def _tryService(self, services, baseEntry, request, controls, reply): try: serviceName = services.pop(0) except IndexError: return None timestamp = self.timestamp() d = baseEntry.search( filterObject=pureldap.LDAPFilter_and([ pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription( 'objectClass'), assertionValue=pureldap.LDAPAssertionValue( 'serviceSecurityObject')), pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription('owner'), assertionValue=pureldap.LDAPAssertionValue(request.dn)), pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription('cn'), assertionValue=pureldap.LDAPAssertionValue(serviceName)), pureldap.LDAPFilter_or([ # no time pureldap.LDAPFilter_not( pureldap.LDAPFilter_present('validFrom')), # or already valid pureldap.LDAPFilter_lessOrEqual( attributeDesc=pureldap.LDAPAttributeDescription( 'validFrom'), assertionValue=pureldap.LDAPAssertionValue(timestamp)), ]), pureldap.LDAPFilter_or([ # no time pureldap.LDAPFilter_not( pureldap.LDAPFilter_present('validUntil')), # or still valid pureldap.LDAPFilter_greaterOrEqual( attributeDesc=pureldap.LDAPAttributeDescription( 'validUntil'), assertionValue=pureldap.LDAPAssertionValue(timestamp)), ]), ]), attributes=('1.1', )) def _gotEntries(entries): if not entries: return None assert len(entries) == 1 #TODO e = entries[0] d = e.bind(request.auth) return d d.addCallback(_gotEntries) d.addCallbacks(callback=self._loopIfNone, callbackArgs=(services, baseEntry, request, controls, reply), errback=self._loopIfBindError, errbackArgs=(services, baseEntry, request, controls, reply)) return d
def test_andornot(self): text = r"(&(!(|(cn=foo)(cn=bar)))(sn=a*b*c*d))" filt = pureldap.LDAPFilter_and( [ pureldap.LDAPFilter_not( pureldap.LDAPFilter_or( [ pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription( value="cn" ), assertionValue=pureldap.LDAPAssertionValue(value="foo"), ), pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription( value="cn" ), assertionValue=pureldap.LDAPAssertionValue(value="bar"), ), ] ) ), pureldap.LDAPFilter_substrings( type="sn", substrings=[ pureldap.LDAPFilter_substrings_initial("a"), pureldap.LDAPFilter_substrings_any("b"), pureldap.LDAPFilter_substrings_any("c"), pureldap.LDAPFilter_substrings_final("d"), ], ), ] ) self.assertEqual(ldapfilter.parseFilter(text), filt) self.assertEqual(filt.asText(), text)
def test_andornot(self): text = r'(&(!(|(cn=foo)(cn=bar)))(sn=a*b*c*d))' filt = pureldap.LDAPFilter_and([ pureldap.LDAPFilter_not( pureldap.LDAPFilter_or([ pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription( value='cn'), assertionValue=pureldap.LDAPAssertionValue( value='foo')), pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription( value='cn'), assertionValue=pureldap.LDAPAssertionValue( value='bar')), ])), pureldap.LDAPFilter_substrings( type='sn', substrings=[ pureldap.LDAPFilter_substrings_initial('a'), pureldap.LDAPFilter_substrings_any('b'), pureldap.LDAPFilter_substrings_any('c'), pureldap.LDAPFilter_substrings_final('d'), ]) ]) self.assertEqual(ldapfilter.parseFilter(text), filt) self.assertEqual(filt.asText(), text)
def test_not_item(self): text = r'(!(cn=foo))' filt = pureldap.LDAPFilter_not( pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='cn'), assertionValue=pureldap.LDAPAssertionValue(value='foo'))) self.assertEqual(ldapfilter.parseFilter(text), filt) self.assertEqual(filt.asText(), text)
def test_not_cn(self): text = '(!(cn=Tim Howes))' filt = pureldap.LDAPFilter_not( pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='cn'), assertionValue=pureldap.LDAPAssertionValue(value='Tim Howes'))) self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text)
def test_not_cn(self): text = "(!(cn=Tim Howes))" filt = pureldap.LDAPFilter_not( pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value="cn"), assertionValue=pureldap.LDAPAssertionValue(value="Tim Howes"), ) ) self.assertEqual(ldapfilter.parseFilter(text), filt) self.assertEqual(filt.asText(), text)
def test_not(self): o = inmemory.ReadOnlyInMemoryLDAPEntry(dn='cn=foo,dc=example,dc=com', attributes={ 'objectClass': ['a', 'b'], 'aValue': ['a'], 'bValue': ['b'], }) result = o.match( pureldap.LDAPFilter_not( pureldap.LDAPFilter_or([ pureldap.LDAPFilter_present('cValue'), pureldap.LDAPFilter_present('dValue'), ]))) self.assertEqual(result, True)
def test_not(self): o = inmemory.ReadOnlyInMemoryLDAPEntry( dn="cn=foo,dc=example,dc=com", attributes={ "objectClass": ["a", "b"], "aValue": ["a"], "bValue": ["b"], }, ) result = o.match( pureldap.LDAPFilter_not( pureldap.LDAPFilter_or([ pureldap.LDAPFilter_present("cValue"), pureldap.LDAPFilter_present("dValue"), ]))) self.assertEqual(result, True)
def _p_extensible(s, l, t): attr, dn, matchingRule, value = t return pureldap.LDAPFilter_extensibleMatch(matchingRule=matchingRule, type=attr, matchValue=value, dnAttributes=dn) extensible.setParseAction(_p_extensible) item = simple ^ present ^ substring ^ extensible item.setName('item') item.leaveWhitespace() not_ = Suppress(Literal('!')) + filter_ not_.setParseAction(lambda s, l, t: pureldap.LDAPFilter_not(t[0])) not_.setName('not') filterlist = OneOrMore(filter_) or_ = Suppress(Literal('|')) + filterlist or_.setParseAction(lambda s, l, t: pureldap.LDAPFilter_or(t)) or_.setName('or') and_ = Suppress(Literal('&')) + filterlist and_.setParseAction(lambda s, l, t: pureldap.LDAPFilter_and(t)) and_.setName('and') filtercomp = and_ | or_ | not_ | item filtercomp.setName('filtercomp') filter_ << (Suppress(Literal('(').leaveWhitespace()) + filtercomp + Suppress(Literal(')').leaveWhitespace())) filter_.setName('filter') filtercomp.leaveWhitespace() filter_.leaveWhitespace()