Fix issue #732

2023-02-12 15:59:52 -05:00 · 2023-02-12 15:59:52 -05:00 · 60a7d8bdc0
parent ce1293b12c
commit 60a7d8bdc0
1 changed files with 48 additions and 47 deletions
--- a/cme/modules/ldap-checker.py
+++ b/cme/modules/ldap-checker.py
@ -4,8 +4,13 @@
 import ldap3
 import ssl
 import asyncio
+
 from msldap.connection import MSLDAPClientConnection
-from msldap.commons.factory import LDAPConnectionFactory
+from msldap.commons.target import MSLDAPTarget
+
+from asyauth.common.constants import asyauthProtocol, asyauthSecret
+from asyauth.common.credentials.ntlm import NTLMCredential
+from asyauth.common.credentials.kerberos import KerberosCredential

 class CMEModule:
    '''
@ -68,11 +73,11 @@ class CMEModule:
        #if it's set to "when supported" based on the potential
        #error recieved from the bind attempt.
        async def run_ldaps_withEPA(inputUser, inputPassword, dcTarget): 
-            try:
-                url = 'ldaps+ntlm-password://'+inputUser + ':' + inputPassword +'@' + dcTarget
-                conn_url = LDAPConnectionFactory.from_url(url)
-                ldaps_client = conn_url.get_client()
-                ldapsClientConn = MSLDAPClientConnection(ldaps_client.target, ldaps_client.creds)
+            target = MSLDAPTarget(ip=connection.host, hostname=connection.hostname, domain=connection.domain, dc_ip=connection.domain)
+            stype = asyauthSecret.PASS if not connection.nthash else asyauthSecret.NT
+            secret = connection.password if not connection.nthash else connection.nthash
+            credential = NTLMCredential(secret=secret, username=connection.username, domain=connection.domain, stype=stype)
+            ldapsClientConn = MSLDAPClientConnection(target, credential)
            _, err = await ldapsClientConn.connect()
            if err is not None:
                context.log.error("ERROR while connecting to " + dcTarget + ": " + err)
@ -87,8 +92,7 @@ class CMEModule:
                context.log.error("ERROR while connecting to " + dcTarget + ": " + err)
            elif err is None:
                return False
-            except Exception as e:
-                context.log.error("something went wrong during ldaps_withEPA bind:" + str(e))
+

        #Domain Controllers do not have a certificate setup for
        #LDAPS on port 636 by default. If this has not been setup,
@ -142,7 +146,6 @@ class CMEModule:
                exit()

        #Run trough all our code blocks to determine LDAP signing and channel binding settings.
-        try:

        ldapIsProtected = run_ldap(inputUser, inputPassword, dcTarget)
        
@ -164,5 +167,3 @@ class CMEModule:
                exit()          
        else:
            context.log.error(dcTarget + " - cannot complete TLS handshake, cert likely not configured")
-        except Exception as e:
-            context.log.error("ERROR: " + str(e))