def test_unbind_clientEOF(self): server = self.createServer( [ pureldap.LDAPBindResponse(resultCode=0), ], [], ) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2))) reactor.iterate() #TODO client = server.client client.assertSent(pureldap.LDAPBindRequest()) self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2))) server.connectionLost(error.ConnectionDone) reactor.iterate() #TODO client.assertSent(pureldap.LDAPBindRequest(), 'fake-unbind-by-LDAPClientTestDriver') self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2)))
def test_bind_match_success(self): server = self.createServer( services=[ 'svc1', 'svc2', 'svc3', ], fallback=True, responses=[ # svc1 [ pureldap.LDAPSearchResultEntry( r'cn=svc1+owner=cn\=jack\,dc\=example\,dc\=com,dc=example,dc=com', attributes=[]), pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode) ], [ pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode) ], ]) server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=jack,dc=example,dc=com', auth='secret'), id=4))) reactor.iterate() #TODO client = server.client client.assertSent( pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc1)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPBindRequest( dn= r'cn=svc1+owner=cn\=jack\,dc\=example\,dc\=com,dc=example,dc=com', auth='secret'), ) self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode, matchedDN='cn=jack,dc=example,dc=com'), id=4)))
def test_search(self): server = self.createServer( [ pureldap.LDAPBindResponse(resultCode=0), ], [ pureldap.LDAPSearchResultEntry('cn=foo,dc=example,dc=com', [('a', ['b'])]), pureldap.LDAPSearchResultEntry('cn=bar,dc=example,dc=com', [('b', ['c'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ], ) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2))) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3))) reactor.iterate() #TODO self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage( pureldap.LDAPBindResponse(resultCode=0), id=2)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=foo,dc=example,dc=com', [('a', ['b'])]), id=3)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=bar,dc=example,dc=com', [('b', ['c'])]), id=3)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=3)))
def test_bind(self): self.server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=4))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=4)))
def test_bind(self): server = self.createServer([ pureldap.LDAPBindResponse(resultCode=0), ]) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=4))) reactor.iterate() #TODO self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=4)))
def test_bind_badVersion_1_anonymous(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest(version=1), id=32))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPProtocolError.resultCode, errorMessage='Version 1 not supported'), id=32)))
def test_bind_invalidCredentials_nonExisting(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=non-existing,dc=example,dc=com', auth='invalid'), id=78))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode), id=78)))
def test_bind_invalidCredentials_badPassword(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='invalid'), id=734))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode), id=734)))
def bind(self, dn='', auth=''): """ @depreciated: Use e.bind(auth). @todo: Remove this method when there are no callers. """ if not self.connected: raise LDAPClientConnectionLostException() else: r = pureldap.LDAPBindRequest(dn=dn, auth=auth) d = self.send(r) d.addCallback(self._handle_bind_msg) return d
def test_control_unknown_critical(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2, controls=[ ('42.42.42.42', True, None), ]))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPUnavailableCriticalExtension. resultCode, errorMessage='Unknown control 42.42.42.42'), id=2)))
def test_bind_success(self): self.thingie['userPassword'] = [ '{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8=' ] # "secret" self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='secret'), id=4))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=0, matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'), id=4)))
def test_control_unknown_nonCritical(self): self.thingie['userPassword'] = [ '{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8=' ] # "secret" self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='secret'), controls=[('42.42.42.42', False, None)], id=4))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=0, matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'), id=4)))
def test_unknownRequest(self): # make server miss one of the handle_* attributes # without having to modify the LDAPServer class class MockServer(ldapserver.LDAPServer): handle_LDAPBindRequest = property() self.server.__class__ = MockServer self.server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPExtendedResponse( resultCode=ldaperrors.LDAPProtocolError.resultCode, responseName='1.3.6.1.4.1.1466.20036', errorMessage='Unknown request'), id=2)))
def test_bind_badVersion_4_nonExisting(self): # TODO make a test just like this one that would pass authentication # if version was correct, to ensure we don't leak that info either. self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( version=4, dn='cn=non-existing,dc=example,dc=com', auth='invalid'), id=11))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPProtocolError.resultCode, errorMessage='Version 4 not supported'), id=11)))
def test_passwordModify_simple(self): # first bind to some entry self.thingie['userPassword'] = [ '{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8=' ] # "secret" self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='secret'), id=4))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=0, matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'), id=4))) self.server.transport.clear() self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPPasswordModifyRequest( userIdentity='cn=thingie,ou=stuff,dc=example,dc=com', newPasswd='hushhush'), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPExtendedResponse( resultCode=ldaperrors.Success.resultCode, responseName=pureldap.LDAPPasswordModifyRequest.oid), id=2)), ) # tree changed secrets = self.thingie.get('userPassword', []) self.assertEquals(len(secrets), 1) for secret in secrets: self.assertEquals(secret[:len('{SSHA}')], '{SSHA}') raw = base64.decodestring(secret[len('{SSHA}'):]) salt = raw[20:] self.assertEquals(entry.sshaDigest('hushhush', salt), secret)
def bind(self, password): r = pureldap.LDAPBindRequest(dn=str(self.dn), auth=password) d = self.client.send(r) d.addCallback(self._handle_bind_msg) return d
class KnownValues(unittest.TestCase): knownValues = ( # class, args, kwargs, expected_result (pureldap.LDAPModifyRequest, [], { "object": 'cn=foo, dc=example, dc=com', "modification": [ pureber.BERSequence([ pureber.BEREnumerated(0), pureber.BERSequence([ pureldap.LDAPAttributeDescription('bar'), pureber.BERSet([ pureldap.LDAPString('a'), pureldap.LDAPString('b'), ]), ]), ]), ], }, None, [0x66, 50] + ([0x04, 0x1a] + l("cn=foo, dc=example, dc=com") + [0x30, 20] + ([0x30, 18] + ([0x0a, 0x01, 0x00] + [0x30, 13] + ([0x04, len("bar")] + l("bar") + [0x31, 0x06] + ([0x04, len("a")] + l("a") + [0x04, len("b")] + l("b"))))))), (pureldap.LDAPModifyRequest, [], { "object": 'cn=foo, dc=example, dc=com', "modification": [ pureber.BERSequence([ pureber.BEREnumerated(1L), pureber.BERSequence([ pureber.BEROctetString('bar'), pureber.BERSet([]), ]), ]), ], }, None, [0x66, 0x2c] + ([0x04, 0x1a] + l("cn=foo, dc=example, dc=com") + [0x30, 0x0e] + ([0x30, 0x0c] + ([0x0a, 0x01, 0x01] + [0x30, 0x07] + ([0x04, 0x03] + l("bar") + [0x31, 0x00]))))), (pureldap.LDAPFilter_not, [], { "value": pureldap.LDAPFilter_present("foo"), }, pureldap.LDAPBERDecoderContext_Filter( fallback=pureber.BERDecoderContext()), [0xa2, 0x05] + [0x87] + [len("foo")] + l("foo")), ( pureldap.LDAPFilter_or, [], { "value": [ pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription( value='cn'), assertionValue=pureldap.LDAPAssertionValue( value='foo')), pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription( value='uid'), assertionValue=pureldap.LDAPAssertionValue( value='foo')), ] }, pureldap.LDAPBERDecoderContext_Filter( fallback=pureber.BERDecoderContext()), [0xa1, 23] + [0xa3, 9] + [0x04] + [len("cn")] + l("cn") + [0x04] + [len("foo")] + l("foo") + [0xa3, 10] + [0x04] + [len("uid")] + l("uid") + [0x04] + [len("foo")] + l("foo"), ), ( pureldap.LDAPFilter_and, [], { "value": [ pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription( value='cn'), assertionValue=pureldap.LDAPAssertionValue( value='foo')), pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription( value='uid'), assertionValue=pureldap.LDAPAssertionValue( value='foo')), ] }, pureldap.LDAPBERDecoderContext_Filter( fallback=pureber.BERDecoderContext()), [0xa0, 23] + [0xa3, 9] + [0x04] + [len("cn")] + l("cn") + [0x04] + [len("foo")] + l("foo") + [0xa3, 10] + [0x04] + [len("uid")] + l("uid") + [0x04] + [len("foo")] + l("foo"), ), (pureldap.LDAPModifyDNRequest, [], { 'entry': 'cn=foo,dc=example,dc=com', 'newrdn': 'uid=bar', 'deleteoldrdn': 0, }, None, [0x6c, 0x26] + [0x04] + [len("cn=foo,dc=example,dc=com")] + l("cn=foo,dc=example,dc=com") + [0x04] + [len("uid=bar")] + l("uid=bar") + [0x01, 0x01, 0x00]), (pureldap.LDAPModifyDNRequest, [], { 'entry': 'cn=aoue,dc=example,dc=com', 'newrdn': 'uid=aoue', 'deleteoldrdn': 0, 'newSuperior': 'ou=People,dc=example,dc=com', }, None, [0x6c, 69] + [0x04] + [len("cn=aoue,dc=example,dc=com")] + l("cn=aoue,dc=example,dc=com") + [0x04] + [len("uid=aoue")] + l("uid=aoue") + [0x01, 0x01, 0x00] + [0x80] + [len("ou=People,dc=example,dc=com")] + l("ou=People,dc=example,dc=com")), ( pureldap.LDAPSearchRequest, [], { 'baseObject': 'dc=yoja,dc=example,dc=com', }, None, [0x63, 57] + [0x04] + [len('dc=yoja,dc=example,dc=com')] + l('dc=yoja,dc=example,dc=com') # scope + [0x0a, 1, 2] # derefAliases + [0x0a, 1, 0] # sizeLimit + [0x02, 1, 0] # timeLimit + [0x02, 1, 0] # typesOnly + [0x01, 1, 0] # filter + [135, 11] + l('objectClass') # attributes + [48, 0]), (pureldap.LDAPUnbindRequest, [], {}, None, [0x42, 0x00]), ( pureldap.LDAPSearchResultDone, [], { 'resultCode': 0, }, None, [0x65, 0x07] # resultCode + [0x0a, 0x01, 0x00] # matchedDN + [0x04] + [len('')] + l('') # errorMessage + [0x04] + [len('')] + l('') # referral, TODO + []), ( pureldap.LDAPSearchResultDone, [], { 'resultCode': 0, 'matchedDN': 'dc=foo,dc=example,dc=com', }, None, [0x65, 31] # resultCode + [0x0a, 0x01, 0x00] # matchedDN + [0x04] + [len('dc=foo,dc=example,dc=com')] + l('dc=foo,dc=example,dc=com') # errorMessage + [0x04] + [len('')] + l('') # referral, TODO + []), ( pureldap.LDAPSearchResultDone, [], { 'resultCode': 0, 'matchedDN': 'dc=foo,dc=example,dc=com', 'errorMessage': 'the foobar was fubar', }, None, [0x65, 51] # resultCode + [0x0a, 0x01, 0x00] # matchedDN + [0x04] + [len('dc=foo,dc=example,dc=com')] + l('dc=foo,dc=example,dc=com') # errorMessage + [0x04] + [len('the foobar was fubar')] + l('the foobar was fubar', ) # referral, TODO + []), ( pureldap.LDAPSearchResultDone, [], { 'resultCode': 0, 'errorMessage': 'the foobar was fubar', }, None, [0x65, 27] # resultCode + [0x0a, 0x01, 0x00] # matchedDN + [0x04] + [len('')] + l('') # errorMessage + [0x04] + [len('the foobar was fubar')] + l('the foobar was fubar', ) # referral, TODO + []), ( pureldap.LDAPMessage, [], { 'id': 42, 'value': pureldap.LDAPBindRequest(), }, pureldap.LDAPBERDecoderContext_TopLevel( inherit=pureldap.LDAPBERDecoderContext_LDAPMessage( fallback=pureldap.LDAPBERDecoderContext( fallback=pureber.BERDecoderContext()), inherit=pureldap.LDAPBERDecoderContext( fallback=pureber.BERDecoderContext()))), [0x30, 12] # id + [0x02, 0x01, 42] # value + l(str(pureldap.LDAPBindRequest()))), ( pureldap.LDAPControl, [], { 'controlType': '1.2.3.4', }, None, [0x30, 9] # controlType + [0x04, 7] + l("1.2.3.4")), ( pureldap.LDAPControl, [], { 'controlType': '1.2.3.4', 'criticality': True, }, None, [0x30, 12] # controlType + [0x04, 7] + l("1.2.3.4") # criticality + [0x01, 1, 0xFF]), ( pureldap.LDAPControl, [], { 'controlType': '1.2.3.4', 'criticality': True, 'controlValue': 'silly', }, None, [0x30, 19] # controlType + [0x04, 7] + l("1.2.3.4") # criticality + [0x01, 1, 0xFF] # controlValue + [0x04, len("silly")] + l("silly")), ( pureldap.LDAPMessage, [], { 'id': 42, 'value': pureldap.LDAPBindRequest(), 'controls': [ ('1.2.3.4', None, None), ('2.3.4.5', False), ('3.4.5.6', True, '\x00\x01\x02\xFF'), ], }, pureldap.LDAPBERDecoderContext_TopLevel( inherit=pureldap.LDAPBERDecoderContext_LDAPMessage( fallback=pureldap.LDAPBERDecoderContext( fallback=pureber.BERDecoderContext()), inherit=pureldap.LDAPBERDecoderContext( fallback=pureber.BERDecoderContext()))), [0x30, 59] # id + [0x02, 0x01, 42] # value + l(str(pureldap.LDAPBindRequest())) # controls + l( str( pureldap.LDAPControls(value=[ pureldap.LDAPControl(controlType='1.2.3.4'), pureldap.LDAPControl(controlType='2.3.4.5', criticality=False), pureldap.LDAPControl(controlType='3.4.5.6', criticality=True, controlValue='\x00\x01\x02\xFF'), ]))), ), (pureldap.LDAPFilter_equalityMatch, [], { 'attributeDesc': pureldap.LDAPAttributeDescription('cn'), 'assertionValue': pureldap.LDAPAssertionValue('foo'), }, pureldap.LDAPBERDecoderContext_Filter( fallback=pureldap.LDAPBERDecoderContext( fallback=pureber.BERDecoderContext()), inherit=pureldap.LDAPBERDecoderContext( fallback=pureber.BERDecoderContext())), [0xa3, 9] + ([0x04, 2] + l('cn') + [0x04, 3] + l('foo'))), (pureldap.LDAPFilter_or, [[ pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription('cn'), assertionValue=pureldap.LDAPAssertionValue('foo')), pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription('uid'), assertionValue=pureldap.LDAPAssertionValue('foo')), pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription('mail'), assertionValue=pureldap.LDAPAssertionValue('foo')), pureldap.LDAPFilter_substrings( type='mail', substrings=[pureldap.LDAPFilter_substrings_initial('foo@')]), ]], {}, pureldap.LDAPBERDecoderContext_Filter( fallback=pureldap.LDAPBERDecoderContext( fallback=pureber.BERDecoderContext()), inherit=pureldap.LDAPBERDecoderContext( fallback=pureber.BERDecoderContext())), [0xA1, 52] + ([0xa3, 9] + ([0x04, 2] + l('cn') + [0x04, 3] + l('foo')) + [0xa3, 10] + ([0x04, 3] + l('uid') + [0x04, 3] + l('foo')) + [0xa3, 11] + ([0x04, 4] + l('mail') + [0x04, 3] + l('foo')) + [0xa4, 14] + ([0x04, 4] + l('mail') + [0x30, 6] + ([0x80, 4] + l('foo@'))))), (pureldap.LDAPSearchRequest, [], { 'baseObject': 'dc=example,dc=com', 'scope': pureldap.LDAP_SCOPE_wholeSubtree, 'derefAliases': pureldap.LDAP_DEREF_neverDerefAliases, 'sizeLimit': 1, 'timeLimit': 0, 'typesOnly': False, 'filter': pureldap.LDAPFilter_or([ pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription('cn'), assertionValue=pureldap.LDAPAssertionValue('foo')), pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription('uid'), assertionValue=pureldap.LDAPAssertionValue('foo')), pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription('mail'), assertionValue=pureldap.LDAPAssertionValue('foo')), pureldap.LDAPFilter_substrings( type='mail', substrings=[ pureldap.LDAPFilter_substrings_initial('foo@') ]), ]), 'attributes': [''], }, pureldap.LDAPBERDecoderContext_LDAPMessage( fallback=pureldap.LDAPBERDecoderContext( fallback=pureber.BERDecoderContext()), inherit=pureldap.LDAPBERDecoderContext( fallback=pureber.BERDecoderContext())), [0x63, 92] + ([0x04, 17] + l('dc=example,dc=com') + [0x0a, 1, 0x02] + [0x0a, 1, 0x00] + [0x02, 1, 0x01] + [0x02, 1, 0x00] + [0x01, 1, 0x00] + [0xA1, 52] + ([0xa3, 9] + ([0x04, 2] + l('cn') + [0x04, 3] + l('foo')) + [0xa3, 10] + ([0x04, 3] + l('uid') + [0x04, 3] + l('foo')) + [0xa3, 11] + ([0x04, 4] + l('mail') + [0x04, 3] + l('foo')) + [0xa4, 14] + ([0x04, 4] + l('mail') + [0x30, 6] + ([0x80, 4] + l('foo@')))) + [0x30, 2] + ([0x04, 0]))), ( pureldap.LDAPMessage, [], { 'id': 1L, 'value': pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', scope=pureldap.LDAP_SCOPE_wholeSubtree, derefAliases=pureldap.LDAP_DEREF_neverDerefAliases, sizeLimit=1, timeLimit=0, typesOnly=False, filter=pureldap.LDAPFilter_or([ pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription( 'cn'), assertionValue=pureldap.LDAPAssertionValue('foo')), pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription( 'uid'), assertionValue=pureldap.LDAPAssertionValue('foo')), pureldap.LDAPFilter_equalityMatch( attributeDesc=pureldap.LDAPAttributeDescription( 'mail'), assertionValue=pureldap.LDAPAssertionValue('foo')), pureldap.LDAPFilter_substrings( type='mail', substrings=[ pureldap.LDAPFilter_substrings_initial('foo@') ]), ]), attributes=[''], ), }, pureldap.LDAPBERDecoderContext_TopLevel( inherit=pureldap.LDAPBERDecoderContext_LDAPMessage( fallback=pureldap.LDAPBERDecoderContext( fallback=pureber.BERDecoderContext()), inherit=pureldap.LDAPBERDecoderContext( fallback=pureber.BERDecoderContext()))), [0x30, 97] # id + [0x02, 1, 1] # value + [0x63, 92] + ([0x04, 17] + l('dc=example,dc=com') + [0x0a, 1, 0x02] + [0x0a, 1, 0x00] + [0x02, 1, 0x01] + [0x02, 1, 0x00] + [0x01, 1, 0x00] + [0xA1, 52] + ([0xa3, 9] + ([0x04, 2] + l('cn') + [0x04, 3] + l('foo')) + [0xa3, 10] + ([0x04, 3] + l('uid') + [0x04, 3] + l('foo')) + [0xa3, 11] + ([0x04, 4] + l('mail') + [0x04, 3] + l('foo')) + [0xa4, 14] + ([0x04, 4] + l('mail') + [0x30, 6] + ([0x80, 4] + l('foo@')))) + [0x30, 2] + ([0x04, 0]))), (pureldap.LDAPExtendedRequest, [], { 'requestName': '42.42.42', 'requestValue': 'foo', }, None, [0x40 | 0x20 | 23, 1 + 1 + 8 + 1 + 1 + 3] + ([0x80 | 0] + [len('42.42.42')] + l('42.42.42')) + ([0x80 | 1] + [len('foo')] + l('foo'))), ) def testToLDAP(self): """str(LDAPClass(...)) should give known result with known input""" for klass, args, kwargs, decoder, encoded in self.knownValues: result = klass(*args, **kwargs) result = str(result) result = map(ord, result) if result != encoded: raise AssertionError, \ "Class %s(*%s, **%s) doesn't encode properly: " \ "%s != %s" % (klass.__name__, repr(args), repr(kwargs), repr(result), repr(encoded)) def testFromLDAP(self): """LDAPClass(encoded="...") should give known result with known input""" for klass, args, kwargs, decoder, encoded in self.knownValues: if decoder is None: decoder = pureldap.LDAPBERDecoderContext( fallback=pureber.BERDecoderContext()) m = s(*encoded) result, bytes = pureber.berDecodeObject(decoder, m) self.assertEquals(bytes, len(m)) shouldBe = klass(*args, **kwargs) #TODO shouldn't use str below assert str(result)==str(shouldBe), \ "Class %s(*%s, **%s) doesn't decode properly: " \ "%s != %s" % (klass.__name__, repr(args), repr(kwargs), repr(result), repr(shouldBe)) def testPartial(self): """LDAPClass(encoded="...") with too short input should throw BERExceptionInsufficientData""" for klass, args, kwargs, decoder, encoded in self.knownValues: if decoder is None: decoder = pureldap.LDAPBERDecoderContext( fallback=pureber.BERDecoderContext()) for i in xrange(1, len(encoded)): m = s(*encoded)[:i] self.assertRaises(pureber.BERExceptionInsufficientData, pureber.berDecodeObject, decoder, m) self.assertEquals((None, 0), pureber.berDecodeObject(decoder, ''))
def test_bind_noMatchingServicesFound_fallback_badAuth(self): server = self.createServer( services=[ 'svc1', 'svc2', 'svc3', ], fallback=True, responses=[ [pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)], [pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)], [pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)], [ pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode ), ], ]) server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=jack,dc=example,dc=com', auth='wrong-s3krit'), id=4))) reactor.iterate() #TODO client = server.client client.assertSent( pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc1)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc2)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc3)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPBindRequest(dn='cn=jack,dc=example,dc=com', auth='wrong-s3krit')) self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode), id=4)))