error', msg)
} else {
return sendResult('error', new errors.ProtocolError(msg.type))
}
}
}
function onRequestTimeout () {
self.emit('timeout', message)
2020-10-31 21:07:32 +00:00
const cb = tracker.fetch(message.messageID)
if (cb) {
// FIXME: the timed-out request should be abandoned
cb(new errors.TimeoutError('request timeout (client interrupt)'))
}
}
function writeCallback () {
if (expect === 'abandon') {
// Mark the messageID specified as abandoned
tracker.abandon(message.abandonID)
// No need to track the abandon request itself
tracker.remove(message.id)
return callback(null)
} else if (expect === 'unbind') {
conn.unbindMessageID = message.id
// Mark client as disconnected once unbind clears the socket
self.connected = false
// Some servers will RST the connection after receiving an unbind.
// Socket errors are blackholed since the connection is being closed.
conn.removeAllListeners('error')
conn.on('error', function () {})
conn.end()
} else if (emitter) {
sentEmitter = true
callback(null, emitter)
emitter.emit('searchRequest', message)
return
}
return false
}
// Start actually doing something...
tracker.track(message, messageCallback)
// Mark client as active
this._updateIdle(true)
if (self.timeout) {
log.trace('Setting timeout to %d', self.timeout)
timer = setTimeout(onRequestTimeout, self.timeout)
}
log.trace('sending request %j', message.json)
try {
return conn.write(message.toBer(), writeCallback)
} catch (e) {
if (timer) { clearTimeout(timer) }
log.trace({ err: e }, 'Error writing message to socket')
return callback(e)
}
}
Client.prototype.emitError = function emitError (event, err) {
if (event !== 'error' && err && this.listenerCount(event) === 0) {
if (typeof err === 'string') {
err = event + ': ' + err
} else if (err.message) {
err.message = event + ': ' + err.message
}
this.emit('error', err)
}
this.emit(event, err)
}