def cb_(result): if result: return pureldap.LDAPExtendedResponse( resultCode=ldaperrors.Success.resultCode, responseName=self.extendedRequest_LDAPPasswordModifyRequest.oid) else: raise ldaperrors.LDAPOperationsError('Internal error.')
def extendedRequest_LDAPPasswordModifyRequest(self, data, reply): if not isinstance(data, pureber.BERSequence): raise ldaperrors.LDAPProtocolError('Extended request PasswordModify expected a BERSequence.') userIdentity = None oldPasswd = None newPasswd = None for value in data: if isinstance(value, pureldap.LDAPPasswordModifyRequest_userIdentity): if userIdentity is not None: raise ldaperrors.LDAPProtocolError( 'Extended request PasswordModify received userIdentity twice.') userIdentity = value.value elif isinstance(value, pureldap.LDAPPasswordModifyRequest_oldPasswd): if oldPasswd is not None: raise ldaperrors.LDAPProtocolError('Extended request PasswordModify received oldPasswd twice.') oldPasswd = value.value elif isinstance(value, pureldap.LDAPPasswordModifyRequest_newPasswd): if newPasswd is not None: raise ldaperrors.LDAPProtocolError('Extended request PasswordModify received newPasswd twice.') newPasswd = value.value else: raise ldaperrors.LDAPProtocolError('Extended request PasswordModify received unexpected item.') if self.boundUser is None: raise ldaperrors.LDAPStrongAuthRequired() if (userIdentity is not None and userIdentity != self.boundUser.dn): #TODO this hardcodes ACL log.msg('User %(actor)s tried to change password of %(target)s' % { 'actor': str(self.boundUser.dn), 'target': str(userIdentity), }) raise ldaperrors.LDAPInsufficientAccessRights() if (oldPasswd is not None or newPasswd is None): raise ldaperrors.LDAPOperationsError('Password does not support this case.') self.boundUser.setPassword(newPasswd) return pureldap.LDAPExtendedResponse(resultCode=ldaperrors.Success.resultCode, responseName=self.extendedRequest_LDAPPasswordModifyRequest.oid) # TODO if userIdentity is None: userIdentity = str(self.boundUser.dn) raise NotImplementedError('VALUE %r' % value)
def test_TLS_failure(self): clock = Clock() ldapclient.reactor = clock client, transport = self.create_test_client() d = client.startTLS() clock.advance(1) error = ldaperrors.LDAPOperationsError() op = pureldap.LDAPStartTLSResponse(error.resultCode) response = pureldap.LDAPMessage(op) response.id -= 1 resp_bytestring = response.toWire() client.dataReceived(resp_bytestring) def cb_(thing): expected = ldaperrors.LDAPOperationsError self.assertEqual(expected, type(thing.value)) d.addErrback(cb_) return d
def extendedRequest_LDAPPasswordModifyRequest(self, data, reply): if not isinstance(data, pureber.BERSequence): raise ldaperrors.LDAPProtocolError( 'Extended request PasswordModify expected a BERSequence.') userIdentity = None oldPasswd = None newPasswd = None for value in data: if isinstance(value, pureldap.LDAPPasswordModifyRequest_userIdentity): if userIdentity is not None: raise ldaperrors.LDAPProtocolError( 'Extended request ' 'PasswordModify received userIdentity twice.') userIdentity = value.value elif isinstance(value, pureldap.LDAPPasswordModifyRequest_oldPasswd): if oldPasswd is not None: raise ldaperrors.LDAPProtocolError( 'Extended request PasswordModify ' 'received oldPasswd twice.') oldPasswd = value.value elif isinstance(value, pureldap.LDAPPasswordModifyRequest_newPasswd): if newPasswd is not None: raise ldaperrors.LDAPProtocolError( 'Extended request PasswordModify ' 'received newPasswd twice.') newPasswd = value.value else: raise ldaperrors.LDAPProtocolError( 'Extended request PasswordModify ' 'received unexpected item.') if self.boundUser is None: raise ldaperrors.LDAPStrongAuthRequired() if (userIdentity is not None and userIdentity != self.boundUser.dn): log.msg('User %(actor)s tried to change password of %(target)s' % { 'actor': self.boundUser.dn.getText(), 'target': userIdentity, }) raise ldaperrors.LDAPInsufficientAccessRights() if (oldPasswd is not None or newPasswd is None): raise ldaperrors.LDAPOperationsError( 'Password does not support this case.') self.boundUser.setPassword(newPasswd) d = self.boundUser.commit() def cb_(result): if result: return pureldap.LDAPExtendedResponse( resultCode=ldaperrors.Success.resultCode, responseName=self. extendedRequest_LDAPPasswordModifyRequest.oid) else: raise ldaperrors.LDAPOperationsError('Internal error.') d.addCallback(cb_) return d
def extendedRequest_LDAPPasswordModifyRequest(self, data, reply): if not isinstance(data, pureber.BERSequence): raise ldaperrors.LDAPProtocolError( "Extended request PasswordModify expected a BERSequence.") userIdentity = None oldPasswd = None newPasswd = None for value in data: if isinstance(value, pureldap.LDAPPasswordModifyRequest_userIdentity): if userIdentity is not None: raise ldaperrors.LDAPProtocolError( "Extended request " "PasswordModify received userIdentity twice.") userIdentity = value.value elif isinstance(value, pureldap.LDAPPasswordModifyRequest_oldPasswd): if oldPasswd is not None: raise ldaperrors.LDAPProtocolError( "Extended request PasswordModify " "received oldPasswd twice.") oldPasswd = value.value elif isinstance(value, pureldap.LDAPPasswordModifyRequest_newPasswd): if newPasswd is not None: raise ldaperrors.LDAPProtocolError( "Extended request PasswordModify " "received newPasswd twice.") newPasswd = value.value else: raise ldaperrors.LDAPProtocolError( "Extended request PasswordModify " "received unexpected item.") if self.boundUser is None: raise ldaperrors.LDAPStrongAuthRequired() if userIdentity is not None and userIdentity != self.boundUser.dn: log.msg("User {actor} tried to change password of {target}".format( actor=self.boundUser.dn.getText(), target=userIdentity, )) raise ldaperrors.LDAPInsufficientAccessRights() if oldPasswd is not None or newPasswd is None: raise ldaperrors.LDAPOperationsError( "Password does not support this case.") self.boundUser.setPassword(newPasswd) d = self.boundUser.commit() def cb_(result): if result: return pureldap.LDAPExtendedResponse( resultCode=ldaperrors.Success.resultCode, responseName=self. extendedRequest_LDAPPasswordModifyRequest.oid, ) else: raise ldaperrors.LDAPOperationsError("Internal error.") d.addCallback(cb_) return d