commit python-slapdsock for openSUSE:Factory

Hello community, here is the log from the commit of package python-slapdsock for openSUSE:Factory checked in at 2017-07-12 19:36:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-slapdsock (Old) and /work/SRC/openSUSE:Factory/.python-slapdsock.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-slapdsock" Wed Jul 12 19:36:44 2017 rev:4 rq:509740 version:0.5.4 Changes: -------- --- /work/SRC/openSUSE:Factory/python-slapdsock/python-slapdsock.changes 2017-07-04 09:12:06.468151731 +0200 +++ /work/SRC/openSUSE:Factory/.python-slapdsock.new/python-slapdsock.changes 2017-07-12 19:36:55.720528336 +0200 @@ -1,0 +2,5 @@ +Wed Jul 12 11:12:25 UTC 2017 - michael@stroeder.com + +- update to upstream release 0.5.4 + +------------------------------------------------------------------- Old: ---- slapdsock-0.5.3.tar.gz slapdsock-0.5.3.tar.gz.asc New: ---- slapdsock-0.5.4.tar.gz slapdsock-0.5.4.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-slapdsock.spec ++++++ --- /var/tmp/diff_new_pack.2cpcxc/_old 2017-07-12 19:36:56.236455458 +0200 +++ /var/tmp/diff_new_pack.2cpcxc/_new 2017-07-12 19:36:56.240454893 +0200 @@ -17,7 +17,7 @@ Name: python-slapdsock -Version: 0.5.3 +Version: 0.5.4 Release: 0 Summary: Python module for slapd-sock listeners License: Apache-2.0 ++++++ slapdsock-0.5.3.tar.gz -> slapdsock-0.5.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slapdsock-0.5.3/PKG-INFO new/slapdsock-0.5.4/PKG-INFO --- old/slapdsock-0.5.3/PKG-INFO 2017-07-02 18:18:43.000000000 +0200 +++ new/slapdsock-0.5.4/PKG-INFO 2017-07-12 13:11:07.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: slapdsock -Version: 0.5.3 +Version: 0.5.4 Summary: Module package for back-sock listeners for OpenLDAP Home-page: https://www.stroeder.com/slapdsock.html Author: Michael Stroeder diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slapdsock-0.5.3/examples/passmod.py new/slapdsock-0.5.4/examples/passmod.py --- old/slapdsock-0.5.3/examples/passmod.py 2017-07-02 18:16:44.000000000 +0200 +++ new/slapdsock-0.5.4/examples/passmod.py 2017-07-03 15:26:30.000000000 +0200 @@ -121,6 +121,7 @@ if __debug__: DEBUG_VARS.extend([ 'new_passwd', + 'user_password_hash', ]) #----------------------------------------------------------------------- @@ -190,6 +191,7 @@ 'pwdPolicySubentry', 'uid', 'uidNumber', + 'userPassword', ], ) except ldap.SERVER_DOWN, ldap_error: @@ -204,6 +206,19 @@ ) return ldap_result[0][1] # _read_user_entry() + def _compare_old_pwd(self, user_entry, new_passwd): + try: + user_password_hash = user_entry['userPassword'][0] + except KeyError: + self._log(logging.DEBUG, 'no old password hash to check') + return False + pw_context = passlib.context.CryptContext(schemes=['sha512_crypt']) + self._log(logging.DEBUG, 'will check old password hash') + try: + return pw_context.verify(new_passwd, user_password_hash[7:]) + except ValueError: + return False + def _get_new_passwd(self, request): """ Try to extract userPassword from request @@ -219,7 +234,11 @@ request.dn, ), log_level=logging.ERROR, - response='CONTINUE\n', + response=RESULTResponse( + request.msgid, + 'constraintViolation', + info='Multiple password values not allowed!', + ), log_vars=self.server._log_vars, ) new_passwd = mod_vals[0] @@ -371,8 +390,14 @@ """ new_passwd = self._get_new_passwd(request) user_entry = self._read_user_entry(request) + self._log(logging.DEBUG, 'user entry attributes: %r', user_entry.keys()) # Attributes from user entry #user_class = user_entry.get('structuralObjectClass', [None])[0] + if self._compare_old_pwd(user_entry, new_passwd): + # setting old password again triggers export once more + self._log(logging.INFO, 'user entry already has password => re-export and return success') + self._export_password(request, user_entry, new_passwd) + return RESULTResponse(request.msgid, 'success') pwd_changed_time = user_entry.get('pwdChangedTime', [None])[0] pwd_policy_subentry_dn = user_entry.get( 'pwdPolicySubentry', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slapdsock-0.5.3/slapdsock/message.py new/slapdsock-0.5.4/slapdsock/message.py --- old/slapdsock-0.5.3/slapdsock/message.py 2017-07-02 00:43:16.000000000 +0200 +++ new/slapdsock-0.5.4/slapdsock/message.py 2017-07-03 17:16:14.000000000 +0200 @@ -493,11 +493,11 @@ code = RESULT_CODE.get(type(ldap_error), RESULT_CODE['other']) try: info = ldap_error.args[0]['info'].decode('utf-8') - except (AttributeError, KeyError): + except (AttributeError, KeyError, IndexError): pass try: matched = ldap_error.args[0]['matched'].decode('utf-8') - except (AttributeError, KeyError): + except (AttributeError, KeyError, IndexError): pass else: raise TypeError('Invalid type of argument code=%r' % (code)) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slapdsock-0.5.3/slapdsock/pkginfo.py new/slapdsock-0.5.4/slapdsock/pkginfo.py --- old/slapdsock-0.5.3/slapdsock/pkginfo.py 2017-07-01 20:06:32.000000000 +0200 +++ new/slapdsock-0.5.4/slapdsock/pkginfo.py 2017-07-03 17:25:57.000000000 +0200 @@ -2,6 +2,6 @@ """ meta attributes for packaging which does not import any dependencies """ -__version__ = '0.5.3' +__version__ = '0.5.4' __author__ = u'Michael Ströder ' __license__ = 'Apache License, Version 2.0' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slapdsock-0.5.3/slapdsock.egg-info/PKG-INFO new/slapdsock-0.5.4/slapdsock.egg-info/PKG-INFO --- old/slapdsock-0.5.3/slapdsock.egg-info/PKG-INFO 2017-07-02 18:18:43.000000000 +0200 +++ new/slapdsock-0.5.4/slapdsock.egg-info/PKG-INFO 2017-07-12 13:11:07.000000000 +0200 @@ -1,6 +1,6 @@ Metadata-Version: 1.1 Name: slapdsock -Version: 0.5.3 +Version: 0.5.4 Summary: Module package for back-sock listeners for OpenLDAP Home-page: https://www.stroeder.com/slapdsock.html Author: Michael Stroeder diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slapdsock-0.5.3/tests/t_message.py new/slapdsock-0.5.4/tests/t_message.py --- old/slapdsock-0.5.3/tests/t_message.py 2017-06-21 21:26:13.000000000 +0200 +++ new/slapdsock-0.5.4/tests/t_message.py 2017-07-03 17:23:09.000000000 +0200 @@ -4,13 +4,18 @@ Tests for slapdsock.message """ -import unittest, sys, os +# from Python standard library +import unittest +import sys +import os + +# python-ldap +import ldap # Extend path with working directory sys.path.append(os.getcwd()) -from slapdsock.message import BINDRequest, MODIFYRequest - +from slapdsock.message import BINDRequest, MODIFYRequest, RESULTResponse #----------------------------------------------------------------------- # Test slapdsock.message.BINDRequest @@ -104,6 +109,12 @@ return msg.split('\n') +class TestResponseMessage(unittest.TestCase): + """ + Base class for testing response messages + """ + + class TestBINDRequest(TestRequestMessage): """ Test various cases for BINDRequest @@ -190,5 +201,25 @@ self.assertEquals(req.modops, [(2, 'userPassword', ['{SSHA}5/WxVWC6CtRetVnVNP3Sv5s4F/kQRURR'])]) +class TestLDAPErrorResponse(TestResponseMessage): + + def test_no_such_object(self): + resp = str(RESULTResponse(42, ldap.NO_SUCH_OBJECT())) + self.assertEquals(resp, 'RESULT\ncode: 32') + no_such_object = ldap.NO_SUCH_OBJECT() + no_such_object.args = [{ + 'info': 'test info', + }] + resp = str(RESULTResponse(42, no_such_object)) + self.assertEquals(resp, 'RESULT\ncode: 32\ninfo: test info') + no_such_object = ldap.NO_SUCH_OBJECT() + no_such_object.args = [{ + 'info': 'test info', + 'matched': 'dc=example,dc=com', + }] + resp = str(RESULTResponse(42, no_such_object)) + self.assertEquals(resp, 'RESULT\ncode: 32\nmatched: dc=example,dc=com\ninfo: test info') + + if __name__ == '__main__': unittest.main()