def test_add_success(self):
dn = 'cn=new,ou=stuff,dc=example,dc=com'
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPAddRequest(
entry=dn,
attributes=[
(pureldap.LDAPAttributeDescription("objectClass"),
pureber.BERSet(value=[
pureldap.LDAPAttributeValue('something'),
])),
]),
id=2)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPAddResponse(
resultCode=ldaperrors.Success.resultCode),
id=2)),
)
# tree changed
d = self.stuff.children()
d.addCallback(self.assertEquals, [
self.thingie,
self.another,
inmemory.ReadOnlyInMemoryLDAPEntry(
'cn=new,ou=stuff,dc=example,dc=com',
{'objectClass': ['something']}),
])
return d
def test_modify(self):
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPModifyRequest(
self.stuff.dn,
modification=[
delta.Add('foo', ['bar']).asLDAP(),
],
),
id=2)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPModifyResponse(
resultCode=ldaperrors.Success.resultCode),
id=2)),
)
# tree changed
self.assertEquals(
self.stuff,
inmemory.ReadOnlyInMemoryLDAPEntry('ou=stuff,dc=example,dc=com', {
'objectClass': ['a', 'b'],
'ou': ['stuff'],
'foo': ['bar']
}))
def test_rootDSE(self):
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPSearchRequest(
baseObject='',
scope=pureldap.LDAP_SCOPE_baseObject,
filter=pureldap.LDAPFilter_present('objectClass'),
),
id=2)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry(
objectName='',
attributes=[
('supportedLDAPVersion', ['3']),
('namingContexts', ['dc=example,dc=com']),
('supportedExtension', [
pureldap.LDAPPasswordModifyRequest.oid,
]),
]),
id=2)) +
str(
pureldap.LDAPMessage(pureldap.LDAPSearchResultDone(
resultCode=ldaperrors.Success.resultCode),
id=2)),
)
def test_unbind_clientEOF(self):
server = self.createServer(
[
pureldap.LDAPBindResponse(resultCode=0),
],
[],
)
server.dataReceived(
str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2)))
reactor.iterate() #TODO
client = server.client
client.assertSent(pureldap.LDAPBindRequest())
self.assertEquals(
server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0),
id=2)))
server.connectionLost(error.ConnectionDone)
reactor.iterate() #TODO
client.assertSent(pureldap.LDAPBindRequest(),
'fake-unbind-by-LDAPClientTestDriver')
self.assertEquals(
server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0),
id=2)))
def test_search_scope_oneLevel(self):
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPSearchRequest(
baseObject='ou=stuff,dc=example,dc=com',
scope=pureldap.LDAP_SCOPE_singleLevel,
),
id=2)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry(
objectName='cn=thingie,ou=stuff,dc=example,dc=com',
attributes=[
('objectClass', ['a', 'b']),
('cn', ['thingie']),
]),
id=2)) +
str(
pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry(
objectName='cn=another,ou=stuff,dc=example,dc=com',
attributes=[
('objectClass', ['a', 'b']),
('cn', ['another']),
]),
id=2)) +
str(
pureldap.LDAPMessage(
pureldap.LDAPSearchResultDone(resultCode=0), id=2)),
)
def test_modifyDN_rdnOnly_noDeleteOldRDN_success(self):
newrdn = 'cn=thingamagic'
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPModifyDNRequest(
entry=self.thingie.dn, newrdn=newrdn, deleteoldrdn=False),
id=2)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPModifyDNResponse(
resultCode=ldaperrors.Success.resultCode),
id=2)),
)
# tree changed
d = self.stuff.children()
d.addCallback(
self.assertEquals,
sets.Set([
self.another,
inmemory.ReadOnlyInMemoryLDAPEntry(
'%s,ou=stuff,dc=example,dc=com' % newrdn, {
'objectClass': ['a', 'b'],
'cn': ['thingamagic', 'thingie']
}),
]))
return d
def test_bind(self):
self.server.dataReceived(
str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=4)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0),
id=4)))
def test_bind_match_success(self):
server = self.createServer(
services=[
'svc1',
'svc2',
'svc3',
],
fallback=True,
responses=[
# svc1
[
pureldap.LDAPSearchResultEntry(
r'cn=svc1+owner=cn\=jack\,dc\=example\,dc\=com,dc=example,dc=com',
attributes=[]),
pureldap.LDAPSearchResultDone(
ldaperrors.Success.resultCode)
],
[
pureldap.LDAPBindResponse(
resultCode=ldaperrors.Success.resultCode)
],
])
server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPBindRequest(
dn='cn=jack,dc=example,dc=com', auth='secret'),
id=4)))
reactor.iterate() #TODO
client = server.client
client.assertSent(
pureldap.LDAPSearchRequest(
baseObject='dc=example,dc=com',
derefAliases=0,
sizeLimit=0,
timeLimit=0,
typesOnly=0,
filter=ldapfilter.parseFilter(
'(&' + '(objectClass=serviceSecurityObject)' +
'(owner=cn=jack,dc=example,dc=com)' + '(cn=svc1)' +
('(|(!(validFrom=*))(validFrom<=%s))' % server.now) +
('(|(!(validUntil=*))(validUntil>=%s))' % server.now) +
')'),
attributes=('1.1', )),
pureldap.LDAPBindRequest(
dn=
r'cn=svc1+owner=cn\=jack\,dc\=example\,dc\=com,dc=example,dc=com',
auth='secret'),
)
self.assertEquals(
server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPBindResponse(
resultCode=ldaperrors.Success.resultCode,
matchedDN='cn=jack,dc=example,dc=com'),
id=4)))
def test_bind_invalidCredentials_nonExisting(self):
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPBindRequest(
dn='cn=non-existing,dc=example,dc=com', auth='invalid'),
id=78)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPBindResponse(
resultCode=ldaperrors.LDAPInvalidCredentials.resultCode),
id=78)))
def test_bind(self):
server = self.createServer([
pureldap.LDAPBindResponse(resultCode=0),
])
server.dataReceived(
str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=4)))
reactor.iterate() #TODO
self.assertEquals(
server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0),
id=4)))
def test_bind_badVersion_1_anonymous(self):
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPBindRequest(version=1),
id=32)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPBindResponse(
resultCode=ldaperrors.LDAPProtocolError.resultCode,
errorMessage='Version 1 not supported'),
id=32)))
def test_search_outOfTree(self):
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPSearchRequest(
baseObject='dc=invalid', ),
id=2)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPSearchResultDone(
resultCode=ldaperrors.LDAPNoSuchObject.resultCode),
id=2)),
)
def test_bind_invalidCredentials_badPassword(self):
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPBindRequest(
dn='cn=thingie,ou=stuff,dc=example,dc=com',
auth='invalid'),
id=734)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPBindResponse(
resultCode=ldaperrors.LDAPInvalidCredentials.resultCode),
id=734)))
def test_extendedRequest_unknown(self):
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPExtendedRequest(
requestName='42.42.42', requestValue='foo'),
id=2)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPExtendedResponse(
resultCode=ldaperrors.LDAPProtocolError.resultCode,
errorMessage='Unknown extended request: 42.42.42'),
id=2)),
)
def test_delete(self):
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPDelRequest(
str(self.thingie.dn)),
id=2)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPDelResponse(resultCode=0),
id=2)),
)
d = self.stuff.children()
d.addCallback(self.assertEquals, [self.another])
return d
def test_passwordModify_notBound(self):
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPPasswordModifyRequest(
userIdentity='cn=thingie,ou=stuff,dc=example,dc=com',
newPasswd='hushhush'),
id=2)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPExtendedResponse(
resultCode=ldaperrors.LDAPStrongAuthRequired.resultCode,
responseName=pureldap.LDAPPasswordModifyRequest.oid),
id=2)),
)
def queue(self, id, op):
if not self.connected:
raise LDAPServerConnectionLostException()
msg = pureldap.LDAPMessage(op, id=id)
if self.debug:
log.debug('S->C %s' % repr(msg))
self.transport.write(str(msg))
def test_bind_success(self):
self.thingie['userPassword'] = [
'{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8='
] # "secret"
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPBindRequest(
dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='secret'),
id=4)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPBindResponse(
resultCode=0,
matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'),
id=4)))
def test_control_unknown_critical(self):
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPBindRequest(),
id=2,
controls=[
('42.42.42.42', True, None),
])))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPBindResponse(
resultCode=ldaperrors.LDAPUnavailableCriticalExtension.
resultCode,
errorMessage='Unknown control 42.42.42.42'),
id=2)))
def _send(self, op):
if not self.connected:
raise LDAPClientConnectionLostException()
msg = pureldap.LDAPMessage(op)
if self.debug:
log.debug('C->S %s' % repr(msg))
assert not self.onwire.has_key(msg.id)
return msg
def test_control_unknown_nonCritical(self):
self.thingie['userPassword'] = [
'{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8='
] # "secret"
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPBindRequest(
dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='secret'),
controls=[('42.42.42.42', False, None)],
id=4)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPBindResponse(
resultCode=0,
matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'),
id=4)))
def test_unknownRequest(self):
# make server miss one of the handle_* attributes
# without having to modify the LDAPServer class
class MockServer(ldapserver.LDAPServer):
handle_LDAPBindRequest = property()
self.server.__class__ = MockServer
self.server.dataReceived(
str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPExtendedResponse(
resultCode=ldaperrors.LDAPProtocolError.resultCode,
responseName='1.3.6.1.4.1.1466.20036',
errorMessage='Unknown request'),
id=2)))
def test_bind_badVersion_4_nonExisting(self):
# TODO make a test just like this one that would pass authentication
# if version was correct, to ensure we don't leak that info either.
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPBindRequest(
version=4,
dn='cn=non-existing,dc=example,dc=com',
auth='invalid'),
id=11)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPBindResponse(
resultCode=ldaperrors.LDAPProtocolError.resultCode,
errorMessage='Version 4 not supported'),
id=11)))
def test_passwordModify_simple(self):
# first bind to some entry
self.thingie['userPassword'] = [
'{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8='
] # "secret"
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPBindRequest(
dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='secret'),
id=4)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPBindResponse(
resultCode=0,
matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'),
id=4)))
self.server.transport.clear()
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPPasswordModifyRequest(
userIdentity='cn=thingie,ou=stuff,dc=example,dc=com',
newPasswd='hushhush'),
id=2)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPExtendedResponse(
resultCode=ldaperrors.Success.resultCode,
responseName=pureldap.LDAPPasswordModifyRequest.oid),
id=2)),
)
# tree changed
secrets = self.thingie.get('userPassword', [])
self.assertEquals(len(secrets), 1)
for secret in secrets:
self.assertEquals(secret[:len('{SSHA}')], '{SSHA}')
raw = base64.decodestring(secret[len('{SSHA}'):])
salt = raw[20:]
self.assertEquals(entry.sshaDigest('hushhush', salt), secret)
def test_search(self):
server = self.createServer(
[
pureldap.LDAPBindResponse(resultCode=0),
],
[
pureldap.LDAPSearchResultEntry('cn=foo,dc=example,dc=com',
[('a', ['b'])]),
pureldap.LDAPSearchResultEntry('cn=bar,dc=example,dc=com',
[('b', ['c'])]),
pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode),
],
)
server.dataReceived(
str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2)))
server.dataReceived(
str(pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3)))
reactor.iterate() #TODO
self.assertEquals(
server.transport.value(),
str(
pureldap.LDAPMessage(
pureldap.LDAPBindResponse(resultCode=0), id=2)) + str(
pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry(
'cn=foo,dc=example,dc=com', [('a', ['b'])]),
id=3)) +
str(
pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry(
'cn=bar,dc=example,dc=com', [('b', ['c'])]),
id=3)) +
str(
pureldap.LDAPMessage(pureldap.LDAPSearchResultDone(
ldaperrors.Success.resultCode),
id=3)))
def test_add_fail_existsAlready(self):
self.server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPAddRequest(
entry=str(self.thingie.dn),
attributes=[
(pureldap.LDAPAttributeDescription("objectClass"),
pureber.BERSet(value=[
pureldap.LDAPAttributeValue('something'),
])),
]),
id=2)))
self.assertEquals(
self.server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPAddResponse(
resultCode=ldaperrors.LDAPEntryAlreadyExists.resultCode,
errorMessage=str(self.thingie.dn)),
id=2)),
)
# tree did not change
d = self.stuff.children()
d.addCallback(self.assertEquals, [self.thingie, self.another])
return d
def test_unbind(self):
self.server.dataReceived(
str(pureldap.LDAPMessage(pureldap.LDAPUnbindRequest(), id=7)))
self.assertEquals(self.server.transport.value(), '')
def test_bind_noMatchingServicesFound_fallback_badAuth(self):
server = self.createServer(
services=[
'svc1',
'svc2',
'svc3',
],
fallback=True,
responses=[
[pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)],
[pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)],
[pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)],
[
pureldap.LDAPBindResponse(
resultCode=ldaperrors.LDAPInvalidCredentials.resultCode
),
],
])
server.dataReceived(
str(
pureldap.LDAPMessage(pureldap.LDAPBindRequest(
dn='cn=jack,dc=example,dc=com', auth='wrong-s3krit'),
id=4)))
reactor.iterate() #TODO
client = server.client
client.assertSent(
pureldap.LDAPSearchRequest(
baseObject='dc=example,dc=com',
derefAliases=0,
sizeLimit=0,
timeLimit=0,
typesOnly=0,
filter=ldapfilter.parseFilter(
'(&' + '(objectClass=serviceSecurityObject)' +
'(owner=cn=jack,dc=example,dc=com)' + '(cn=svc1)' +
('(|(!(validFrom=*))(validFrom<=%s))' % server.now) +
('(|(!(validUntil=*))(validUntil>=%s))' % server.now) +
')'),
attributes=('1.1', )),
pureldap.LDAPSearchRequest(
baseObject='dc=example,dc=com',
derefAliases=0,
sizeLimit=0,
timeLimit=0,
typesOnly=0,
filter=ldapfilter.parseFilter(
'(&' + '(objectClass=serviceSecurityObject)' +
'(owner=cn=jack,dc=example,dc=com)' + '(cn=svc2)' +
('(|(!(validFrom=*))(validFrom<=%s))' % server.now) +
('(|(!(validUntil=*))(validUntil>=%s))' % server.now) +
')'),
attributes=('1.1', )),
pureldap.LDAPSearchRequest(
baseObject='dc=example,dc=com',
derefAliases=0,
sizeLimit=0,
timeLimit=0,
typesOnly=0,
filter=ldapfilter.parseFilter(
'(&' + '(objectClass=serviceSecurityObject)' +
'(owner=cn=jack,dc=example,dc=com)' + '(cn=svc3)' +
('(|(!(validFrom=*))(validFrom<=%s))' % server.now) +
('(|(!(validUntil=*))(validUntil>=%s))' % server.now) +
')'),
attributes=('1.1', )),
pureldap.LDAPBindRequest(dn='cn=jack,dc=example,dc=com',
auth='wrong-s3krit'))
self.assertEquals(
server.transport.value(),
str(
pureldap.LDAPMessage(pureldap.LDAPBindResponse(
resultCode=ldaperrors.LDAPInvalidCredentials.resultCode),
id=4)))
