def test_search(self): """ When performing an LDAP search against the server; the search results and a single "search done" response is written to the transport. """ server = self.createServer( [pureldap.LDAPBindResponse(resultCode=0)], [ pureldap.LDAPSearchResultEntry('cn=foo,dc=example,dc=com', [('a', ['b'])]), pureldap.LDAPSearchResultEntry('cn=bar,dc=example,dc=com', [('b', ['c'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode) ], ) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2).toWire()) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3).toWire()) server.reactor.advance(1) self.assertEqual( server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=foo,dc=example,dc=com', [('a', ['b'])]), id=3).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=bar,dc=example,dc=com', [('b', ['c'])]), id=3).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=3).toWire())
def test_search(self): server = self.createServer( [ pureldap.LDAPBindResponse(resultCode=0), ], [ pureldap.LDAPSearchResultEntry("cn=foo,dc=example,dc=com", [("a", ["b"])]), pureldap.LDAPSearchResultEntry("cn=bar,dc=example,dc=com", [("b", ["c"])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ], ) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2).toWire()) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3).toWire()) reactor.iterate() # TODO self.assertEqual( server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2).toWire() + pureldap.LDAPMessage( pureldap.LDAPSearchResultEntry("cn=foo,dc=example,dc=com", [("a", ["b"])]), id=3, ).toWire() + pureldap.LDAPMessage( pureldap.LDAPSearchResultEntry("cn=bar,dc=example,dc=com", [("b", ["c"])]), id=3, ).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=3).toWire(), )
def test_intercepted_search_response(self): """ When performing an LDAP search against the server; the search results are intercepted and modified by the proxy. """ server = self.createServer([pureldap.LDAPBindResponse(resultCode=0)], [ pureldap.LDAPSearchResultEntry('cn=foo,dc=example,dc=com', [('a', ['b'])]), pureldap.LDAPSearchResultEntry('cn=bar,dc=example,dc=com', [('b', ['c'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode) ], protocol=ResponseInterceptingProxy) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2).toWire()) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3).toWire()) server.reactor.advance(1) server.reactor.advance(5) self.assertEqual( server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=foo,dc=example,dc=com', [('a', ['b']), ('frotz', ['xyzzy'])]), id=3).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=bar,dc=example,dc=com', [('b', ['c']), ('frotz', ['xyzzy'])]), id=3).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=3).toWire())
def test_bind_noMatchingServicesFound_fallback_success(self): server = self.createServer( services=['svc1', 'svc2', 'svc3', ], fallback=True, responses=[ [ pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode) ], [ pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode) ], [ pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode) ], [ pureldap.LDAPBindResponse(resultCode=ldaperrors.Success.resultCode) ], ]) server.dataReceived(str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(dn='cn=jack,dc=example,dc=com', auth='s3krit'), id=4))) reactor.iterate() #TODO client = server.client client.assertSent( pureldap.LDAPSearchRequest(baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter('(&' +'(objectClass=serviceSecurityObject)' +'(owner=cn=jack,dc=example,dc=com)' +'(cn=svc1)' +('(|(!(validFrom=*))(validFrom<=%s))' % server.now) +('(|(!(validUntil=*))(validUntil>=%s))' % server.now) +')'), attributes=('1.1',)), pureldap.LDAPSearchRequest(baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter('(&' +'(objectClass=serviceSecurityObject)' +'(owner=cn=jack,dc=example,dc=com)' +'(cn=svc2)' +('(|(!(validFrom=*))(validFrom<=%s))' % server.now) +('(|(!(validUntil=*))(validUntil>=%s))' % server.now) +')'), attributes=('1.1',)), pureldap.LDAPSearchRequest(baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter('(&' +'(objectClass=serviceSecurityObject)' +'(owner=cn=jack,dc=example,dc=com)' +'(cn=svc3)' +('(|(!(validFrom=*))(validFrom<=%s))' % server.now) +('(|(!(validUntil=*))(validUntil>=%s))' % server.now) +')'), attributes=('1.1',)), pureldap.LDAPBindRequest(dn='cn=jack,dc=example,dc=com', auth='s3krit')) self.assertEquals(server.transport.value(), str(pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=ldaperrors.Success.resultCode), id=4)))
def testSimple(self): client = LDAPClientTestDriver( [ pureldap.LDAPSearchResultEntry( objectName='', attributes=( ('subschemaSubentry', ['cn=Subschema']), ('bar', ['b', 'c']), ), ), pureldap.LDAPSearchResultDone( resultCode=0, matchedDN='', errorMessage='') ], [ pureldap.LDAPSearchResultEntry( objectName='cn=Subschema', attributes=( ('attributeTypes', [self.cn]), ('objectClasses', [self.dcObject]), ), ), pureldap.LDAPSearchResultDone( resultCode=0, matchedDN='', errorMessage='') ], ) d = fetchschema.fetch(client, 'dc=example,dc=com') d.addCallback(self._cb_testSimple, client) return d
def test_search(self): server = self.createServer( [ pureldap.LDAPBindResponse(resultCode=0), ], [ pureldap.LDAPSearchResultEntry('cn=foo,dc=example,dc=com', [('a', ['b'])]), pureldap.LDAPSearchResultEntry('cn=bar,dc=example,dc=com', [('b', ['c'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ], ) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2))) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3))) reactor.iterate() #TODO self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage( pureldap.LDAPBindResponse(resultCode=0), id=2)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=foo,dc=example,dc=com', [('a', ['b'])]), id=3)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=bar,dc=example,dc=com', [('b', ['c'])]), id=3)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=3)))
def test_intercepted_search_request(self): """ When performing an LDAP search against the server; the requests are intercepted and custom responses are written to the transport. """ server = self.createServer([pureldap.LDAPBindResponse(resultCode=0)], [ pureldap.LDAPSearchResultEntry('cn=foo,dc=example,dc=com', [('a', ['b'])]), pureldap.LDAPSearchResultEntry('cn=bar,dc=example,dc=com', [('b', ['c'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ], protocol=RequestInterceptingProxy) server.responses = [ pureldap.LDAPSearchResultEntry('cn=xyzzy,dc=example,dc=com', [('frobnitz', ['zork'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode) ] server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=1))) server.reactor.advance(1) self.assertEqual(len(server.clientTestDriver.sent), 0) self.assertEqual( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=xyzzy,dc=example,dc=com', [('frobnitz', ['zork'])]), id=1)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=1)))
def testSimple(self): client = LDAPClientTestDriver( [ pureldap.LDAPSearchResultEntry( objectName="", attributes=( ("subschemaSubentry", ["cn=Subschema"]), ("bar", ["b", "c"]), ), ), pureldap.LDAPSearchResultDone( resultCode=0, matchedDN="", errorMessage=""), ], [ pureldap.LDAPSearchResultEntry( objectName="cn=Subschema", attributes=( ("attributeTypes", [self.cn]), ("objectClasses", [self.dcObject]), ), ), pureldap.LDAPSearchResultDone( resultCode=0, matchedDN="", errorMessage=""), ], ) d = fetchschema.fetch(client, "dc=example,dc=com") d.addCallback(self._cb_testSimple, client) return d
def test_send_multiResponse_with_handler(self): client, transport = self.create_test_client() client.debug = True op = self.create_test_search_req() results = [] def collect_result_(result): results.append(result) if isinstance(result, pureldap.LDAPSearchResultDone): return True return False client.send_multiResponse(op, collect_result_) expected_value = pureldap.LDAPMessage(op) expected_value.id -= 1 expected_bytestring = expected_value.toWire() self.assertEqual(transport.value(), expected_bytestring) response = pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( "cn=foo,ou=baz,dc=example,dc=net", {}), id=expected_value.id) resp_bytestring = response.toWire() client.dataReceived(resp_bytestring) response = pureldap.LDAPMessage(pureldap.LDAPSearchResultDone(0), id=expected_value.id) resp_bytestring = response.toWire() client.dataReceived(resp_bytestring) self.assertEqual(response.value, results[1])
def test_realm_mapping_succeeds_case_sensitive(self): marker = 'markerSecret' password = '******' service_dn = 'uid=passthrough,cn=users,dc=test,dc=local' dn = 'uid=Hugo,cn=users,dc=test,DC=LOCAL' server, client = self.create_server_and_client( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('someattr', ['somevalue'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client.bind(service_dn, 'service-secret') # Assert that Proxy<->Backend uses the correct credentials server.client.assertSent( pureldap.LDAPBindRequest(dn=service_dn, auth='service-secret'), ) # Perform a simple search in the context of the service account entry = LDAPEntry(client, dn) r = yield entry.search('(|(objectClass=*)(objectclass=App-%s))' % marker, scope=pureldap.LDAP_SCOPE_baseObject) # sleep half a second and then try to bind as hugo time.sleep(0.5) server2, client2 = self.create_server_and_client([ pureldap.LDAPBindResponse( resultCode=0), # for service account (successful hugo bind) ]) yield client2.bind( dn.lower(), password) # this will work even though the DN has differing case self.assertEqual(self.privacyidea.authentication_requests, [('hugo', 'realmSecret', password, True)]) time.sleep(1) # to clean the reactor
def assertSearchResults(self, results=None, resultCode=0): """ Shortcut for checking results returned by test server on LDAPSearchRequest. Results must be prepared as a list of dictionaries with 'objectName' and 'attributes' keys """ if results is None: results = [] messages = [] for result in results: message = pureldap.LDAPMessage( pureldap.LDAPSearchResultEntry( objectName=result['objectName'], attributes=result['attributes'] ), id=2 ) messages.append(message) messages.append( pureldap.LDAPMessage( pureldap.LDAPSearchResultDone(resultCode=resultCode), id=2 ) ) six.assertCountEqual( self, self._makeResultList(self.server.transport.value()), [msg.toWire() for msg in messages] )
def test_simple_bind(self): dn = 'uid=thegreathugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client() service_account_client = self.inject_service_account_server( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('sAMAccountName', ['hugo'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client.bind(dn, 'secret') # Assert that Proxy<->Backend (the actual connection) did not send anything server.client.assertNothingSent() # Assert that Proxy<->Backend (the lookup connection) did send something service_account_client.assertSent( pureldap.LDAPBindRequest( dn='uid=service,cn=users,dc=test,dc=local', auth='service-secret'), pureldap.LDAPSearchRequest( baseObject='uid=thegreathugo,cn=users,dc=test,dc=local', scope=0, derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=pureldap.LDAPFilter_present(value='objectClass'), attributes=()), 'fake-unbind-by-LDAPClientTestDriver')
def test_rootDSE(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPSearchRequest( baseObject='', scope=pureldap.LDAP_SCOPE_baseObject, filter=pureldap.LDAPFilter_present('objectClass'), ), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='', attributes=[ ('supportedLDAPVersion', ['3']), ('namingContexts', ['dc=example,dc=com']), ('supportedExtension', [ pureldap.LDAPPasswordModifyRequest.oid, ]), ]), id=2)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( resultCode=ldaperrors.Success.resultCode), id=2)), )
def test_search_scope_oneLevel(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPSearchRequest( baseObject='ou=stuff,dc=example,dc=com', scope=pureldap.LDAP_SCOPE_singleLevel, ), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='cn=thingie,ou=stuff,dc=example,dc=com', attributes=[ ('objectClass', ['a', 'b']), ('cn', ['thingie']), ]), id=2)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='cn=another,ou=stuff,dc=example,dc=com', attributes=[ ('objectClass', ['a', 'b']), ('cn', ['another']), ]), id=2)) + str( pureldap.LDAPMessage( pureldap.LDAPSearchResultDone(resultCode=0), id=2)), )
def test_search_scope_wholeSubtree(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPSearchRequest( baseObject='ou=stuff,dc=example,dc=com', scope=pureldap.LDAP_SCOPE_wholeSubtree), id=2))) self.assertItemsEqual( self._makeResultList(self.server.transport.value()), [ str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='ou=stuff,dc=example,dc=com', attributes=[('objectClass', ['a', 'b']), ('ou', ['stuff'])]), id=2)), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='cn=another,ou=stuff,dc=example,dc=com', attributes=[('objectClass', ['a', 'b']), ('cn', ['another'])]), id=2)), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='cn=thingie,ou=stuff,dc=example,dc=com', attributes=[('objectClass', ['a', 'b']), ('cn', ['thingie'])]), id=2)), str( pureldap.LDAPMessage( pureldap.LDAPSearchResultDone(resultCode=0), id=2)) ])
def test_search_matchAll_manyResults(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPSearchRequest( baseObject='ou=stuff,dc=example,dc=com'), id=2))) six.assertCountEqual( self, [ str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='ou=stuff,dc=example,dc=com', attributes=[('objectClass', ['a', 'b']), ('ou', ['stuff'])]), id=2)), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='cn=another,ou=stuff,dc=example,dc=com', attributes=[('objectClass', ['a', 'b']), ('cn', ['another'])]), id=2)), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='cn=thingie,ou=stuff,dc=example,dc=com', attributes=[('objectClass', ['a', 'b']), ('cn', ['thingie'])]), id=2)), str( pureldap.LDAPMessage( pureldap.LDAPSearchResultDone(resultCode=0), id=2)) ], self._makeResultList(self.server.transport.value()))
def test_simple_search(self): dn = 'uid=hugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('someattr', ['somevalue'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client.bind(dn, 'secret') # Assert that Proxy<->Backend uses the correct credentials server.client.assertSent( pureldap.LDAPBindRequest( dn='uid=service,cn=users,dc=test,dc=local', auth='service-secret'), ) # Perform a simple search in the context of the service account entry = LDAPEntry(client, dn) results = yield entry.search('(objectClass=*)', scope=pureldap.LDAP_SCOPE_baseObject) self.assertEqual(len(results), 1) self.assertEqual(len(results[0]['someattr']), 1) (value, ) = results[0]['someattr'] self.assertEqual(value, 'somevalue')
def test_realm_mapping_fails_wrong_password(self): marker = 'markerSecret' realm = 'realmSecret' password = '******' # this is the wrong password! service_dn = 'uid=passthrough,cn=users,dc=test,dc=local' dn = 'uid=hugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('someattr', ['somevalue'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client.bind(service_dn, 'service-secret') # Assert that Proxy<->Backend uses the correct credentials server.client.assertSent( pureldap.LDAPBindRequest(dn=service_dn, auth='service-secret'), ) # Perform a simple search in the context of the service account entry = LDAPEntry(client, dn) r = yield entry.search('(|(objectClass=*)(objectclass=App-%s))' % marker, scope=pureldap.LDAP_SCOPE_baseObject) # sleep a second and then try to bind as hugo time.sleep(0.5) server2, client2 = self.create_server_and_client([ pureldap.LDAPBindResponse( resultCode=0), # for service account (successful hugo bind) ]) d = client2.bind(dn, password) yield self.assertFailure(d, ldaperrors.LDAPInvalidCredentials) self.assertEqual(self.privacyidea.authentication_requests, [('hugo', realm, password, False)]) time.sleep(1) # to clean the reactor
def test_realm_mapping_fails_fake_search_by_user(self): service_dn = 'uid=passthrough,cn=users,dc=test,dc=local' dn = 'uid=hugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('someattr', ['somevalue'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client.bind(service_dn, 'service-secret') # Assert that Proxy<->Backend uses the correct credentials server.client.assertSent( pureldap.LDAPBindRequest(dn=service_dn, auth='service-secret'), ) # Perform a simple search in the context of the service account entry = LDAPEntry(client, dn) r = yield entry.search( '(|(objectClass=*)(objectcLAsS=App-markerSecret))', scope=pureldap.LDAP_SCOPE_baseObject) # sleep half a second and then try to bind as hugo time.sleep(0.5) server2, client2 = self.create_server_and_client( [ pureldap.LDAPBindResponse( resultCode=0 ), # for service account (successful hugo bind) ], [ pureldap.LDAPSearchResultEntry( dn, [('someattr', ['somevalue'])]), # hugo's search pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client2.bind(dn, 'secret') self.assertEqual(self.privacyidea.authentication_requests, [('hugo', 'realmSecret', 'secret', True)]) # Perform another search in hugo's context entry2 = LDAPEntry(client2, dn) r = yield entry2.search( '(|(objectClass=*)(objectcLAsS=App-markerOfficial))', scope=pureldap.LDAP_SCOPE_baseObject) self.assertTrue( server.factory.app_cache.get_cached_marker(dn) in ('markerSecret', None)) time.sleep(1) # to clean the reactor
def getRootDSE(self, request, reply): reply(pureldap.LDAPSearchResultEntry( objectName='', attributes=[('supportedLDAPVersion', ['3']), ('objectClass', ['LiteAuthLDAProotDSE']), ('namingContexts', ['dc=liteauth']), ('supportedExtension', [b'1.2.840.113556.1.4.319'])] )) return pureldap.LDAPSearchResultDone( resultCode=ldaperrors.Success.resultCode)
def getRootDSE(self, request, reply): root = interfaces.IConnectedLDAPEntry(self.factory) reply(pureldap.LDAPSearchResultEntry( objectName='', attributes=[('supportedLDAPVersion', ['3']), ('namingContexts', [str(root.dn)]), ('supportedExtension', [ pureldap.LDAPPasswordModifyRequest.oid, ]), ], )) return pureldap.LDAPSearchResultDone( resultCode=ldaperrors.Success.resultCode)
def test_search_matchAll_oneResult_filteredNoAttribsRemaining(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPSearchRequest( baseObject='cn=thingie,ou=stuff,dc=example,dc=com', attributes=['xyzzy']), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage( pureldap.LDAPSearchResultDone(resultCode=0), id=2)))
def test_search_outOfTree(self): self.server.dataReceived( str( pureldap.LDAPMessage( pureldap.LDAPSearchRequest(baseObject='dc=invalid'), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( resultCode=ldaperrors.LDAPNoSuchObject.resultCode), id=2)))
def test_unknown_user(self): dn = 'uid=thegreathugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client() service_account_client = self.inject_service_account_server( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultDone( ldaperrors.LDAPNoSuchObject.resultCode), ]) d = client.bind(dn, 'secret') return self.assertFailure(d, ldaperrors.LDAPInvalidCredentials)
def test_wrong_credentials(self): dn = 'uid=hugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('someattr', ['somevalue'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) d = client.bind(dn, 'wrong') return self.assertFailure(d, ldaperrors.LDAPInvalidCredentials)
def test_send_multiResponse(self): client, transport = self.create_test_client() op = self.create_test_search_req() d = client.send_multiResponse(op, None) expected_value = pureldap.LDAPMessage(op) expected_value.id -= 1 expected_bytestring = expected_value.toWire() self.assertEqual(transport.value(), expected_bytestring) response = pureldap.LDAPMessage(pureldap.LDAPSearchResultDone(0), id=expected_value.id) resp_bytestring = response.toWire() client.dataReceived(resp_bytestring) self.assertEqual(response.value, self.successResultOf(d))
def buildReply(data): global lastDomain msg, bytes = pureber.berDecodeObject(berdecoder, data) msgId = msg.id print msgId msg = msg.value assert isinstance(msg, pureldap.LDAPProtocolRequest) print msg.__class__.__name__ print msg.baseObject print msg.scope domain = findDomain(msg.filter) if (domain.endswith('.')): domain = domain[0:-1] print "Received search for domain: %s" % domain lastDomain = domain.split('.') x = nbt.NETLOGON_SAM_LOGON_RESPONSE_EX() x.command = 23 x.sbz = 0 x.server_type = 0x000003fd x.domain_uuid = misc.GUID("6cb2d967-f2b7-4c93-bce1-d943eda330a1") x.forest = '.'.join(lastDomain) x.dns_domain = '.'.join(lastDomain) x.pdc_dns_name = "debian-smb." + '.'.join(lastDomain) x.domain_name = lastDomain[0].upper() x.pdc_name = "DEBIAN-SMB" #x.user_name = "" x.server_site = "Default-First-Site-Name" x.client_site = "Default-First-Site-Name" x.sockaddr_size = 0 x.sockaddr.pdc_ip = '0.0.0.0' x.nt_version = 5 x.lmnt_token = 0xffff x.lm20_token = 0xffff #print ndr.ndr_print(x) y = ndr.ndr_pack(x) attrs = [('netlogon', [str(y)])] print binascii.hexlify(str(y)) result = '' result += str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry(objectName='', attributes=attrs), id=msgId)) result += str( pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( resultCode=ldaperrors.Success.resultCode), id=msgId)) return result
def test_missing_attribute(self): dn = 'uid=thegreathugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client() service_account_client = self.inject_service_account_server( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry( dn, [('someOtherAttribute', ['hugo'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) d = client.bind(dn, 'secret') return self.assertFailure(d, ldaperrors.LDAPInvalidCredentials)
def test_user_search_fails(self): dn = 'uid=hugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client([ # TODO: Would the backend actually answer like that? pureldap.LDAPSearchResultDone( ldaperrors.LDAPInsufficientAccessRights.resultCode), ]) yield client.bind(dn, 'secret') # Assert that there was no traffic between Proxy<->Backend server.client.assertNothingSent() # Try to perform a simple search in the context of the service account entry = LDAPEntry(client, dn) d = entry.search('(objectClass=*)', scope=pureldap.LDAP_SCOPE_baseObject) yield self.assertFailure(d, ldaperrors.LDAPInsufficientAccessRights)
class RequestInterceptingProxy(proxybase.ProxyBase): """ A test LDAP proxy that does not forward requests but instead responses with pre-determined responses. """ responses = [pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)] def handleBeforeForwardRequest(self, request, controls, reply): """ Don't forward the message to the proxied service-- instead reply with predetermined responses. """ for response in self.responses: reply(response) return defer.succeed(None)