Add new api conn_info for SSL connections to LDAP server

author: anupamasingh10 <anupamasingh31@gmail.com> 2023-02-23 11:11:06 +0100
committer: Ingela Anderton Andin <ingela@erlang.org> 2023-04-25 16:18:23 +0200
commit: b0d319a92f87ff7c1c7f384e8bfeeeae8d34d361 (patch)
tree: c7e73e05fa007c7e7de3666c019539a97bee6455
parent: 5400ccf243a31d664153a4b9ceb9de3edfce1e0e (diff)
download: erlang-b0d319a92f87ff7c1c7f384e8bfeeeae8d34d361.tar.gz
3 files changed, 107 insertions, 4 deletions
diff --git a/lib/eldap/doc/src/eldap.xml b/lib/eldap/doc/src/eldap.xml
index 4d9ec96a70..8f08514886 100644
--- a/lib/eldap/doc/src/eldap.xml
+++ b/lib/eldap/doc/src/eldap.xml
@@ -548,6 +548,32 @@ Control2 = eldap:paged_result_control(PageSize, Cookie1),
         the series.</p>
       </desc>
     </func>
+    <func>
+      <name since="@OTP-XXXX@">conn_info(Handle) -> {ok, Data} | {error, Reason}</name>
+      <fsummary>Returns all the connection information.
+      </fsummary>
+      <type>
+	<v>Handle = handle()</v>
+	<v>Data = ssl:connection_info()</v>
+      </type>
+      <desc><p>Returns the most relevant information for SSL connection to an LDAP server, ssl options 
+      that are undefined will be filtered out. Note that values that affect the security of the
+      connection will only be returned if explicitly requested by conn_info/2.</p>
+      </desc>
+    </func>
+    <func>
+      <name since="@OTP-XXXX@">conn_info(Handle, Items) -> {ok, Data} | {error, Reason}</name>
+      <fsummary>Returns the requested connection information.
+      </fsummary>
+      <type>
+	<v>Handle = handle()</v>
+	<v>Items = ssl:connection_info_items()</v>
+	<v>Data = ssl:connection_info()</v>
+      </type>
+      <desc><p>Returns the requested information items about the SSL connection to LDAP server,
+      if they are defined.</p>
+      </desc>
+    </func>
 
   </funcs>
 
diff --git a/lib/eldap/src/eldap.erl b/lib/eldap/src/eldap.erl
index 22d816c8c8..cc27a31966 100644
--- a/lib/eldap/src/eldap.erl
+++ b/lib/eldap/src/eldap.erl
@@ -30,7 +30,9 @@
 	 parse_ldap_url/1,
 	 paged_result_control/1,
 	 paged_result_control/2,
-	 paged_result_cookie/1]).
+	 paged_result_cookie/1,
+         conn_info/1,
+         conn_info/2]).
 
 -export([neverDerefAliases/0, derefInSearching/0,
          derefFindingBaseObj/0, derefAlways/0]).
@@ -155,6 +157,16 @@ controlling_process(Handle, Pid) when is_pid(Handle), is_pid(Pid)  ->
     recv(Handle).
 
 %%% --------------------------------------------------------------------
+%%% Return LDAP connection information
+%%% --------------------------------------------------------------------
+conn_info(Handle) when is_pid(Handle) ->
+    conn_info(Handle, []).
+
+conn_info(Handle, Items) when is_pid(Handle) ->
+    send(Handle, {conn_info, Items}),
+    recv(Handle).
+
+%%% --------------------------------------------------------------------
 %%% Authenticate ourselves to the Directory
 %%% using simple authentication.
 %%%
@@ -608,6 +620,17 @@ loop(Cpid, Data) ->
 	    send(From, Result),
 	    ?MODULE:loop(Cpid, Data);
 
+        {From, {conn_info, Items}} ->
+            Res =
+                case Data#eldap.ldaps of
+                    true ->
+                        get_ssl_conn_info(Data#eldap.fd, Items);
+                    false ->
+                        {error, "Not an SSL connection"} 
+                end,
+            send(From, Res),
+            ?MODULE:loop(Cpid, Data);
+
 	{Cpid, 'EXIT', Reason} ->
 	    ?PRINT("Got EXIT from Cpid, reason=~p~n",[Reason]),
 	    exit(Reason);
@@ -618,6 +641,10 @@ loop(Cpid, Data) ->
 
     end.
 
+get_ssl_conn_info(SockFd, []) ->
+    ssl:connection_information(SockFd);
+get_ssl_conn_info(SockFd, Items) ->
+    ssl:connection_information(SockFd, Items).
 
 %%% --------------------------------------------------------------------
 %%% startTLS Request
diff --git a/lib/eldap/test/eldap_basic_SUITE.erl b/lib/eldap/test/eldap_basic_SUITE.erl
index 5fa6d4ca69..1c283a1f82 100644
--- a/lib/eldap/test/eldap_basic_SUITE.erl
+++ b/lib/eldap/test/eldap_basic_SUITE.erl
@@ -46,6 +46,7 @@
          more_add/1,
          open_ret_val_error/1,
          open_ret_val_success/1,
+         plain_ldap_conn_info_error/1,
          search_filter_and/1,
          search_filter_and_not/1,
          search_filter_equalityMatch/1,
@@ -63,6 +64,8 @@
          search_extensible_match_without_dn/1,
          search_paged_results/1,
          ssl_connection/1,
+         ssl_conn_info/1,
+         ssl_conn_info_items/1,
          start_tls_on_ssl_should_fail/1,
          start_tls_twice_should_fail/1,
          tcp_connection/1,
@@ -81,8 +84,8 @@
          suite/0
         ]).
 
-%%-include_lib("common_test/include/ct.hrl").
 -include_lib("common_test/include/ct.hrl").
+-include_lib("stdlib/include/assert.hrl").
 -include_lib("eldap/include/eldap.hrl").
 -include_lib("eldap/ebin/ELDAPv3.hrl").
 
@@ -159,7 +162,10 @@ connection_tests() ->
      client_side_bind_timeout,
      client_side_add_timeout,
      client_side_search_timeout,
-     close_after_tcp_error
+     close_after_tcp_error,
+     ssl_conn_info,
+     ssl_conn_info_items,
+     plain_ldap_conn_info_error
     ].
 
 
@@ -259,7 +265,7 @@ end_per_group(start_tls_api, Config) -> clear_db(Config);
 end_per_group(_Group, Config) -> Config.
 
 
-init_per_testcase(ssl_connection, Config) ->
+init_per_testcase(TC, Config) when TC == ssl_connection; TC == ssl_conn_info; TC == ssl_conn_info_items ->
     case proplists:get_value(ssl_available,Config) of
 	true ->
 	    SSL_Port = 9999,
@@ -423,6 +429,50 @@ ssl_connection(Config) ->
     end.
 
 %%%----------------------------------------------------------------
+ssl_conn_info(Config) ->
+    Host = proplists:get_value(listen_host, Config),
+    Port = proplists:get_value(ssl_listen_port, Config),
+    Opts = proplists:get_value(tcp_connect_opts, Config),
+    SSLOpts = proplists:get_value(ssl_connect_opts, Config),
+    case eldap:open([Host], [{port,Port},
+			     {ssl,true},
+			     {timeout,5000},
+			     {sslopts,SSLOpts}|Opts]) of
+	{ok,H} ->
+            ?assertMatch({ok, _Data}, eldap:conn_info(H));
+	Other -> ct:fail("eldap:open failed: ~p",[Other])
+    end.
+
+%%%----------------------------------------------------------------
+ssl_conn_info_items(Config) ->
+    Host = proplists:get_value(listen_host, Config),
+    Port = proplists:get_value(ssl_listen_port, Config),
+    Opts = proplists:get_value(tcp_connect_opts, Config),
+    SSLOpts = proplists:get_value(ssl_connect_opts, Config),
+    case eldap:open([Host], [{port,Port},
+			     {ssl,true},
+			     {timeout,5000},
+			     {sslopts,SSLOpts}|Opts]) of
+	{ok,H} ->
+            ?assertEqual({ok, [{protocol, 'tlsv1.3'}, {session_resumption, false}]},
+                          eldap:conn_info(H, [protocol, session_resumption]));
+	Other -> ct:fail("eldap:open failed: ~p",[Other])
+    end.
+
+%%%----------------------------------------------------------------
+plain_ldap_conn_info_error(Config) ->
+    Host = proplists:get_value(listen_host, Config),
+    Port = proplists:get_value(listen_port, Config),
+    Opts = proplists:get_value(tcp_connect_opts, Config),
+    T = 1000,
+    case eldap:open([Host], [{timeout,T},{port,Port}|Opts]) of
+        {ok,H} ->
+            ?assertMatch({error, "Not an SSL connection"},
+                          eldap:conn_info(H));
+        Other -> ct:fail("eldap:open failed: ~p",[Other])
+    end.
+
+%%%----------------------------------------------------------------
 client_side_add_timeout(Config) ->
     client_timeout(
       fun(H) ->
author	anupamasingh10 <anupamasingh31@gmail.com>	2023-02-23 11:11:06 +0100
committer	Ingela Anderton Andin <ingela@erlang.org>	2023-04-25 16:18:23 +0200
commit	b0d319a92f87ff7c1c7f384e8bfeeeae8d34d361 (patch)
tree	c7e73e05fa007c7e7de3666c019539a97bee6455
parent	5400ccf243a31d664153a4b9ceb9de3edfce1e0e (diff)
download	erlang-b0d319a92f87ff7c1c7f384e8bfeeeae8d34d361.tar.gz