def handleStartTLSRequest(self, request, controls, reply): """ If the protocol factory has an `options` attribute it is assumed to be a `twisted.internet.ssl.CertificateOptions` that can be used to initiate TLS on the transport. Otherwise, this method returns an `unavailable` result code. """ debug_flag = self.debug if debug_flag: log.msg("Received startTLS request: " + repr(request)) if hasattr(self.factory, 'options'): if self.startTLS_initiated: msg = pureldap.LDAPStartTLSResponse( resultCode=ldaperrors.LDAPOperationsError.resultCode) log.msg( "Session already using TLS. " "Responding with 'operationsError' (1): " + repr(msg)) else: if debug_flag: log.msg("Setting success result code ...") msg = pureldap.LDAPStartTLSResponse( resultCode=ldaperrors.Success.resultCode) if debug_flag: log.msg("Replying with successful LDAPStartTLSResponse ...") reply(msg) if debug_flag: log.msg("Initiating startTLS on transport ...") self.transport.startTLS(self.factory.options) self.startTLS_initiated = True msg = None else: msg = pureldap.LDAPStartTLSResponse( resultCode=ldaperrors.LDAPUnavailable.resultCode) log.msg( "StartTLS not implemented. " "Responding with 'unavailable' (52): " + repr(msg)) return defer.succeed(msg)
def _failedToConnectToProxiedServer(self, err): """ The connection to the proxied server failed. """ log.msg("[ERROR] Could not connect to proxied server. " "Error was:\n{}".format(err)) while len(self.queuedRequests) > 0: request, controls, reply = self.queuedRequests.pop(0) if isinstance(request, pureldap.LDAPBindRequest): msg = pureldap.LDAPBindResponse( resultCode=ldaperrors.LDAPUnavailable.resultCode) elif isinstance(request, pureldap.LDAPStartTLSRequest): msg = pureldap.LDAPStartTLSResponse( resultCode=ldaperrors.LDAPUnavailable.resultCode) else: continue reply(msg) self.transport.loseConnection()
def test_TLS_failure(self): clock = Clock() ldapclient.reactor = clock client, transport = self.create_test_client() d = client.startTLS() clock.advance(1) error = ldaperrors.LDAPOperationsError() op = pureldap.LDAPStartTLSResponse(error.resultCode) response = pureldap.LDAPMessage(op) response.id -= 1 resp_bytestring = response.toWire() client.dataReceived(resp_bytestring) def cb_(thing): expected = ldaperrors.LDAPOperationsError self.assertEqual(expected, type(thing.value)) d.addErrback(cb_) return d