Пример #1
0
    def simple_bind_s(self, binduid, bindpwd):
        self._last_bind = (self.simple_bind_s, (binduid, bindpwd), {})

        if 'Manager' in binduid:
            return 1

        if bindpwd == '':
            # Emulate LDAP mis-behavior
            return 1

        if self.hash_password:
            bindpwd = hash_pwd(bindpwd)

        rec = self.search_s( binduid
                           , scope=ldap.SCOPE_BASE
                           , attrs=('userPassword',)
                           )

        rec_pwd = rec[0][1].get('userPassword')

        if not rec_pwd:
            raise ldap.INVALID_CREDENTIALS

        if bindpwd == rec_pwd[0]:
            return 1
        else:
            raise ldap.INVALID_CREDENTIALS
Пример #2
0
    def simple_bind_s(self, binduid, bindpwd):
        self._last_bind = (self.simple_bind_s, (binduid, bindpwd), {})

        if b'Manager' in binduid:
            return 1

        if bindpwd in (b'', ''):
            # Emulate LDAP mis-behavior
            return 1

        if self.hash_password:
            bindpwd = hash_pwd(bindpwd)

        rec = self.search_s(binduid, scope=ldap.SCOPE_BASE,
                            query=b'(objectClass=*)', attrs=(b'userPassword',))

        rec_pwd = rec[0][1].get(b'userPassword')

        if not rec_pwd:
            raise ldap.INVALID_CREDENTIALS

        if bindpwd == rec_pwd[0]:
            return 1
        else:
            raise ldap.INVALID_CREDENTIALS
Пример #3
0
    def test_password_is_hashed(self):
        from dataflake.fakeldap.utils import hash_pwd
        conn = self._makeOne()
        self._addUser('foo')

        res = conn.search_s(b'ou=users,dc=localhost', query=b'(cn=foo)')
        pwd = res[0][1][b'userPassword'][0]
        self.assertEqual(pwd, hash_pwd('foo_secret'))
Пример #4
0
    def test_password_is_hashed(self):
        from dataflake.fakeldap.utils import hash_pwd
        conn = self._makeOne()
        self._addUser('foo')

        res = conn.search_s( 'ou=users,dc=localhost'
                           , query='(cn=foo)'
                           )
        pwd = res[0][1]['userPassword'][0]
        self.assertEquals(pwd, hash_pwd('foo_secret'))
Пример #5
0
 def _addRecord(self, dn, **kw):
     record = self.db.addTreeItems(dn)
     for key, value in kw.items():
         if not isinstance(key, six.binary_type):
             key = key.encode('UTF-8')
         if key.lower() == b'userpassword':
             value = [hash_pwd(value)]
         elif not isinstance(value, list):
             value = [value]
         record[key] = value
    def test_bind_with_valid_unicode_credentials_from_connection(self):
        conn = self._makeSimple()
        conn.api_encoding = None

        attrs = {'userPassword': hash_pwd('secret')}
        conn.insert(u'dc=localhost', u'cn=føø', attrs=attrs)

        conn.bind_dn = u'cn=føø,dc=localhost'
        conn.bind_pwd = u'secret'
        response = conn.search(u'dc=localhost', fltr=u'(cn=føø)')
        self.assertEqual(response['size'], 1)
    def test_bind_with_invalid_unicode_credentials_from_connection(self):
        import ldap
        conn = self._makeSimple()
        conn.api_encoding = None

        attrs = {'userPassword': hash_pwd('secret')}
        conn.insert(u'dc=localhost', u'cn=føø', attrs=attrs)

        conn.bind_dn = u'cn=føø,dc=localhost'
        conn.bind_pwd = u'geheim'
        self.assertRaises(ldap.INVALID_CREDENTIALS,
                          conn.search,
                          u'dc=localhost',
                          fltr=u'(cn=føø)')
Пример #8
0
    def _addUser(self, name, mail=None):
        from dataflake.fakeldap.utils import hash_pwd
        conn = self._makeOne()
        utf8_name = to_utf8(name)
        user_dn = b'cn=%s,ou=users,dc=localhost' % utf8_name
        user_pwd = '%s_secret' % name

        if conn.hash_password:
            pwd = hash_pwd(user_pwd)
        else:
            pwd = user_pwd

        user = [(b'cn', [utf8_name]), (b'userPassword', [pwd]),
                (b'objectClass', [b'top', b'person'])]
        if mail is not None:
            user.append((b'mail', [to_utf8(mail)]))

        conn.add_s(user_dn, user)
        return (user_dn, user_pwd)
    def test_disconnect_clears_connection_cache(self):
        conn = self._makeSimple()

        attrs = {'userPassword': hash_pwd('pass')}
        conn.insert('dc=localhost', 'cn=foo', attrs=attrs)

        response = conn.search('dc=localhost',
                               fltr='(cn=foo)',
                               bind_dn='cn=foo,dc=localhost',
                               bind_pwd='pass')
        self.assertEqual(response['size'], 1)

        connection = conn._getConnection()
        self.assertNotEqual(connection, None)
        self.assertEqual(connection._last_bind[1],
                         (b'cn=foo,dc=localhost', b'pass'))

        conn.disconnect()
        self.assertEqual(conn._getConnection(), None)
    def test_rebind_with_same_password(self):
        conn = self._makeSimple()

        attrs = {'userPassword': hash_pwd('pass')}
        conn.insert('dc=localhost',
                    'cn=foo',
                    attrs=attrs,
                    bind_dn='cn=Manager,dc=localhost',
                    bind_pwd='pass')
        connection = conn._getConnection()
        self.assertEqual(connection._last_bind[1],
                         (b'cn=Manager,dc=localhost', b'pass'))

        conn.search('dc=localhost',
                    fltr='(cn=foo)',
                    bind_dn='cn=foo,dc=localhost',
                    bind_pwd='pass')
        connection = conn._getConnection()
        self.assertEqual(connection._last_bind[1],
                         (b'cn=foo,dc=localhost', b'pass'))
Пример #11
0
    def _addUser(self, name, mail=None):
        from dataflake.fakeldap.utils import hash_pwd
        conn = self._makeOne()
        user_dn = 'cn=%s,ou=users,dc=localhost' % name
        user_pwd = '%s_secret' % name

        if conn.hash_password:
            pwd = hash_pwd(user_pwd)
        else:
            pwd = user_pwd

        user = [ ('cn', [name])
               , ('userPassword', [pwd])
               , ('objectClass', ['top', 'person'])
               ]
        if mail is not None:
            user.append(('mail', [mail]))

        conn.add_s(user_dn, user)
        return (user_dn, user_pwd)
Пример #12
0
 def test_hash_unicode_pwd(self):
     from dataflake.fakeldap.utils import hash_pwd
     pwd = hash_pwd(u'bjørn')
     self.assertTrue(isinstance(pwd, six.binary_type))
     self.assertTrue(pwd.startswith(b'{SHA}'))
Пример #13
0
 def test_hash_unicode_pwd(self):
     from dataflake.fakeldap.utils import hash_pwd
     pwd = hash_pwd(u'bjørn')
     self.assertTrue(isinstance(pwd, str))
     self.assertTrue(pwd.startswith('{SHA}'))