def test_nested_equal(self):
filter1 = pureldap.LDAPFilter_or([
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('foo'),
assertionValue=pureldap.LDAPAttributeValue('1')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('bar'),
assertionValue=pureldap.LDAPAttributeValue('2')),
pureldap.LDAPFilter_and([
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('baz'),
assertionValue=pureldap.LDAPAttributeValue('1')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('bob'),
assertionValue=pureldap.LDAPAttributeValue('2')),
]),
])
filter2 = pureldap.LDAPFilter_or([
pureldap.LDAPFilter_and([
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('bob'),
assertionValue=pureldap.LDAPAttributeValue('2')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('baz'),
assertionValue=pureldap.LDAPAttributeValue('1')),
]),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('bar'),
assertionValue=pureldap.LDAPAttributeValue('2')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('foo'),
assertionValue=pureldap.LDAPAttributeValue('1')),
])
self.assertEqual(filter1, filter2)
def _tryService(self, services, baseEntry, request, controls, reply):
try:
serviceName = services.pop(0)
except IndexError:
return None
timestamp = self.timestamp()
d = baseEntry.search(
filterObject=pureldap.LDAPFilter_and([
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
'objectClass'),
assertionValue=pureldap.LDAPAssertionValue(
'serviceSecurityObject')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('owner'),
assertionValue=pureldap.LDAPAssertionValue(request.dn)),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('cn'),
assertionValue=pureldap.LDAPAssertionValue(serviceName)),
pureldap.LDAPFilter_or([
# no time
pureldap.LDAPFilter_not(
pureldap.LDAPFilter_present('validFrom')),
# or already valid
pureldap.LDAPFilter_lessOrEqual(
attributeDesc=pureldap.LDAPAttributeDescription(
'validFrom'),
assertionValue=pureldap.LDAPAssertionValue(timestamp)),
]),
pureldap.LDAPFilter_or([
# no time
pureldap.LDAPFilter_not(
pureldap.LDAPFilter_present('validUntil')),
# or still valid
pureldap.LDAPFilter_greaterOrEqual(
attributeDesc=pureldap.LDAPAttributeDescription(
'validUntil'),
assertionValue=pureldap.LDAPAssertionValue(timestamp)),
]),
]),
attributes=('1.1', ))
def _gotEntries(entries):
if not entries:
return None
assert len(entries) == 1 #TODO
e = entries[0]
d = e.bind(request.auth)
return d
d.addCallback(_gotEntries)
d.addCallbacks(callback=self._loopIfNone,
callbackArgs=(services, baseEntry, request, controls,
reply),
errback=self._loopIfBindError,
errbackArgs=(services, baseEntry, request, controls,
reply))
return d
def test_andornot(self):
text = r"(&(!(|(cn=foo)(cn=bar)))(sn=a*b*c*d))"
filt = pureldap.LDAPFilter_and(
[
pureldap.LDAPFilter_not(
pureldap.LDAPFilter_or(
[
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
value="cn"
),
assertionValue=pureldap.LDAPAssertionValue(value="foo"),
),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
value="cn"
),
assertionValue=pureldap.LDAPAssertionValue(value="bar"),
),
]
)
),
pureldap.LDAPFilter_substrings(
type="sn",
substrings=[
pureldap.LDAPFilter_substrings_initial("a"),
pureldap.LDAPFilter_substrings_any("b"),
pureldap.LDAPFilter_substrings_any("c"),
pureldap.LDAPFilter_substrings_final("d"),
],
),
]
)
self.assertEqual(ldapfilter.parseFilter(text), filt)
self.assertEqual(filt.asText(), text)
def test_and_or(self):
text = "(&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))"
filt = pureldap.LDAPFilter_and(
[
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
value="objectClass"
),
assertionValue=pureldap.LDAPAssertionValue(value="Person"),
),
pureldap.LDAPFilter_or(
[
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(value="sn"),
assertionValue=pureldap.LDAPAssertionValue(value="Jensen"),
),
pureldap.LDAPFilter_substrings(
type="cn",
substrings=[
pureldap.LDAPFilter_substrings_initial(value="Babs J")
],
),
]
),
]
)
self.assertEqual(ldapfilter.parseFilter(text), filt)
self.assertEqual(filt.asText(), text)
def getGroups(hosts, e, filter):
"""Add group info to hosts."""
def buildFilter(hosts):
for host in hosts:
f = pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription("member"),
assertionValue=pureber.BEROctetString(str(host.dn)),
)
yield f
filt = pureldap.LDAPFilter_and(
value=(
# the only reason we do groups is for the bootFile,
# so require one to be present
pureldap.LDAPFilter_present("bootFile"),
pureldap.LDAPFilter_or(value=list(buildFilter(hosts))),
)
)
if filter:
filt = pureldap.LDAPFilter_and(value=(filter, filt))
d = e.search(filterObject=filt, attributes=["member", "bootFile"])
d.addCallback(_cbGetGroups, hosts)
return d
def test_andornot(self):
text = r'(&(!(|(cn=foo)(cn=bar)))(sn=a*b*c*d))'
filt = pureldap.LDAPFilter_and([
pureldap.LDAPFilter_not(
pureldap.LDAPFilter_or([
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
value='cn'),
assertionValue=pureldap.LDAPAssertionValue(
value='foo')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
value='cn'),
assertionValue=pureldap.LDAPAssertionValue(
value='bar')),
])),
pureldap.LDAPFilter_substrings(
type='sn',
substrings=[
pureldap.LDAPFilter_substrings_initial('a'),
pureldap.LDAPFilter_substrings_any('b'),
pureldap.LDAPFilter_substrings_any('c'),
pureldap.LDAPFilter_substrings_final('d'),
])
])
self.assertEqual(ldapfilter.parseFilter(text), filt)
self.assertEqual(filt.asText(), text)
def test_basic_or_not_equal(self):
filter1 = pureldap.LDAPFilter_or([
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('foo'),
assertionValue=pureldap.LDAPAttributeValue('1')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('bar'),
assertionValue=pureldap.LDAPAttributeValue('2')),
])
filter2 = pureldap.LDAPFilter_or([
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('bar'),
assertionValue=pureldap.LDAPAttributeValue('1')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('foo'),
assertionValue=pureldap.LDAPAttributeValue('1')),
])
self.assertNotEqual(filter1, filter2)
def _create_username_attribute_filter(self, username_matches):
"""
Creates filter requiring that at least one
of the username attributes match the specified value.
ex. {'uid': 'jack', 'mail': '*****@*****.**'} would require one of these
fields to be set to the specified value
"""
username_filters = self.dict_to_equality_filters(username_matches)
return pureldap.LDAPFilter_or(username_filters)
def test_or_item(self):
text = r'(|(cn=foo)(cn=bar))'
filt = pureldap.LDAPFilter_or([
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(value='cn'),
assertionValue=pureldap.LDAPAssertionValue(value='foo')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(value='cn'),
assertionValue=pureldap.LDAPAssertionValue(value='bar')),
])
self.assertEqual(ldapfilter.parseFilter(text), filt)
self.assertEqual(filt.asText(), text)
def test_or_noMatch(self):
o = inmemory.ReadOnlyInMemoryLDAPEntry(dn='cn=foo,dc=example,dc=com',
attributes={
'objectClass': ['a', 'b'],
'aValue': ['a'],
'bValue': ['b'],
})
result = o.match(
pureldap.LDAPFilter_or([
pureldap.LDAPFilter_present('cValue'),
pureldap.LDAPFilter_present('dValue'),
]))
self.assertEqual(result, False)
def test_or_noMatch(self):
o = inmemory.ReadOnlyInMemoryLDAPEntry(
dn="cn=foo,dc=example,dc=com",
attributes={
"objectClass": ["a", "b"],
"aValue": ["a"],
"bValue": ["b"],
},
)
result = o.match(
pureldap.LDAPFilter_or([
pureldap.LDAPFilter_present("cValue"),
pureldap.LDAPFilter_present("dValue"),
]))
self.assertEqual(result, False)
def test_or_item(self):
text = r"(|(cn=foo)(cn=bar))"
filt = pureldap.LDAPFilter_or(
[
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(value="cn"),
assertionValue=pureldap.LDAPAssertionValue(value="foo"),
),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(value="cn"),
assertionValue=pureldap.LDAPAssertionValue(value="bar"),
),
]
)
self.assertEqual(ldapfilter.parseFilter(text), filt)
self.assertEqual(filt.asText(), text)
def test_and_or(self):
text = '(&(objectClass=Person)(|(sn=Jensen)(cn=Babs J*)))'
filt = pureldap.LDAPFilter_and(
[ pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(value='objectClass'),
assertionValue=pureldap.LDAPAssertionValue(value='Person')),
pureldap.LDAPFilter_or([ pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(value='sn'),
assertionValue=pureldap.LDAPAssertionValue(value='Jensen')),
pureldap.LDAPFilter_substrings(
type='cn',
substrings=[ pureldap.LDAPFilter_substrings_initial(value='Babs J')
])
]),
])
self.assertEqual(ldapfilter.parseFilter(text), filt)
self.assertEqual(filt.asText(), text)
def _create_security_group_filter(self):
""" Create a filter that requires that the user is in the security group if one is provided.
Group must be either one of the user's memberof attributes or be the users primarygroup.
Returns:
None if we don't have a security gruop
LDAPFilter object if one is created
"""
if not self.factory.security_group:
defer.returnValue(None)
# Look for security_group_dn in the memberof attribute.
# This is the most common way a security_group_dn is tied to a user
group_match_mapping = {
'memberof': self.factory.security_group,
}
# If we want customers to be able to specify a primary group as their security_group_dn we need an extra search here
# to look up objectsid for the group. Then we can take the RID off the objectsid and use that for the
# primarygroupid comparison
try:
object_sid = yield self.get_object_sid_for_group(
self.factory.security_group)
except (InvalidSecurityGroupDn, MissingObjectSid,
utilities.InvalidSid) as e:
# We want to fail safely here because not all LDAP Servers may have an objectSID
if self.debug:
log.msg(
"Tried to search security group DN for object sid but it could not be found. Falling back to just checking memberOf. Error: {}"
.format(e))
else:
security_group_rid = object_sid.split('-')[-1]
group_match_mapping['primarygroupid'] = security_group_rid
group_match_filters = self.dict_to_equality_filters(
group_match_mapping)
group_filter = pureldap.LDAPFilter_or(group_match_filters)
defer.returnValue(group_filter)
return pureldap.LDAPFilter_extensibleMatch(matchingRule=matchingRule,
type=attr,
matchValue=value,
dnAttributes=dn)
extensible.setParseAction(_p_extensible)
item = simple ^ present ^ substring ^ extensible
item.setName('item')
item.leaveWhitespace()
not_ = Suppress(Literal('!')) + filter_
not_.setParseAction(lambda s, l, t: pureldap.LDAPFilter_not(t[0]))
not_.setName('not')
filterlist = OneOrMore(filter_)
or_ = Suppress(Literal('|')) + filterlist
or_.setParseAction(lambda s, l, t: pureldap.LDAPFilter_or(t))
or_.setName('or')
and_ = Suppress(Literal('&')) + filterlist
and_.setParseAction(lambda s, l, t: pureldap.LDAPFilter_and(t))
and_.setName('and')
filtercomp = and_ | or_ | not_ | item
filtercomp.setName('filtercomp')
filter_ << (Suppress(Literal('(').leaveWhitespace()) + filtercomp +
Suppress(Literal(')').leaveWhitespace()))
filter_.setName('filter')
filtercomp.leaveWhitespace()
filter_.leaveWhitespace()
toplevel = (StringStart().leaveWhitespace() + filter_ +
StringEnd().leaveWhitespace())
toplevel.leaveWhitespace()
class KnownValues(unittest.TestCase):
knownValues = ( # class, args, kwargs, expected_result
(pureldap.LDAPModifyRequest, [], {
"object":
'cn=foo, dc=example, dc=com',
"modification": [
pureber.BERSequence([
pureber.BEREnumerated(0),
pureber.BERSequence([
pureldap.LDAPAttributeDescription('bar'),
pureber.BERSet([
pureldap.LDAPString('a'),
pureldap.LDAPString('b'),
]),
]),
]),
],
}, None, [0x66, 50] +
([0x04, 0x1a] + l("cn=foo, dc=example, dc=com") + [0x30, 20] +
([0x30, 18] +
([0x0a, 0x01, 0x00] + [0x30, 13] +
([0x04, len("bar")] + l("bar") + [0x31, 0x06] +
([0x04, len("a")] + l("a") + [0x04, len("b")] + l("b"))))))),
(pureldap.LDAPModifyRequest, [], {
"object":
'cn=foo, dc=example, dc=com',
"modification": [
pureber.BERSequence([
pureber.BEREnumerated(1L),
pureber.BERSequence([
pureber.BEROctetString('bar'),
pureber.BERSet([]),
]),
]),
],
}, None, [0x66, 0x2c] +
([0x04, 0x1a] + l("cn=foo, dc=example, dc=com") + [0x30, 0x0e] +
([0x30, 0x0c] + ([0x0a, 0x01, 0x01] + [0x30, 0x07] +
([0x04, 0x03] + l("bar") + [0x31, 0x00]))))),
(pureldap.LDAPFilter_not, [], {
"value": pureldap.LDAPFilter_present("foo"),
},
pureldap.LDAPBERDecoderContext_Filter(
fallback=pureber.BERDecoderContext()),
[0xa2, 0x05] + [0x87] + [len("foo")] + l("foo")),
(
pureldap.LDAPFilter_or,
[],
{
"value": [
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
value='cn'),
assertionValue=pureldap.LDAPAssertionValue(
value='foo')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
value='uid'),
assertionValue=pureldap.LDAPAssertionValue(
value='foo')),
]
},
pureldap.LDAPBERDecoderContext_Filter(
fallback=pureber.BERDecoderContext()),
[0xa1, 23] + [0xa3, 9] + [0x04] + [len("cn")] + l("cn") + [0x04] +
[len("foo")] + l("foo") + [0xa3, 10] + [0x04] + [len("uid")] +
l("uid") + [0x04] + [len("foo")] + l("foo"),
),
(
pureldap.LDAPFilter_and,
[],
{
"value": [
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
value='cn'),
assertionValue=pureldap.LDAPAssertionValue(
value='foo')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
value='uid'),
assertionValue=pureldap.LDAPAssertionValue(
value='foo')),
]
},
pureldap.LDAPBERDecoderContext_Filter(
fallback=pureber.BERDecoderContext()),
[0xa0, 23] + [0xa3, 9] + [0x04] + [len("cn")] + l("cn") + [0x04] +
[len("foo")] + l("foo") + [0xa3, 10] + [0x04] + [len("uid")] +
l("uid") + [0x04] + [len("foo")] + l("foo"),
),
(pureldap.LDAPModifyDNRequest, [], {
'entry': 'cn=foo,dc=example,dc=com',
'newrdn': 'uid=bar',
'deleteoldrdn': 0,
}, None, [0x6c, 0x26] + [0x04] + [len("cn=foo,dc=example,dc=com")] +
l("cn=foo,dc=example,dc=com") + [0x04] + [len("uid=bar")] +
l("uid=bar") + [0x01, 0x01, 0x00]),
(pureldap.LDAPModifyDNRequest, [], {
'entry': 'cn=aoue,dc=example,dc=com',
'newrdn': 'uid=aoue',
'deleteoldrdn': 0,
'newSuperior': 'ou=People,dc=example,dc=com',
}, None, [0x6c, 69] + [0x04] + [len("cn=aoue,dc=example,dc=com")] +
l("cn=aoue,dc=example,dc=com") + [0x04] + [len("uid=aoue")] +
l("uid=aoue") + [0x01, 0x01, 0x00] + [0x80] +
[len("ou=People,dc=example,dc=com")] +
l("ou=People,dc=example,dc=com")),
(
pureldap.LDAPSearchRequest,
[],
{
'baseObject': 'dc=yoja,dc=example,dc=com',
},
None,
[0x63, 57] + [0x04] + [len('dc=yoja,dc=example,dc=com')] +
l('dc=yoja,dc=example,dc=com')
# scope
+ [0x0a, 1, 2]
# derefAliases
+ [0x0a, 1, 0]
# sizeLimit
+ [0x02, 1, 0]
# timeLimit
+ [0x02, 1, 0]
# typesOnly
+ [0x01, 1, 0]
# filter
+ [135, 11] + l('objectClass')
# attributes
+ [48, 0]),
(pureldap.LDAPUnbindRequest, [], {}, None, [0x42, 0x00]),
(
pureldap.LDAPSearchResultDone,
[],
{
'resultCode': 0,
},
None,
[0x65, 0x07]
# resultCode
+ [0x0a, 0x01, 0x00]
# matchedDN
+ [0x04] + [len('')] + l('')
# errorMessage
+ [0x04] + [len('')] + l('')
# referral, TODO
+ []),
(
pureldap.LDAPSearchResultDone,
[],
{
'resultCode': 0,
'matchedDN': 'dc=foo,dc=example,dc=com',
},
None,
[0x65, 31]
# resultCode
+ [0x0a, 0x01, 0x00]
# matchedDN
+ [0x04] + [len('dc=foo,dc=example,dc=com')] +
l('dc=foo,dc=example,dc=com')
# errorMessage
+ [0x04] + [len('')] + l('')
# referral, TODO
+ []),
(
pureldap.LDAPSearchResultDone,
[],
{
'resultCode': 0,
'matchedDN': 'dc=foo,dc=example,dc=com',
'errorMessage': 'the foobar was fubar',
},
None,
[0x65, 51]
# resultCode
+ [0x0a, 0x01, 0x00]
# matchedDN
+ [0x04] + [len('dc=foo,dc=example,dc=com')] +
l('dc=foo,dc=example,dc=com')
# errorMessage
+ [0x04] + [len('the foobar was fubar')] +
l('the foobar was fubar', )
# referral, TODO
+ []),
(
pureldap.LDAPSearchResultDone,
[],
{
'resultCode': 0,
'errorMessage': 'the foobar was fubar',
},
None,
[0x65, 27]
# resultCode
+ [0x0a, 0x01, 0x00]
# matchedDN
+ [0x04] + [len('')] + l('')
# errorMessage
+ [0x04] + [len('the foobar was fubar')] +
l('the foobar was fubar', )
# referral, TODO
+ []),
(
pureldap.LDAPMessage,
[],
{
'id': 42,
'value': pureldap.LDAPBindRequest(),
},
pureldap.LDAPBERDecoderContext_TopLevel(
inherit=pureldap.LDAPBERDecoderContext_LDAPMessage(
fallback=pureldap.LDAPBERDecoderContext(
fallback=pureber.BERDecoderContext()),
inherit=pureldap.LDAPBERDecoderContext(
fallback=pureber.BERDecoderContext()))),
[0x30, 12]
# id
+ [0x02, 0x01, 42]
# value
+ l(str(pureldap.LDAPBindRequest()))),
(
pureldap.LDAPControl,
[],
{
'controlType': '1.2.3.4',
},
None,
[0x30, 9]
# controlType
+ [0x04, 7] + l("1.2.3.4")),
(
pureldap.LDAPControl,
[],
{
'controlType': '1.2.3.4',
'criticality': True,
},
None,
[0x30, 12]
# controlType
+ [0x04, 7] + l("1.2.3.4")
# criticality
+ [0x01, 1, 0xFF]),
(
pureldap.LDAPControl,
[],
{
'controlType': '1.2.3.4',
'criticality': True,
'controlValue': 'silly',
},
None,
[0x30, 19]
# controlType
+ [0x04, 7] + l("1.2.3.4")
# criticality
+ [0x01, 1, 0xFF]
# controlValue
+ [0x04, len("silly")] + l("silly")),
(
pureldap.LDAPMessage,
[],
{
'id':
42,
'value':
pureldap.LDAPBindRequest(),
'controls': [
('1.2.3.4', None, None),
('2.3.4.5', False),
('3.4.5.6', True, '\x00\x01\x02\xFF'),
],
},
pureldap.LDAPBERDecoderContext_TopLevel(
inherit=pureldap.LDAPBERDecoderContext_LDAPMessage(
fallback=pureldap.LDAPBERDecoderContext(
fallback=pureber.BERDecoderContext()),
inherit=pureldap.LDAPBERDecoderContext(
fallback=pureber.BERDecoderContext()))),
[0x30, 59]
# id
+ [0x02, 0x01, 42]
# value
+ l(str(pureldap.LDAPBindRequest()))
# controls
+ l(
str(
pureldap.LDAPControls(value=[
pureldap.LDAPControl(controlType='1.2.3.4'),
pureldap.LDAPControl(controlType='2.3.4.5',
criticality=False),
pureldap.LDAPControl(controlType='3.4.5.6',
criticality=True,
controlValue='\x00\x01\x02\xFF'),
]))),
),
(pureldap.LDAPFilter_equalityMatch, [], {
'attributeDesc': pureldap.LDAPAttributeDescription('cn'),
'assertionValue': pureldap.LDAPAssertionValue('foo'),
},
pureldap.LDAPBERDecoderContext_Filter(
fallback=pureldap.LDAPBERDecoderContext(
fallback=pureber.BERDecoderContext()),
inherit=pureldap.LDAPBERDecoderContext(
fallback=pureber.BERDecoderContext())),
[0xa3, 9] + ([0x04, 2] + l('cn') + [0x04, 3] + l('foo'))),
(pureldap.LDAPFilter_or, [[
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('cn'),
assertionValue=pureldap.LDAPAssertionValue('foo')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('uid'),
assertionValue=pureldap.LDAPAssertionValue('foo')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('mail'),
assertionValue=pureldap.LDAPAssertionValue('foo')),
pureldap.LDAPFilter_substrings(
type='mail',
substrings=[pureldap.LDAPFilter_substrings_initial('foo@')]),
]], {},
pureldap.LDAPBERDecoderContext_Filter(
fallback=pureldap.LDAPBERDecoderContext(
fallback=pureber.BERDecoderContext()),
inherit=pureldap.LDAPBERDecoderContext(
fallback=pureber.BERDecoderContext())), [0xA1, 52] +
([0xa3, 9] +
([0x04, 2] + l('cn') + [0x04, 3] + l('foo')) + [0xa3, 10] +
([0x04, 3] + l('uid') + [0x04, 3] + l('foo')) + [0xa3, 11] +
([0x04, 4] + l('mail') + [0x04, 3] + l('foo')) + [0xa4, 14] +
([0x04, 4] + l('mail') + [0x30, 6] + ([0x80, 4] + l('foo@'))))),
(pureldap.LDAPSearchRequest, [], {
'baseObject':
'dc=example,dc=com',
'scope':
pureldap.LDAP_SCOPE_wholeSubtree,
'derefAliases':
pureldap.LDAP_DEREF_neverDerefAliases,
'sizeLimit':
1,
'timeLimit':
0,
'typesOnly':
False,
'filter':
pureldap.LDAPFilter_or([
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('cn'),
assertionValue=pureldap.LDAPAssertionValue('foo')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('uid'),
assertionValue=pureldap.LDAPAssertionValue('foo')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription('mail'),
assertionValue=pureldap.LDAPAssertionValue('foo')),
pureldap.LDAPFilter_substrings(
type='mail',
substrings=[
pureldap.LDAPFilter_substrings_initial('foo@')
]),
]),
'attributes': [''],
},
pureldap.LDAPBERDecoderContext_LDAPMessage(
fallback=pureldap.LDAPBERDecoderContext(
fallback=pureber.BERDecoderContext()),
inherit=pureldap.LDAPBERDecoderContext(
fallback=pureber.BERDecoderContext())), [0x63, 92] +
([0x04, 17] + l('dc=example,dc=com') + [0x0a, 1, 0x02] +
[0x0a, 1, 0x00] + [0x02, 1, 0x01] + [0x02, 1, 0x00] +
[0x01, 1, 0x00] + [0xA1, 52] +
([0xa3, 9] +
([0x04, 2] + l('cn') + [0x04, 3] + l('foo')) + [0xa3, 10] +
([0x04, 3] + l('uid') + [0x04, 3] + l('foo')) + [0xa3, 11] +
([0x04, 4] + l('mail') + [0x04, 3] + l('foo')) + [0xa4, 14] +
([0x04, 4] + l('mail') + [0x30, 6] +
([0x80, 4] + l('foo@')))) + [0x30, 2] + ([0x04, 0]))),
(
pureldap.LDAPMessage,
[],
{
'id':
1L,
'value':
pureldap.LDAPSearchRequest(
baseObject='dc=example,dc=com',
scope=pureldap.LDAP_SCOPE_wholeSubtree,
derefAliases=pureldap.LDAP_DEREF_neverDerefAliases,
sizeLimit=1,
timeLimit=0,
typesOnly=False,
filter=pureldap.LDAPFilter_or([
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
'cn'),
assertionValue=pureldap.LDAPAssertionValue('foo')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
'uid'),
assertionValue=pureldap.LDAPAssertionValue('foo')),
pureldap.LDAPFilter_equalityMatch(
attributeDesc=pureldap.LDAPAttributeDescription(
'mail'),
assertionValue=pureldap.LDAPAssertionValue('foo')),
pureldap.LDAPFilter_substrings(
type='mail',
substrings=[
pureldap.LDAPFilter_substrings_initial('foo@')
]),
]),
attributes=[''],
),
},
pureldap.LDAPBERDecoderContext_TopLevel(
inherit=pureldap.LDAPBERDecoderContext_LDAPMessage(
fallback=pureldap.LDAPBERDecoderContext(
fallback=pureber.BERDecoderContext()),
inherit=pureldap.LDAPBERDecoderContext(
fallback=pureber.BERDecoderContext()))),
[0x30, 97]
# id
+ [0x02, 1, 1]
# value
+ [0x63, 92] +
([0x04, 17] + l('dc=example,dc=com') + [0x0a, 1, 0x02] +
[0x0a, 1, 0x00] + [0x02, 1, 0x01] + [0x02, 1, 0x00] +
[0x01, 1, 0x00] + [0xA1, 52] +
([0xa3, 9] +
([0x04, 2] + l('cn') + [0x04, 3] + l('foo')) + [0xa3, 10] +
([0x04, 3] + l('uid') + [0x04, 3] + l('foo')) + [0xa3, 11] +
([0x04, 4] + l('mail') + [0x04, 3] + l('foo')) + [0xa4, 14] +
([0x04, 4] + l('mail') + [0x30, 6] +
([0x80, 4] + l('foo@')))) + [0x30, 2] + ([0x04, 0]))),
(pureldap.LDAPExtendedRequest, [], {
'requestName': '42.42.42',
'requestValue': 'foo',
}, None, [0x40 | 0x20 | 23, 1 + 1 + 8 + 1 + 1 + 3] +
([0x80 | 0] + [len('42.42.42')] + l('42.42.42')) +
([0x80 | 1] + [len('foo')] + l('foo'))),
)
def testToLDAP(self):
"""str(LDAPClass(...)) should give known result with known input"""
for klass, args, kwargs, decoder, encoded in self.knownValues:
result = klass(*args, **kwargs)
result = str(result)
result = map(ord, result)
if result != encoded:
raise AssertionError, \
"Class %s(*%s, **%s) doesn't encode properly: " \
"%s != %s" % (klass.__name__,
repr(args), repr(kwargs),
repr(result), repr(encoded))
def testFromLDAP(self):
"""LDAPClass(encoded="...") should give known result with known input"""
for klass, args, kwargs, decoder, encoded in self.knownValues:
if decoder is None:
decoder = pureldap.LDAPBERDecoderContext(
fallback=pureber.BERDecoderContext())
m = s(*encoded)
result, bytes = pureber.berDecodeObject(decoder, m)
self.assertEquals(bytes, len(m))
shouldBe = klass(*args, **kwargs)
#TODO shouldn't use str below
assert str(result)==str(shouldBe), \
"Class %s(*%s, **%s) doesn't decode properly: " \
"%s != %s" % (klass.__name__,
repr(args), repr(kwargs),
repr(result), repr(shouldBe))
def testPartial(self):
"""LDAPClass(encoded="...") with too short input should throw BERExceptionInsufficientData"""
for klass, args, kwargs, decoder, encoded in self.knownValues:
if decoder is None:
decoder = pureldap.LDAPBERDecoderContext(
fallback=pureber.BERDecoderContext())
for i in xrange(1, len(encoded)):
m = s(*encoded)[:i]
self.assertRaises(pureber.BERExceptionInsufficientData,
pureber.berDecodeObject, decoder, m)
self.assertEquals((None, 0), pureber.berDecodeObject(decoder, ''))
