def test_unbind_clientEOF(self): server = self.createServer( [ pureldap.LDAPBindResponse(resultCode=0), ], [], ) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2))) reactor.iterate() #TODO client = server.client client.assertSent(pureldap.LDAPBindRequest()) self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2))) server.connectionLost(error.ConnectionDone) reactor.iterate() #TODO client.assertSent(pureldap.LDAPBindRequest(), 'fake-unbind-by-LDAPClientTestDriver') self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2)))
def test_search(self): server = self.createServer( [ pureldap.LDAPBindResponse(resultCode=0), ], [ pureldap.LDAPSearchResultEntry('cn=foo,dc=example,dc=com', [('a', ['b'])]), pureldap.LDAPSearchResultEntry('cn=bar,dc=example,dc=com', [('b', ['c'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ], ) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2))) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3))) reactor.iterate() #TODO self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage( pureldap.LDAPBindResponse(resultCode=0), id=2)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=foo,dc=example,dc=com', [('a', ['b'])]), id=3)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=bar,dc=example,dc=com', [('b', ['c'])]), id=3)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=3)))
def test_bind_match_success(self): server = self.createServer( services=[ 'svc1', 'svc2', 'svc3', ], fallback=True, responses=[ # svc1 [ pureldap.LDAPSearchResultEntry( r'cn=svc1+owner=cn\=jack\,dc\=example\,dc\=com,dc=example,dc=com', attributes=[]), pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode) ], [ pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode) ], ]) server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=jack,dc=example,dc=com', auth='secret'), id=4))) reactor.iterate() #TODO client = server.client client.assertSent( pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc1)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPBindRequest( dn= r'cn=svc1+owner=cn\=jack\,dc\=example\,dc\=com,dc=example,dc=com', auth='secret'), ) self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode, matchedDN='cn=jack,dc=example,dc=com'), id=4)))
def test_bind(self): server = self.createServer([ pureldap.LDAPBindResponse(resultCode=0), ]) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=4))) reactor.iterate() #TODO self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=4)))
def _maybeFallback(self, entry, request, controls, reply): if entry is not None: msg = pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode, matchedDN=request.dn) return msg elif self.fallback: self.handleUnknown(request, controls, reply) else: msg = pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode) return msg
def test_bind(self): self.server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=4))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=4)))
def test_bind_badVersion_1_anonymous(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest(version=1), id=32))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPProtocolError.resultCode, errorMessage='Version 1 not supported'), id=32)))
def test_bind_invalidCredentials_nonExisting(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=non-existing,dc=example,dc=com', auth='invalid'), id=78))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode), id=78)))
def test_bind_invalidCredentials_badPassword(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='invalid'), id=734))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode), id=734)))
def test_control_unknown_critical(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2, controls=[ ('42.42.42.42', True, None), ]))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPUnavailableCriticalExtension. resultCode, errorMessage='Unknown control 42.42.42.42'), id=2)))
def test_bind_success(self): self.thingie['userPassword'] = [ '{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8=' ] # "secret" self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='secret'), id=4))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=0, matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'), id=4)))
def test_bind_badVersion_4_nonExisting(self): # TODO make a test just like this one that would pass authentication # if version was correct, to ensure we don't leak that info either. self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( version=4, dn='cn=non-existing,dc=example,dc=com', auth='invalid'), id=11))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPProtocolError.resultCode, errorMessage='Version 4 not supported'), id=11)))
def test_control_unknown_nonCritical(self): self.thingie['userPassword'] = [ '{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8=' ] # "secret" self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='secret'), controls=[('42.42.42.42', False, None)], id=4))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=0, matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'), id=4)))
def test_passwordModify_simple(self): # first bind to some entry self.thingie['userPassword'] = [ '{SSHA}yVLLj62rFf3kDAbzwEU0zYAVvbWrze8=' ] # "secret" self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=thingie,ou=stuff,dc=example,dc=com', auth='secret'), id=4))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=0, matchedDN='cn=thingie,ou=stuff,dc=example,dc=com'), id=4))) self.server.transport.clear() self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPPasswordModifyRequest( userIdentity='cn=thingie,ou=stuff,dc=example,dc=com', newPasswd='hushhush'), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPExtendedResponse( resultCode=ldaperrors.Success.resultCode, responseName=pureldap.LDAPPasswordModifyRequest.oid), id=2)), ) # tree changed secrets = self.thingie.get('userPassword', []) self.assertEquals(len(secrets), 1) for secret in secrets: self.assertEquals(secret[:len('{SSHA}')], '{SSHA}') raw = base64.decodestring(secret[len('{SSHA}'):]) salt = raw[20:] self.assertEquals(entry.sshaDigest('hushhush', salt), secret)
def handle_LDAPBindRequest(self, request, controls, reply): if request.version != 3: raise ldaperrors.LDAPProtocolError, \ 'Version %u not supported' % request.version self.checkControls(controls) if request.dn == '': # anonymous bind self.boundUser = None return pureldap.LDAPBindResponse(resultCode=0) else: dn = distinguishedname.DistinguishedName(request.dn) root = interfaces.IConnectedLDAPEntry(self.factory) d = root.lookup(dn) def _noEntry(fail): fail.trap(ldaperrors.LDAPNoSuchObject) return None d.addErrback(_noEntry) def _gotEntry(entry, auth): if entry is None: raise ldaperrors.LDAPInvalidCredentials d = entry.bind(auth) def _cb(entry): self.boundUser = entry msg = pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode, matchedDN=str(entry.dn)) return msg d.addCallback(_cb) return d d.addCallback(_gotEntry, request.auth) return d
def _cb(entry): self.boundUser = entry msg = pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode, matchedDN=str(entry.dn)) return msg
def test_bind_noMatchingServicesFound_fallback_badAuth(self): server = self.createServer( services=[ 'svc1', 'svc2', 'svc3', ], fallback=True, responses=[ [pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)], [pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)], [pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode)], [ pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode ), ], ]) server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=jack,dc=example,dc=com', auth='wrong-s3krit'), id=4))) reactor.iterate() #TODO client = server.client client.assertSent( pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc1)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc2)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc3)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPBindRequest(dn='cn=jack,dc=example,dc=com', auth='wrong-s3krit')) self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPInvalidCredentials.resultCode), id=4)))