ldap-chpw-cgi/index.py

114 lines
4.4 KiB
Python
Raw Normal View History

2015-10-21 16:05:38 +02:00
#!/usr/bin/env python3
import cgi, cgitb
import re
import sys, os
2021-04-11 05:16:42 +02:00
import ldap
ldap_proto = 'ldap://'
ldap_server = 'localhost'
ldap_basedn = 'dc=ldap,dc=freiesnetz,dc=at'
ldap_userdn = 'ou=Users' +','+ ldap_basedn
2021-04-12 03:04:33 +02:00
ldap_bind_attr = 'uid'
2021-04-11 05:16:42 +02:00
cgitb.enable(display=0, logdir='logs/')
2015-10-19 18:29:41 +02:00
def check_form(formvars, form):
for varname in formvars:
if varname not in form.keys():
return False
else:
if type(form[varname].value) is not type(''):
return None
return True
2021-04-11 05:16:42 +02:00
2015-10-19 18:29:41 +02:00
def read_template_file(filename, **vars):
2015-10-21 16:05:38 +02:00
with open('tpl/' + filename, mode='r', encoding='utf-8') as f:
2015-10-19 18:29:41 +02:00
template = f.read()
for key in vars:
template = template.replace('{$' + key + '}', vars[key])
return template
2021-04-11 05:16:42 +02:00
2015-10-19 18:29:41 +02:00
def check_oldpw(accountname, oldpass):
try:
2021-04-11 05:16:42 +02:00
conn = ldap.initialize(ldap_proto+ldap_server)
conn.set_option(ldap.OPT_REFERRALS, 0)
conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
2021-04-12 03:04:33 +02:00
if conn.simple_bind(ldap_bind_attr+'='+accountname+','+ldap_userdn, oldpass) == True:
return True
2021-04-11 05:16:42 +02:00
except ldap.INVALID_CREDENTIALS:
conn.unbind()
return False
2015-10-21 16:05:38 +02:00
return False
2015-10-19 18:29:41 +02:00
2021-04-11 05:16:42 +02:00
2015-10-19 18:29:41 +02:00
def generate_headers():
return "Content-Type: text/html; charset=utf-8\n"
2021-04-11 05:16:42 +02:00
2015-10-19 18:29:41 +02:00
def main():
main_content = ''
form = cgi.FieldStorage()
2021-04-12 02:34:38 +02:00
http_host = os.environ.get('HTTP_HOST')
2015-10-19 18:29:41 +02:00
if 'submit' in form.keys():
formvars = ['accountname', 'oldpass', 'newpass', 'newpass2']
form_ok = check_form(formvars, form)
if form_ok == True:
accountname = form['accountname'].value
accountname = accountname.split("@")[0]
oldpass = form['oldpass'].value
newpass = form['newpass'].value
newpass2 = form['newpass2'].value
if newpass == newpass2:
2015-10-21 16:05:38 +02:00
if check_oldpw(accountname, oldpass):
2021-04-11 05:16:42 +02:00
conn = ldap.initialize(ldap_proto+ldap_server)
conn.set_option(ldap.OPT_REFERRALS, 0)
conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
2021-04-12 03:04:33 +02:00
conn.simple_bind(ldap_bind_attr+'='+accountname+','+ldap_userdn, oldpass)
results = conn.search_s(ldap_basedn, ldap.SCOPE_SUBTREE, '('+ldap_bind_attr+'='+accountname+')', ['dn'])
2021-04-11 05:16:42 +02:00
conn.unbind()
for dn in results:
conn = ldap.initialize(ldap_proto+ldap_server)
conn.set_option(ldap.OPT_REFERRALS, 0)
conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
# do a synchronous ldap bind
conn.simple_bind_s(dn[0], oldpass)
conn.passwd_s(dn[0], oldpass, newpass)
conn.unbind_s()
conn = ldap.initialize(ldap_proto+ldap_server)
conn.set_option(ldap.OPT_REFERRALS, 0)
conn.set_option(ldap.OPT_PROTOCOL_VERSION, 3)
2021-04-12 03:04:33 +02:00
if conn.simple_bind(ldap_bind_attr+'='+accountname+','+ldap_userdn, newpass) == True:
2015-10-19 18:29:41 +02:00
# We did it
2021-04-11 05:16:42 +02:00
conn.unbind()
2021-04-12 02:34:38 +02:00
main_content = read_template_file('success.tpl', http_host=http_host)
2015-10-19 18:29:41 +02:00
else:
2021-04-11 05:16:42 +02:00
conn.unbind()
main_content = read_template_file('fail.tpl', message=cgi.escape(ldap.LDAPError))
2015-10-19 18:29:41 +02:00
else:
2015-10-21 16:05:38 +02:00
main_content = read_template_file('fail.tpl', message='User not found or wrong password entered.')
2015-10-19 18:29:41 +02:00
else:
2015-10-21 16:24:46 +02:00
main_content = read_template_file('fail.tpl', message='Passwords do not match.')
2015-10-19 18:29:41 +02:00
elif form_ok == False:
main_content = read_template_file('fail.tpl', message='All fields are required.')
else:
main_content = read_template_file('fail.tpl', message='Invalid data type supplied.')
else:
formaction = cgi.escape("https://" + os.environ["HTTP_HOST"] + os.environ["REQUEST_URI"])
2021-04-11 05:16:42 +02:00
#accountname = os.environ.get('REMOTE_USER')
accountname = os.environ.get('AUTHENTICATE_UID')
form = read_template_file('form.tpl', formaction=formaction, accountname=accountname, http_host=http_host)
2015-10-19 18:29:41 +02:00
main_content = form
response = generate_headers() + "\n"
2021-04-12 02:34:38 +02:00
response += read_template_file('main.tpl', main_content=main_content)
2015-10-21 16:05:38 +02:00
sys.stdout.buffer.write(response.encode('utf-8'))
2015-10-19 18:29:41 +02:00
2021-04-11 05:16:42 +02:00
2015-10-19 18:29:41 +02:00
if __name__ == "__main__":
main()