def test_passwordModify_simple(self):
# first bind to some entry
self.thingie['userPassword'] = ['{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8='] # "secret"
self.server.dataReceived(str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(
dn='cn=thingie,ou=stuff,dc=example,dc=com',
auth='secret'), id=4)))
self.assertEquals(self.server.transport.value(),
str(pureldap.LDAPMessage(
pureldap.LDAPBindResponse(resultCode=0,
matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'),
id=4)))
self.server.transport.clear()
self.server.dataReceived(str(pureldap.LDAPMessage(
pureldap.LDAPPasswordModifyRequest(
userIdentity='cn=thingie,ou=stuff,dc=example,dc=com',
newPasswd='hushhush'),
id=2)))
self.assertEquals(self.server.transport.value(),
str(pureldap.LDAPMessage(
pureldap.LDAPExtendedResponse(
resultCode=ldaperrors.Success.resultCode,
responseName=pureldap.LDAPPasswordModifyRequest.oid),
id=2)),
)
# tree changed
secrets = self.thingie.get('userPassword', [])
self.assertEquals(len(secrets), 1)
for secret in secrets:
self.assertEquals(secret[:len('{SSHA}')], '{SSHA}')
raw = base64.decodestring(secret[len('{SSHA}'):])
salt = raw[20:]
self.assertEquals(entry.sshaDigest('hushhush', salt),
secret)
def test_passwordModify_simple(self):
data = {"committed": False}
def onCommit_(result, info):
info["committed"] = result
return result
wrapCommit(self.thingie, onCommit_, data)
# first bind to some entry
self.thingie["userPassword"] = ["{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8="] # "secret"
self.server.dataReceived(
str(
pureldap.LDAPMessage(
pureldap.LDAPBindRequest(dn="cn=thingie,ou=stuff,dc=example,dc=com", auth="secret"), id=4
)
)
)
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(
pureldap.LDAPBindResponse(resultCode=0, matchedDN="cn=thingie,ou=stuff,dc=example,dc=com"), id=4
)
),
)
self.server.transport.clear()
self.server.dataReceived(
str(
pureldap.LDAPMessage(
pureldap.LDAPPasswordModifyRequest(
userIdentity="cn=thingie,ou=stuff,dc=example,dc=com", newPasswd="hushhush"
),
id=2,
)
)
)
self.assertEquals(data["committed"], True, "Server never committed data.")
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(
pureldap.LDAPExtendedResponse(
resultCode=ldaperrors.Success.resultCode, responseName=pureldap.LDAPPasswordModifyRequest.oid
),
id=2,
)
),
)
# tree changed
secrets = self.thingie.get("userPassword", [])
self.assertEquals(len(secrets), 1)
for secret in secrets:
self.assertEquals(secret[: len("{SSHA}")], "{SSHA}")
raw = base64.decodestring(secret[len("{SSHA}") :])
salt = raw[20:]
self.assertEquals(entry.sshaDigest("hushhush", salt), secret)
def test_passwordModify_simple(self):
data = {'committed': False}
def onCommit_(result, info):
info['committed'] = result
return result
wrapCommit(self.thingie, onCommit_, data)
# first bind to some entry
self.thingie['userPassword'] = ['{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8='] # "secret"
self.server.dataReceived(
pureldap.LDAPMessage(
pureldap.LDAPBindRequest(
dn='cn=thingie,ou=stuff,dc=example,dc=com',
auth=b'secret'),
id=4).toWire())
self.assertEqual(
self.server.transport.value(),
pureldap.LDAPMessage(
pureldap.LDAPBindResponse(
resultCode=0,
matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'),
id=4).toWire())
self.server.transport.clear()
self.server.dataReceived(
pureldap.LDAPMessage(
pureldap.LDAPPasswordModifyRequest(
userIdentity='cn=thingie,ou=stuff,dc=example,dc=com',
newPasswd='hushhush'),
id=2).toWire())
self.assertEqual(data['committed'], True, "Server never committed data.")
self.assertEqual(
self.server.transport.value(),
pureldap.LDAPMessage(
pureldap.LDAPExtendedResponse(
resultCode=ldaperrors.Success.resultCode,
responseName=pureldap.LDAPPasswordModifyRequest.oid),
id=2).toWire())
# tree changed
secrets = self.thingie.get('userPassword', [])
self.assertEqual(len(secrets), 1)
for secret in secrets:
self.assertEqual(secret[:len(b'{SSHA}')], b'{SSHA}')
# DUO EDIT @mbishop
# Nominal change to remove deprecation warning
# raw = base64.decodestring(secret[len(b'{SSHA}'):])
raw = base64.decodebytes(secret[len(b'{SSHA}'):])
# END EDIT
salt = raw[20:]
self.assertEqual(entry.sshaDigest(b'hushhush', salt), secret)
def test_passwordModify_simple(self):
commits = observeCommits(self.thingie)
# first bind to some entry
self.thingie["userPassword"] = [
"{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8="
] # "secret"
self.server.dataReceived(
pureldap.LDAPMessage(
pureldap.LDAPBindRequest(
dn="cn=thingie,ou=stuff,dc=example,dc=com",
auth=b"secret"),
id=4,
).toWire())
self.assertEqual(
self.server.transport.value(),
pureldap.LDAPMessage(
pureldap.LDAPBindResponse(
resultCode=0,
matchedDN="cn=thingie,ou=stuff,dc=example,dc=com"),
id=4,
).toWire(),
)
self.server.transport.clear()
self.server.dataReceived(
pureldap.LDAPMessage(
pureldap.LDAPPasswordModifyRequest(
userIdentity="cn=thingie,ou=stuff,dc=example,dc=com",
newPasswd="hushhush",
),
id=2,
).toWire())
self.assertListEqual(commits, [True], "Server never committed data.")
self.assertEqual(
self.server.transport.value(),
pureldap.LDAPMessage(
pureldap.LDAPExtendedResponse(
resultCode=ldaperrors.Success.resultCode,
responseName=pureldap.LDAPPasswordModifyRequest.oid,
),
id=2,
).toWire(),
)
# tree changed
secrets = self.thingie.get("userPassword", [])
self.assertEqual(len(secrets), 1)
for secret in secrets:
self.assertEqual(secret[:len(b"{SSHA}")], b"{SSHA}")
raw = base64.decodebytes(secret[len(b"{SSHA}"):])
salt = raw[20:]
self.assertEqual(entry.sshaDigest(b"hushhush", salt), secret)
def _cb_create (self, r, dn, password=None, ) :
if dn.startswith("dc=", ) : # dc
_object = copy.deepcopy(self.DC_SKEL, )
_object["dc"].append(dn.split(",")[0][3:], )
elif dn.startswith("ou=", ) : # ou
_object = copy.deepcopy(self.OU_SKEL, )
_object["ou"].append(dn.split(",")[0][3:], )
elif dn.startswith("uid=", ) : # uid
_object = copy.deepcopy(self.UID_SKEL, )
_uid = dn.split(",")[0][4:]
_object["cn"].append(_uid, )
_object["jid"].append("%s@%s" % (_uid, self._hostname, ), )
_object["sn"].append(_uid, )
_object["uid"].append(_uid, )
_object["userPassword"].append(sshaDigest(password if password else _uid, ), )
return r.addChild(dn.split(",")[0], _object, )
def test_passwordModify_simple(self):
data = {'committed': False}
def onCommit_(result, info):
info['committed'] = result
return result
wrapCommit(self.thingie, onCommit_, data)
# first bind to some entry
self.thingie['userPassword'] = ['{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8='] # "secret"
self.server.dataReceived(
pureldap.LDAPMessage(
pureldap.LDAPBindRequest(
dn='cn=thingie,ou=stuff,dc=example,dc=com',
auth=b'secret'),
id=4).toWire())
self.assertEqual(
self.server.transport.value(),
pureldap.LDAPMessage(
pureldap.LDAPBindResponse(
resultCode=0,
matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'),
id=4).toWire())
self.server.transport.clear()
self.server.dataReceived(
pureldap.LDAPMessage(
pureldap.LDAPPasswordModifyRequest(
userIdentity='cn=thingie,ou=stuff,dc=example,dc=com',
newPasswd='hushhush'),
id=2).toWire())
self.assertEqual(data['committed'], True, "Server never committed data.")
self.assertEqual(
self.server.transport.value(),
pureldap.LDAPMessage(
pureldap.LDAPExtendedResponse(
resultCode=ldaperrors.Success.resultCode,
responseName=pureldap.LDAPPasswordModifyRequest.oid),
id=2).toWire())
# tree changed
secrets = self.thingie.get('userPassword', [])
self.assertEqual(len(secrets), 1)
for secret in secrets:
self.assertEqual(secret[:len(b'{SSHA}')], b'{SSHA}')
raw = base64.decodestring(secret[len(b'{SSHA}'):])
salt = raw[20:]
self.assertEqual(entry.sshaDigest(b'hushhush', salt), secret)
def test_passwordModify_simple(self):
# first bind to some entry
self.thingie['userPassword'] = [
'{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8='
] # "secret"
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPBindRequest(
dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='secret'),
id=4)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPBindResponse(
resultCode=0,
matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'),
id=4)))
self.server.transport.clear()
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPPasswordModifyRequest(
userIdentity='cn=thingie,ou=stuff,dc=example,dc=com',
newPasswd='hushhush'),
id=2)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPExtendedResponse(
resultCode=ldaperrors.Success.resultCode,
responseName=pureldap.LDAPPasswordModifyRequest.oid),
id=2)),
)
# tree changed
secrets = self.thingie.get('userPassword', [])
self.assertEquals(len(secrets), 1)
for secret in secrets:
self.assertEquals(secret[:len('{SSHA}')], '{SSHA}')
raw = base64.decodestring(secret[len('{SSHA}'):])
salt = raw[20:]
self.assertEquals(entry.sshaDigest('hushhush', salt), secret)