class Add(object): ''' Description: -------------------------------------------------------- Add a user to a group -------------------------------------------------------- ''' def __init__(self, server, user_email, password, dc, port = 389): self.dc = dc self.server = server self.port = port self.user_email = user_email self.pwd = password self.logger = logging.getLogger("ADQueryLogger") self.uri = 'ldap://' + self.server + ':' + str(self.port) def __connect(self): self.ldap_obj = LDAPObject(self.uri) self.ldap_obj.protocol_version = ldap.VERSION3 self.ldap_obj.set_option(ldap.OPT_REFERRALS,0) self.ldap_obj.simple_bind_s(self.user_email, self.pwd) def __disconnect(self): self.ldap_obj.unbind_ext_s() def add_group(self, gp_dn, user_dn): self.__connect() attrib = ([(ldap.MOD_ADD,'member', user_dn)]) success = False print type(gp_dn), gp_dn print type(user_dn), user_dn try: self.ldap_obj.modify_s(gp_dn, attrib) success = True except Exception, e: print e finally:
def main(): uri = os.environ["URI1"] managerdn = os.environ['MANAGERDN'] passwd = os.environ['PASSWD'] babsdn = os.environ['BABSDN'] babspw = b"bjensen" bjornsdn = os.environ['BJORNSDN'] bjornspw = b"bjorn" connection = LDAPObject(uri) start = time.time() connection.bind_s(managerdn, passwd) end = time.time() if end - start > 1: print( "It takes more than a second to connect and bind, " "skipping potentially unstable test", file=sys.stderr) raise SystemExit(0) dn, token_entry = get_token_for(connection, babsdn) paramsdn = token_entry['oathTOTPParams'][0].decode() result = connection.search_s(paramsdn, ldap.SCOPE_BASE) _, attrs = result[0] params = CIDict(attrs) secret = token_entry['oathSecret'][0] period = int(params['oathTOTPTimeStepPeriod'][0].decode()) bind_conn = LDAPObject(uri) interval_no = get_interval(period) token = get_hotp_token(secret, interval_no - 3) print("Testing old tokens are not useable") bind_conn.bind_s(babsdn, babspw + token) try: bind_conn.bind_s(babsdn, babspw + token) except ldap.INVALID_CREDENTIALS: pass else: raise SystemExit("Bind with an old token should have failed") interval_no = get_interval(period) token = get_hotp_token(secret, interval_no) print("Testing token can only be used once") bind_conn.bind_s(babsdn, babspw + token) try: bind_conn.bind_s(babsdn, babspw + token) except ldap.INVALID_CREDENTIALS: pass else: raise SystemExit("Bind with a reused token should have failed") token = get_hotp_token(secret, interval_no + 1) try: bind_conn.bind_s(babsdn, babspw + token) except ldap.INVALID_CREDENTIALS: raise SystemExit("Bind should have succeeded") dn, token_entry = get_token_for(connection, babsdn) last = int(token_entry['oathTOTPLastTimeStep'][0].decode()) if last != interval_no + 1: SystemExit("Unexpected counter value %d (expected %d)" % (last, interval_no + 1)) print("Resetting counter and testing secret sharing between accounts") connection.modify_s(dn, [(ldap.MOD_REPLACE, 'oathTOTPLastTimeStep', [])]) interval_no = get_interval(period) token = get_hotp_token(secret, interval_no) try: bind_conn.bind_s(bjornsdn, bjornspw + token) except ldap.INVALID_CREDENTIALS: raise SystemExit("Bind should have succeeded") try: bind_conn.bind_s(babsdn, babspw + token) except ldap.INVALID_CREDENTIALS: pass else: raise SystemExit("Bind with a reused token should have failed") print("Testing token is retired even with a wrong password") connection.modify_s(dn, [(ldap.MOD_REPLACE, 'oathTOTPLastTimeStep', [])]) interval_no = get_interval(period) token = get_hotp_token(secret, interval_no) try: bind_conn.bind_s(babsdn, b"not the password" + token) except ldap.INVALID_CREDENTIALS: pass else: raise SystemExit("Bind with an incorrect password should have failed") try: bind_conn.bind_s(babsdn, babspw + token) except ldap.INVALID_CREDENTIALS: pass else: raise SystemExit("Bind with a reused token should have failed") token = get_hotp_token(secret, interval_no + 1) try: bind_conn.bind_s(babsdn, babspw + token) except ldap.INVALID_CREDENTIALS: raise SystemExit("Bind should have succeeded")