fix password setting with Active Directory

2024-11-25 02:34:31 +01:00 · 2016-06-16 21:49:48 +02:00 · 2016-06-16 21:49:48 +02:00 · c969e730c4
commit c969e730c4
parent c320fa9da6
2 changed files with 72 additions and 4 deletions
--- a/ldapcherry/backend/backendAD.py
+++ b/ldapcherry/backend/backendAD.py
@ -29,6 +29,32 @@ LISTED_ATTRS = 2
 ALL_ATTRS = 3


+# UserAccountControl Attribute/Flag Values
+# For details, look at:
+# https://support.microsoft.com/en-us/kb/305144 
+SCRIPT = 0x0001
+ACCOUNTDISABLE = 0x0002
+HOMEDIR_REQUIRED = 0x0008
+LOCKOUT = 0x0010
+PASSWD_NOTREQD = 0x0020
+PASSWD_CANT_CHANGE = 0x0040
+ENCRYPTED_TEXT_PWD_ALLOWED = 0x0080
+TEMP_DUPLICATE_ACCOUNT = 0x0100
+NORMAL_ACCOUNT = 0x0200
+INTERDOMAIN_TRUST_ACCOUNT = 0x0800
+WORKSTATION_TRUST_ACCOUNT = 0x1000
+SERVER_TRUST_ACCOUNT = 0x2000
+DONT_EXPIRE_PASSWORD = 0x10000
+MNS_LOGON_ACCOUNT = 0x20000
+SMARTCARD_REQUIRED = 0x40000
+TRUSTED_FOR_DELEGATION = 0x80000
+NOT_DELEGATED = 0x100000
+USE_DES_KEY_ONLY = 0x200000
+DONT_REQ_PREAUTH = 0x400000
+PASSWORD_EXPIRED = 0x800000
+TRUSTED_TO_AUTH_FOR_DELEGATION = 0x1000000
+PARTIAL_SECRETS_ACCOUNT = 0x04000000
+
 # Generated by the followin command:

 # samba-tool group list | \
@ -139,6 +165,44 @@ class Backend(ldapcherry.backend.backendLdap.Backend):
                ad_groups.append('cn=' + group + ',' + self.groupdn)
        return ad_groups

+    def _set_password(self, cn, password):
+	unicode_pass = '\"' + password + '\"'
+	password_value = unicode_pass.encode('utf-16-le')
+	
+	ldap_client = self._bind()	
+	
+	dn = str('CN=%(cn)s,%(user_dn)s' % {
+		    'cn': cn,
+                    'user_dn': self.userdn
+                    }
+                )
+	
+	attrs = {}
+	
+	attrs['unicodePwd'] = str(password_value)
+	
+	#ldif = modlist.modifyModlist({'unicodePwd': 'asad'}, attrs)
+	ldif = modlist.modifyModlist({'unicodePwd': 'tmp'}, attrs)
+	ldap_client.modify_s(dn,ldif)
+
+	del(attrs['unicodePwd'])
+	attrs['UserAccountControl'] = str(NORMAL_ACCOUNT)
+	ldif = modlist.modifyModlist({'UserAccountControl': 'tmp'}, attrs)
+	ldap_client.modify_s(dn,ldif)
+
+    def add_user(self, attrs):
+        password = attrs['unicodePwd']
+	del(attrs['unicodePwd'])
+	super(Backend, self).add_user(attrs)
+	self._set_password(attrs['cn'], password)
+
+    def set_attrs(self, username, attrs):
+	if 'unicodePwd' in attrs:
+            password = attrs['unicodePwd']
+	    del(attrs['unicodePwd'])
+	    self._set_password(attrs['cn'], password)
+	super(Backend, self).set_attrs(username, attrs)
+
    def add_to_groups(self, username, groups):
        ad_groups = self._build_groupdn(groups)
        super(Backend, self).add_to_groups(username, ad_groups)
--- a/ldapcherry/backend/backendLdap.py
+++ b/ldapcherry/backend/backendLdap.py
@ -292,15 +292,19 @@ class Backend(ldapcherry.backend.Backend):
            return True
        else:
            return False
+    
+    def attrs_pretreatment(self, attrs):
+        attrs_str = {}
+        for a in attrs:
+            attrs_str[self._str(a)] = self._str(attrs[a])
+        return attrs_str

    def add_user(self, attrs):
        """add a user"""
        ldap_client = self._bind()
-        attrs_str = {}
        # encoding crap
-        for a in attrs:
-            attrs_str[self._str(a)] = self._str(attrs[a])
-
+        attrs_str = self.attrs_pretreatment(attrs)
+        
        attrs_str['objectClass'] = self.objectclasses
        # construct is DN
        dn = \