def cb_(result):
if result:
return pureldap.LDAPExtendedResponse(
resultCode=ldaperrors.Success.resultCode,
responseName=self.extendedRequest_LDAPPasswordModifyRequest.oid)
else:
raise ldaperrors.LDAPOperationsError('Internal error.')
def extendedRequest_LDAPPasswordModifyRequest(self, data, reply):
if not isinstance(data, pureber.BERSequence):
raise ldaperrors.LDAPProtocolError('Extended request PasswordModify expected a BERSequence.')
userIdentity = None
oldPasswd = None
newPasswd = None
for value in data:
if isinstance(value, pureldap.LDAPPasswordModifyRequest_userIdentity):
if userIdentity is not None:
raise ldaperrors.LDAPProtocolError(
'Extended request PasswordModify received userIdentity twice.')
userIdentity = value.value
elif isinstance(value, pureldap.LDAPPasswordModifyRequest_oldPasswd):
if oldPasswd is not None:
raise ldaperrors.LDAPProtocolError('Extended request PasswordModify received oldPasswd twice.')
oldPasswd = value.value
elif isinstance(value, pureldap.LDAPPasswordModifyRequest_newPasswd):
if newPasswd is not None:
raise ldaperrors.LDAPProtocolError('Extended request PasswordModify received newPasswd twice.')
newPasswd = value.value
else:
raise ldaperrors.LDAPProtocolError('Extended request PasswordModify received unexpected item.')
if self.boundUser is None:
raise ldaperrors.LDAPStrongAuthRequired()
if (userIdentity is not None
and userIdentity != self.boundUser.dn):
#TODO this hardcodes ACL
log.msg('User %(actor)s tried to change password of %(target)s' % {
'actor': str(self.boundUser.dn),
'target': str(userIdentity),
})
raise ldaperrors.LDAPInsufficientAccessRights()
if (oldPasswd is not None
or newPasswd is None):
raise ldaperrors.LDAPOperationsError('Password does not support this case.')
self.boundUser.setPassword(newPasswd)
return pureldap.LDAPExtendedResponse(resultCode=ldaperrors.Success.resultCode,
responseName=self.extendedRequest_LDAPPasswordModifyRequest.oid)
# TODO
if userIdentity is None:
userIdentity = str(self.boundUser.dn)
raise NotImplementedError('VALUE %r' % value)
def test_TLS_failure(self):
clock = Clock()
ldapclient.reactor = clock
client, transport = self.create_test_client()
d = client.startTLS()
clock.advance(1)
error = ldaperrors.LDAPOperationsError()
op = pureldap.LDAPStartTLSResponse(error.resultCode)
response = pureldap.LDAPMessage(op)
response.id -= 1
resp_bytestring = response.toWire()
client.dataReceived(resp_bytestring)
def cb_(thing):
expected = ldaperrors.LDAPOperationsError
self.assertEqual(expected, type(thing.value))
d.addErrback(cb_)
return d
def extendedRequest_LDAPPasswordModifyRequest(self, data, reply):
if not isinstance(data, pureber.BERSequence):
raise ldaperrors.LDAPProtocolError(
'Extended request PasswordModify expected a BERSequence.')
userIdentity = None
oldPasswd = None
newPasswd = None
for value in data:
if isinstance(value,
pureldap.LDAPPasswordModifyRequest_userIdentity):
if userIdentity is not None:
raise ldaperrors.LDAPProtocolError(
'Extended request '
'PasswordModify received userIdentity twice.')
userIdentity = value.value
elif isinstance(value,
pureldap.LDAPPasswordModifyRequest_oldPasswd):
if oldPasswd is not None:
raise ldaperrors.LDAPProtocolError(
'Extended request PasswordModify '
'received oldPasswd twice.')
oldPasswd = value.value
elif isinstance(value,
pureldap.LDAPPasswordModifyRequest_newPasswd):
if newPasswd is not None:
raise ldaperrors.LDAPProtocolError(
'Extended request PasswordModify '
'received newPasswd twice.')
newPasswd = value.value
else:
raise ldaperrors.LDAPProtocolError(
'Extended request PasswordModify '
'received unexpected item.')
if self.boundUser is None:
raise ldaperrors.LDAPStrongAuthRequired()
if (userIdentity is not None and userIdentity != self.boundUser.dn):
log.msg('User %(actor)s tried to change password of %(target)s' % {
'actor': self.boundUser.dn.getText(),
'target': userIdentity,
})
raise ldaperrors.LDAPInsufficientAccessRights()
if (oldPasswd is not None or newPasswd is None):
raise ldaperrors.LDAPOperationsError(
'Password does not support this case.')
self.boundUser.setPassword(newPasswd)
d = self.boundUser.commit()
def cb_(result):
if result:
return pureldap.LDAPExtendedResponse(
resultCode=ldaperrors.Success.resultCode,
responseName=self.
extendedRequest_LDAPPasswordModifyRequest.oid)
else:
raise ldaperrors.LDAPOperationsError('Internal error.')
d.addCallback(cb_)
return d
def extendedRequest_LDAPPasswordModifyRequest(self, data, reply):
if not isinstance(data, pureber.BERSequence):
raise ldaperrors.LDAPProtocolError(
"Extended request PasswordModify expected a BERSequence.")
userIdentity = None
oldPasswd = None
newPasswd = None
for value in data:
if isinstance(value,
pureldap.LDAPPasswordModifyRequest_userIdentity):
if userIdentity is not None:
raise ldaperrors.LDAPProtocolError(
"Extended request "
"PasswordModify received userIdentity twice.")
userIdentity = value.value
elif isinstance(value,
pureldap.LDAPPasswordModifyRequest_oldPasswd):
if oldPasswd is not None:
raise ldaperrors.LDAPProtocolError(
"Extended request PasswordModify "
"received oldPasswd twice.")
oldPasswd = value.value
elif isinstance(value,
pureldap.LDAPPasswordModifyRequest_newPasswd):
if newPasswd is not None:
raise ldaperrors.LDAPProtocolError(
"Extended request PasswordModify "
"received newPasswd twice.")
newPasswd = value.value
else:
raise ldaperrors.LDAPProtocolError(
"Extended request PasswordModify "
"received unexpected item.")
if self.boundUser is None:
raise ldaperrors.LDAPStrongAuthRequired()
if userIdentity is not None and userIdentity != self.boundUser.dn:
log.msg("User {actor} tried to change password of {target}".format(
actor=self.boundUser.dn.getText(),
target=userIdentity,
))
raise ldaperrors.LDAPInsufficientAccessRights()
if oldPasswd is not None or newPasswd is None:
raise ldaperrors.LDAPOperationsError(
"Password does not support this case.")
self.boundUser.setPassword(newPasswd)
d = self.boundUser.commit()
def cb_(result):
if result:
return pureldap.LDAPExtendedResponse(
resultCode=ldaperrors.Success.resultCode,
responseName=self.
extendedRequest_LDAPPasswordModifyRequest.oid,
)
else:
raise ldaperrors.LDAPOperationsError("Internal error.")
d.addCallback(cb_)
return d
