def bind(dn, password):
query = ldap_dn_to_dict(dn)
uid = query.get('uid', '')
user = get_user_by_uid(uid)
if not user:
raise ldaperrors.LDAPNoSuchObject(dn)
try:
confirm_login_allowed(user, password)
except login_exceptions.Inactive:
raise ldaperrors.LDAPNoSuchObject(dn)
except login_exceptions.Invalid:
raise ldaperrors.LDAPInvalidCredentials()
except login_exceptions.TooManyLoginAttempts:
raise ldaperrors.LDAPInvalidCredentials('tooManyLoginAttempts')
except login_exceptions.PasswordExpired:
raise ldaperrors.LDAPInvalidCredentials('passwordExpiration')
return user, get_user_info_dict(user.user_info, attributes=[])
def _bind(self, password):
for digest in self.get('userPassword', ()):
if digest.startswith('{SSHA}'):
raw = base64.decodestring(digest[len('{SSHA}'):])
salt = raw[20:]
got = sshaDigest(password, salt)
if got == digest:
return self
else:
# Plaintext
if digest == password:
return self
raise ldaperrors.LDAPInvalidCredentials()
def _gotEntry(entry, auth):
if entry is None:
raise ldaperrors.LDAPInvalidCredentials()
d = entry.bind(auth)
def _cb(entry):
self.boundUser = entry
msg = pureldap.LDAPBindResponse(
resultCode=ldaperrors.Success.resultCode,
matchedDN=str(entry.dn))
return msg
d.addCallback(_cb)
return d
def _bind(self, password):
password = to_bytes(password)
for key in self._user_password_keys:
for digest in self.get(key, ()):
digest = to_bytes(digest)
if digest.startswith(b'{SSHA}'):
raw = base64.decodestring(digest[len(b'{SSHA}'):])
salt = raw[20:]
got = sshaDigest(password, salt)
if got == digest:
return self
else:
# Plaintext
if digest == password:
return self
raise ldaperrors.LDAPInvalidCredentials()
def test_bind_failure(self):
clock = Clock()
ldapclient.reactor = clock
client, transport = self.create_test_client()
d = client.bind()
clock.advance(1)
error = ldaperrors.LDAPInvalidCredentials()
op = pureldap.LDAPBindResponse(error.resultCode)
response = pureldap.LDAPMessage(op)
response.id -= 1
resp_bytestring = response.toWire()
client.dataReceived(resp_bytestring)
def cb_(thing):
expected = ldaperrors.LDAPInvalidCredentials
self.assertEqual(expected, type(thing.value))
d.addErrback(cb_)
return d
def _gotEntry(entry, auth):
"""
Called when the requested BIND DN was found.
"""
if entry is None:
raise ldaperrors.LDAPInvalidCredentials()
d = entry.bind(auth)
def _cb(entry):
"""
Called when BIND operation was successful.
"""
self.boundUser = entry
msg = pureldap.LDAPBindResponse(
resultCode=ldaperrors.Success.resultCode,
matchedDN=str(entry.dn))
return msg
d.addCallback(_cb)
return d
def _bind(self, password):
password = to_bytes(password)
for key in self._user_password_keys:
for digest in self.get(key, ()):
digest = to_bytes(digest)
if digest.startswith(b'{SSHA}'):
# DUO EDIT @mbishop D48097
# Nominal change to remove deprecation warning
# raw = base64.decodestring(digest[len(b'{SSHA}'):])
raw = base64.decodebytes(digest[len(b'{SSHA}'):])
# END EDIT
salt = raw[20:]
got = sshaDigest(password, salt)
if got == digest:
return self
else:
# Plaintext
if digest == password:
return self
raise ldaperrors.LDAPInvalidCredentials()
def _gotEntry(entry, auth):
if entry is None:
raise ldaperrors.LDAPInvalidCredentials()
# hack for unauth request
if self.authentication == LDAP_AUTH_UNAUTH and auth == b'':
self.boundUser = entry
msg = pureldap.LDAPBindResponse(
resultCode=ldaperrors.Success.resultCode,
matchedDN=entry.dn.getText())
return msg
else:
d = entry.bind(auth)
def _cb(entry):
self.boundUser = entry
msg = pureldap.LDAPBindResponse(
resultCode=ldaperrors.Success.resultCode,
matchedDN=entry.dn.getText())
return msg
d.addCallback(_cb)
return d