node-ldapjs/lib/client/client.js

1340 lines
38 KiB
JavaScript

'use strict'
const requestQueueFactory = require('./request-queue')
const messageTrackerFactory = require('./message-tracker')
const { MAX_MSGID } = require('./constants')
const EventEmitter = require('events').EventEmitter
const net = require('net')
const tls = require('tls')
const util = require('util')
const once = require('once')
const backoff = require('backoff')
const vasync = require('vasync')
const assert = require('assert-plus')
const VError = require('verror').VError
const Attribute = require('@ldapjs/attribute')
const Change = require('@ldapjs/change')
const Control = require('../controls/index').Control
const { Control: LdapControl } = require('@ldapjs/controls')
const SearchPager = require('./search_pager')
const Protocol = require('@ldapjs/protocol')
const { DN } = require('@ldapjs/dn')
const errors = require('../errors')
const filters = require('@ldapjs/filter')
const Parser = require('../messages/parser')
const url = require('../url')
const CorkedEmitter = require('../corked_emitter')
/// --- Globals
const messages = require('@ldapjs/messages')
const {
AbandonRequest,
AddRequest,
BindRequest,
CompareRequest,
DeleteRequest,
ExtensionRequest: ExtendedRequest,
ModifyRequest,
ModifyDnRequest: ModifyDNRequest,
SearchRequest,
UnbindRequest,
LdapResult: LDAPResult,
SearchResultEntry: SearchEntry,
SearchResultReference: SearchReference
} = messages
const PresenceFilter = filters.PresenceFilter
const ConnectionError = errors.ConnectionError
const CMP_EXPECT = [errors.LDAP_COMPARE_TRUE, errors.LDAP_COMPARE_FALSE]
// node 0.6 got rid of FDs, so make up a client id for logging
let CLIENT_ID = 0
/// --- Internal Helpers
function nextClientId () {
if (++CLIENT_ID === MAX_MSGID) { return 1 }
return CLIENT_ID
}
function validateControls (controls) {
if (Array.isArray(controls)) {
controls.forEach(function (c) {
if (!(c instanceof Control) && !(c instanceof LdapControl)) { throw new TypeError('controls must be [Control]') }
})
} else if (controls instanceof Control || controls instanceof LdapControl) {
controls = [controls]
} else {
throw new TypeError('controls must be [Control]')
}
return controls
}
function ensureDN (input) {
if (DN.isDn(input)) {
return DN
} else if (typeof (input) === 'string') {
return DN.fromString(input)
} else {
throw new Error('invalid DN')
}
}
/// --- API
/**
* Constructs a new client.
*
* The options object is required, and must contain either a URL (string) or
* a socketPath (string); the socketPath is only if you want to talk to an LDAP
* server over a Unix Domain Socket. Additionally, you can pass in a bunyan
* option that is the result of `new Logger()`, presumably after you've
* configured it.
*
* @param {Object} options must have either url or socketPath.
* @throws {TypeError} on bad input.
*/
function Client (options) {
assert.ok(options)
EventEmitter.call(this, options)
const self = this
this.urls = options.url ? [].concat(options.url).map(url.parse) : []
this._nextServer = 0
// updated in connectSocket() after each connect
this.host = undefined
this.port = undefined
this.secure = undefined
this.url = undefined
this.tlsOptions = options.tlsOptions
this.socketPath = options.socketPath || false
this.log = options.log.child({ clazz: 'Client' }, true)
this.timeout = parseInt((options.timeout || 0), 10)
this.connectTimeout = parseInt((options.connectTimeout || 0), 10)
this.idleTimeout = parseInt((options.idleTimeout || 0), 10)
if (options.reconnect) {
// Fall back to defaults if options.reconnect === true
const rOpts = (typeof (options.reconnect) === 'object')
? options.reconnect
: {}
this.reconnect = {
initialDelay: parseInt(rOpts.initialDelay || 100, 10),
maxDelay: parseInt(rOpts.maxDelay || 10000, 10),
failAfter: parseInt(rOpts.failAfter, 10) || Infinity
}
}
this.queue = requestQueueFactory({
size: parseInt((options.queueSize || 0), 10),
timeout: parseInt((options.queueTimeout || 0), 10)
})
if (options.queueDisable) {
this.queue.freeze()
}
// Implicitly configure setup action to bind the client if bindDN and
// bindCredentials are passed in. This will more closely mimic PooledClient
// auto-login behavior.
if (options.bindDN !== undefined &&
options.bindCredentials !== undefined) {
this.on('setup', function (clt, cb) {
clt.bind(options.bindDN, options.bindCredentials, function (err) {
if (err) {
if (self._socket) {
self._socket.destroy()
}
self.emit('error', err)
}
cb(err)
})
})
}
this._socket = null
this.connected = false
this.connect()
}
util.inherits(Client, EventEmitter)
module.exports = Client
/**
* Sends an abandon request to the LDAP server.
*
* The callback will be invoked as soon as the data is flushed out to the
* network, as there is never a response from abandon.
*
* @param {Number} messageId the messageId to abandon.
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err).
* @throws {TypeError} on invalid input.
*/
Client.prototype.abandon = function abandon (messageId, controls, callback) {
assert.number(messageId, 'messageId')
if (typeof (controls) === 'function') {
callback = controls
controls = []
} else {
controls = validateControls(controls)
}
assert.func(callback, 'callback')
const req = new AbandonRequest({
abandonId: messageId,
controls: controls
})
return this._send(req, 'abandon', null, callback)
}
/**
* Adds an entry to the LDAP server.
*
* Entry can be either [Attribute] or a plain JS object where the
* values are either a plain value or an array of values. Any value (that's
* not an array) will get converted to a string, so keep that in mind.
*
* @param {String} name the DN of the entry to add.
* @param {Object} entry an array of Attributes to be added or a JS object.
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.add = function add (name, entry, controls, callback) {
assert.ok(name !== undefined, 'name')
assert.object(entry, 'entry')
if (typeof (controls) === 'function') {
callback = controls
controls = []
} else {
controls = validateControls(controls)
}
assert.func(callback, 'callback')
if (Array.isArray(entry)) {
entry.forEach(function (a) {
if (!Attribute.isAttribute(a)) { throw new TypeError('entry must be an Array of Attributes') }
})
} else {
const save = entry
entry = []
Object.keys(save).forEach(function (k) {
const attr = new Attribute({ type: k })
if (Array.isArray(save[k])) {
save[k].forEach(function (v) {
attr.addValue(v.toString())
})
} else if (Buffer.isBuffer(save[k])) {
attr.addValue(save[k])
} else {
attr.addValue(save[k].toString())
}
entry.push(attr)
})
}
const req = new AddRequest({
entry: ensureDN(name),
attributes: entry,
controls: controls
})
return this._send(req, [errors.LDAP_SUCCESS], null, callback)
}
/**
* Performs a simple authentication against the server.
*
* @param {String} name the DN to bind as.
* @param {String} credentials the userPassword associated with name.
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.bind = function bind (name,
credentials,
controls,
callback,
_bypass) {
if (
typeof (name) !== 'string' &&
Object.prototype.toString.call(name) !== '[object LdapDn]'
) {
throw new TypeError('name (string) required')
}
assert.optionalString(credentials, 'credentials')
if (typeof (controls) === 'function') {
callback = controls
controls = []
} else {
controls = validateControls(controls)
}
assert.func(callback, 'callback')
const req = new BindRequest({
name: name || '',
authentication: 'Simple',
credentials: credentials || '',
controls: controls
})
// Connection errors will be reported to the bind callback too (useful when the LDAP server is not available)
const self = this
function callbackWrapper (err, ret) {
self.removeListener('connectError', callbackWrapper)
callback(err, ret)
}
this.addListener('connectError', callbackWrapper)
return this._send(req, [errors.LDAP_SUCCESS], null, callbackWrapper, _bypass)
}
/**
* Compares an attribute/value pair with an entry on the LDAP server.
*
* @param {String} name the DN of the entry to compare attributes with.
* @param {String} attr name of an attribute to check.
* @param {String} value value of an attribute to check.
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, boolean, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.compare = function compare (name,
attr,
value,
controls,
callback) {
assert.ok(name !== undefined, 'name')
assert.string(attr, 'attr')
assert.string(value, 'value')
if (typeof (controls) === 'function') {
callback = controls
controls = []
} else {
controls = validateControls(controls)
}
assert.func(callback, 'callback')
const req = new CompareRequest({
entry: ensureDN(name),
attribute: attr,
value: value,
controls: controls
})
return this._send(req, CMP_EXPECT, null, function (err, res) {
if (err) { return callback(err) }
return callback(null, (res.status === errors.LDAP_COMPARE_TRUE), res)
})
}
/**
* Deletes an entry from the LDAP server.
*
* @param {String} name the DN of the entry to delete.
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.del = function del (name, controls, callback) {
assert.ok(name !== undefined, 'name')
if (typeof (controls) === 'function') {
callback = controls
controls = []
} else {
controls = validateControls(controls)
}
assert.func(callback, 'callback')
const req = new DeleteRequest({
entry: ensureDN(name),
controls: controls
})
return this._send(req, [errors.LDAP_SUCCESS], null, callback)
}
/**
* Performs an extended operation on the LDAP server.
*
* Pretty much none of the LDAP extended operations return an OID
* (responseName), so I just don't bother giving it back in the callback.
* It's on the third param in `res` if you need it.
*
* @param {String} name the OID of the extended operation to perform.
* @param {String} value value to pass in for this operation.
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, value, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.exop = function exop (name, value, controls, callback) {
assert.string(name, 'name')
if (typeof (value) === 'function') {
callback = value
controls = []
value = undefined
}
if (typeof (controls) === 'function') {
callback = controls
controls = []
} else {
controls = validateControls(controls)
}
assert.func(callback, 'callback')
const req = new ExtendedRequest({
requestName: name,
requestValue: value,
controls: controls
})
return this._send(req, [errors.LDAP_SUCCESS], null, function (err, res) {
if (err) { return callback(err) }
return callback(null, res.responseValue || '', res)
})
}
/**
* Performs an LDAP modify against the server.
*
* @param {String} name the DN of the entry to modify.
* @param {Change} change update to perform (can be [Change]).
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.modify = function modify (name, change, controls, callback) {
assert.ok(name !== undefined, 'name')
assert.object(change, 'change')
const changes = []
function changeFromObject (obj) {
if (!obj.operation && !obj.type) { throw new Error('change.operation required') }
if (typeof (obj.modification) !== 'object') { throw new Error('change.modification (object) required') }
if (Object.keys(obj.modification).length === 2 &&
typeof (obj.modification.type) === 'string' &&
Array.isArray(obj.modification.vals)) {
// Use modification directly if it's already normalized:
changes.push(new Change({
operation: obj.operation || obj.type,
modification: obj.modification
}))
} else {
// Normalize the modification object
Object.keys(obj.modification).forEach(function (k) {
const mod = {}
mod[k] = obj.modification[k]
changes.push(new Change({
operation: obj.operation || obj.type,
modification: mod
}))
})
}
}
if (Change.isChange(change)) {
changes.push(change)
} else if (Array.isArray(change)) {
change.forEach(function (c) {
if (Change.isChange(c)) {
changes.push(c)
} else {
changeFromObject(c)
}
})
} else {
changeFromObject(change)
}
if (typeof (controls) === 'function') {
callback = controls
controls = []
} else {
controls = validateControls(controls)
}
assert.func(callback, 'callback')
const req = new ModifyRequest({
object: ensureDN(name),
changes: changes,
controls: controls
})
return this._send(req, [errors.LDAP_SUCCESS], null, callback)
}
/**
* Performs an LDAP modifyDN against the server.
*
* This does not allow you to keep the old DN, as while the LDAP protocol
* has a facility for that, it's stupid. Just Search/Add.
*
* This will automatically deal with "new superior" logic.
*
* @param {String} name the DN of the entry to modify.
* @param {String} newName the new DN to move this entry to.
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.modifyDN = function modifyDN (name,
newName,
controls,
callback) {
assert.ok(name !== undefined, 'name')
assert.string(newName, 'newName')
if (typeof (controls) === 'function') {
callback = controls
controls = []
} else {
controls = validateControls(controls)
}
assert.func(callback)
const newDN = DN.fromString(newName)
const req = new ModifyDNRequest({
entry: DN.fromString(name),
deleteOldRdn: true,
controls: controls
})
if (newDN.length !== 1) {
req.newRdn = DN.fromString(newDN.shift().toString())
req.newSuperior = newDN
} else {
req.newRdn = newDN
}
return this._send(req, [errors.LDAP_SUCCESS], null, callback)
}
/**
* Performs an LDAP search against the server.
*
* Note that the defaults for options are a 'base' search, if that's what
* you want you can just pass in a string for options and it will be treated
* as the search filter. Also, you can either pass in programatic Filter
* objects or a filter string as the filter option.
*
* Note that this method is 'special' in that the callback 'res' param will
* have two important events on it, namely 'entry' and 'end' that you can hook
* to. The former will emit a SearchEntry object for each record that comes
* back, and the latter will emit a normal LDAPResult object.
*
* @param {String} base the DN in the tree to start searching at.
* @param {Object} options parameters:
* - {String} scope default of 'base'.
* - {String} filter default of '(objectclass=*)'.
* - {Array} attributes [string] to return.
* - {Boolean} attrsOnly whether to return values.
* @param {Control} controls (optional) either a Control or [Control].
* @param {Function} callback of the form f(err, res).
* @throws {TypeError} on invalid input.
*/
Client.prototype.search = function search (base,
options,
controls,
callback,
_bypass) {
assert.ok(base !== undefined, 'search base')
if (Array.isArray(options) || (options instanceof Control)) {
controls = options
options = {}
} else if (typeof (options) === 'function') {
callback = options
controls = []
options = {
filter: new PresenceFilter({ attribute: 'objectclass' })
}
} else if (typeof (options) === 'string') {
options = { filter: filters.parseString(options) }
} else if (typeof (options) !== 'object') {
throw new TypeError('options (object) required')
}
if (typeof (options.filter) === 'string') {
options.filter = filters.parseString(options.filter)
} else if (!options.filter) {
options.filter = new PresenceFilter({ attribute: 'objectclass' })
} else if (Object.prototype.toString.call(options.filter) !== '[object FilterString]') {
throw new TypeError('options.filter (Filter) required')
}
if (typeof (controls) === 'function') {
callback = controls
controls = []
} else {
controls = validateControls(controls)
}
assert.func(callback, 'callback')
if (options.attributes) {
if (!Array.isArray(options.attributes)) {
if (typeof (options.attributes) === 'string') {
options.attributes = [options.attributes]
} else {
throw new TypeError('options.attributes must be an Array of Strings')
}
}
}
const self = this
const baseDN = ensureDN(base)
function sendRequest (ctrls, emitter, cb) {
const req = new SearchRequest({
baseObject: baseDN,
scope: options.scope || 'base',
filter: options.filter,
derefAliases: options.derefAliases || Protocol.search.NEVER_DEREF_ALIASES,
sizeLimit: options.sizeLimit || 0,
timeLimit: options.timeLimit || 10,
typesOnly: options.typesOnly || false,
attributes: options.attributes || [],
controls: ctrls
})
return self._send(req,
[errors.LDAP_SUCCESS],
emitter,
cb,
_bypass)
}
if (options.paged) {
// Perform automated search paging
const pageOpts = typeof (options.paged) === 'object' ? options.paged : {}
let size = 100 // Default page size
if (pageOpts.pageSize > 0) {
size = pageOpts.pageSize
} else if (options.sizeLimit > 1) {
// According to the RFC, servers should ignore the paging control if
// pageSize >= sizelimit. Some might still send results, but it's safer
// to stay under that figure when assigning a default value.
size = options.sizeLimit - 1
}
const pager = new SearchPager({
callback: callback,
controls: controls,
pageSize: size,
pagePause: pageOpts.pagePause,
sendRequest: sendRequest
})
pager.begin()
} else {
sendRequest(controls, new CorkedEmitter(), callback)
}
}
/**
* Unbinds this client from the LDAP server.
*
* Note that unbind does not have a response, so this callback is actually
* optional; either way, the client is disconnected.
*
* @param {Function} callback of the form f(err).
* @throws {TypeError} if you pass in callback as not a function.
*/
Client.prototype.unbind = function unbind (callback) {
if (!callback) { callback = function () {} }
if (typeof (callback) !== 'function') { throw new TypeError('callback must be a function') }
// When the socket closes, it is useful to know whether it was due to a
// user-initiated unbind or something else.
this.unbound = true
if (!this._socket) { return callback() }
const req = new UnbindRequest()
return this._send(req, 'unbind', null, callback)
}
/**
* Attempt to secure connection with StartTLS.
*/
Client.prototype.starttls = function starttls (options,
controls,
callback,
_bypass) {
assert.optionalObject(options)
options = options || {}
callback = once(callback)
const self = this
if (this._starttls) {
return callback(new Error('STARTTLS already in progress or active'))
}
function onSend (sendErr, emitter) {
if (sendErr) {
callback(sendErr)
return
}
/*
* Now that the request has been sent, block all outgoing messages
* until an error is received or we successfully complete the setup.
*/
// TODO: block traffic
self._starttls = {
started: true
}
emitter.on('error', function (err) {
self._starttls = null
callback(err)
})
emitter.on('end', function (_res) {
const sock = self._socket
/*
* Unplumb socket data during SSL negotiation.
* This will prevent the LDAP parser from stumbling over the TLS
* handshake and raising a ruckus.
*/
sock.removeAllListeners('data')
options.socket = sock
const secure = tls.connect(options)
secure.once('secureConnect', function () {
/*
* Wire up 'data' and 'error' handlers like the normal socket.
* Handling 'end' events isn't necessary since the underlying socket
* will handle those.
*/
secure.removeAllListeners('error')
secure.on('data', function onData (data) {
self.log.trace('data event: %s', util.inspect(data))
self._tracker.parser.write(data)
})
secure.on('error', function (err) {
self.log.trace({ err: err }, 'error event: %s', new Error().stack)
self.emit('error', err)
sock.destroy()
})
callback(null)
})
secure.once('error', function (err) {
// If the SSL negotiation failed, to back to plain mode.
self._starttls = null
secure.removeAllListeners()
callback(err)
})
self._starttls.success = true
self._socket = secure
})
}
const req = new ExtendedRequest({
requestName: '1.3.6.1.4.1.1466.20037',
requestValue: null,
controls: controls
})
return this._send(req,
[errors.LDAP_SUCCESS],
new EventEmitter(),
onSend,
_bypass)
}
/**
* Disconnect from the LDAP server and do not allow reconnection.
*
* If the client is instantiated with proper reconnection options, it's
* possible to initiate new requests after a call to unbind since the client
* will attempt to reconnect in order to fulfill the request.
*
* Calling destroy will prevent any further reconnection from occurring.
*
* @param {Object} err (Optional) error that was cause of client destruction
*/
Client.prototype.destroy = function destroy (err) {
this.destroyed = true
this.queue.freeze()
// Purge any queued requests which are now meaningless
this.queue.flush(function (msg, expect, emitter, cb) {
if (typeof (cb) === 'function') {
cb(new Error('client destroyed'))
}
})
if (this.connected) {
this.unbind()
}
if (this._socket) {
this._socket.destroy()
}
this.emit('destroy', err)
}
/**
* Initiate LDAP connection.
*/
Client.prototype.connect = function connect () {
if (this.connecting || this.connected) {
return
}
const self = this
const log = this.log
let socket
let tracker
// Establish basic socket connection
function connectSocket (cb) {
const server = self.urls[self._nextServer]
self._nextServer = (self._nextServer + 1) % self.urls.length
cb = once(cb)
function onResult (err, res) {
if (err) {
if (self.connectTimer) {
clearTimeout(self.connectTimer)
self.connectTimer = null
}
self.emit('connectError', err)
}
cb(err, res)
}
function onConnect () {
if (self.connectTimer) {
clearTimeout(self.connectTimer)
self.connectTimer = null
}
socket.removeAllListeners('error')
.removeAllListeners('connect')
.removeAllListeners('secureConnect')
tracker.id = nextClientId() + '__' + tracker.id
self.log = self.log.child({ ldap_id: tracker.id }, true)
// Move on to client setup
setupClient(cb)
}
const port = (server && server.port) || self.socketPath
const host = server && server.hostname
if (server && server.secure) {
socket = tls.connect(port, host, self.tlsOptions)
socket.once('secureConnect', onConnect)
} else {
socket = net.connect(port, host)
socket.once('connect', onConnect)
}
socket.once('error', onResult)
initSocket(server)
// Setup connection timeout handling, if desired
if (self.connectTimeout) {
self.connectTimer = setTimeout(function onConnectTimeout () {
if (!socket || !socket.readable || !socket.writeable) {
socket.destroy()
self._socket = null
onResult(new ConnectionError('connection timeout'))
}
}, self.connectTimeout)
}
}
// Initialize socket events and LDAP parser.
function initSocket (server) {
tracker = messageTrackerFactory({
id: server ? server.href : self.socketPath,
parser: new Parser({ log: log })
})
// This won't be set on TLS. So. Very. Annoying.
if (typeof (socket.setKeepAlive) !== 'function') {
socket.setKeepAlive = function setKeepAlive (enable, delay) {
return socket.socket
? socket.socket.setKeepAlive(enable, delay)
: false
}
}
socket.on('data', function onData (data) {
log.trace('data event: %s', util.inspect(data))
tracker.parser.write(data)
})
// The "router"
//
// This is invoked after the incoming BER has been parsed into a JavaScript
// object.
tracker.parser.on('message', function onMessage (message) {
message.connection = self._socket
const { message: trackedMessage, callback } = tracker.fetch(message.messageId)
if (!callback) {
log.error({ message: message.pojo }, 'unsolicited message')
return false
}
// Some message types have narrower implementations and require extra
// parsing to be complete. In particular, ExtensionRequest messages will
// return responses that do not identify the request that generated them.
// Therefore, we have to match the response to the request and handle
// the extra processing accordingly.
switch (trackedMessage.type) {
case 'ExtensionRequest': {
const extensionType = ExtendedRequest.recognizedOIDs().lookupName(trackedMessage.requestName)
switch (extensionType) {
case 'PASSWORD_MODIFY': {
message = messages.PasswordModifyResponse.fromResponse(message)
break
}
case 'WHO_AM_I': {
message = messages.WhoAmIResponse.fromResponse(message)
break
}
default:
}
break
}
default:
}
return callback(message)
})
tracker.parser.on('error', function onParseError (err) {
self.emit('error', new VError(err, 'Parser error for %s',
tracker.id))
self.connected = false
socket.end()
})
}
// After connect, register socket event handlers and run any setup actions
function setupClient (cb) {
cb = once(cb)
// Indicate failure if anything goes awry during setup
function bail (err) {
socket.destroy()
cb(err || new Error('client error during setup'))
}
// Work around lack of close event on tls.socket in node < 0.11
((socket.socket) ? socket.socket : socket).once('close', bail)
socket.once('error', bail)
socket.once('end', bail)
socket.once('timeout', bail)
socket.once('cleanupSetupListeners', function onCleanup () {
socket.removeListener('error', bail)
.removeListener('close', bail)
.removeListener('end', bail)
.removeListener('timeout', bail)
})
self._socket = socket
self._tracker = tracker
// Run any requested setup (such as automatically performing a bind) on
// socket before signalling successful connection.
// This setup needs to bypass the request queue since all other activity is
// blocked until the connection is considered fully established post-setup.
// Only allow bind/search/starttls for now.
const basicClient = {
bind: function bindBypass (name, credentials, controls, callback) {
return self.bind(name, credentials, controls, callback, true)
},
search: function searchBypass (base, options, controls, callback) {
return self.search(base, options, controls, callback, true)
},
starttls: function starttlsBypass (options, controls, callback) {
return self.starttls(options, controls, callback, true)
},
unbind: self.unbind.bind(self)
}
vasync.forEachPipeline({
func: function (f, callback) {
f(basicClient, callback)
},
inputs: self.listeners('setup')
}, function (err, _res) {
if (err) {
self.emit('setupError', err)
}
cb(err)
})
}
// Wire up "official" event handlers after successful connect/setup
function postSetup () {
// cleanup the listeners we attached in setup phrase.
socket.emit('cleanupSetupListeners');
// Work around lack of close event on tls.socket in node < 0.11
((socket.socket) ? socket.socket : socket).once('close',
self._onClose.bind(self))
socket.on('end', function onEnd () {
log.trace('end event')
self.emit('end')
socket.end()
})
socket.on('error', function onSocketError (err) {
log.trace({ err: err }, 'error event: %s', new Error().stack)
self.emit('error', err)
socket.destroy()
})
socket.on('timeout', function onTimeout () {
log.trace('timeout event')
self.emit('socketTimeout')
socket.end()
})
const server = self.urls[self._nextServer]
if (server) {
self.host = server.hostname
self.port = server.port
self.secure = server.secure
}
}
let retry
let failAfter
if (this.reconnect) {
retry = backoff.exponential({
initialDelay: this.reconnect.initialDelay,
maxDelay: this.reconnect.maxDelay
})
failAfter = this.reconnect.failAfter
if (this.urls.length > 1 && failAfter) {
failAfter *= this.urls.length
}
} else {
retry = backoff.exponential({
initialDelay: 1,
maxDelay: 2
})
failAfter = this.urls.length || 1
}
retry.failAfter(failAfter)
retry.on('ready', function (num, _delay) {
if (self.destroyed) {
// Cease connection attempts if destroyed
return
}
connectSocket(function (err) {
if (!err) {
postSetup()
self.connecting = false
self.connected = true
self.emit('connect', socket)
self.log.debug('connected after %d attempt(s)', num + 1)
// Flush any queued requests
self._flushQueue()
self._connectRetry = null
} else {
retry.backoff(err)
}
})
})
retry.on('fail', function (err) {
if (self.destroyed) {
// Silence any connect/setup errors if destroyed
return
}
self.log.debug('failed to connect after %d attempts', failAfter)
// Communicate the last-encountered error
if (err instanceof ConnectionError) {
self.emitError('connectTimeout', err)
} else if (err.code === 'ECONNREFUSED') {
self.emitError('connectRefused', err)
} else {
self.emit('error', err)
}
})
this._connectRetry = retry
this.connecting = true
retry.backoff()
}
/// --- Private API
/**
* Flush queued requests out to the socket.
*/
Client.prototype._flushQueue = function _flushQueue () {
// Pull items we're about to process out of the queue.
this.queue.flush(this._send.bind(this))
}
/**
* Clean up socket/parser resources after socket close.
*/
Client.prototype._onClose = function _onClose (closeError) {
const socket = this._socket
const tracker = this._tracker
socket.removeAllListeners('connect')
.removeAllListeners('data')
.removeAllListeners('drain')
.removeAllListeners('end')
.removeAllListeners('error')
.removeAllListeners('timeout')
this._socket = null
this.connected = false;
((socket.socket) ? socket.socket : socket).removeAllListeners('close')
this.log.trace('close event had_err=%s', closeError ? 'yes' : 'no')
this.emit('close', closeError)
// On close we have to walk the outstanding messages and go invoke their
// callback with an error.
tracker.purge(function (msgid, cb) {
if (socket.unbindMessageID !== msgid) {
return cb(new ConnectionError(tracker.id + ' closed'))
} else {
// Unbinds will be communicated as a success since we're closed
// TODO: we are faking this "UnbindResponse" object in order to make
// tests pass. There is no such thing as an "unbind response" in the LDAP
// protocol. When the client is revamped, this logic should be removed.
// ~ jsumners 2023-02-16
const Unbind = class extends LDAPResult {
messageID = msgid
messageId = msgid
status = 'unbind'
}
const unbind = new Unbind()
return cb(unbind)
}
})
// Trash any parser or starttls state
this._tracker = null
delete this._starttls
// Automatically fire reconnect logic if the socket was closed for any reason
// other than a user-initiated unbind.
if (this.reconnect && !this.unbound) {
this.connect()
}
this.unbound = false
return false
}
/**
* Maintain idle timer for client.
*
* Will start timer to fire 'idle' event if conditions are satisfied. If
* conditions are not met and a timer is running, it will be cleared.
*
* @param {Boolean} override explicitly disable timer.
*/
Client.prototype._updateIdle = function _updateIdle (override) {
if (this.idleTimeout === 0) {
return
}
// Client must be connected but not waiting on any request data
const self = this
function isIdle (disable) {
return ((disable !== true) &&
(self._socket && self.connected) &&
(self._tracker.pending === 0))
}
if (isIdle(override)) {
if (!this._idleTimer) {
this._idleTimer = setTimeout(function () {
// Double-check idleness in case socket was torn down
if (isIdle()) {
self.emit('idle')
}
}, this.idleTimeout)
}
} else {
if (this._idleTimer) {
clearTimeout(this._idleTimer)
this._idleTimer = null
}
}
}
/**
* Attempt to send an LDAP request.
*/
Client.prototype._send = function _send (message,
expect,
emitter,
callback,
_bypass) {
assert.ok(message)
assert.ok(expect)
assert.optionalObject(emitter)
assert.ok(callback)
// Allow connect setup traffic to bypass checks
if (_bypass && this._socket && this._socket.writable) {
return this._sendSocket(message, expect, emitter, callback)
}
if (!this._socket || !this.connected) {
if (!this.queue.enqueue(message, expect, emitter, callback)) {
callback(new ConnectionError('connection unavailable'))
}
// Initiate reconnect if needed
if (this.reconnect) {
this.connect()
}
return false
} else {
this._flushQueue()
return this._sendSocket(message, expect, emitter, callback)
}
}
Client.prototype._sendSocket = function _sendSocket (message,
expect,
emitter,
callback) {
const conn = this._socket
const tracker = this._tracker
const log = this.log
const self = this
let timer = false
let sentEmitter = false
function sendResult (event, obj) {
if (event === 'error') {
self.emit('resultError', obj)
}
if (emitter) {
if (event === 'error') {
// Error will go unhandled if emitter hasn't been sent via callback.
// Execute callback with the error instead.
if (!sentEmitter) { return callback(obj) }
}
return emitter.emit(event, obj)
}
if (event === 'error') { return callback(obj) }
return callback(null, obj)
}
function messageCallback (msg) {
if (timer) { clearTimeout(timer) }
log.trace({ msg: msg ? msg.pojo : null }, 'response received')
if (expect === 'abandon') { return sendResult('end', null) }
if (msg instanceof SearchEntry || msg instanceof SearchReference) {
let event = msg.constructor.name
// Generate the event name for the event emitter, i.e. "searchEntry"
// and "searchReference".
event = (event[0].toLowerCase() + event.slice(1)).replaceAll('Result', '')
return sendResult(event, msg)
} else {
tracker.remove(message.messageId)
// Potentially mark client as idle
self._updateIdle()
if (msg instanceof LDAPResult) {
if (msg.status !== 0 && expect.indexOf(msg.status) === -1) {
return sendResult('error', errors.getError(msg))
}
return sendResult('end', msg)
} else if (msg instanceof Error) {
return sendResult('error', msg)
} else {
return sendResult('error', new errors.ProtocolError(msg.type))
}
}
}
function onRequestTimeout () {
self.emit('timeout', message)
const { callback: cb } = tracker.fetch(message.messageId)
if (cb) {
// FIXME: the timed-out request should be abandoned
cb(new errors.TimeoutError('request timeout (client interrupt)'))
}
}
function writeCallback () {
if (expect === 'abandon') {
// Mark the messageId specified as abandoned
tracker.abandon(message.abandonId)
// No need to track the abandon request itself
tracker.remove(message.id)
return callback(null)
} else if (expect === 'unbind') {
conn.unbindMessageID = message.id
// Mark client as disconnected once unbind clears the socket
self.connected = false
// Some servers will RST the connection after receiving an unbind.
// Socket errors are blackholed since the connection is being closed.
conn.removeAllListeners('error')
conn.on('error', function () {})
conn.end()
} else if (emitter) {
sentEmitter = true
callback(null, emitter)
emitter.emit('searchRequest', message)
return
}
return false
}
// Start actually doing something...
tracker.track(message, messageCallback)
// Mark client as active
this._updateIdle(true)
if (self.timeout) {
log.trace('Setting timeout to %d', self.timeout)
timer = setTimeout(onRequestTimeout, self.timeout)
}
log.trace('sending request %j', message.pojo)
try {
const messageBer = message.toBer()
return conn.write(messageBer.buffer, writeCallback)
} catch (e) {
if (timer) { clearTimeout(timer) }
log.trace({ err: e }, 'Error writing message to socket')
return callback(e)
}
}
Client.prototype.emitError = function emitError (event, err) {
if (event !== 'error' && err && this.listenerCount(event) === 0) {
if (typeof err === 'string') {
err = event + ': ' + err
} else if (err.message) {
err.message = event + ': ' + err.message
}
this.emit('error', err)
}
this.emit(event, err)
}