security-and-privacy/ldapcherry
security-and-privacy/ldapcherry
1
0
Fork 0
mirror of https://github.com/kakwa/ldapcherry synced 2024-11-25 10:44:30 +01:00
Code Releases Activity

fix password setting with Active Directory

Browse Source
This commit is contained in:
kakwa 2016-06-16 21:49:48 +02:00
parent c320fa9da6
commit c969e730c4
2 changed files with 72 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
ldapcherry/backend/backendAD.py
View File

@ -29,6 +29,32 @@ LISTED_ATTRS = 2
ALL_ATTRS = 3 ALL_ATTRS = 3
# UserAccountControl Attribute/Flag Values
# For details, look at:
# https://support.microsoft.com/en-us/kb/305144
SCRIPT = 0x0001
ACCOUNTDISABLE = 0x0002
HOMEDIR_REQUIRED = 0x0008
LOCKOUT = 0x0010
PASSWD_NOTREQD = 0x0020
PASSWD_CANT_CHANGE = 0x0040
ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080
TEMP_DUPLICATE_ACCOUNT = 0x0100
NORMAL_ACCOUNT = 0x0200
INTERDOMAIN_TRUST_ACCOUNT = 0x0800
WORKSTATION_TRUST_ACCOUNT = 0x1000
SERVER_TRUST_ACCOUNT = 0x2000
DONT_EXPIRE_PASSWORD = 0x10000
MNS_LOGON_ACCOUNT = 0x20000
SMARTCARD_REQUIRED = 0x40000
TRUSTED_FOR_DELEGATION = 0x80000
NOT_DELEGATED = 0x100000
USE_DES_KEY_ONLY = 0x200000
DONT_REQ_PREAUTH = 0x400000
PASSWORD_EXPIRED = 0x800000
TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000
PARTIAL_SECRETS_ACCOUNT = 0x04000000
# Generated by the followin command: # Generated by the followin command:
# samba-tool group list | \ # samba-tool group list | \
@ -139,6 +165,44 @@ class Backend(ldapcherry.backend.backendLdap.Backend):
ad_groups.append('cn=' + group + ',' + self.groupdn) ad_groups.append('cn=' + group + ',' + self.groupdn)
return ad_groups return ad_groups
def _set_password(self, cn, password):
unicode_pass = '\"' + password + '\"'
password_value = unicode_pass.encode('utf-16-le')
ldap_client = self._bind()
dn = str('CN=%(cn)s,%(user_dn)s' % {
'cn': cn,
'user_dn': self.userdn
}
)
attrs = {}
attrs['unicodePwd'] = str(password_value)
#ldif = modlist.modifyModlist({'unicodePwd': 'asad'}, attrs)
ldif = modlist.modifyModlist({'unicodePwd': 'tmp'}, attrs)
ldap_client.modify_s(dn,ldif)
del(attrs['unicodePwd'])
attrs['UserAccountControl'] = str(NORMAL_ACCOUNT)
ldif = modlist.modifyModlist({'UserAccountControl': 'tmp'}, attrs)
ldap_client.modify_s(dn,ldif)
def add_user(self, attrs):
password = attrs['unicodePwd']
del(attrs['unicodePwd'])
super(Backend, self).add_user(attrs)
self._set_password(attrs['cn'], password)
def set_attrs(self, username, attrs):
if 'unicodePwd' in attrs:
password = attrs['unicodePwd']
del(attrs['unicodePwd'])
self._set_password(attrs['cn'], password)
super(Backend, self).set_attrs(username, attrs)
def add_to_groups(self, username, groups): def add_to_groups(self, username, groups):
ad_groups = self._build_groupdn(groups) ad_groups = self._build_groupdn(groups)
super(Backend, self).add_to_groups(username, ad_groups) super(Backend, self).add_to_groups(username, ad_groups)

10
ldapcherry/backend/backendLdap.py
View File

@ -293,13 +293,17 @@ class Backend(ldapcherry.backend.Backend):
else: else:
return False return False
def attrs_pretreatment(self, attrs):
attrs_str = {}
for a in attrs:
attrs_str[self._str(a)] = self._str(attrs[a])
return attrs_str
def add_user(self, attrs): def add_user(self, attrs):
"""add a user""" """add a user"""
ldap_client = self._bind() ldap_client = self._bind()
attrs_str = {}
# encoding crap # encoding crap
for a in attrs: attrs_str = self.attrs_pretreatment(attrs)
attrs_str[self._str(a)] = self._str(attrs[a])
attrs_str['objectClass'] = self.objectclasses attrs_str['objectClass'] = self.objectclasses
# construct is DN # construct is DN