From 2b076ca79d523c23541aca31639deff61814847a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 9 Apr 2024 07:14:59 +0000 Subject: [PATCH] build(deps): bump github.com/go-ldap/ldap/v3 from 3.4.6 to 3.4.7 Bumps [github.com/go-ldap/ldap/v3](https://github.com/go-ldap/ldap) from 3.4.6 to 3.4.7. - [Release notes](https://github.com/go-ldap/ldap/releases) - [Commits](https://github.com/go-ldap/ldap/compare/v3.4.6...v3.4.7) --- updated-dependencies: - dependency-name: github.com/go-ldap/ldap/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 33 +- vendor/github.com/go-ldap/ldap/v3/conn.go | 16 +- vendor/github.com/go-ldap/ldap/v3/control.go | 2 +- vendor/github.com/go-ldap/ldap/v3/dn.go | 410 +++++++++++------- vendor/github.com/go-ldap/ldap/v3/error.go | 5 +- vendor/github.com/go-ldap/ldap/v3/ldap.go | 7 +- vendor/github.com/go-ldap/ldap/v3/response.go | 5 +- vendor/github.com/go-ldap/ldap/v3/search.go | 27 +- vendor/modules.txt | 2 +- 10 files changed, 337 insertions(+), 172 deletions(-) diff --git a/go.mod b/go.mod index 25eddb7ad6..c1f913b1a4 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/go-chi/chi/v5 v5.0.12 github.com/go-chi/cors v1.2.1 github.com/go-chi/render v1.0.3 - github.com/go-ldap/ldap/v3 v3.4.6 + github.com/go-ldap/ldap/v3 v3.4.7 github.com/go-ldap/ldif v0.0.0-20200320164324-fd88d9b715b3 github.com/go-micro/plugins/v4/client/grpc v1.2.1 github.com/go-micro/plugins/v4/logger/zerolog v1.2.0 diff --git a/go.sum b/go.sum index ab7d9b4790..47471bd8d3 100644 --- a/go.sum +++ b/go.sum @@ -842,8 +842,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= -github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74 h1:Kk6a4nehpJ3UuJRqlA3JxYxBZEqCeOmATOvrbT4p9RA= -github.com/alexbrainman/sspi v0.0.0-20210105120005-909beea2cc74/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= +github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI= +github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/alexedwards/argon2id v1.0.0 h1:wJzDx66hqWX7siL/SRUmgz3F8YMrd/nfX/xHHcQQP0w= github.com/alexedwards/argon2id v1.0.0/go.mod h1:tYKkqIjzXvZdzPvADMWOEZ+l6+BD6CtBXMj5fnJppiw= github.com/aliyun/alibaba-cloud-sdk-go v1.61.976/go.mod h1:pUKYbK5JQ+1Dfxk80P0qxGqe5dkxDoabbZS7zOcouyA= @@ -1179,8 +1179,8 @@ github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBj github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= github.com/go-ldap/ldap/v3 v3.1.7/go.mod h1:5Zun81jBTabRaI8lzN7E1JjyEl1g6zI6u9pd8luAK4Q= -github.com/go-ldap/ldap/v3 v3.4.6 h1:ert95MdbiG7aWo/oPYp9btL3KJlMPKnP58r09rI8T+A= -github.com/go-ldap/ldap/v3 v3.4.6/go.mod h1:IGMQANNtxpsOzj7uUAMjpGBaOVTC4DYyIy8VsTdxmtc= +github.com/go-ldap/ldap/v3 v3.4.7 h1:3Hbd7mIB1qjd3Ra59fI3JYea/t5kykFu2CVHBca9koE= +github.com/go-ldap/ldap/v3 v3.4.7/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk= github.com/go-ldap/ldif v0.0.0-20200320164324-fd88d9b715b3 h1:sfz1YppV05y4sYaW7kXZtrocU/+vimnIWt4cxAYh7+o= github.com/go-ldap/ldif v0.0.0-20200320164324-fd88d9b715b3/go.mod h1:ZXFhGda43Z2TVbfGZefXyMJzsDHhCh0go3bZUcwTx7o= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= @@ -1403,7 +1403,6 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= @@ -1451,6 +1450,8 @@ github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY= github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ= github.com/gorilla/schema v1.2.0 h1:YufUaxZYCKGFuAq3c96BOhjgd5nmXiOY9NGzF247Tsc= github.com/gorilla/schema v1.2.0/go.mod h1:kgLaKoK1FELgZqMAVxx/5cbj0kT+57qxUrAlIO2eleU= +github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= +github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI= @@ -1543,6 +1544,18 @@ github.com/infobloxopen/infoblox-go-client v1.1.1/go.mod h1:BXiw7S2b9qJoM8MS40vf github.com/jarcoal/httpmock v1.0.6/go.mod h1:ATjnClrvW/3tijVmpL/va5Z3aAyGvqU3gCT8nX0Txik= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= +github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= +github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= +github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= +github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= +github.com/jcmturner/gofork v1.7.6 h1:QH0l3hzAU1tfT3rZCnW5zXl+orbkNMMRGJfdJjHVETg= +github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo= +github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o= +github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= +github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh687T8= +github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs= +github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY= +github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/jellydator/ttlcache/v2 v2.11.1 h1:AZGME43Eh2Vv3giG6GeqeLeFXxwxn1/qHItqWZl6U64= github.com/jellydator/ttlcache/v2 v2.11.1/go.mod h1:RtE5Snf0/57e+2cLWFYWCCsLas2Hy3c5Z4n14XmSvTI= github.com/jellydator/ttlcache/v3 v3.2.0 h1:6lqVJ8X3ZaUwvzENqPAobDsXNExfUJd61u++uW8a3LE= @@ -2161,13 +2174,14 @@ golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= -golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -2312,6 +2326,8 @@ golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -2494,6 +2510,8 @@ golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw= @@ -2510,8 +2528,9 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= -golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= diff --git a/vendor/github.com/go-ldap/ldap/v3/conn.go b/vendor/github.com/go-ldap/ldap/v3/conn.go index 6d08362145..a0df79b112 100644 --- a/vendor/github.com/go-ldap/ldap/v3/conn.go +++ b/vendor/github.com/go-ldap/ldap/v3/conn.go @@ -143,7 +143,8 @@ func DialWithTLSConfig(tc *tls.Config) DialOpt { // DialWithTLSDialer is a wrapper for DialWithTLSConfig with the option to // specify a net.Dialer to for example define a timeout or a custom resolver. -// @deprecated Use DialWithDialer and DialWithTLSConfig instead +// +// Deprecated: Use DialWithDialer and DialWithTLSConfig instead func DialWithTLSDialer(tlsConfig *tls.Config, dialer *net.Dialer) DialOpt { return func(dc *DialContext) { dc.tlsConfig = tlsConfig @@ -195,7 +196,8 @@ func (dc *DialContext) dial(u *url.URL) (net.Conn, error) { // Dial connects to the given address on the given network using net.Dial // and then returns a new Conn for the connection. -// @deprecated Use DialURL instead. +// +// Deprecated: Use DialURL instead. func Dial(network, addr string) (*Conn, error) { c, err := net.DialTimeout(network, addr, DefaultTimeout) if err != nil { @@ -208,7 +210,8 @@ func Dial(network, addr string) (*Conn, error) { // DialTLS connects to the given address on the given network using tls.Dial // and then returns a new Conn for the connection. -// @deprecated Use DialURL instead. +// +// Deprecated: Use DialURL instead. func DialTLS(network, addr string, config *tls.Config) (*Conn, error) { c, err := tls.DialWithDialer(&net.Dialer{Timeout: DefaultTimeout}, network, addr, config) if err != nil { @@ -262,7 +265,12 @@ func NewConn(conn net.Conn, isTLS bool) *Conn { return l } -// Start initializes goroutines to read responses and process messages +// Start initialises goroutines to read replies and process messages. +// +// Deprecated: It is usually not necessary to call this function +// manually. It is public for compatibility reasons and may +// cause a race condition when processing messages. +// See: https://github.com/go-ldap/ldap/issues/356 func (l *Conn) Start() { go l.reader() go l.processMessages() diff --git a/vendor/github.com/go-ldap/ldap/v3/control.go b/vendor/github.com/go-ldap/ldap/v3/control.go index 60453deb13..ab75c34239 100644 --- a/vendor/github.com/go-ldap/ldap/v3/control.go +++ b/vendor/github.com/go-ldap/ldap/v3/control.go @@ -635,7 +635,7 @@ type ControlDirSync struct { Cookie []byte } -// @deprecated Use NewRequestControlDirSync instead +// Deprecated: Use NewRequestControlDirSync instead func NewControlDirSync(flags int64, maxAttrCount int64, cookie []byte) *ControlDirSync { return NewRequestControlDirSync(flags, maxAttrCount, cookie) } diff --git a/vendor/github.com/go-ldap/ldap/v3/dn.go b/vendor/github.com/go-ldap/ldap/v3/dn.go index 6b485308c6..6520b8ea90 100644 --- a/vendor/github.com/go-ldap/ldap/v3/dn.go +++ b/vendor/github.com/go-ldap/ldap/v3/dn.go @@ -1,14 +1,14 @@ package ldap import ( - "bytes" - enchex "encoding/hex" + "encoding/hex" "errors" "fmt" + ber "github.com/go-asn1-ber/asn1-ber" "sort" "strings" - - ber "github.com/go-asn1-ber/asn1-ber" + "unicode" + "unicode/utf8" ) // AttributeTypeAndValue represents an attributeTypeAndValue from https://tools.ietf.org/html/rfc4514 @@ -19,62 +19,45 @@ type AttributeTypeAndValue struct { Value string } -// String returns a normalized string representation of this attribute type and -// value pair which is the a lowercased join of the Type and Value with a "=". -func (a *AttributeTypeAndValue) String() string { - return strings.ToLower(a.Type) + "=" + a.encodeValue() +func (a *AttributeTypeAndValue) setType(str string) error { + result, err := decodeString(str) + if err != nil { + return err + } + a.Type = result + + return nil } -func (a *AttributeTypeAndValue) encodeValue() string { - // Normalize the value first. - // value := strings.ToLower(a.Value) - value := a.Value +func (a *AttributeTypeAndValue) setValue(s string) error { + // https://www.ietf.org/rfc/rfc4514.html#section-2.4 + // If the AttributeType is of the dotted-decimal form, the + // AttributeValue is represented by an number sign ('#' U+0023) + // character followed by the hexadecimal encoding of each of the octets + // of the BER encoding of the X.500 AttributeValue. + if len(s) > 0 && s[0] == '#' { + decodedString, err := decodeEncodedString(s[1:]) + if err != nil { + return err + } - encodedBuf := bytes.Buffer{} + a.Value = decodedString + return nil + } else { + decodedString, err := decodeString(s) + if err != nil { + return err + } - escapeChar := func(c byte) { - encodedBuf.WriteByte('\\') - encodedBuf.WriteByte(c) + a.Value = decodedString + return nil } +} - escapeHex := func(c byte) { - encodedBuf.WriteByte('\\') - encodedBuf.WriteString(enchex.EncodeToString([]byte{c})) - } - - for i := 0; i < len(value); i++ { - char := value[i] - if i == 0 && char == ' ' || char == '#' { - // Special case leading space or number sign. - escapeChar(char) - continue - } - if i == len(value)-1 && char == ' ' { - // Special case trailing space. - escapeChar(char) - continue - } - - switch char { - case '"', '+', ',', ';', '<', '>', '\\': - // Each of these special characters must be escaped. - escapeChar(char) - continue - } - - if char < ' ' || char > '~' { - // All special character escapes are handled first - // above. All bytes less than ASCII SPACE and all bytes - // greater than ASCII TILDE must be hex-escaped. - escapeHex(char) - continue - } - - // Any other character does not require escaping. - encodedBuf.WriteByte(char) - } - - return encodedBuf.String() +// String returns a normalized string representation of this attribute type and +// value pair which is the lowercase join of the Type and Value with a "=". +func (a *AttributeTypeAndValue) String() string { + return encodeString(foldString(a.Type), false) + "=" + encodeString(a.Value, true) } // RelativeDN represents a relativeDistinguishedName from https://tools.ietf.org/html/rfc4514 @@ -108,114 +91,218 @@ func (d *DN) String() string { return strings.Join(rdns, ",") } +func stripLeadingAndTrailingSpaces(inVal string) string { + noSpaces := strings.Trim(inVal, " ") + + // Re-add the trailing space if it was an escaped space + if len(noSpaces) > 0 && noSpaces[len(noSpaces)-1] == '\\' && inVal[len(inVal)-1] == ' ' { + noSpaces = noSpaces + " " + } + + return noSpaces +} + +// Remove leading and trailing spaces from the attribute type and value +// and unescape any escaped characters in these fields +// +// decodeString is based on https://github.com/inteon/cert-manager/blob/ed280d28cd02b262c5db46054d88e70ab518299c/pkg/util/pki/internal/dn.go#L170 +func decodeString(str string) (string, error) { + s := []rune(stripLeadingAndTrailingSpaces(str)) + + builder := strings.Builder{} + for i := 0; i < len(s); i++ { + char := s[i] + + // If the character is not an escape character, just add it to the + // builder and continue + if char != '\\' { + builder.WriteRune(char) + continue + } + + // If the escape character is the last character, it's a corrupted + // escaped character + if i+1 >= len(s) { + return "", fmt.Errorf("got corrupted escaped character: '%s'", string(s)) + } + + // If the escaped character is a special character, just add it to + // the builder and continue + switch s[i+1] { + case ' ', '"', '#', '+', ',', ';', '<', '=', '>', '\\': + builder.WriteRune(s[i+1]) + i++ + continue + } + + // If the escaped character is not a special character, it should + // be a hex-encoded character of the form \XX if it's not at least + // two characters long, it's a corrupted escaped character + if i+2 >= len(s) { + return "", errors.New("failed to decode escaped character: encoding/hex: invalid byte: " + string(s[i+1])) + } + + // Get the runes for the two characters after the escape character + // and convert them to a byte slice + xx := []byte(string(s[i+1 : i+3])) + + // If the two runes are not hex characters and result in more than + // two bytes when converted to a byte slice, it's a corrupted + // escaped character + if len(xx) != 2 { + return "", errors.New("failed to decode escaped character: invalid byte: " + string(xx)) + } + + // Decode the hex-encoded character and add it to the builder + dst := []byte{0} + if n, err := hex.Decode(dst, xx); err != nil { + return "", errors.New("failed to decode escaped character: " + err.Error()) + } else if n != 1 { + return "", fmt.Errorf("failed to decode escaped character: encoding/hex: expected 1 byte when un-escaping, got %d", n) + } + + builder.WriteByte(dst[0]) + i += 2 + } + + return builder.String(), nil +} + +// Escape a string according to RFC 4514 +func encodeString(value string, isValue bool) string { + builder := strings.Builder{} + + escapeChar := func(c byte) { + builder.WriteByte('\\') + builder.WriteByte(c) + } + + escapeHex := func(c byte) { + builder.WriteByte('\\') + builder.WriteString(hex.EncodeToString([]byte{c})) + } + + // Loop through each byte and escape as necessary. + // Runes that take up more than one byte are escaped + // byte by byte (since both bytes are non-ASCII). + for i := 0; i < len(value); i++ { + char := value[i] + if i == 0 && (char == ' ' || char == '#') { + // Special case leading space or number sign. + escapeChar(char) + continue + } + if i == len(value)-1 && char == ' ' { + // Special case trailing space. + escapeChar(char) + continue + } + + switch char { + case '"', '+', ',', ';', '<', '>', '\\': + // Each of these special characters must be escaped. + escapeChar(char) + continue + } + + if !isValue && char == '=' { + // Equal signs have to be escaped only in the type part of + // the attribute type and value pair. + escapeChar(char) + continue + } + + if char < ' ' || char > '~' { + // All special character escapes are handled first + // above. All bytes less than ASCII SPACE and all bytes + // greater than ASCII TILDE must be hex-escaped. + escapeHex(char) + continue + } + + // Any other character does not require escaping. + builder.WriteByte(char) + } + + return builder.String() +} + +func decodeEncodedString(str string) (string, error) { + decoded, err := hex.DecodeString(str) + if err != nil { + return "", fmt.Errorf("failed to decode BER encoding: %w", err) + } + + packet, err := ber.DecodePacketErr(decoded) + if err != nil { + return "", fmt.Errorf("failed to decode BER encoding: %w", err) + } + + return packet.Data.String(), nil +} + // ParseDN returns a distinguishedName or an error. // The function respects https://tools.ietf.org/html/rfc4514 func ParseDN(str string) (*DN, error) { - dn := new(DN) - dn.RDNs = make([]*RelativeDN, 0) - rdn := new(RelativeDN) - rdn.Attributes = make([]*AttributeTypeAndValue, 0) - buffer := bytes.Buffer{} - attribute := new(AttributeTypeAndValue) - escaping := false - - unescapedTrailingSpaces := 0 - stringFromBuffer := func() string { - s := buffer.String() - s = s[0 : len(s)-unescapedTrailingSpaces] - buffer.Reset() - unescapedTrailingSpaces = 0 - return s + var dn = &DN{RDNs: make([]*RelativeDN, 0)} + if strings.TrimSpace(str) == "" { + return dn, nil } + var ( + rdn = &RelativeDN{} + attr = &AttributeTypeAndValue{} + escaping bool + startPos int + appendAttributesToRDN = func(end bool) { + rdn.Attributes = append(rdn.Attributes, attr) + attr = &AttributeTypeAndValue{} + if end { + dn.RDNs = append(dn.RDNs, rdn) + rdn = &RelativeDN{} + } + } + ) + + // Loop through each character in the string and + // build up the attribute type and value pairs. + // We only check for ascii characters here, which + // allows us to iterate over the string byte by byte. for i := 0; i < len(str); i++ { char := str[i] switch { case escaping: - unescapedTrailingSpaces = 0 escaping = false - switch char { - case ' ', '"', '#', '+', ',', ';', '<', '=', '>', '\\': - buffer.WriteByte(char) - continue + case char == '\\': + escaping = true + case char == '=' && len(attr.Type) == 0: + if err := attr.setType(str[startPos:i]); err != nil { + return nil, err } - // Not a special character, assume hex encoded octet - if len(str) == i+1 { - return nil, errors.New("got corrupted escaped character") + startPos = i + 1 + case char == ',' || char == '+' || char == ';': + if len(attr.Type) == 0 { + return dn, errors.New("incomplete type, value pair") + } + if err := attr.setValue(str[startPos:i]); err != nil { + return nil, err } - dst := []byte{0} - n, err := enchex.Decode([]byte(dst), []byte(str[i:i+2])) - if err != nil { - return nil, fmt.Errorf("failed to decode escaped character: %s", err) - } else if n != 1 { - return nil, fmt.Errorf("expected 1 byte when un-escaping, got %d", n) - } - buffer.WriteByte(dst[0]) - i++ - case char == '\\': - unescapedTrailingSpaces = 0 - escaping = true - case char == '=' && attribute.Type == "": - attribute.Type = stringFromBuffer() - // Special case: If the first character in the value is # the - // following data is BER encoded so we can just fast forward - // and decode. - if len(str) > i+1 && str[i+1] == '#' { - i += 2 - index := strings.IndexAny(str[i:], ",+") - var data string - if index > 0 { - data = str[i : i+index] - } else { - data = str[i:] - } - rawBER, err := enchex.DecodeString(data) - if err != nil { - return nil, fmt.Errorf("failed to decode BER encoding: %s", err) - } - packet, err := ber.DecodePacketErr(rawBER) - if err != nil { - return nil, fmt.Errorf("failed to decode BER packet: %s", err) - } - buffer.WriteString(packet.Data.String()) - i += len(data) - 1 - } - case char == ',' || char == '+' || char == ';': - // We're done with this RDN or value, push it - if len(attribute.Type) == 0 { - return nil, errors.New("incomplete type, value pair") - } - attribute.Value = stringFromBuffer() - rdn.Attributes = append(rdn.Attributes, attribute) - attribute = new(AttributeTypeAndValue) - if char == ',' || char == ';' { - dn.RDNs = append(dn.RDNs, rdn) - rdn = new(RelativeDN) - rdn.Attributes = make([]*AttributeTypeAndValue, 0) - } - case char == ' ' && buffer.Len() == 0: - // ignore unescaped leading spaces - continue - default: - if char == ' ' { - // Track unescaped spaces in case they are trailing and we need to remove them - unescapedTrailingSpaces++ - } else { - // Reset if we see a non-space char - unescapedTrailingSpaces = 0 - } - buffer.WriteByte(char) + startPos = i + 1 + last := char == ',' || char == ';' + appendAttributesToRDN(last) } } - if buffer.Len() > 0 { - if len(attribute.Type) == 0 { - return nil, errors.New("DN ended with incomplete type, value pair") - } - attribute.Value = stringFromBuffer() - rdn.Attributes = append(rdn.Attributes, attribute) - dn.RDNs = append(dn.RDNs, rdn) + + if len(attr.Type) == 0 { + return dn, errors.New("DN ended with incomplete type, value pair") } + + if err := attr.setValue(str[startPos:]); err != nil { + return dn, err + } + appendAttributesToRDN(true) + return dn, nil } @@ -348,3 +435,34 @@ func (r *RelativeDN) hasAllAttributesFold(attrs []*AttributeTypeAndValue) bool { func (a *AttributeTypeAndValue) EqualFold(other *AttributeTypeAndValue) bool { return strings.EqualFold(a.Type, other.Type) && strings.EqualFold(a.Value, other.Value) } + +// foldString returns a folded string such that foldString(x) == foldString(y) +// is identical to bytes.EqualFold(x, y). +// based on https://go.dev/src/encoding/json/fold.go +func foldString(s string) string { + builder := strings.Builder{} + for _, char := range s { + // Handle single-byte ASCII. + if char < utf8.RuneSelf { + if 'A' <= char && char <= 'Z' { + char += 'a' - 'A' + } + builder.WriteRune(char) + continue + } + + builder.WriteRune(foldRune(char)) + } + return builder.String() +} + +// foldRune is returns the smallest rune for all runes in the same fold set. +func foldRune(r rune) rune { + for { + r2 := unicode.SimpleFold(r) + if r2 <= r { + return r + } + r = r2 + } +} diff --git a/vendor/github.com/go-ldap/ldap/v3/error.go b/vendor/github.com/go-ldap/ldap/v3/error.go index 3c2559ef70..53c6d6224a 100644 --- a/vendor/github.com/go-ldap/ldap/v3/error.go +++ b/vendor/github.com/go-ldap/ldap/v3/error.go @@ -1,6 +1,7 @@ package ldap import ( + "errors" "fmt" ber "github.com/go-asn1-ber/asn1-ber" @@ -241,8 +242,8 @@ func IsErrorAnyOf(err error, codes ...uint16) bool { return false } - serverError, ok := err.(*Error) - if !ok { + var serverError *Error + if !errors.As(err, &serverError) { return false } diff --git a/vendor/github.com/go-ldap/ldap/v3/ldap.go b/vendor/github.com/go-ldap/ldap/v3/ldap.go index 90837a7743..802a529ef2 100644 --- a/vendor/github.com/go-ldap/ldap/v3/ldap.go +++ b/vendor/github.com/go-ldap/ldap/v3/ldap.go @@ -314,8 +314,6 @@ func DebugBinaryFile(fileName string) error { return nil } -var hex = "0123456789abcdef" - func mustEscape(c byte) bool { return c > 0x7f || c == '(' || c == ')' || c == '\\' || c == '*' || c == 0 } @@ -324,6 +322,7 @@ func mustEscape(c byte) bool { // characters in the set `()*\` and those out of the range 0 < c < 0x80, // as defined in RFC4515. func EscapeFilter(filter string) string { + const hexValues = "0123456789abcdef" escape := 0 for i := 0; i < len(filter); i++ { if mustEscape(filter[i]) { @@ -338,8 +337,8 @@ func EscapeFilter(filter string) string { c := filter[i] if mustEscape(c) { buf[j+0] = '\\' - buf[j+1] = hex[c>>4] - buf[j+2] = hex[c&0xf] + buf[j+1] = hexValues[c>>4] + buf[j+2] = hexValues[c&0xf] j += 3 } else { buf[j] = c diff --git a/vendor/github.com/go-ldap/ldap/v3/response.go b/vendor/github.com/go-ldap/ldap/v3/response.go index 1abe02a37f..0eae10019b 100644 --- a/vendor/github.com/go-ldap/ldap/v3/response.go +++ b/vendor/github.com/go-ldap/ldap/v3/response.go @@ -98,13 +98,12 @@ func (r *searchResponse) start(ctx context.Context, searchRequest *SearchRequest foundSearchSingleResultDone := false for !foundSearchSingleResultDone { + r.conn.Debug.Printf("%d: waiting for response", msgCtx.id) select { case <-ctx.Done(): r.conn.Debug.Printf("%d: %s", msgCtx.id, ctx.Err().Error()) return - default: - r.conn.Debug.Printf("%d: waiting for response", msgCtx.id) - packetResponse, ok := <-msgCtx.responses + case packetResponse, ok := <-msgCtx.responses: if !ok { err := NewError(ErrorNetwork, errors.New("ldap: response channel closed")) r.ch <- &SearchSingleResult{Error: err} diff --git a/vendor/github.com/go-ldap/ldap/v3/search.go b/vendor/github.com/go-ldap/ldap/v3/search.go index 4eb10762db..b5550ba6e0 100644 --- a/vendor/github.com/go-ldap/ldap/v3/search.go +++ b/vendor/github.com/go-ldap/ldap/v3/search.go @@ -18,6 +18,9 @@ const ( ScopeBaseObject = 0 ScopeSingleLevel = 1 ScopeWholeSubtree = 2 + // ScopeChildren is an OpenLDAP extension that may not be supported by another directory server. + // See: https://github.com/openldap/openldap/blob/7c55484ee153047efd0e562fc1638c1a2525f320/include/ldap.h#L598 + ScopeChildren = 3 ) // ScopeMap contains human readable descriptions of scope choices @@ -25,6 +28,7 @@ var ScopeMap = map[int]string{ ScopeBaseObject: "Base Object", ScopeSingleLevel: "Single Level", ScopeWholeSubtree: "Whole Subtree", + ScopeChildren: "Children", } // derefAliases @@ -43,6 +47,10 @@ var DerefMap = map[int]string{ DerefAlways: "DerefAlways", } +// ErrSizeLimitExceeded will be returned if the search result is exceeding the defined SizeLimit +// and enforcing the requested limit is enabled in the search request (EnforceSizeLimit) +var ErrSizeLimitExceeded = NewError(ErrorNetwork, errors.New("ldap: size limit exceeded")) + // NewEntry returns an Entry object with the specified distinguished name and attribute key-value pairs. // The map of attributes is accessed in alphabetical order of the keys in order to ensure that, for the // same input map of attributes, the output entry will contain the same order of attributes @@ -187,8 +195,8 @@ func readTag(f reflect.StructField) (string, bool) { // Unmarshal parses the Entry in the value pointed to by i // // Currently, this methods only supports struct fields of type -// string, []string, int, int64, []byte, *DN, []*DN or time.Time. Other field types -// will not be regarded. If the field type is a string or int but multiple +// string, *string, []string, int, int64, []byte, *DN, []*DN or time.Time. +// Other field types will not be regarded. If the field type is a string or int but multiple // attribute values are returned, the first value will be used to fill the field. // // Example: @@ -279,6 +287,8 @@ func (e *Entry) Unmarshal(i interface{}) (err error) { } case string: fv.SetString(values[0]) + case *string: + fv.Set(reflect.ValueOf(&values[0])) case []byte: fv.SetBytes([]byte(values[0])) case int, int64: @@ -308,7 +318,7 @@ func (e *Entry) Unmarshal(i interface{}) (err error) { fv.Set(reflect.Append(fv, reflect.ValueOf(dn))) } default: - return fmt.Errorf("ldap: expected field to be of type string, []string, int, int64, []byte, *DN, []*DN or time.Time, got %v", ft.Type) + return fmt.Errorf("ldap: expected field to be of type string, *string, []string, int, int64, []byte, *DN, []*DN or time.Time, got %v", ft.Type) } } return @@ -411,6 +421,11 @@ type SearchRequest struct { Filter string Attributes []string Controls []Control + + // EnforceSizeLimit will hard limit the maximum number of entries parsed, in case the directory + // server returns more results than requested. This setting is disabled by default and does not + // work in async search requests. + EnforceSizeLimit bool } func (req *SearchRequest) appendTo(envelope *ber.Packet) error { @@ -558,6 +573,12 @@ func (l *Conn) Search(searchRequest *SearchRequest) (*SearchResult, error) { switch packet.Children[1].Tag { case 4: + if searchRequest.EnforceSizeLimit && + searchRequest.SizeLimit > 0 && + len(result.Entries) >= searchRequest.SizeLimit { + return result, ErrSizeLimitExceeded + } + entry := &Entry{ DN: packet.Children[1].Children[0].Value.(string), Attributes: unpackAttributes(packet.Children[1].Children[1].Children), diff --git a/vendor/modules.txt b/vendor/modules.txt index 382676e3cf..35dbe14c1c 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -904,7 +904,7 @@ github.com/go-jose/go-jose/v4/json ## explicit; go 1.17 github.com/go-kit/log github.com/go-kit/log/level -# github.com/go-ldap/ldap/v3 v3.4.6 +# github.com/go-ldap/ldap/v3 v3.4.7 ## explicit; go 1.14 github.com/go-ldap/ldap/v3 # github.com/go-ldap/ldif v0.0.0-20200320164324-fd88d9b715b3