crackdown.py

1. # crackdown.py
2. # robert quitt 2/18/18
3. # requires: jinja2, ldap3
4. # working on python 2.7.14
5. import sys
6. import argparse
7. import os.path
8. from getpass import getuser, getpass
9. from subprocess import Popen, PIPE, STDOUT
10.  
11. from jinja2 import Environment, FileSystemLoader
12. from ldap3 import Server, Connection, ALL, ALL_ATTRIBUTES, MODIFY_REPLACE
13.  
14. LDAP_SERVER = "ldaps://ldap.csua.berkeley.edu"
15. LDAP_USER = "uid={0},ou=People,dc=csua,dc=berkeley,dc=edu".format(getuser())
16. LDAP_PASSWORD = ""
17.  
18. def sendmail(address, subject, body, verbose=True):
19.     mailx_cmd = ['mailx', '-s', subject, address]
20.     if verbose:
21.         mailx_cmd.insert(-1, '-v')
22.  
23.     mailx_proc = Popen(mailx_cmd, stdin=PIPE, stdout=PIPE)
24.     mailx_proc.communicate(input=body.encode())
25.     print("Mail sent to {0}".format(address))
26.  
27. def ldap_auth():
28.     s = Server(LDAP_SERVER, get_info=ALL)
29.     c = Connection(s, user=LDAP_USER, password=getpass("LDAP Password: "))
30.     return c
31.  
32. def ldap_lock(user, c):
33.     """Equivalent to passwd --lock but in ldap"""
34.     search_filter = '(uid={0})'.format(user)
35.     base_dn = "dc=csua,dc=berkeley,dc=edu"
36.     dn="uid={0},ou=people,dc=csua,dc=berkeley,dc=edu".format(user)
37.     if c.bind():
38.         c.search(base_dn, search_filter, attributes=['userPassword'])
39.         userPassword = str(c.entries[0].userPassword)
40.         dn = str(c.response[0]['dn'])
41.         if not userPassword.endswith('!'):
42.             userPassword += '!'
43.             changes = {'userPassword': [(MODIFY_REPLACE, [userPassword])]}
44.             c.modify(dn, changes)
45.             c.unbind()
46.             print('Locked user {0}'.format(user))
47.             return True
48.         else:
49.             print('User {0} already locked.'.format(user))
50.             c.unbind()
51.             return False
52.     print('Failed to bind to ldap!')
53.     return False
54.  
55. def main():
56.     parser = argparse.ArgumentParser(description="Send an email from a template")
57.     subparsers = parser.add_subparsers(dest='cmd')
58.  
59.     mail_parser = subparsers.add_parser('mail')
60.     mail_parser.add_argument('subject')
61.     mail_parser.add_argument('template_name')
62.     mail_parser.add_argument('userfile')
63.     lock_parser = subparsers.add_parser('lock')
64.     lock_parser.add_argument('userfile')
65.  
66.     args = parser.parse_args()
67.  
68.     if args.cmd == 'mail':
69.         env = Environment(loader=FileSystemLoader(os.path.dirname(args.template_name)))
70.         template = env.get_template(args.template_name)
71.         for username in open(args.userfile):
72.             username = username.strip()
73.  
74.             body = template.render(username=username)
75.             sendmail('{0}@csua.berkeley.edu'.format(username), args.subject, body)
76.  
77.     elif args.cmd == 'lock':
78.         c = ldap_auth()
79.         for user in open(args.userfile):
80.             user = user.strip()
81.             ldap_lock(user, c)
82.  
83. if __name__ == '__main__':
84.     main()