0001-ldap-use_controls-defaults-to-False-if-python-ldap-3.patch

Loïc Dachary, 18 mars 2021 14:59

Voir les différences: en ligne côte à côte

Subject: [PATCH] ldap: use_controls defaults to False if python-ldap < 3.3.1
 (#52190)

Controls prior to python-ldap 3.3.1 are partially implemented because
exceptions do not report information about the controls that may have
triggered the error. To avoid an unexpected behavior, the default for
use_controls is modified to be False if python-ldap 3.3.1.

Tests are added for python-ldap 3.1.0 because it is the version
available in Debian GNU/Linux buster & bullseye.

Discussion: https://listes.entrouvert.com/arc/authentic/2021-03/msg00005.html
Fixes: https://dev.entrouvert.org/issues/52190

License: MIT

 src/authentic2/backends/ldap_backend.py | 15 ++++++++++++++-
 tests/test_ldap.py                      | 10 ++++++++++
 tox.ini                                 |  2 ++
 3 files changed, 26 insertions(+), 1 deletion(-)

         ldap = None
         PYTHON_LDAP3 = None
     import logging
     from packaging.version import parse as version_parse
     import random
     import base64
     import os
-...
     if PYTHON_LDAP3 is True:
         def ldap_implements_controls():
+            #
             # prior to 3.3.1 controls are partially implemented: exceptions do not include
             # controls information
+            #
             return version_parse(ldap.__version__) >= version_parse('3.3.1')
         class LDAPObject(NativeLDAPObject):
             def __init__(self, uri, trace_level=0, trace_file=None,
                          trace_stack_limit=5, bytes_mode=False,
-...
                 return resp_type, resp_data, resp_msgid, decoded_resp_ctrls, resp_name, resp_value
     elif PYTHON_LDAP3 is False:
         def ldap_implements_controls():
             return False
         class LDAPObject(NativeLDAPObject):
             def simple_bind_s(self, who='', cred='', serverctrls=None, clientctrls=None):
                 who = force_bytes(who)
-...
             # mapping from LDAP attributes to User attributes
             'user_attributes': [],
             # https://www.python-ldap.org/en/python-ldap-3.3.0/reference/ldap.html#ldap-controls
             'use_controls': True,
             'use_controls': ldap_implements_controls(),
+        }
         _REQUIRED = ('url', 'basedn')
         _TO_ITERABLE = ('url', 'groupsu', 'groupstaff', 'groupactive')

     @pytest.fixture
     def slapd_ppolicy():
         if ldap_backend.ldap_implements_controls() is False:
             pytest.skip("ldap does not implement controls")
         with create_slapd() as slapd:
             conn = slapd.get_connection_admin()
             assert conn.protocol_version == ldap.VERSION3
-...
+                }
+            ]
+        }
     def test_use_controls():
         from packaging.version import parse as version_parse
         if version_parse(ldap.__version__) >= version_parse('3.3.1'):
             assert ldap_backend.LDAPBackend._DEFAULTS['use_controls'] is True
         else:
             assert ldap_backend.LDAPBackend._DEFAULTS['use_controls'] is False

       authentic-py3-dj111-drf34
       authentic-py3-dj111-drf39
       authentic-py3-dj22-drf39
       authentic-py3-dj22-drf39-pythonldap310
     [testenv]
     setenv =
-...
       py3: django-filter<2.3
       drf34: djangorestframework>=3.4,<3.4.1
       drf39: djangorestframework>=3.9.2,<3.10
       pythonldap310: python-ldap==3.1.0
     usedevelop = True
     commands =
       py2: ./getlasso.sh
+    -

Projet

Général

Profil

Produits Entr'ouvert » Authentic 2

0001-ldap-use_controls-defaults-to-False-if-python-ldap-3.patch