security-and-privacy/ldapcherry
security-and-privacy/ldapcherry
1
0
Fork 0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-29 04:34:30 +01:00
Code Releases Activity

pepify the source code

Browse Source
This commit is contained in:
kakwa 2016-06-17 00:10:02 +02:00
parent d8631da7ba
commit b8a65a44b6
3 changed files with 41 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
ldapcherry/backend/backendAD.py
View File

@ -26,7 +26,7 @@ class CaFileDontExist(Exception):
class MissingAttr(Exception): class MissingAttr(Exception):
def __init__(self): def __init__(self):
self.log = 'attributes "cn" and "unicodePwd" must be declared ' \ self.log = 'attributes "cn" and "unicodePwd" must be declared ' \
'in attributes.yml for all Active Directory backends.' 'in attributes.yml for all Active Directory backends.'
NO_ATTR = 0 NO_ATTR = 0
DISPLAYED_ATTRS = 1 DISPLAYED_ATTRS = 1
@ -58,7 +58,6 @@ DONT_REQ_PREAUTH = 0x400000
PASSWORD_EXPIRED = 0x800000 PASSWORD_EXPIRED = 0x800000
TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000 TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000
PARTIAL_SECRETS_ACCOUNT = 0x04000000 PARTIAL_SECRETS_ACCOUNT = 0x04000000
# Generated by the followin command: # Generated by the followin command:
# samba-tool group list | \ # samba-tool group list | \
@ -143,11 +142,11 @@ class Backend(ldapcherry.backend.backendLdap.Backend):
for a in attrslist: for a in attrslist:
self.attrlist.append(self._str(a)) self.attrlist.append(self._str(a))
if 'cn' not in self.attrlist: if 'cn' not in self.attrlist:
raise MissingAttr() raise MissingAttr()
if 'unicodePwd' not in self.attrlist: if 'unicodePwd' not in self.attrlist:
raise MissingAttr() raise MissingAttr()
def _search_group(self, searchfilter, groupdn): def _search_group(self, searchfilter, groupdn):
searchfilter = self._str(searchfilter) searchfilter = self._str(searchfilter)
@ -176,42 +175,40 @@ class Backend(ldapcherry.backend.backendLdap.Backend):
return ad_groups return ad_groups
def _set_password(self, cn, password): def _set_password(self, cn, password):
unicode_pass = '\"' + password + '\"' unicode_pass = '\"' + password + '\"'
password_value = unicode_pass.encode('utf-16-le') password_value = unicode_pass.encode('utf-16-le')
ldap_client = self._bind() ldap_client = self._bind()
dn = str('CN=%(cn)s,%(user_dn)s' % { dn = str('CN=%(cn)s,%(user_dn)s' % {
'cn': cn, 'cn': cn,
'user_dn': self.userdn 'user_dn': self.userdn
} })
)
attrs = {} attrs = {}
attrs['unicodePwd'] = str(password_value) attrs['unicodePwd'] = str(password_value)
#ldif = modlist.modifyModlist({'unicodePwd': 'asad'}, attrs) ldif = modlist.modifyModlist({'unicodePwd': 'tmp'}, attrs)
ldif = modlist.modifyModlist({'unicodePwd': 'tmp'}, attrs) ldap_client.modify_s(dn, ldif)
ldap_client.modify_s(dn,ldif)
del(attrs['unicodePwd']) del(attrs['unicodePwd'])
attrs['UserAccountControl'] = str(NORMAL_ACCOUNT) attrs['UserAccountControl'] = str(NORMAL_ACCOUNT)
ldif = modlist.modifyModlist({'UserAccountControl': 'tmp'}, attrs) ldif = modlist.modifyModlist({'UserAccountControl': 'tmp'}, attrs)
ldap_client.modify_s(dn,ldif) ldap_client.modify_s(dn, ldif)
def add_user(self, attrs): def add_user(self, attrs):
password = attrs['unicodePwd'] password = attrs['unicodePwd']
del(attrs['unicodePwd']) del(attrs['unicodePwd'])
super(Backend, self).add_user(attrs) super(Backend, self).add_user(attrs)
self._set_password(attrs['cn'], password) self._set_password(attrs['cn'], password)
def set_attrs(self, username, attrs): def set_attrs(self, username, attrs):
if 'unicodePwd' in attrs: if 'unicodePwd' in attrs:
password = attrs['unicodePwd'] password = attrs['unicodePwd']
del(attrs['unicodePwd']) del(attrs['unicodePwd'])
self._set_password(attrs['cn'], password) self._set_password(attrs['cn'], password)
super(Backend, self).set_attrs(username, attrs) super(Backend, self).set_attrs(username, attrs)
def add_to_groups(self, username, groups): def add_to_groups(self, username, groups):
ad_groups = self._build_groupdn(groups) ad_groups = self._build_groupdn(groups)

9
ldapcherry/backend/backendLdap.py
View File

@ -259,7 +259,6 @@ class Backend(ldapcherry.backend.Backend):
else: else:
dn_entry = r[0] dn_entry = r[0]
return dn_entry return dn_entry
# python-ldap talks in bytes, # python-ldap talks in bytes,
# as the rest of ldapcherry talks in unicode utf-8: # as the rest of ldapcherry talks in unicode utf-8:
# * everything passed to python-ldap must be converted to bytes # * everything passed to python-ldap must be converted to bytes
@ -308,10 +307,10 @@ class Backend(ldapcherry.backend.Backend):
attrs_str['objectClass'] = self.objectclasses attrs_str['objectClass'] = self.objectclasses
# construct is DN # construct is DN
dn = \ dn = \
self._str(self.dn_user_attr) +\ self._str(self.dn_user_attr) + \
'=' +\ '=' + \
self._str(attrs[self.dn_user_attr]) +\ self._str(attrs[self.dn_user_attr]) + \
',' +\ ',' + \
self._str(self.userdn) self._str(self.userdn)
# gen the ldif fir add_s and add the user # gen the ldif fir add_s and add the user
ldif = modlist.addModlist(attrs_str) ldif = modlist.addModlist(attrs_str)

4
ldapcherry/exceptions.py
View File

@ -127,7 +127,7 @@ class WrongParamValue(Exception):
self.param = param self.param = param
possible_values_str = string.join(possible_values, ', ') possible_values_str = string.join(possible_values, ', ')
self.log = \ self.log = \
"wrong value for param '%(param)s' in section '%(section)s'"\ "wrong value for param '%(param)s' in section '%(section)s'" \
", possible values are [%(values)s]" % \ ", possible values are [%(values)s]" % \
{ {
'param': param, 'param': param,
@ -167,7 +167,7 @@ class PasswordAttributesCollision(Exception):
self.key = key self.key = key
self.log = \ self.log = \
"key '" + key + "' type is password," \ "key '" + key + "' type is password," \
" keys '" + key + "1' and '" + key + "2'"\ " keys '" + key + "1' and '" + key + "2'" \
" are reserved and cannot be used" " are reserved and cannot be used"