Esempio n. 1
0
    def test_normal_modification(self, mock_spawn, mock_send_problem_report):
        mock_spawn.return_value.before = b'\n'
        modify_ldap_entry_with_keytab(
            'uid=mattmcal,ou=People,dc=OCF,dc=Berkeley,dc=EDU', {
                'a': ['b', 'c'],
                'calnetUid': 1234
            }, '/nonexist', 'create/admin')

        mock_spawn.assert_called_with(
            'kinit -t /nonexist create/admin ldapmodify',
            timeout=10,
        )
        mock_spawn.return_value.expect.assert_has_calls([
            mock.call('SASL data security layer installed.'),
            mock.call(
                'entry "uid=mattmcal,ou=People,dc=OCF,dc=Berkeley,dc=EDU"'),
        ])

        mock_spawn.return_value.sendline.assert_has_calls((
            mock.call(
                encode('dn',
                       'uid=mattmcal,ou=People,dc=OCF,dc=Berkeley,dc=EDU')),
            mock.call('changetype: modify'),
            mock.call('replace: a'),
            mock.call(encode('a', 'b')),
            mock.call(encode('a', 'c')),
            mock.call('-'),
            mock.call('replace: calnetUid'),
            mock.call(encode('calnetUid', '1234')),
        ),
                                                          any_order=True)
        assert mock_spawn.return_value.sendeof.called
        assert not mock_send_problem_report.called
Esempio n. 2
0
    def test_normal_modification(self, mock_spawn, mock_send_problem_report):
        mock_spawn.return_value.before = b"\n"
        modify_ldap_entry_with_keytab(
            "uid=mattmcal,ou=People,dc=OCF,dc=Berkeley,dc=EDU",
            {"a": ["b", "c"], "calnetUid": 1234},
            "/nonexist",
            "create/admin",
        )

        mock_spawn.assert_called_with("kinit -t /nonexist create/admin ldapmodify", timeout=10)
        mock_spawn.return_value.expect.assert_has_calls(
            [
                mock.call("SASL data security layer installed."),
                mock.call('entry "uid=mattmcal,ou=People,dc=OCF,dc=Berkeley,dc=EDU"'),
            ]
        )

        mock_spawn.return_value.sendline.assert_has_calls(
            (
                mock.call(encode("dn", "uid=mattmcal,ou=People,dc=OCF,dc=Berkeley,dc=EDU")),
                mock.call("changetype: modify"),
                mock.call("replace: a"),
                mock.call(encode("a", "b")),
                mock.call(encode("a", "c")),
                mock.call("-"),
                mock.call("replace: calnetUid"),
                mock.call(encode("calnetUid", "1234")),
            ),
            any_order=True,
        )
        assert mock_spawn.return_value.sendeof.called
        assert not mock_send_problem_report.called
Esempio n. 3
0
 def test_modify_nonexistent(self, mock_spawn, mock_send_problem_report):
     mock_spawn.return_value.before = b'\nNo such object (32)\n'
     with pytest.raises(ValueError):
         modify_ldap_entry_with_keytab(
             'uid=unknown,ou=People,dc=OCF,dc=Berkeley,dc=EDU', {
                 'a': ['b', 'c'],
                 'd': ['e']
             }, '/nonexist', 'create/admin')
     assert not mock_send_problem_report.called
Esempio n. 4
0
 def test_modify_nonexistent(self, mock_spawn, mock_send_problem_report):
     mock_spawn.return_value.before = b"\nNo such object (32)\n"
     with pytest.raises(ValueError):
         modify_ldap_entry_with_keytab(
             "uid=unknown,ou=People,dc=OCF,dc=Berkeley,dc=EDU",
             {"a": ["b", "c"], "d": ["e"]},
             "/nonexist",
             "create/admin",
         )
     assert not mock_send_problem_report.called
Esempio n. 5
0
def modify_ldap_attributes(username, attributes, keytab, principal):
    """Adds or modifies arbitrary attributes of a user's LDAP record subject to
    minor validation beyond the LDAP schema.

    At the moment, the only attribute that benefits from extra validation is
    the 'loginShell' attribute.
    """

    for value in attributes.get('loginShell', ()):
        if not misc.validators.valid_login_shell(value):
            raise ValueError("Invalid login shell '{}'".format(value))

    ldap_ocf.modify_ldap_entry_with_keytab(
        utils.dn_for_username(username),
        attributes,
        keytab,
        principal,
    )
Esempio n. 6
0
def modify_ldap_attributes(username, attributes, keytab, principal):
    """Adds or modifies arbitrary attributes of a user's LDAP record subject to
    minor validation beyond the LDAP schema.

    At the moment, the only attribute that benefits from extra validation is
    the 'loginShell' attribute.
    """

    for value in attributes.get('loginShell', ()):
        if not misc.validators.valid_login_shell(value):
            raise ValueError("Invalid login shell '{}'".format(value))

    ldap_ocf.modify_ldap_entry_with_keytab(
        utils.dn_for_username(username),
        attributes,
        keytab,
        principal,
    )