CactuseSecurity · tpurschke · Apr 9, 2024 · Apr 9, 2024 · Apr 9, 2024 · Apr 9, 2024
diff --git a/roles/middleware/files/FWO.Middleware.Server/Ldap.cs b/roles/middleware/files/FWO.Middleware.Server/Ldap.cs
@@ -55,8 +55,7 @@ private LdapConnection Connect()
         }
 
         /// <summary>
-        /// try an ldap bind 
-        /// decrypting pwd before bind
+        /// try an ldap bind, decrypting pwd before bind; using pwd as is if it cannot be decrypted
         /// false if bind fails
         /// </summary>
         private bool TryBind(LdapConnection connection, string user, string password)
@@ -150,9 +149,6 @@ private string getGroupSearchFilter(string searchPattern)
                 // Connecting to Ldap
                 using (LdapConnection connection = Connect())
                 {
-                    // Authenticate as search user
-                    // connection.Bind(SearchUser, AesEnc.Decrypt(SearchUserPwd, AesEnc.GetMainKey()));
-                    // connection.Bind(SearchUser, SearchUserPwd);
                     TryBind(connection, SearchUser, SearchUserPwd);
 
                     LdapSearchConstraints cons = connection.SearchConstraints;
@@ -227,10 +223,7 @@ private bool CredentialsValid(LdapConnection connection, string dn, string passw
                 Log.WriteDebug("User Validation", $"Trying to validate user with distinguished name: \"{dn}\" ...");
 
                 // Try to authenticate as user with given password
-                connection.Bind(dn, password);
-
-                // If authentication was successful (user is bound)
-                if (connection.Bound)
+                if (TryBind(connection, dn, password))
                 {
                     // Return ldap dn
                     Log.WriteDebug("User Validation", $"\"{dn}\" successfully authenticated in {Address}:{Port}.");
@@ -301,9 +294,7 @@ public string ChangePassword(string userDn, string oldPassword, string newPasswo
                 using (LdapConnection connection = Connect())
                 {
                     // Try to authenticate as user with old password
-                    connection.Bind(userDn, oldPassword);
-
-                    if (connection.Bound)
+                    if (TryBind(connection, userDn, oldPassword))
                     {
                         // authentication was successful (user is bound): set new password
                         LdapAttribute attribute = new LdapAttribute("userPassword", newPassword);
@@ -336,9 +327,6 @@ public string SetPassword(string userDn, string newPassword)
                 // Connecting to Ldap
                 using (LdapConnection connection = Connect())
                 {
-                    // Authenticate as write user
-                    // connection.Bind(WriteUser, WriteUserPwd);
-                    // if (connection.Bound)
                     if (TryBind(connection, WriteUser, WriteUserPwd))
                     {
                         // authentication was successful: set new password
@@ -455,7 +443,7 @@ public List<RoleGetReturnParameters> GetAllRoles()
                     using (LdapConnection connection = Connect())
                     {     
                         // Authenticate as search user
-                        connection.Bind(SearchUser, SearchUserPwd);
+                        TryBind(connection, SearchUser, SearchUserPwd);
 
                         // Search for Ldap roles in given directory          
                         int searchScope = LdapConnection.ScopeSub; // TODO: Correct search scope?

diff --git a/scripts/customizing/customizeFwoSampleScript.py b/scripts/customizing/customizeFwoSampleScript.py
@@ -1,9 +1,5 @@
 # library for FWORCH API calls
 from asyncio.log import logger
-import re
-import traceback
-from sqlite3 import Timestamp
-from textwrap import indent
 import requests.packages
 import requests
 import json