def test_add_success(self): dn = 'cn=new,ou=stuff,dc=example,dc=com' self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPAddRequest( entry=dn, attributes=[ (pureldap.LDAPAttributeDescription("objectClass"), pureber.BERSet(value=[ pureldap.LDAPAttributeValue('something'), ])), ]), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPAddResponse( resultCode=ldaperrors.Success.resultCode), id=2)), ) # tree changed d = self.stuff.children() d.addCallback(self.assertEquals, [ self.thingie, self.another, inmemory.ReadOnlyInMemoryLDAPEntry( 'cn=new,ou=stuff,dc=example,dc=com', {'objectClass': ['something']}), ]) return d
def test_modify(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPModifyRequest( self.stuff.dn, modification=[ delta.Add('foo', ['bar']).asLDAP(), ], ), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPModifyResponse( resultCode=ldaperrors.Success.resultCode), id=2)), ) # tree changed self.assertEquals( self.stuff, inmemory.ReadOnlyInMemoryLDAPEntry('ou=stuff,dc=example,dc=com', { 'objectClass': ['a', 'b'], 'ou': ['stuff'], 'foo': ['bar'] }))
def test_rootDSE(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPSearchRequest( baseObject='', scope=pureldap.LDAP_SCOPE_baseObject, filter=pureldap.LDAPFilter_present('objectClass'), ), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='', attributes=[ ('supportedLDAPVersion', ['3']), ('namingContexts', ['dc=example,dc=com']), ('supportedExtension', [ pureldap.LDAPPasswordModifyRequest.oid, ]), ]), id=2)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( resultCode=ldaperrors.Success.resultCode), id=2)), )
def test_unbind_clientEOF(self): server = self.createServer( [ pureldap.LDAPBindResponse(resultCode=0), ], [], ) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2))) reactor.iterate() #TODO client = server.client client.assertSent(pureldap.LDAPBindRequest()) self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2))) server.connectionLost(error.ConnectionDone) reactor.iterate() #TODO client.assertSent(pureldap.LDAPBindRequest(), 'fake-unbind-by-LDAPClientTestDriver') self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2)))
def test_search_scope_oneLevel(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPSearchRequest( baseObject='ou=stuff,dc=example,dc=com', scope=pureldap.LDAP_SCOPE_singleLevel, ), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='cn=thingie,ou=stuff,dc=example,dc=com', attributes=[ ('objectClass', ['a', 'b']), ('cn', ['thingie']), ]), id=2)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='cn=another,ou=stuff,dc=example,dc=com', attributes=[ ('objectClass', ['a', 'b']), ('cn', ['another']), ]), id=2)) + str( pureldap.LDAPMessage( pureldap.LDAPSearchResultDone(resultCode=0), id=2)), )
def test_modifyDN_rdnOnly_noDeleteOldRDN_success(self): newrdn = 'cn=thingamagic' self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPModifyDNRequest( entry=self.thingie.dn, newrdn=newrdn, deleteoldrdn=False), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPModifyDNResponse( resultCode=ldaperrors.Success.resultCode), id=2)), ) # tree changed d = self.stuff.children() d.addCallback( self.assertEquals, sets.Set([ self.another, inmemory.ReadOnlyInMemoryLDAPEntry( '%s,ou=stuff,dc=example,dc=com' % newrdn, { 'objectClass': ['a', 'b'], 'cn': ['thingamagic', 'thingie'] }), ])) return d
def test_bind(self): self.server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=4))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=4)))
def test_bind_match_success(self): server = self.createServer( services=[ 'svc1', 'svc2', 'svc3', ], fallback=True, responses=[ # svc1 [ pureldap.LDAPSearchResultEntry( r'cn=svc1+owner=cn\=jack\,dc\=example\,dc\=com,dc=example,dc=com', attributes=[]), pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode) ], [ pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode) ], ]) server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=jack,dc=example,dc=com', auth='secret'), id=4))) reactor.iterate() #TODO client = server.client client.assertSent( pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc1)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPBindRequest( dn= r'cn=svc1+owner=cn\=jack\,dc\=example\,dc\=com,dc=example,dc=com', auth='secret'), ) self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode, matchedDN='cn=jack,dc=example,dc=com'), id=4)))
def test_bind_invalidCredentials_nonExisting(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=non-existing,dc=example,dc=com', auth='invalid'), id=78))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode), id=78)))
def test_bind(self): server = self.createServer([ pureldap.LDAPBindResponse(resultCode=0), ]) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=4))) reactor.iterate() #TODO self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=4)))
def test_bind_badVersion_1_anonymous(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest(version=1), id=32))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPProtocolError.resultCode, errorMessage='Version 1 not supported'), id=32)))
def test_search_outOfTree(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPSearchRequest( baseObject='dc=invalid', ), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( resultCode=ldaperrors.LDAPNoSuchObject.resultCode), id=2)), )
def test_bind_invalidCredentials_badPassword(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='invalid'), id=734))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode), id=734)))
def test_extendedRequest_unknown(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPExtendedRequest( requestName='42.42.42', requestValue='foo'), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPExtendedResponse( resultCode=ldaperrors.LDAPProtocolError.resultCode, errorMessage='Unknown extended request: 42.42.42'), id=2)), )
def test_delete(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPDelRequest( str(self.thingie.dn)), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPDelResponse(resultCode=0), id=2)), ) d = self.stuff.children() d.addCallback(self.assertEquals, [self.another]) return d
def test_passwordModify_notBound(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPPasswordModifyRequest( userIdentity='cn=thingie,ou=stuff,dc=example,dc=com', newPasswd='hushhush'), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPExtendedResponse( resultCode=ldaperrors.LDAPStrongAuthRequired.resultCode, responseName=pureldap.LDAPPasswordModifyRequest.oid), id=2)), )
def queue(self, id, op): if not self.connected: raise LDAPServerConnectionLostException() msg = pureldap.LDAPMessage(op, id=id) if self.debug: log.debug('S->C %s' % repr(msg)) self.transport.write(str(msg))
def test_bind_success(self): self.thingie['userPassword'] = [ '{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8=' ] # "secret" self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='secret'), id=4))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=0, matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'), id=4)))
def test_control_unknown_critical(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2, controls=[ ('42.42.42.42', True, None), ]))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPUnavailableCriticalExtension. resultCode, errorMessage='Unknown control 42.42.42.42'), id=2)))
def _send(self, op): if not self.connected: raise LDAPClientConnectionLostException() msg = pureldap.LDAPMessage(op) if self.debug: log.debug('C->S %s' % repr(msg)) assert not self.onwire.has_key(msg.id) return msg
def test_control_unknown_nonCritical(self): self.thingie['userPassword'] = [ '{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8=' ] # "secret" self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='secret'), controls=[('42.42.42.42', False, None)], id=4))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=0, matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'), id=4)))
def test_unknownRequest(self): # make server miss one of the handle_* attributes # without having to modify the LDAPServer class class MockServer(ldapserver.LDAPServer): handle_LDAPBindRequest = property() self.server.__class__ = MockServer self.server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPExtendedResponse( resultCode=ldaperrors.LDAPProtocolError.resultCode, responseName='1.3.6.1.4.1.1466.20036', errorMessage='Unknown request'), id=2)))
def test_bind_badVersion_4_nonExisting(self): # TODO make a test just like this one that would pass authentication # if version was correct, to ensure we don't leak that info either. self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( version=4, dn='cn=non-existing,dc=example,dc=com', auth='invalid'), id=11))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPProtocolError.resultCode, errorMessage='Version 4 not supported'), id=11)))
def test_passwordModify_simple(self): # first bind to some entry self.thingie['userPassword'] = [ '{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8=' ] # "secret" self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='secret'), id=4))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=0, matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'), id=4))) self.server.transport.clear() self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPPasswordModifyRequest( userIdentity='cn=thingie,ou=stuff,dc=example,dc=com', newPasswd='hushhush'), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPExtendedResponse( resultCode=ldaperrors.Success.resultCode, responseName=pureldap.LDAPPasswordModifyRequest.oid), id=2)), ) # tree changed secrets = self.thingie.get('userPassword', []) self.assertEquals(len(secrets), 1) for secret in secrets: self.assertEquals(secret[:len('{SSHA}')], '{SSHA}') raw = base64.decodestring(secret[len('{SSHA}'):]) salt = raw[20:] self.assertEquals(entry.sshaDigest('hushhush', salt), secret)
def test_search(self): server = self.createServer( [ pureldap.LDAPBindResponse(resultCode=0), ], [ pureldap.LDAPSearchResultEntry('cn=foo,dc=example,dc=com', [('a', ['b'])]), pureldap.LDAPSearchResultEntry('cn=bar,dc=example,dc=com', [('b', ['c'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ], ) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2))) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3))) reactor.iterate() #TODO self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage( pureldap.LDAPBindResponse(resultCode=0), id=2)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=foo,dc=example,dc=com', [('a', ['b'])]), id=3)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=bar,dc=example,dc=com', [('b', ['c'])]), id=3)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=3)))
def test_add_fail_existsAlready(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPAddRequest( entry=str(self.thingie.dn), attributes=[ (pureldap.LDAPAttributeDescription("objectClass"), pureber.BERSet(value=[ pureldap.LDAPAttributeValue('something'), ])), ]), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPAddResponse( resultCode=ldaperrors.LDAPEntryAlreadyExists.resultCode, errorMessage=str(self.thingie.dn)), id=2)), ) # tree did not change d = self.stuff.children() d.addCallback(self.assertEquals, [self.thingie, self.another]) return d
def test_unbind(self): self.server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPUnbindRequest(), id=7))) self.assertEquals(self.server.transport.value(), '')
def test_bind_noMatchingServicesFound_fallback_badAuth(self): server = self.createServer( services=[ 'svc1', 'svc2', 'svc3', ], fallback=True, responses=[ [pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)], [pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)], [pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)], [ pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode ), ], ]) server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=jack,dc=example,dc=com', auth='wrong-s3krit'), id=4))) reactor.iterate() #TODO client = server.client client.assertSent( pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc1)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc2)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc3)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPBindRequest(dn='cn=jack,dc=example,dc=com', auth='wrong-s3krit')) self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode), id=4)))