Projet

Général

Profil

0001-ldap-remove-check-hostname-option-69470.patch

Thomas Noël, 23 septembre 2022 02:23

Télécharger (6,77 ko)

Voir les différences:

Subject: [PATCH] ldap: remove check hostname option (#69470)

OPT_X_TLS_REQUIRE_SAN cannot be used with python3-ldap 3.2 available in Debian 11
 ...2_remove_resource_ldap_tls_check_hostname.py | 17 +++++++++++++++++
 passerelle/apps/ldap/models.py                  |  9 ---------
 tests/ldap/test_manager.py                      |  1 -
 tests/ldap/test_search_endpoint.py              | 14 ++++++--------
 tox.ini                                         |  1 +
 5 files changed, 24 insertions(+), 18 deletions(-)
 create mode 100644 passerelle/apps/ldap/migrations/0002_remove_resource_ldap_tls_check_hostname.py
passerelle/apps/ldap/migrations/0002_remove_resource_ldap_tls_check_hostname.py
1
# Generated by Django 2.2.26 on 2022-09-22 23:48
2

  
3
from django.db import migrations
4

  
5

  
6
class Migration(migrations.Migration):
7

  
8
    dependencies = [
9
        ('ldap', '0001_initial'),
10
    ]
11

  
12
    operations = [
13
        migrations.RemoveField(
14
            model_name='resource',
15
            name='ldap_tls_check_hostname',
16
        ),
17
    ]
passerelle/apps/ldap/models.py
66 66
        blank=True,
67 67
        validators=[forms.validate_certificate],
68 68
    )
69
    ldap_tls_check_hostname = models.BooleanField(
70
        verbose_name=_('TLS check hostname'),
71
        default=True,
72
        blank=True,
73
    )
74 69
    ldap_tls_check_cert = models.BooleanField(
75 70
        verbose_name=_('TLS check certificate'),
76 71
        default=True,
......
123 118
        conn = ldap.initialize(self.ldap_url)
124 119
        conn.set_option(ldap.OPT_TIMEOUT, 5)
125 120
        conn.set_option(ldap.OPT_NETWORK_TIMEOUT, 5)
126
        if self.ldap_tls_check_hostname:
127
            conn.set_option(ldap.OPT_X_TLS_REQUIRE_SAN, ldap.OPT_X_TLS_DEMAND)
128
        else:
129
            conn.set_option(ldap.OPT_X_TLS_REQUIRE_SAN, ldap.OPT_X_TLS_NEVER)
130 121
        if self.ldap_tls_check_cert:
131 122
            conn.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_DEMAND)
132 123
        else:
tests/ldap/test_manager.py
118 118
                'content': 'LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2d0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktrd2dnU2xBZ0VBQW9JQkFRRGpHd3VmYm5LSzIxdU8KVGx0d3E5allqek0rSzh2cGhhZll3bUtacEJCSTNNTEQvdzg2WlU4dVl3aHZlVnhtUEowVkZwMzVGUEZsK2U2OApJSW11Y2FzYnVFNndrMTZkTXN0VFM2QTMvSkRYenIxd3pUdHIyMk5MTXZzMExQMGZVMGdyWDVCd0d4TVRGenZ0CjA1YW5CWWoxT09waGhFdjdON0hlYVh4eDJweERzRkJSREVDOERoUlRyY016WWI3azdkMFR1WHk2L0lGUlRlUmIKK3lFZktGL0I1WTFjN3doZGNpTzhOODlpUTZ5TnpwNmZhUVV5djZ3UTFKUXFCOE1xUFA5VE9ySkxzc0Z2aTJRawpBdGt6eEEvbnBWNUFBYlVsa1hZbmIvTFZHb0Y4Z1pFZ1NSaWhvZHlQcFFCTmxyWEZ4bU15NXN2UGVpMUUxaHhGCmNva3hoWVp0QWdNQkFBRUNnZ0VBT1VaSTJCeHlwckpMbE1nT0o0d3ZVKzVKYmhSOWlKYzhqVjM0bitiUWRJKzQKVHRXMGNYVzdVbWVIYVJXaVIrWmhkMEFNOXhSaERPYkxYb2FXTW5oWVB0VnNndnVua04yT2lhTTQ5T1d0WWIreAo1eERiTzRoSXNsNVpHLzk4bHJuYUtaWWdSeVdNMmZPeUdYaVROZXdmYmppOFkzdUo3Z0ZOeWxtd0dNYVpRamhyCllOYXFORVY3VnMybjdvRVJ4cXpLRzk5NDdvQkF4MmhwbW9hVzZlTXlYY1dsMm92N2lIcEpTS1VCS2hvKzVQV2MKSjczMW5vME9zR3VTKzNqSGEvMG5aWHJUOG5LbWVteURNZFNmV210VHY2NTlML2d1RkluWnBIUGZGVkxmNTZ2YwpKNnpiL0l6RUpWK05oN0NmQnNNYkhsVFlCZVVGbFJXc3k5dDcwK09ad1FLQmdRRDNKNGFWTjR2SmhYWDF6RGdMCmRWQWN6d0xHS1hZMzhCb0JqT2VSdFZoWEhzNXAvZU5JcWVaMlliWXdCQnkzbkw0MTRVbjdncWI5ZkR0ZzBpM24KNW1RSU9XaHZwSVlVeHR3SVBnWXd6dW14eHAvbjdYZFU0QlBEYnhlalp4a3VDN0FSNWJCMzRwd0pBSnZXUkdFZgowWDFUeEpscVVMaGlaNmcxOE8zUzBvaUp0d0tCZ1FEck85Uk9hajZra3hqWUhtbGpCWklYWGhkS0RjbjBBcVBpCncyMEFhYWZ4MG94TlFBb3E4R3R1MjJaMVFId1JkQmVVSndxQ2JtSFZDQ3diTWYvNTY4ekZBQU51VDliS01lNlgKSjBwMG5URGl5bjh3OU1mZHVGdUc0Y1VNbjRvSzZkSXVZbHNjZ3VvUFFDdlFkY2l3RytkanF3VHJIaWI1VEVibQpqZUtFa1kyQSt3S0JnUUR2WHQrd3kyQmVxQnpNRjZNOExiMk9lVXdWZ25pVnlyeFZQaFBWZ2s1eDZrcytTb0FECmsxRzYyLzNvMlVLNjdsc21zZkRHWUE2OXVNR0ZqMnFZakFIY0dVVzF3eUY5SS9CZEp6MDFybUNXSm1vZTVWWEsKNVU4ZTNBeUgzTVY5WENLRjR2Q2IyK1VGcndvL1puQ3VzV1Z4YVJxdzVrYitQNmlodlp1SXNSRStWd0tCZ1FDNwoyZHVCZzNiakZsVVF3YmlIU3p1UFRhUnJqdmRuMVhQcTh3Vm8vdmNQTm9TMGJCK3lpcXhBcXhUM0xiZm1lRDhjCklORlR0N0tJM1MzYnllSVJReTBUWlI5WVNJbk9qbkZxWkFZaGVpWS85bFg4VW40Sm9kLzFwdllsVG9KK2xKczAKVDNkVEhYaXRGU0hvSnlkTSsvdWNyRVlSUE5NQzR0Yjc1dkt0eTA2bFlRS0JnUUN4NDkrZzVrUWFhUlorNHBzdworZW9sTXBBd0tEa3BLNWdZZW42T3NyVDhtNGhweFRtdGl0ZU1zSDVBdmIvZnhxb0pXTE9qaE40RW5FWlRNSnpyCkx5R29Lc1R2N3JoWndoUnpuRTE1ck96eG1sZFdyY0NrbDdER3VNMkdjS2dndWhDWUY3VTdLQSt2VUNlcUNFMEgKTEEyZ3JrWStUeEZwZzFwd1lkRjFoZWttVHc9PQotLS0tLUVORCBQUklWQVRFIEtFWS0tLS0tCg==',  # pylint: disable=line-too-long
119 119
            },
120 120
            'ldap_tls_cacert': None,
121
            'ldap_tls_check_hostname': True,
122 121
            'ldap_tls_check_cert': True,
123 122
            'ldap_url': 'ldap://localhost.entrouvert.org:52271',
124 123
            'log_level': 'INFO',
tests/ldap/test_search_endpoint.py
68 68
            'id_attribute': 'uid',
69 69
        },
70 70
    )
71
    assert response.json == {
72
        'data': [{'disabled': True, 'id': '', 'text': 'Directory server is unavailable'}],
73
        'err': 1,
74
        'err_class': 'directory-server-unavailable',
75
        'err_desc': '{\'result\': -1, \'desc\': "Can\'t contact LDAP server", '
76
        "'errno': 107, 'ctrls': [], 'info': 'Transport endpoint is not "
77
        "connected'}",
78
    }
71
    assert response.json['err'] == 1
72
    assert response.json['data'] == [{'disabled': True, 'id': '', 'text': 'Directory server is unavailable'}]
73
    assert response.json['err_class'] == 'directory-server-unavailable'
74
    assert "'info': 'Transport endpoint is not connected'" in response.json['err_desc']
75
    assert "'errno': 107" in response.json['err_desc']
76
    assert "'desc': \"Can't contact LDAP server\"" in response.json['err_desc']
79 77

  
80 78

  
81 79
def test_q(app, resource, ldap_server):
tox.ini
47 47
  zeep<3.3
48 48
  codestyle: pre-commit
49 49
  ldaptools
50
  python-ldap<=3.2
50 51
commands =
51 52
  ./get_wcs.sh
52 53
  py.test {posargs: --numprocesses {env:NUMPROCESSES:1} --dist loadfile {env:FAST:} {env:COVERAGE:} {env:JUNIT:} tests/}
53
-