def test_search_matchAll_manyResults(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPSearchRequest( baseObject='ou=stuff,dc=example,dc=com'), id=2))) six.assertCountEqual( self, [ str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='ou=stuff,dc=example,dc=com', attributes=[('objectClass', ['a', 'b']), ('ou', ['stuff'])]), id=2)), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='cn=another,ou=stuff,dc=example,dc=com', attributes=[('objectClass', ['a', 'b']), ('cn', ['another'])]), id=2)), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='cn=thingie,ou=stuff,dc=example,dc=com', attributes=[('objectClass', ['a', 'b']), ('cn', ['thingie'])]), id=2)), str( pureldap.LDAPMessage( pureldap.LDAPSearchResultDone(resultCode=0), id=2)) ], self._makeResultList(self.server.transport.value()))
def test_intercepted_search_response(self): """ When performing an LDAP search against the server; the search results are intercepted and modified by the proxy. """ server = self.createServer([pureldap.LDAPBindResponse(resultCode=0)], [ pureldap.LDAPSearchResultEntry('cn=foo,dc=example,dc=com', [('a', ['b'])]), pureldap.LDAPSearchResultEntry('cn=bar,dc=example,dc=com', [('b', ['c'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode) ], protocol=ResponseInterceptingProxy) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2).toWire()) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3).toWire()) server.reactor.advance(1) server.reactor.advance(5) self.assertEqual( server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=foo,dc=example,dc=com', [('a', ['b']), ('frotz', ['xyzzy'])]), id=3).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=bar,dc=example,dc=com', [('b', ['c']), ('frotz', ['xyzzy'])]), id=3).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=3).toWire())
def test_search_scope_oneLevel(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPSearchRequest( baseObject='ou=stuff,dc=example,dc=com', scope=pureldap.LDAP_SCOPE_singleLevel, ), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='cn=thingie,ou=stuff,dc=example,dc=com', attributes=[ ('objectClass', ['a', 'b']), ('cn', ['thingie']), ]), id=2)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='cn=another,ou=stuff,dc=example,dc=com', attributes=[ ('objectClass', ['a', 'b']), ('cn', ['another']), ]), id=2)) + str( pureldap.LDAPMessage( pureldap.LDAPSearchResultDone(resultCode=0), id=2)), )
def testSimple(self): client = LDAPClientTestDriver( [ pureldap.LDAPSearchResultEntry( objectName='', attributes=( ('subschemaSubentry', ['cn=Subschema']), ('bar', ['b', 'c']), ), ), pureldap.LDAPSearchResultDone( resultCode=0, matchedDN='', errorMessage='') ], [ pureldap.LDAPSearchResultEntry( objectName='cn=Subschema', attributes=( ('attributeTypes', [self.cn]), ('objectClasses', [self.dcObject]), ), ), pureldap.LDAPSearchResultDone( resultCode=0, matchedDN='', errorMessage='') ], ) d = fetchschema.fetch(client, 'dc=example,dc=com') d.addCallback(self._cb_testSimple, client) return d
def test_intercepted_search_request(self): """ When performing an LDAP search against the server; the requests are intercepted and custom responses are written to the transport. """ server = self.createServer([pureldap.LDAPBindResponse(resultCode=0)], [ pureldap.LDAPSearchResultEntry('cn=foo,dc=example,dc=com', [('a', ['b'])]), pureldap.LDAPSearchResultEntry('cn=bar,dc=example,dc=com', [('b', ['c'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ], protocol=RequestInterceptingProxy) server.responses = [ pureldap.LDAPSearchResultEntry('cn=xyzzy,dc=example,dc=com', [('frobnitz', ['zork'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode) ] server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=1))) server.reactor.advance(1) self.assertEqual(len(server.clientTestDriver.sent), 0) self.assertEqual( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=xyzzy,dc=example,dc=com', [('frobnitz', ['zork'])]), id=1)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=1)))
def test_search_scope_wholeSubtree(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPSearchRequest( baseObject='ou=stuff,dc=example,dc=com', scope=pureldap.LDAP_SCOPE_wholeSubtree), id=2))) self.assertItemsEqual( self._makeResultList(self.server.transport.value()), [ str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='ou=stuff,dc=example,dc=com', attributes=[('objectClass', ['a', 'b']), ('ou', ['stuff'])]), id=2)), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='cn=another,ou=stuff,dc=example,dc=com', attributes=[('objectClass', ['a', 'b']), ('cn', ['another'])]), id=2)), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='cn=thingie,ou=stuff,dc=example,dc=com', attributes=[('objectClass', ['a', 'b']), ('cn', ['thingie'])]), id=2)), str( pureldap.LDAPMessage( pureldap.LDAPSearchResultDone(resultCode=0), id=2)) ])
def testSimple(self): client = LDAPClientTestDriver( [ pureldap.LDAPSearchResultEntry( objectName="", attributes=( ("subschemaSubentry", ["cn=Subschema"]), ("bar", ["b", "c"]), ), ), pureldap.LDAPSearchResultDone( resultCode=0, matchedDN="", errorMessage=""), ], [ pureldap.LDAPSearchResultEntry( objectName="cn=Subschema", attributes=( ("attributeTypes", [self.cn]), ("objectClasses", [self.dcObject]), ), ), pureldap.LDAPSearchResultDone( resultCode=0, matchedDN="", errorMessage=""), ], ) d = fetchschema.fetch(client, "dc=example,dc=com") d.addCallback(self._cb_testSimple, client) return d
def test_search(self): server = self.createServer( [ pureldap.LDAPBindResponse(resultCode=0), ], [ pureldap.LDAPSearchResultEntry('cn=foo,dc=example,dc=com', [('a', ['b'])]), pureldap.LDAPSearchResultEntry('cn=bar,dc=example,dc=com', [('b', ['c'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ], ) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2))) server.dataReceived( str(pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3))) reactor.iterate() #TODO self.assertEquals( server.transport.value(), str( pureldap.LDAPMessage( pureldap.LDAPBindResponse(resultCode=0), id=2)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=foo,dc=example,dc=com', [('a', ['b'])]), id=3)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=bar,dc=example,dc=com', [('b', ['c'])]), id=3)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=3)))
def test_search(self): """ When performing an LDAP search against the server; the search results and a single "search done" response is written to the transport. """ server = self.createServer( [pureldap.LDAPBindResponse(resultCode=0)], [ pureldap.LDAPSearchResultEntry('cn=foo,dc=example,dc=com', [('a', ['b'])]), pureldap.LDAPSearchResultEntry('cn=bar,dc=example,dc=com', [('b', ['c'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode) ], ) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2).toWire()) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3).toWire()) server.reactor.advance(1) self.assertEqual( server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=foo,dc=example,dc=com', [('a', ['b'])]), id=3).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( 'cn=bar,dc=example,dc=com', [('b', ['c'])]), id=3).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=3).toWire())
def test_search(self): server = self.createServer( [ pureldap.LDAPBindResponse(resultCode=0), ], [ pureldap.LDAPSearchResultEntry("cn=foo,dc=example,dc=com", [("a", ["b"])]), pureldap.LDAPSearchResultEntry("cn=bar,dc=example,dc=com", [("b", ["c"])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ], ) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPBindRequest(), id=2).toWire()) server.dataReceived( pureldap.LDAPMessage(pureldap.LDAPSearchRequest(), id=3).toWire()) reactor.iterate() # TODO self.assertEqual( server.transport.value(), pureldap.LDAPMessage(pureldap.LDAPBindResponse(resultCode=0), id=2).toWire() + pureldap.LDAPMessage( pureldap.LDAPSearchResultEntry("cn=foo,dc=example,dc=com", [("a", ["b"])]), id=3, ).toWire() + pureldap.LDAPMessage( pureldap.LDAPSearchResultEntry("cn=bar,dc=example,dc=com", [("b", ["c"])]), id=3, ).toWire() + pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode), id=3).toWire(), )
def test_rootDSE(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPSearchRequest( baseObject='', scope=pureldap.LDAP_SCOPE_baseObject, filter=pureldap.LDAPFilter_present('objectClass'), ), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='', attributes=[ ('supportedLDAPVersion', ['3']), ('namingContexts', ['dc=example,dc=com']), ('supportedExtension', [ pureldap.LDAPPasswordModifyRequest.oid, ]), ]), id=2)) + str( pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( resultCode=ldaperrors.Success.resultCode), id=2)), )
def test_send_multiResponse_with_handler(self): client, transport = self.create_test_client() client.debug = True op = self.create_test_search_req() results = [] def collect_result_(result): results.append(result) if isinstance(result, pureldap.LDAPSearchResultDone): return True return False client.send_multiResponse(op, collect_result_) expected_value = pureldap.LDAPMessage(op) expected_value.id -= 1 expected_bytestring = expected_value.toWire() self.assertEqual(transport.value(), expected_bytestring) response = pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( "cn=foo,ou=baz,dc=example,dc=net", {}), id=expected_value.id) resp_bytestring = response.toWire() client.dataReceived(resp_bytestring) response = pureldap.LDAPMessage(pureldap.LDAPSearchResultDone(0), id=expected_value.id) resp_bytestring = response.toWire() client.dataReceived(resp_bytestring) self.assertEqual(response.value, results[1])
def test_simple_search(self): dn = 'uid=hugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('someattr', ['somevalue'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client.bind(dn, 'secret') # Assert that Proxy<->Backend uses the correct credentials server.client.assertSent( pureldap.LDAPBindRequest( dn='uid=service,cn=users,dc=test,dc=local', auth='service-secret'), ) # Perform a simple search in the context of the service account entry = LDAPEntry(client, dn) results = yield entry.search('(objectClass=*)', scope=pureldap.LDAP_SCOPE_baseObject) self.assertEqual(len(results), 1) self.assertEqual(len(results[0]['someattr']), 1) (value, ) = results[0]['someattr'] self.assertEqual(value, 'somevalue')
def test_realm_mapping_fails_wrong_password(self): marker = 'markerSecret' realm = 'realmSecret' password = '******' # this is the wrong password! service_dn = 'uid=passthrough,cn=users,dc=test,dc=local' dn = 'uid=hugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('someattr', ['somevalue'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client.bind(service_dn, 'service-secret') # Assert that Proxy<->Backend uses the correct credentials server.client.assertSent( pureldap.LDAPBindRequest(dn=service_dn, auth='service-secret'), ) # Perform a simple search in the context of the service account entry = LDAPEntry(client, dn) r = yield entry.search('(|(objectClass=*)(objectclass=App-%s))' % marker, scope=pureldap.LDAP_SCOPE_baseObject) # sleep a second and then try to bind as hugo time.sleep(0.5) server2, client2 = self.create_server_and_client([ pureldap.LDAPBindResponse( resultCode=0), # for service account (successful hugo bind) ]) d = client2.bind(dn, password) yield self.assertFailure(d, ldaperrors.LDAPInvalidCredentials) self.assertEqual(self.privacyidea.authentication_requests, [('hugo', realm, password, False)]) time.sleep(1) # to clean the reactor
def test_realm_mapping_succeeds_case_sensitive(self): marker = 'markerSecret' password = '******' service_dn = 'uid=passthrough,cn=users,dc=test,dc=local' dn = 'uid=Hugo,cn=users,dc=test,DC=LOCAL' server, client = self.create_server_and_client( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('someattr', ['somevalue'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client.bind(service_dn, 'service-secret') # Assert that Proxy<->Backend uses the correct credentials server.client.assertSent( pureldap.LDAPBindRequest(dn=service_dn, auth='service-secret'), ) # Perform a simple search in the context of the service account entry = LDAPEntry(client, dn) r = yield entry.search('(|(objectClass=*)(objectclass=App-%s))' % marker, scope=pureldap.LDAP_SCOPE_baseObject) # sleep half a second and then try to bind as hugo time.sleep(0.5) server2, client2 = self.create_server_and_client([ pureldap.LDAPBindResponse( resultCode=0), # for service account (successful hugo bind) ]) yield client2.bind( dn.lower(), password) # this will work even though the DN has differing case self.assertEqual(self.privacyidea.authentication_requests, [('hugo', 'realmSecret', password, True)]) time.sleep(1) # to clean the reactor
def test_simple_bind(self): dn = 'uid=thegreathugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client() service_account_client = self.inject_service_account_server( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('sAMAccountName', ['hugo'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client.bind(dn, 'secret') # Assert that Proxy<->Backend (the actual connection) did not send anything server.client.assertNothingSent() # Assert that Proxy<->Backend (the lookup connection) did send something service_account_client.assertSent( pureldap.LDAPBindRequest( dn='uid=service,cn=users,dc=test,dc=local', auth='service-secret'), pureldap.LDAPSearchRequest( baseObject='uid=thegreathugo,cn=users,dc=test,dc=local', scope=0, derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=pureldap.LDAPFilter_present(value='objectClass'), attributes=()), 'fake-unbind-by-LDAPClientTestDriver')
def assertSearchResults(self, results=None, resultCode=0): """ Shortcut for checking results returned by test server on LDAPSearchRequest. Results must be prepared as a list of dictionaries with 'objectName' and 'attributes' keys """ if results is None: results = [] messages = [] for result in results: message = pureldap.LDAPMessage( pureldap.LDAPSearchResultEntry( objectName=result['objectName'], attributes=result['attributes'] ), id=2 ) messages.append(message) messages.append( pureldap.LDAPMessage( pureldap.LDAPSearchResultDone(resultCode=resultCode), id=2 ) ) six.assertCountEqual( self, self._makeResultList(self.server.transport.value()), [msg.toWire() for msg in messages] )
def test_realm_mapping_fails_fake_search_by_user(self): service_dn = 'uid=passthrough,cn=users,dc=test,dc=local' dn = 'uid=hugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('someattr', ['somevalue'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client.bind(service_dn, 'service-secret') # Assert that Proxy<->Backend uses the correct credentials server.client.assertSent( pureldap.LDAPBindRequest(dn=service_dn, auth='service-secret'), ) # Perform a simple search in the context of the service account entry = LDAPEntry(client, dn) r = yield entry.search( '(|(objectClass=*)(objectcLAsS=App-markerSecret))', scope=pureldap.LDAP_SCOPE_baseObject) # sleep half a second and then try to bind as hugo time.sleep(0.5) server2, client2 = self.create_server_and_client( [ pureldap.LDAPBindResponse( resultCode=0 ), # for service account (successful hugo bind) ], [ pureldap.LDAPSearchResultEntry( dn, [('someattr', ['somevalue'])]), # hugo's search pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) yield client2.bind(dn, 'secret') self.assertEqual(self.privacyidea.authentication_requests, [('hugo', 'realmSecret', 'secret', True)]) # Perform another search in hugo's context entry2 = LDAPEntry(client2, dn) r = yield entry2.search( '(|(objectClass=*)(objectcLAsS=App-markerOfficial))', scope=pureldap.LDAP_SCOPE_baseObject) self.assertTrue( server.factory.app_cache.get_cached_marker(dn) in ('markerSecret', None)) time.sleep(1) # to clean the reactor
def test_search_result_repr(self): tags = [pureldap.LDAPSearchResultEntry.tag, "foobaz"] for tag in tags: resp = pureldap.LDAPSearchResultEntry( objectName='uid=mohamed,ou=people,dc=example,dc=fr', attributes=[('uid', ['mohamed'])], tag=tag) repr(resp)
def test_bind_match_success(self): server = self.createServer( services=[ 'svc1', 'svc2', 'svc3', ], fallback=True, responses=[ # svc1 [ pureldap.LDAPSearchResultEntry( r'cn=svc1+owner=cn\=jack\,dc\=example\,dc\=com,dc=example,dc=com', attributes=[]), pureldap.LDAPSearchResultDone( ldaperrors.Success.resultCode) ], [ pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode) ], ]) server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPBindRequest( dn='cn=jack,dc=example,dc=com', auth='secret'), id=4))) reactor.iterate() #TODO client = server.client client.assertSent( pureldap.LDAPSearchRequest( baseObject='dc=example,dc=com', derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=ldapfilter.parseFilter( '(&' + '(objectClass=serviceSecurityObject)' + '(owner=cn=jack,dc=example,dc=com)' + '(cn=svc1)' + ('(|(!(validFrom=*))(validFrom<=%s))' % server.now) + ('(|(!(validUntil=*))(validUntil>=%s))' % server.now) + ')'), attributes=('1.1', )), pureldap.LDAPBindRequest( dn= r'cn=svc1+owner=cn\=jack\,dc\=example\,dc\=com,dc=example,dc=com', auth='secret'), ) self.assertEqual( server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPBindResponse( resultCode=ldaperrors.Success.resultCode, matchedDN='cn=jack,dc=example,dc=com'), id=4)))
def getRootDSE(self, request, reply): root = interfaces.IConnectedLDAPEntry(self.factory) reply(pureldap.LDAPSearchResultEntry( objectName='', attributes=[('supportedLDAPVersion', ['3']), ('namingContexts', [str(root.dn)]), ('supportedExtension', [ pureldap.LDAPPasswordModifyRequest.oid, ]), ], )) return pureldap.LDAPSearchResultDone( resultCode=ldaperrors.Success.resultCode)
def getRootDSE(self, request, reply): reply(pureldap.LDAPSearchResultEntry( objectName='', attributes=[('supportedLDAPVersion', ['3']), ('objectClass', ['LiteAuthLDAProotDSE']), ('namingContexts', ['dc=liteauth']), ('supportedExtension', [b'1.2.840.113556.1.4.319'])] )) return pureldap.LDAPSearchResultDone( resultCode=ldaperrors.Success.resultCode)
def _sendEntryToClient(entry): requested_attribs = request.attributes if len(requested_attribs) > 0 and '*' not in requested_attribs: filtered_attribs = [ (k, entry.get(k)) for k in requested_attribs if k in entry] else: filtered_attribs = entry.items() if len(filtered_attribs) > 0: reply(pureldap.LDAPSearchResultEntry( objectName=str(entry.dn), attributes=filtered_attribs, ))
def test_wrong_credentials(self): dn = 'uid=hugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry(dn, [('someattr', ['somevalue'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) d = client.bind(dn, 'wrong') return self.assertFailure(d, ldaperrors.LDAPInvalidCredentials)
def buildReply(data): global lastDomain msg, bytes = pureber.berDecodeObject(berdecoder, data) msgId = msg.id print msgId msg = msg.value assert isinstance(msg, pureldap.LDAPProtocolRequest) print msg.__class__.__name__ print msg.baseObject print msg.scope domain = findDomain(msg.filter) if (domain.endswith('.')): domain = domain[0:-1] print "Received search for domain: %s" % domain lastDomain = domain.split('.') x = nbt.NETLOGON_SAM_LOGON_RESPONSE_EX() x.command = 23 x.sbz = 0 x.server_type = 0x000003fd x.domain_uuid = misc.GUID("6cb2d967-f2b7-4c93-bce1-d943eda330a1") x.forest = '.'.join(lastDomain) x.dns_domain = '.'.join(lastDomain) x.pdc_dns_name = "debian-smb." + '.'.join(lastDomain) x.domain_name = lastDomain[0].upper() x.pdc_name = "DEBIAN-SMB" #x.user_name = "" x.server_site = "Default-First-Site-Name" x.client_site = "Default-First-Site-Name" x.sockaddr_size = 0 x.sockaddr.pdc_ip = '0.0.0.0' x.nt_version = 5 x.lmnt_token = 0xffff x.lm20_token = 0xffff #print ndr.ndr_print(x) y = ndr.ndr_pack(x) attrs = [('netlogon', [str(y)])] print binascii.hexlify(str(y)) result = '' result += str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry(objectName='', attributes=attrs), id=msgId)) result += str( pureldap.LDAPMessage(pureldap.LDAPSearchResultDone( resultCode=ldaperrors.Success.resultCode), id=msgId)) return result
def test_missing_attribute(self): dn = 'uid=thegreathugo,cn=users,dc=test,dc=local' server, client = self.create_server_and_client() service_account_client = self.inject_service_account_server( [ pureldap.LDAPBindResponse(resultCode=0), # for service account ], [ pureldap.LDAPSearchResultEntry( dn, [('someOtherAttribute', ['hugo'])]), pureldap.LDAPSearchResultDone(ldaperrors.Success.resultCode), ]) d = client.bind(dn, 'secret') return self.assertFailure(d, ldaperrors.LDAPInvalidCredentials)
def test_detect_login_preamble(self): filter = parseFilter( '(&(|(objectclass=person)(objectclass=App-someApp))(cn=user123))') request = pureldap.LDAPSearchRequest( baseObject='cn=users,dc=test,dc=local', scope=pureldap.LDAP_SCOPE_wholeSubtree, derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=filter, attributes=()) dn = 'cn=user123,cn=users,dc=test,dc=local' response = pureldap.LDAPSearchResultEntry(dn, [('cn', ['user123'])]) self.assertEqual(detect_login_preamble(request, response), (dn, 'someApp')) self.assertIsNone( detect_login_preamble(request, pureldap.LDAPSearchResultDone(0))) filter = parseFilter( '(&(|(objectclass=person)(someATTRIBuTE=Foo-someApp))(cn=user123))' ) request = pureldap.LDAPSearchRequest( baseObject='cn=users,dc=test,dc=local', scope=pureldap.LDAP_SCOPE_wholeSubtree, derefAliases=0, sizeLimit=0, timeLimit=0, typesOnly=0, filter=filter, attributes=()) dn = 'cn=user123,cn=users,dc=test,dc=local' response = pureldap.LDAPSearchResultEntry(dn, [('cn', ['user123'])]) self.assertEqual( detect_login_preamble(request, response, 'someAttribute', 'Foo-'), (dn, 'someApp'))
def test_search_matchAll_oneResult_filtered(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPSearchRequest( baseObject='cn=thingie,ou=stuff,dc=example,dc=com', attributes=['cn']), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='cn=thingie,ou=stuff,dc=example,dc=com', attributes=[('cn', ['thingie'])]), id=2)) + str( pureldap.LDAPMessage( pureldap.LDAPSearchResultDone(resultCode=0), id=2)))
def getRootDSE(self, request, reply): root = interfaces.IConnectedLDAPEntry(self.factory) reply( pureldap.LDAPSearchResultEntry( objectName="", attributes=[ ("supportedLDAPVersion", ["3"]), ("namingContexts", [root.dn.getText()]), ( "supportedExtension", [ pureldap.LDAPPasswordModifyRequest.oid, ], ), ], )) return pureldap.LDAPSearchResultDone( resultCode=ldaperrors.Success.resultCode)
def test_search_scope_baseObject(self): self.server.dataReceived( str( pureldap.LDAPMessage(pureldap.LDAPSearchRequest( baseObject='ou=stuff,dc=example,dc=com', scope=pureldap.LDAP_SCOPE_baseObject), id=2))) self.assertEquals( self.server.transport.value(), str( pureldap.LDAPMessage(pureldap.LDAPSearchResultEntry( objectName='ou=stuff,dc=example,dc=com', attributes=[('objectClass', ['a', 'b']), ('ou', ['stuff'])]), id=2)) + str( pureldap.LDAPMessage( pureldap.LDAPSearchResultDone(resultCode=0), id=2)))