Bump python-ldap from 3.2.0 to 3.4.0 in /src/server

[dependabot[bot]]

Bumps python-ldap from 3.2.0 to 3.4.0.

Release notes

Sourced from python-ldap's releases.

3.4.0

This release requires Python 3.6 or above, and is tested with Python 3.6 to 3.10. Python 2 is no longer supported.

New code in the python-ldap project is available under the MIT licence (available in LICENCE.MIT in the source). Several contributors have agreed to apply this licence their previous contributions as well. See the README for details.

The following undocumented functions are deprecated and scheduled for removal:

• ldap.cidict.strlist_intersection
• ldap.cidict.strlist_minus
• ldap.cidict.strlist_union

Security fixes:

• Fix inefficient regular expression which allows denial-of-service attacks when parsing specially-crafted LDAP schema. (GHSL-2021-117)

Changes:

• On MacOS, remove option to make LDAP connections from a file descriptor when built with the system libldap (which lacks the underlying function, ldap_init_fd)
• Attribute values of the post read control are now bytes instead of ISO8859-1 decoded str
• LDAPUrl now treats urlscheme as case-insensitive
• Several OpenLDAP options are now supported:
  • OPT_X_TLS_REQUIRE_SAN
  • OPT_X_SASL_SSF_EXTERNAL
  • OPT_X_TLS_PEERCERT

Fixes:

• The copy() method of cidict was added back. It was unintentionally removed in 3.3.0
• Fixed getting/setting SASL options on big endian platforms
• Unknown LDAP result code are now converted to LDAPexception, rather than raising a SystemError.

slapdtest:

• Show stderr of slapd -Ttest
• SlapdObject uses directory-based configuration of slapd
• SlapdObject startup is now faster

Infrastructure:

• CI now runs on GitHub Actions rather than Travis CI.

3.3.1

Released 3.3.1 2020-06-29

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/nbeguier/cassh/network/alerts).

[nbeguier]

$ bash tests/test.sh
[OK] Test ping
[OK] Test health
[OK] Test status unknown user
[OK] Test add user without username,realname,password
[OK] Test add user without username,password
[OK] Test add user without username
[OK] Test add user with bad username
[OK] Test add user with no pubkey
[OK] Test add user with bad pubkey
[OK] Test add user with bad realname
[FAIL ./tests/test_client_add.sh:+57] Test add user with invalid credentials : Error: {'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}
[OK] Test add user named 'all'
[OK] Test add bad username
[OK] Test add user guestaamoimoocha
[OK] Test add user guestbvoozaexahd
[OK] Test add user with same realname (which is possible)
[OK] Test add user sysadmin
[FAIL ./tests/test_client_add.sh:+118] Test status with invalid credentials : Error: {'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}
[OK] Test status pending user
[FAIL ./tests/test_client_add.sh:+135] Test updating user with invalid credentials: Error: {'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}
[OK] Test updating user 
[OK] Test updating user (restore original pub key)
[OK] Test add user with same username (should fail)
[OK] Test add user with same username (should fail)
[OK] Test signing key without username,realname,password
[OK] Test signing key without username,password
[OK] Test signing key without username
[OK] Test signing key with no pubkey
[OK] Test signing key with bad pubkey
[OK] Test signing key when wrong public key
[FAIL ./tests/test_client_sign_error.sh:+50] Test signing key when PENDING status : Error: {'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}
[OK] Test signing key when PENDING status
[OK] Test admin revoke 'guestaamoimoocha' without realname,password
[OK] Test admin revoke 'guestaamoimoocha' without password
[FAIL ./tests/test_admin_activate.sh:+22] Test admin revoke 'guestaamoimoocha' with invalid credentials : Error: {'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}
[OK] Test admin revoke 'guestaamoimoocha' with unauthorized user
[OK] Test admin revoke 'guestaamoimoocha'
[OK] Test admin revoke 'guestaamoimoocha' again (should fail)
[OK] Test admin verify 'guestaamoimoocha' status without realname,password
[OK] Test admin verify 'guestaamoimoocha' status without password
[FAIL ./tests/test_admin_activate.sh:+67] Test admin verify 'guestaamoimoocha' status with invalid credentials: Error: {'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}
[OK] Test admin verify 'guestaamoimoocha' status with unauthorized user
[OK] Test admin verify 'guestaamoimoocha' status
[OK] Test signing key when revoked
[OK] Test signing key when revoked with wrong realname
[FAIL ./tests/test_admin_activate.sh:+105] Test signing key when revoked with invalid credentials : Error: {'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}
[OK] Test delete 'guestaamoimoocha'
[OK] Test admin active unknown user
[OK] Test admin active 'guestbvoozaexahd' status without realname,password
[OK] Test admin active 'guestbvoozaexahd' status without password
[FAIL ./tests/test_admin_activate.sh:+143] Test admin active 'guestbvoozaexahd' status with invalid credentials: Error: {'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}
[OK] Test admin active 'guestbvoozaexahd' status with unauthorized user
[OK] Test admin verify 'guestbvoozaexahd' status
[OK] Test admin active guestbvoozaexahd
[OK] Test admin re-active guestbvoozaexahd
[OK] Test admin active guestcuhaishocet
[OK] Test admin active sysadminooviecaefo
[OK] Test add principal without realname,password
[OK] Test add principal without password
[FAIL ./tests/test_principals.sh:+22] Test add principal with invalid credentials: Error: {'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}
[OK] Test add principal with unauthorized user
[OK] Test add principal 'test-single' to unknown user
[OK] Test add principal 'test-single' to guestbvoozaexahd
[OK] Test signing key with updated principals
[OK] Test signing key with altered public key
[OK] Test add duplicate principal 'test-single' to guestbvoozaexahd
[OK] Test remove principal 'test-single' to guestbvoozaexahd which doesn't exists
[OK] Test remove principal 'test-single' to guestbvoozaexahd
[OK] Test signing key with updated principals
[OK] Test purge principals to guestbvoozaexahd
[OK] Test signing key with updated principals
[OK] Test add principals 'test-multiple-a,test-multiple-b' to guestbvoozaexahd
[OK] Test remove principals 'test-multiple-a,b@dt€xt' to guestbvoozaexahd
[OK] Test remove principals 'test-multiple-a,test-multiple-b' to guestbvoozaexahd
[OK] Test update principals 'test-multiple-c,test-multiple-guestbvoozaexahd' to guestbvoozaexahd
[OK] Test signing key with updated principals
[OK] Test update with duplicate principals 'test-multiple-c,test-multiple-guestbvoozaexahd' to guestbvoozaexahd
[OK] Test unknown action
[OK] Test signing sysadmin key
[OK] Test add duplicate principal 'root-everywhere' to sysadminooviecaefo
[OK] Test signing sysadmin key without duplicates
[OK] Test search principals without realname,password
[OK] Test search principals without password
[FAIL ./tests/test_principals_search.sh:+23] Test search all users' principals with invalid credentials: Error: {'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}
[OK] Test search principals with unauthorized user
[OK] Test search all users' principals: {"guestbvoozaexahd": ["test-multiple-c", "test-multiple-guestbvoozaexahd", "guest-everywhere"], "guestcuhaishocet": ["guestcuhaishocet", "guest-everywhere"], "sysadminooviecaefo": ["sysadminooviecaefo", "root-everywhere", "guest-everywhere"]}
[OK] Test search unknown principals
[OK] Test search test-multiple-guestbvoozaexahd principal
[OK] Test add principal 'test-multiple-guestbvoozaexahd' to guestcuhaishocet
[OK] Test search single principals with multiple users
[OK] Test search multiple principals with one unknown
[OK] Test search multiple principals with one bad value
[OK] Test remove principal 'test-multiple-guestbvoozaexahd' to guestcuhaishocet
[OK] Test search multiple principals with multiple users
[OK] Test search with unknown action
[OK] Test search with garbage
[OK] Test set expiry without realname,password
[OK] Test set expiry without password
[FAIL ./tests/test_admin_set.sh:+22] Test set expiry with invalid credentials: Error: {'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}
[OK] Test set expiry with unauthorized user
[OK] Test set wrong expiry for guestbvoozaexahd
[OK] Test set expiry to 3 days for guestbvoozaexahd
[OK] Test signing key when changing expiry
[OK] Test admin delete 'guestbvoozaexahd' status without realname,password
[OK] Test admin delete 'guestbvoozaexahd' status without password
[FAIL ./tests/test_admin_delete.sh:+22] Test admin delete 'guestbvoozaexahd' status with invalid credentials: Error: {'msgtype': 97, 'msgid': 1, 'result': 49, 'desc': 'Invalid credentials', 'ctrls': []}
[OK] Test admin delete 'guestbvoozaexahd' status with unauthorized user
[OK] Test delete 'guestbvoozaexahd'
[OK] Test delete 'guestcuhaishocet'
[OK] Test cluster status

[dependabot[bot]]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.