def search(self, filterText=None, filterObject=None, attributes=(), scope=None, derefAliases=None, sizeLimit=0, sizeLimitIsNonFatal=False, timeLimit=0, typesOnly=0, callback=None): self._checkState() d = defer.Deferred() if filterObject is None and filterText is None: filterObject = pureldap.LDAPFilterMatchAll elif filterObject is None and filterText is not None: filterObject = ldapfilter.parseFilter(filterText) elif filterObject is not None and filterText is None: pass elif filterObject is not None and filterText is not None: f = ldapfilter.parseFilter(filterText) filterObject = pureldap.LDAPFilter_and((f, filterObject)) if scope is None: scope = pureldap.LDAP_SCOPE_wholeSubtree if derefAliases is None: derefAliases = pureldap.LDAP_DEREF_neverDerefAliases if attributes is None: attributes = ['1.1'] results = [] if callback is None: cb = results.append else: cb = callback try: op = pureldap.LDAPSearchRequest(baseObject=str(self.dn), scope=scope, derefAliases=derefAliases, sizeLimit=sizeLimit, timeLimit=timeLimit, typesOnly=typesOnly, filter=filterObject, attributes=attributes) self.client.send_multiResponse( op, self._cbSearchMsg, d, cb, complete=not attributes, sizeLimitIsNonFatal=sizeLimitIsNonFatal) except ldapclient.LDAPClientConnectionLostException: d.errback(Failure()) else: if callback is None: d.addCallback(lambda dummy: results) return d
def search(self, filterText=None, filterObject=None, attributes=(), scope=None, derefAliases=None, sizeLimit=0, timeLimit=0, typesOnly=0, callback=None): if filterObject is None and filterText is None: filterObject = pureldap.LDAPFilterMatchAll elif filterObject is None and filterText is not None: filterObject = ldapfilter.parseFilter(filterText) elif filterObject is not None and filterText is None: pass elif filterObject is not None and filterText is not None: f = ldapfilter.parseFilter(filterText) filterObject = pureldap.LDAPFilter_and((f, filterObject)) if scope is None: scope = pureldap.LDAP_SCOPE_wholeSubtree if derefAliases is None: derefAliases = pureldap.LDAP_DEREF_neverDerefAliases # choose iterator: base/children/subtree if scope == pureldap.LDAP_SCOPE_wholeSubtree: iterator = self.subtree elif scope == pureldap.LDAP_SCOPE_singleLevel: iterator = self.children elif scope == pureldap.LDAP_SCOPE_baseObject: def iterateSelf(callback): callback(self) return defer.succeed(None) iterator = iterateSelf else: raise ldaperrors.LDAPProtocolError, \ 'unknown search scope: %r' % scope results = [] if callback is None: matchCallback = results.append else: matchCallback = callback # gather results, send them def _tryMatch(entry): if entry.match(filterObject): matchCallback(entry) d = iterator(callback=_tryMatch) if callback is None: return defer.succeed(results) else: return defer.succeed(None)
def makeFilter(name, template=None): filter=None try: filter=ldapfilter.parseFilter(name) except ldapfilter.InvalidLDAPFilter: try: filter=ldapfilter.parseFilter('('+name+')') except ldapfilter.InvalidLDAPFilter: if template is not None: try: filter=ldapfilter.parseFilter(template % {'name':name}) except ldapfilter.InvalidLDAPFilter: pass return filter
def test_cn(self): text = '(cn=Babs Jensen)' filt = pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='cn'), assertionValue=pureldap.LDAPAssertionValue(value='Babs Jensen')) self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text)
def test_escape_backslash(self): text = r'(filename=C:\5cMyFile)' filt = pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='filename'), assertionValue=pureldap.LDAPAssertionValue(value=r'C:\MyFile')) self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text)
def test_escape_parens(self): text = r'(o=Parens R Us \28for all your parenthetical needs\29)' filt = pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='o'), assertionValue=pureldap.LDAPAssertionValue(value='Parens R Us (for all your parenthetical needs)')) self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text)
class LDAPBindingChecker: """ The avatarID returned is an LDAPEntry. """ implements(checkers.ICredentialsChecker) credentialInterfaces = (credentials.IUsernamePassword,) def __init__(self, cfg): self.config = cfg def _valid(self, result, entry): matchedDN, serverSaslCreds = result return entry def _found(self, results, credentials): if not results: return failure.Failure(error.UnauthorizedLogin('TODO 1')) assert len(results)==1 entry = results[0] d = entry.client.bind(str(entry.dn), credentials.password) d.addCallback(self._valid, entry) return d def _connected(self, client, filt, credentials): base = ldapsyntax.LDAPEntry(client, self.config.getIdentityBaseDN()) d = base.search(filterObject=filt, sizeLimit=1, attributes=[''], # TODO no attributes ) d.addCallback(self._found, credentials) return d def requestAvatarId(self, credentials): try: baseDN = self.config.getIdentityBaseDN() except config.MissingBaseDNError, e: return failure.Failure(error.UnauthorizedLogin("Disabled due configuration error: %s." % e)) if not credentials.username: return failure.Failure(error.UnauthorizedLogin("I don't support anonymous")) filtText = self.config.getIdentitySearch(credentials.username) try: filt = ldapfilter.parseFilter(filtText) except ldapfilter.InvalidLDAPFilter: return failure.Failure(error.UnauthorizedLogin("Couldn't create filter")) c = ldapconnector.LDAPClientCreator(reactor, ldapclient.LDAPClient) d = c.connect(baseDN, self.config.getServiceLocationOverrides()) d.addCallback(self._connected, filt, credentials) def _err(reason): reason.trap(ldaperrors.LDAPInvalidCredentials, # this happens with slapd 2.1.30 when binding # with DN but no password ldaperrors.LDAPUnwillingToPerform) return failure.Failure(error.UnauthorizedLogin()) d.addErrback(_err) return d
def test_whitespace_afterEq(self): text = r'(cn= foo)' filt = pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='cn'), assertionValue=pureldap.LDAPAssertionValue(value=' foo')) self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text)
def test_item_substring_any(self): text = r'(cn=*foo*)' filt = pureldap.LDAPFilter_substrings( type='cn', substrings=[pureldap.LDAPFilter_substrings_any('foo'), ]) self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text)
def test_not_cn(self): text = '(!(cn=Tim Howes))' filt = pureldap.LDAPFilter_not( pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='cn'), assertionValue=pureldap.LDAPAssertionValue(value='Tim Howes'))) self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text)
def test_escape_asterisk(self): text = r'(cn=*\2A*)' filt = pureldap.LDAPFilter_substrings( type='cn', substrings=[ pureldap.LDAPFilter_substrings_any(value='*'), ]) self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text.lower())
def test_bind_match_success(self): server = self.createServer( services=[ 'svc1', 'svc2', 'svc3', ], fallback=True, responses=[ # svc1 [ pureldap.LDAPSearchResultEntry( r'cn=svc1+owner=cn\=jack\,dc\=example\,dc\=com,dc=example,dc=com', attributes=[]), pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode) ], [ pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode) ], ]) server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=jack,dc=example,dc=com', auth='secret'), id=4))) reactor.iterate() #TODO client = server.client client.assertSent( pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc1)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPBindRequest( dn= r'cn=svc1+owner=cn\=jack\,dc\=example\,dc\=com,dc=example,dc=com', auth='secret'), ) self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode, matchedDN='cn=jack,dc=example,dc=com'), id=4)))
def test_extensible_4(self): text = '(:dn:2.4.6.8.10:=Dino)' self.assertEquals(ldapfilter.parseFilter(text), pureldap.LDAPFilter_extensibleMatch( type=None, dnAttributes=True, matchingRule='2.4.6.8.10', matchValue='Dino', ))
def test_item_substring_if(self): text = r'(cn=foo*bar)' filt = pureldap.LDAPFilter_substrings( type='cn', substrings=[pureldap.LDAPFilter_substrings_initial('foo'), pureldap.LDAPFilter_substrings_final('bar'), ]) self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text)
def test_extensible_3(self): text = '(o:dn:=Ace Industry)' self.assertEquals(ldapfilter.parseFilter(text), pureldap.LDAPFilter_extensibleMatch( type='o', dnAttributes=True, matchingRule=None, matchValue='Ace Industry', ))
def test_extensible_1(self): text = '(cn:1.2.3.4.5:=Fred Flintstone)' self.assertEquals(ldapfilter.parseFilter(text), pureldap.LDAPFilter_extensibleMatch( type='cn', dnAttributes=False, matchingRule='1.2.3.4.5', matchValue='Fred Flintstone', ))
def test_extensible_2(self): text = '(sn:dn:2.4.6.8.10:=Barney Rubble)' self.assertEquals(ldapfilter.parseFilter(text), pureldap.LDAPFilter_extensibleMatch( type='sn', dnAttributes=True, matchingRule='2.4.6.8.10', matchValue='Barney Rubble', ))
def test_substrings(self): text = '(o=univ*of*mich*)' filt = pureldap.LDAPFilter_substrings( type='o', substrings=[ pureldap.LDAPFilter_substrings_initial(value='univ'), pureldap.LDAPFilter_substrings_any(value='of'), pureldap.LDAPFilter_substrings_any(value='mich'), ]) self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text)
def test_and_item(self): text = r'(&(cn=foo)(cn=bar))' filt = pureldap.LDAPFilter_and([ pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='cn'), assertionValue=pureldap.LDAPAssertionValue(value='foo')), pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='cn'), assertionValue=pureldap.LDAPAssertionValue(value='bar')), ]) self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text)
def test_and_or(self): text = '(&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))' filt = pureldap.LDAPFilter_and( [ pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='objectClass'), assertionValue=pureldap.LDAPAssertionValue(value='Person')), pureldap.LDAPFilter_or([ pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='sn'), assertionValue=pureldap.LDAPAssertionValue(value='Jensen')), pureldap.LDAPFilter_substrings( type='cn', substrings=[ pureldap.LDAPFilter_substrings_initial(value='Babs J') ]) ]), ]) self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text)
def test_andornot(self): text = r'(&(!(|(cn=foo)(cn=bar)))(sn=a*b*c*d))' filt = pureldap.LDAPFilter_and([ pureldap.LDAPFilter_not( pureldap.LDAPFilter_or([ pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='cn'), assertionValue=pureldap.LDAPAssertionValue(value='foo')), pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='cn'), assertionValue=pureldap.LDAPAssertionValue(value='bar')), ])), pureldap.LDAPFilter_substrings( type='sn', substrings=[pureldap.LDAPFilter_substrings_initial('a'), pureldap.LDAPFilter_substrings_any('b'), pureldap.LDAPFilter_substrings_any('c'), pureldap.LDAPFilter_substrings_final('d'), ])]) self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text)
def test_item_present(self): text = r'(cn=*)' filt = pureldap.LDAPFilter_present(value='cn') self.assertEquals(ldapfilter.parseFilter(text), filt) self.assertEquals(filt.asText(), text)
def test_bind_noMatchingServicesFound_fallback_badAuth(self): server = self.createServer( services=[ 'svc1', 'svc2', 'svc3', ], fallback=True, responses=[ [pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)], [pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)], [pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)], [ pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode ), ], ]) server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=jack,dc=example,dc=com', auth='wrong-s3krit'), id=4))) reactor.iterate() #TODO client = server.client client.assertSent( pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc1)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc2)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc3)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPBindRequest(dn='cn=jack,dc=example,dc=com', auth='wrong-s3krit')) self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode), id=4)))
def test_escape_binary(self): text = r'(bin=\00\00\00\04)' filt = pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='bin'), assertionValue=pureldap.LDAPAssertionValue(value='\00\00\00\04')) self.assertEquals(ldapfilter.parseFilter(text), filt)
def test_escape_utf8(self): text = r'(sn=Lu\c4\8di\c4\87)' filt = pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription(value='sn'), assertionValue=pureldap.LDAPAssertionValue(value='Lu\xc4\x8di\xc4\x87')) self.assertEquals(ldapfilter.parseFilter(text), filt)