Overall linting #3
@@ -1,60 +1,110 @@
|
|||||||
import ldap3
|
"""
|
||||||
|
Module used to connect to the target LDAP server
|
||||||
|
"""
|
||||||
from typing import Tuple
|
from typing import Tuple
|
||||||
|
from dataclasses import dataclass
|
||||||
|
import ldap3
|
||||||
|
|
||||||
|
|
||||||
|
@dataclass
|
||||||
|
class ClientParams:
|
||||||
|
"""
|
||||||
|
Parameters for the Client class
|
||||||
|
"""
|
||||||
|
address: str
|
||||||
|
base_dn: str
|
||||||
|
port: int = 389
|
||||||
|
tls: bool = False
|
||||||
|
primary_attribute: str = "uid"
|
||||||
|
|
||||||
|
|
||||||
class Client():
|
class Client():
|
||||||
def __init__(self, address: str, port: int, base_dn: str, primary_attribute: str = "uid", tls: bool = False):
|
"""
|
||||||
self.server = ldap3.Server(host=address, port=port, use_ssl=tls)
|
Class that represents a connection to an LDAP server.
|
||||||
self.base_dn = base_dn
|
|
||||||
self.address = address
|
Attributes:
|
||||||
self.port = port
|
server (ldap3.Connection): An ldap3.Server object
|
||||||
self.tls = tls
|
base_dn (str): The target base DN
|
||||||
self.primary_attribute = primary_attribute
|
address (str): The target server's address
|
||||||
|
port (int): The target server's port
|
||||||
|
tls (bool): A boolean to indicate TLS usage
|
||||||
|
primary_attribute (str): The clients' LDAP primary attributes
|
||||||
|
link (ldap3.Connection): Represents the current link status
|
||||||
|
"""
|
||||||
|
def __init__(self, params: ClientParams):
|
||||||
|
self.server = ldap3.Server(
|
||||||
|
host=params.address,
|
||||||
|
port=params.port,
|
||||||
|
use_ssl=params.tls)
|
||||||
|
self.base_dn = params.base_dn
|
||||||
|
self.address = params.address
|
||||||
|
self.port = params.port
|
||||||
|
self.tls = params.tls
|
||||||
|
self.primary_attribute = params.primary_attribute
|
||||||
|
self.link = None
|
||||||
|
|
||||||
def bind(self, user: str, bind_passwd: str) -> Tuple[bool, str]:
|
def bind(self, user: str, bind_passwd: str) -> Tuple[bool, str]:
|
||||||
|
"""
|
||||||
|
Binds to the target server.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
user (str): The target username
|
||||||
|
bind_passwd (str): The target user's password
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
(bool, str): (True, "<user-dn>") if the bind was successful
|
||||||
|
(False, "") if it wasn't.
|
||||||
|
"""
|
||||||
user_dn = f"{self.primary_attribute}={user},{self.base_dn}"
|
user_dn = f"{self.primary_attribute}={user},{self.base_dn}"
|
||||||
|
|
||||||
self.link = ldap3.Connection(self.server, user=user_dn, password=bind_passwd)
|
self.link = ldap3.Connection(self.server,
|
||||||
|
user=user_dn,
|
||||||
|
password=bind_passwd)
|
||||||
|
|
||||||
try:
|
status = self.link.bind()
|
||||||
status = self.link.bind()
|
if status is False:
|
||||||
except Exception as _:
|
print(f"[!!] Could not bind {user_dn} to the LDAP directory: "
|
||||||
status = False
|
f"{self.link.last_error}")
|
||||||
|
return (False, "")
|
||||||
if status == False:
|
|
||||||
print(f"[!!] Could not bind {user_dn} to the LDAP directory: {self.link.last_error}")
|
|
||||||
return (status, "")
|
|
||||||
|
|
||||||
return (status, user_dn)
|
return (status, user_dn)
|
||||||
|
|
||||||
def unbind(self) -> bool:
|
def unbind(self) -> bool:
|
||||||
if self.link.bound != True:
|
"""
|
||||||
|
Unbinds and disconnect from the server.
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
bool: True if the operation was successful, False if it wasn't.
|
||||||
|
"""
|
||||||
|
if self.link.bound is False:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
try:
|
return self.link.unbind()
|
||||||
self.link.unbind()
|
|
||||||
except Exception as e:
|
|
||||||
pass
|
|
||||||
|
|
||||||
return True
|
|
||||||
|
|
||||||
def change_pwd(self, user_dn: str, new_password: str) -> bool:
|
def change_pwd(self, user_dn: str, new_password: str) -> bool:
|
||||||
if self.link.bound == False:
|
"""
|
||||||
|
Changes a specific user's DN.
|
||||||
|
|
||||||
|
Args:
|
||||||
|
user_dn (str): The target user's DN
|
||||||
|
new_password (str): The wanted password
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
bool: True if the operation was successful, False if it wasn't.
|
||||||
|
"""
|
||||||
|
if self.link.bound is False:
|
||||||
print("[!!] Can't change the password: not bound to the server")
|
print("[!!] Can't change the password: not bound to the server")
|
||||||
return False
|
return False
|
||||||
|
|
||||||
status = self.link.modify(user_dn, {'userPassword': [(ldap3.MODIFY_REPLACE, [new_password])]})
|
status = self.link.modify(
|
||||||
if status == True:
|
user_dn, {
|
||||||
|
'userPassword': [
|
||||||
|
(ldap3.MODIFY_REPLACE, [new_password])]})
|
||||||
|
if status:
|
||||||
print(f"[++] Changed password of user {user_dn}")
|
print(f"[++] Changed password of user {user_dn}")
|
||||||
else:
|
else:
|
||||||
print(f"[!!] Could not change password of user {user_dn}: {self.link.last_error}")
|
print(
|
||||||
|
f"[!!] Could not change password of user {user_dn}: "
|
||||||
|
f"{self.link.last_error}")
|
||||||
|
|
||||||
return status
|
return status
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
client = Client("dc01.lan.alxczl.fr", 636, "cn=users,cn=accounts,dc=lan,dc=alxczl,dc=fr", True)
|
|
||||||
client_dn = "uid=alexandre,cn=users,cn=accounts,dc=lan,dc=alxczl,dc=fr"
|
|
||||||
res = client.bind(client_dn, "Getshrektm8")
|
|
||||||
if res[0] == False:
|
|
||||||
print(client.link.result["description"])
|
|
||||||
|
|
||||||
#client.link.unbind()
|
|
||||||
Reference in New Issue
Block a user