Esempi in Python per LDAPInsufficientAccessRights

Esempio n. 1

 def inner(request, *args, **kwargs):
     user = request.user
     if not user.is_authenticated:
         from ldaptor.protocols.ldap import ldaperrors
         from lite_auth_http.utils.response import json_response
         return json_response(
             code=ldaperrors.LDAPInsufficientAccessRights().resultCode)
     else:
         return func(request, *args, **kwargs)

Esempio n. 2

File: ldapserver.py Progetto: Jbran77/ldaptor

    def extendedRequest_LDAPPasswordModifyRequest(self, data, reply):
        if not isinstance(data, pureber.BERSequence):
            raise ldaperrors.LDAPProtocolError('Extended request PasswordModify expected a BERSequence.')

        userIdentity = None
        oldPasswd = None
        newPasswd = None

        for value in data:
            if isinstance(value, pureldap.LDAPPasswordModifyRequest_userIdentity):
                if userIdentity is not None:
                    raise ldaperrors.LDAPProtocolError(
                        'Extended request PasswordModify received userIdentity twice.')
                userIdentity = value.value
            elif isinstance(value, pureldap.LDAPPasswordModifyRequest_oldPasswd):
                if oldPasswd is not None:
                    raise ldaperrors.LDAPProtocolError('Extended request PasswordModify received oldPasswd twice.')
                oldPasswd = value.value
            elif isinstance(value, pureldap.LDAPPasswordModifyRequest_newPasswd):
                if newPasswd is not None:
                    raise ldaperrors.LDAPProtocolError('Extended request PasswordModify received newPasswd twice.')
                newPasswd = value.value
            else:
                raise ldaperrors.LDAPProtocolError('Extended request PasswordModify received unexpected item.')

        if self.boundUser is None:
            raise ldaperrors.LDAPStrongAuthRequired()

        if (userIdentity is not None
            and userIdentity != self.boundUser.dn):
            #TODO this hardcodes ACL
            log.msg('User %(actor)s tried to change password of %(target)s' % {
                'actor': str(self.boundUser.dn),
                'target': str(userIdentity),
                })
            raise ldaperrors.LDAPInsufficientAccessRights()

        if (oldPasswd is not None
            or newPasswd is None):
            raise ldaperrors.LDAPOperationsError('Password does not support this case.')

        self.boundUser.setPassword(newPasswd)
        return pureldap.LDAPExtendedResponse(resultCode=ldaperrors.Success.resultCode,
                                             responseName=self.extendedRequest_LDAPPasswordModifyRequest.oid)

        # TODO
        if userIdentity is None:
            userIdentity = str(self.boundUser.dn)

        raise NotImplementedError('VALUE %r' % value)

Esempio n. 3

    def handle_LDAPSearchRequest(self, request, controls, reply):
        ctls = self.checkControls(controls)

        if (request.baseObject == b''
                and request.scope == pureldap.LDAP_SCOPE_baseObject
                and isinstance(request.filter, pureldap.LDAPFilter_present)
                and request.filter.value.lower() == b'objectclass'):
            return self.getRootDSE(request, reply)

        if self.cookies is None:
            raise ldaperrors.LDAPInsufficientAccessRights()

        handler = self.factory.handler
        d = self._search(handler, request, ctls, reply)
        d.addErrback(self._cbSearchLDAPError)
        d.addErrback(defer.logError)
        d.addErrback(self._cbSearchOtherError)
        return d

Esempio n. 4

File: ldapserver.py Progetto: fastrde/ldaptor

    def extendedRequest_LDAPPasswordModifyRequest(self, data, reply):
        if not isinstance(data, pureber.BERSequence):
            raise ldaperrors.LDAPProtocolError(
                'Extended request PasswordModify expected a BERSequence.')

        userIdentity = None
        oldPasswd = None
        newPasswd = None

        for value in data:
            if isinstance(value,
                          pureldap.LDAPPasswordModifyRequest_userIdentity):
                if userIdentity is not None:
                    raise ldaperrors.LDAPProtocolError(
                        'Extended request '
                        'PasswordModify received userIdentity twice.')
                userIdentity = value.value
            elif isinstance(value,
                            pureldap.LDAPPasswordModifyRequest_oldPasswd):
                if oldPasswd is not None:
                    raise ldaperrors.LDAPProtocolError(
                        'Extended request PasswordModify '
                        'received oldPasswd twice.')
                oldPasswd = value.value
            elif isinstance(value,
                            pureldap.LDAPPasswordModifyRequest_newPasswd):
                if newPasswd is not None:
                    raise ldaperrors.LDAPProtocolError(
                        'Extended request PasswordModify '
                        'received newPasswd twice.')
                newPasswd = value.value
            else:
                raise ldaperrors.LDAPProtocolError(
                    'Extended request PasswordModify '
                    'received unexpected item.')

        if self.boundUser is None:
            raise ldaperrors.LDAPStrongAuthRequired()

        if (userIdentity is not None and userIdentity != self.boundUser.dn):
            log.msg('User %(actor)s tried to change password of %(target)s' % {
                'actor': self.boundUser.dn.getText(),
                'target': userIdentity,
            })
            raise ldaperrors.LDAPInsufficientAccessRights()
        if (oldPasswd is not None or newPasswd is None):
            raise ldaperrors.LDAPOperationsError(
                'Password does not support this case.')
        self.boundUser.setPassword(newPasswd)
        d = self.boundUser.commit()

        def cb_(result):
            if result:
                return pureldap.LDAPExtendedResponse(
                    resultCode=ldaperrors.Success.resultCode,
                    responseName=self.
                    extendedRequest_LDAPPasswordModifyRequest.oid)
            else:
                raise ldaperrors.LDAPOperationsError('Internal error.')

        d.addCallback(cb_)
        return d

Esempio n. 5

File: ldapserver.py Progetto: shivram2609/ldaptor

    def extendedRequest_LDAPPasswordModifyRequest(self, data, reply):
        if not isinstance(data, pureber.BERSequence):
            raise ldaperrors.LDAPProtocolError(
                "Extended request PasswordModify expected a BERSequence.")

        userIdentity = None
        oldPasswd = None
        newPasswd = None

        for value in data:
            if isinstance(value,
                          pureldap.LDAPPasswordModifyRequest_userIdentity):
                if userIdentity is not None:
                    raise ldaperrors.LDAPProtocolError(
                        "Extended request "
                        "PasswordModify received userIdentity twice.")
                userIdentity = value.value
            elif isinstance(value,
                            pureldap.LDAPPasswordModifyRequest_oldPasswd):
                if oldPasswd is not None:
                    raise ldaperrors.LDAPProtocolError(
                        "Extended request PasswordModify "
                        "received oldPasswd twice.")
                oldPasswd = value.value
            elif isinstance(value,
                            pureldap.LDAPPasswordModifyRequest_newPasswd):
                if newPasswd is not None:
                    raise ldaperrors.LDAPProtocolError(
                        "Extended request PasswordModify "
                        "received newPasswd twice.")
                newPasswd = value.value
            else:
                raise ldaperrors.LDAPProtocolError(
                    "Extended request PasswordModify "
                    "received unexpected item.")

        if self.boundUser is None:
            raise ldaperrors.LDAPStrongAuthRequired()

        if userIdentity is not None and userIdentity != self.boundUser.dn:
            log.msg("User {actor} tried to change password of {target}".format(
                actor=self.boundUser.dn.getText(),
                target=userIdentity,
            ))
            raise ldaperrors.LDAPInsufficientAccessRights()
        if oldPasswd is not None or newPasswd is None:
            raise ldaperrors.LDAPOperationsError(
                "Password does not support this case.")
        self.boundUser.setPassword(newPasswd)
        d = self.boundUser.commit()

        def cb_(result):
            if result:
                return pureldap.LDAPExtendedResponse(
                    resultCode=ldaperrors.Success.resultCode,
                    responseName=self.
                    extendedRequest_LDAPPasswordModifyRequest.oid,
                )
            else:
                raise ldaperrors.LDAPOperationsError("Internal error.")

        d.addCallback(cb_)
        return d