def bind(dn, password): query = ldap_dn_to_dict(dn) uid = query.get('uid', '') user = get_user_by_uid(uid) if not user: raise ldaperrors.LDAPNoSuchObject(dn) try: confirm_login_allowed(user, password) except login_exceptions.Inactive: raise ldaperrors.LDAPNoSuchObject(dn) except login_exceptions.Invalid: raise ldaperrors.LDAPInvalidCredentials() except login_exceptions.TooManyLoginAttempts: raise ldaperrors.LDAPInvalidCredentials('tooManyLoginAttempts') except login_exceptions.PasswordExpired: raise ldaperrors.LDAPInvalidCredentials('passwordExpiration') return user, get_user_info_dict(user.user_info, attributes=[])
def _bind(self, password): for digest in self.get('userPassword', ()): if digest.startswith('{SSHA}'): raw = base64.decodestring(digest[len('{SSHA}'):]) salt = raw[20:] got = sshaDigest(password, salt) if got == digest: return self else: # Plaintext if digest == password: return self raise ldaperrors.LDAPInvalidCredentials()
def _gotEntry(entry, auth): if entry is None: raise ldaperrors.LDAPInvalidCredentials() d = entry.bind(auth) def _cb(entry): self.boundUser = entry msg = pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode, matchedDN=str(entry.dn)) return msg d.addCallback(_cb) return d
def _bind(self, password): password = to_bytes(password) for key in self._user_password_keys: for digest in self.get(key, ()): digest = to_bytes(digest) if digest.startswith(b'{SSHA}'): raw = base64.decodestring(digest[len(b'{SSHA}'):]) salt = raw[20:] got = sshaDigest(password, salt) if got == digest: return self else: # Plaintext if digest == password: return self raise ldaperrors.LDAPInvalidCredentials()
def test_bind_failure(self): clock = Clock() ldapclient.reactor = clock client, transport = self.create_test_client() d = client.bind() clock.advance(1) error = ldaperrors.LDAPInvalidCredentials() op = pureldap.LDAPBindResponse(error.resultCode) response = pureldap.LDAPMessage(op) response.id -= 1 resp_bytestring = response.toWire() client.dataReceived(resp_bytestring) def cb_(thing): expected = ldaperrors.LDAPInvalidCredentials self.assertEqual(expected, type(thing.value)) d.addErrback(cb_) return d
def _gotEntry(entry, auth): """ Called when the requested BIND DN was found. """ if entry is None: raise ldaperrors.LDAPInvalidCredentials() d = entry.bind(auth) def _cb(entry): """ Called when BIND operation was successful. """ self.boundUser = entry msg = pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode, matchedDN=str(entry.dn)) return msg d.addCallback(_cb) return d
def _bind(self, password): password = to_bytes(password) for key in self._user_password_keys: for digest in self.get(key, ()): digest = to_bytes(digest) if digest.startswith(b'{SSHA}'): # DUO EDIT @mbishop D48097 # Nominal change to remove deprecation warning # raw = base64.decodestring(digest[len(b'{SSHA}'):]) raw = base64.decodebytes(digest[len(b'{SSHA}'):]) # END EDIT salt = raw[20:] got = sshaDigest(password, salt) if got == digest: return self else: # Plaintext if digest == password: return self raise ldaperrors.LDAPInvalidCredentials()
def _gotEntry(entry, auth): if entry is None: raise ldaperrors.LDAPInvalidCredentials() # hack for unauth request if self.authentication == LDAP_AUTH_UNAUTH and auth == b'': self.boundUser = entry msg = pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode, matchedDN=entry.dn.getText()) return msg else: d = entry.bind(auth) def _cb(entry): self.boundUser = entry msg = pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode, matchedDN=entry.dn.getText()) return msg d.addCallback(_cb) return d