/usr/lib/python3/dist-packages/ldap3/operation/bind.py is in python3-ldap3 2.4.1-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 | """
"""
# Created on 2013.05.31
#
# Author: Giovanni Cannata
#
# Copyright 2013 - 2018 Giovanni Cannata
#
# This file is part of ldap3.
#
# ldap3 is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ldap3 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ldap3 in the COPYING and COPYING.LESSER files.
# If not, see <http://www.gnu.org/licenses/>.
from .. import SIMPLE, ANONYMOUS, SASL, STRING_TYPES
from ..core.results import RESULT_CODES
from ..core.exceptions import LDAPPasswordIsMandatoryError, LDAPUnknownAuthenticationMethodError, LDAPUserNameNotAllowedError
from ..protocol.sasl.sasl import validate_simple_password
from ..protocol.rfc4511 import Version, AuthenticationChoice, Simple, BindRequest, ResultCode, SaslCredentials, BindResponse, \
LDAPDN, LDAPString, Referral, ServerSaslCreds, SicilyPackageDiscovery, SicilyNegotiate, SicilyResponse
from ..protocol.convert import authentication_choice_to_dict, referrals_to_list
from ..utils.conv import to_unicode, to_raw
# noinspection PyUnresolvedReferences
def bind_operation(version,
authentication,
name='',
password=None,
sasl_mechanism=None,
sasl_credentials=None,
auto_encode=False):
# BindRequest ::= [APPLICATION 0] SEQUENCE {
# version INTEGER (1 .. 127),
# name LDAPDN,
# authentication AuthenticationChoice }
request = BindRequest()
request['version'] = Version(version)
if name is None:
name = ''
if isinstance(name, STRING_TYPES):
request['name'] = to_unicode(name) if auto_encode else name
if authentication == SIMPLE:
if not name:
raise LDAPPasswordIsMandatoryError('user name is mandatory in simple bind')
if password:
request['authentication'] = AuthenticationChoice().setComponentByName('simple', Simple(validate_simple_password(password)))
else:
raise LDAPPasswordIsMandatoryError('password is mandatory in simple bind')
elif authentication == SASL:
sasl_creds = SaslCredentials()
sasl_creds['mechanism'] = sasl_mechanism
if sasl_credentials is not None:
sasl_creds['credentials'] = sasl_credentials
# else:
# sasl_creds['credentials'] = None
request['authentication'] = AuthenticationChoice().setComponentByName('sasl', sasl_creds)
elif authentication == ANONYMOUS:
if name:
raise LDAPUserNameNotAllowedError('user name not allowed in anonymous bind')
request['name'] = ''
request['authentication'] = AuthenticationChoice().setComponentByName('simple', Simple(''))
elif authentication == 'SICILY_PACKAGE_DISCOVERY': # https://msdn.microsoft.com/en-us/library/cc223501.aspx
request['name'] = ''
request['authentication'] = AuthenticationChoice().setComponentByName('sicilyPackageDiscovery', SicilyPackageDiscovery(''))
elif authentication == 'SICILY_NEGOTIATE_NTLM': # https://msdn.microsoft.com/en-us/library/cc223501.aspx
request['name'] = 'NTLM'
request['authentication'] = AuthenticationChoice().setComponentByName('sicilyNegotiate', SicilyNegotiate(name.create_negotiate_message())) # ntlm client in self.name
elif authentication == 'SICILY_RESPONSE_NTLM': # https://msdn.microsoft.com/en-us/library/cc223501.aspx
name.parse_challenge_message(password) # server_creds returned by server in password
server_creds = name.create_authenticate_message()
if server_creds:
request['name'] = ''
request['authentication'] = AuthenticationChoice().setComponentByName('sicilyResponse', SicilyResponse(server_creds))
else:
request = None
else:
raise LDAPUnknownAuthenticationMethodError('unknown authentication method')
return request
def bind_request_to_dict(request):
return {'version': int(request['version']),
'name': str(request['name']),
'authentication': authentication_choice_to_dict(request['authentication'])}
def bind_response_operation(result_code,
matched_dn='',
diagnostic_message='',
referral=None,
server_sasl_credentials=None):
# BindResponse ::= [APPLICATION 1] SEQUENCE {
# COMPONENTS OF LDAPResult,
# serverSaslCreds [7] OCTET STRING OPTIONAL }
response = BindResponse()
response['resultCode'] = ResultCode(result_code)
response['matchedDN'] = LDAPDN(matched_dn)
response['diagnosticMessage'] = LDAPString(diagnostic_message)
if referral:
response['referral'] = Referral(referral)
if server_sasl_credentials:
response['serverSaslCreds'] = ServerSaslCreds(server_sasl_credentials)
return response
def bind_response_to_dict(response):
return {'result': int(response['resultCode']),
'description': ResultCode().getNamedValues().getName(response['resultCode']),
'dn': str(response['matchedDN']),
'message': str(response['diagnosticMessage']),
'referrals': referrals_to_list(response['referral']),
'saslCreds': bytes(response['serverSaslCreds']) if response['serverSaslCreds'] is not None and response['serverSaslCreds'].hasValue() else None}
def sicily_bind_response_to_dict(response):
return {'result': int(response['resultCode']),
'description': ResultCode().getNamedValues().getName(response['resultCode']),
'server_creds': bytes(response['matchedDN']),
'error_message': str(response['diagnosticMessage'])}
def bind_response_to_dict_fast(response):
response_dict = dict()
response_dict['result'] = int(response[0][3]) # resultCode
response_dict['description'] = RESULT_CODES[response_dict['result']]
response_dict['dn'] = to_unicode(response[1][3], from_server=True) # matchedDN
response_dict['message'] = to_unicode(response[2][3], from_server=True) # diagnosticMessage
response_dict['referrals'] = None # referrals
response_dict['saslCreds'] = None # saslCreds
for r in response[3:]:
if r[2] == 3: # referrals
response_dict['referrals'] = referrals_to_list(r[3]) # referrals
else:
response_dict['saslCreds'] = bytes(r[3]) # saslCreds
return response_dict
def sicily_bind_response_to_dict_fast(response):
response_dict = dict()
response_dict['result'] = int(response[0][3]) # resultCode
response_dict['description'] = RESULT_CODES[response_dict['result']]
response_dict['server_creds'] = bytes(response[1][3]) # server_creds
response_dict['error_message'] = to_unicode(response[2][3], from_server=True) # error_message
return response_dict
|