class Add(object):
'''
Description:
--------------------------------------------------------
Add a user to a group
--------------------------------------------------------
'''
def __init__(self,
server,
user_email,
password,
dc,
port = 389):
self.dc = dc
self.server = server
self.port = port
self.user_email = user_email
self.pwd = password
self.logger = logging.getLogger("ADQueryLogger")
self.uri = 'ldap://' + self.server + ':' + str(self.port)
def __connect(self):
self.ldap_obj = LDAPObject(self.uri)
self.ldap_obj.protocol_version = ldap.VERSION3
self.ldap_obj.set_option(ldap.OPT_REFERRALS,0)
self.ldap_obj.simple_bind_s(self.user_email, self.pwd)
def __disconnect(self):
self.ldap_obj.unbind_ext_s()
def add_group(self, gp_dn, user_dn):
self.__connect()
attrib = ([(ldap.MOD_ADD,'member', user_dn)])
success = False
print type(gp_dn), gp_dn
print type(user_dn), user_dn
try:
self.ldap_obj.modify_s(gp_dn, attrib)
success = True
except Exception, e:
print e
finally:
def main():
uri = os.environ["URI1"]
managerdn = os.environ['MANAGERDN']
passwd = os.environ['PASSWD']
babsdn = os.environ['BABSDN']
babspw = b"bjensen"
bjornsdn = os.environ['BJORNSDN']
bjornspw = b"bjorn"
connection = LDAPObject(uri)
start = time.time()
connection.bind_s(managerdn, passwd)
end = time.time()
if end - start > 1:
print(
"It takes more than a second to connect and bind, "
"skipping potentially unstable test",
file=sys.stderr)
raise SystemExit(0)
dn, token_entry = get_token_for(connection, babsdn)
paramsdn = token_entry['oathTOTPParams'][0].decode()
result = connection.search_s(paramsdn, ldap.SCOPE_BASE)
_, attrs = result[0]
params = CIDict(attrs)
secret = token_entry['oathSecret'][0]
period = int(params['oathTOTPTimeStepPeriod'][0].decode())
bind_conn = LDAPObject(uri)
interval_no = get_interval(period)
token = get_hotp_token(secret, interval_no - 3)
print("Testing old tokens are not useable")
bind_conn.bind_s(babsdn, babspw + token)
try:
bind_conn.bind_s(babsdn, babspw + token)
except ldap.INVALID_CREDENTIALS:
pass
else:
raise SystemExit("Bind with an old token should have failed")
interval_no = get_interval(period)
token = get_hotp_token(secret, interval_no)
print("Testing token can only be used once")
bind_conn.bind_s(babsdn, babspw + token)
try:
bind_conn.bind_s(babsdn, babspw + token)
except ldap.INVALID_CREDENTIALS:
pass
else:
raise SystemExit("Bind with a reused token should have failed")
token = get_hotp_token(secret, interval_no + 1)
try:
bind_conn.bind_s(babsdn, babspw + token)
except ldap.INVALID_CREDENTIALS:
raise SystemExit("Bind should have succeeded")
dn, token_entry = get_token_for(connection, babsdn)
last = int(token_entry['oathTOTPLastTimeStep'][0].decode())
if last != interval_no + 1:
SystemExit("Unexpected counter value %d (expected %d)" %
(last, interval_no + 1))
print("Resetting counter and testing secret sharing between accounts")
connection.modify_s(dn, [(ldap.MOD_REPLACE, 'oathTOTPLastTimeStep', [])])
interval_no = get_interval(period)
token = get_hotp_token(secret, interval_no)
try:
bind_conn.bind_s(bjornsdn, bjornspw + token)
except ldap.INVALID_CREDENTIALS:
raise SystemExit("Bind should have succeeded")
try:
bind_conn.bind_s(babsdn, babspw + token)
except ldap.INVALID_CREDENTIALS:
pass
else:
raise SystemExit("Bind with a reused token should have failed")
print("Testing token is retired even with a wrong password")
connection.modify_s(dn, [(ldap.MOD_REPLACE, 'oathTOTPLastTimeStep', [])])
interval_no = get_interval(period)
token = get_hotp_token(secret, interval_no)
try:
bind_conn.bind_s(babsdn, b"not the password" + token)
except ldap.INVALID_CREDENTIALS:
pass
else:
raise SystemExit("Bind with an incorrect password should have failed")
try:
bind_conn.bind_s(babsdn, babspw + token)
except ldap.INVALID_CREDENTIALS:
pass
else:
raise SystemExit("Bind with a reused token should have failed")
token = get_hotp_token(secret, interval_no + 1)
try:
bind_conn.bind_s(babsdn, babspw + token)
except ldap.INVALID_CREDENTIALS:
raise SystemExit("Bind should have succeeded")
