-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* breaking things out a little for more testing * adding tests for CachedValue size
- Loading branch information
Showing
6 changed files
with
146 additions
and
71 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
use std::collections::BTreeMap; | ||
use std::net::SocketAddr; | ||
use std::path::PathBuf; | ||
use std::time::Duration; | ||
|
||
use concread::arcache::ARCache; | ||
use hashbrown::HashSet; | ||
use ldap3_proto::{LdapFilter, LdapSearchScope}; | ||
use openssl::ssl::SslConnector; | ||
use serde::Deserialize; | ||
use url::Url; | ||
|
||
pub mod proxy; | ||
|
||
use crate::proxy::{CachedValue, SearchCacheKey}; | ||
|
||
const MEGABYTES: usize = 1048576; | ||
|
||
pub struct AppState { | ||
pub tls_params: SslConnector, | ||
pub addrs: Vec<SocketAddr>, | ||
// Cache later here. | ||
pub binddn_map: BTreeMap<String, DnConfig>, | ||
pub cache: ARCache<SearchCacheKey, CachedValue>, | ||
pub cache_entry_timeout: Duration, | ||
pub max_incoming_ber_size: Option<usize>, | ||
pub max_proxy_ber_size: Option<usize>, | ||
pub allow_all_bind_dns: bool, | ||
} | ||
|
||
#[derive(Debug, Clone, Deserialize, Default)] | ||
pub struct DnConfig { | ||
#[serde(default)] | ||
pub allowed_queries: HashSet<(String, LdapSearchScope, LdapFilter)>, | ||
} | ||
|
||
fn default_cache_bytes() -> usize { | ||
128 * MEGABYTES | ||
} | ||
|
||
fn default_cache_entry_timeout() -> u64 { | ||
1800 | ||
} | ||
|
||
#[derive(Debug, Deserialize)] | ||
pub struct Config { | ||
pub bind: SocketAddr, | ||
pub tls_key: PathBuf, | ||
pub tls_chain: PathBuf, | ||
|
||
#[serde(default = "default_cache_bytes")] | ||
pub cache_bytes: usize, | ||
#[serde(default = "default_cache_entry_timeout")] | ||
pub cache_entry_timeout: u64, | ||
|
||
pub ldap_ca: PathBuf, | ||
pub ldap_url: Url, | ||
|
||
pub max_incoming_ber_size: Option<usize>, | ||
pub max_proxy_ber_size: Option<usize>, | ||
|
||
#[serde(default)] | ||
pub allow_all_bind_dns: bool, | ||
|
||
#[serde(flatten)] | ||
pub binddn_map: BTreeMap<String, DnConfig>, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
|
||
bind = "127.0.0.1:3636" | ||
tls_chain = "/etc/ldap-proxy/chain.pem" | ||
tls_key = "/etc/ldap-proxy/key.pem" | ||
|
||
ldap_ca = "/etc/ldap-proxy/ldap-ca.pem" | ||
ldap_url = "ldaps://ldap.example.com" | ||
|
||
[""] | ||
allowed_queries = [["", "base", "(objectclass=*)"]] | ||
|
||
["cn=John Cena,dc=dooo,dc=do,dc=do,dc=doooooo"] | ||
allowed_queries = [ | ||
[ | ||
"", | ||
"base", | ||
"(objectclass=*)", | ||
], | ||
[ | ||
"o=kanidm", | ||
"subtree", | ||
"(objectclass=*)", | ||
], | ||
] | ||
|
||
["cn=Administrator"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
// use ldap_proxy::proxy::BasicLdapClient; | ||
|
||
use ldap3_proto::proto::LdapResult; | ||
use ldap_proxy::proxy::CachedValue; | ||
use ldap_proxy::Config; | ||
use std::time::{Duration, Instant}; | ||
|
||
#[test] | ||
fn hello_world() { | ||
assert_eq!(2 + 2, 4); | ||
} | ||
|
||
#[test] | ||
fn test_config_load() { | ||
assert!(toml::from_str::<Config>("").is_err()); | ||
|
||
assert!(toml::from_str::<Config>(include_str!("test_config.toml")).is_ok()); | ||
let config = toml::from_str::<Config>(include_str!("test_config.toml")).unwrap(); | ||
|
||
assert_eq!(config.ldap_ca.to_str(), Some("/etc/ldap-proxy/ldap-ca.pem")); | ||
} | ||
|
||
#[test] | ||
fn test_cachedvalue() { | ||
let cv = CachedValue { | ||
valid_until: Instant::now() + Duration::from_secs(60), | ||
entries: Vec::with_capacity(5), | ||
result: LdapResult { | ||
code: ldap3_proto::LdapResultCode::Busy, | ||
matcheddn: "dn=doo".to_string(), | ||
message: "ohno".to_string(), | ||
referral: Vec::with_capacity(5), | ||
}, | ||
ctrl: Vec::with_capacity(5), | ||
}; | ||
assert_eq!(cv.size(), 144); | ||
} |