@@ -1476,12 +1476,12 @@ def pso_mins(ldap_time):
14761476 elif policyApplies :
14771477 self .logger .highlight (f"\t { policyApplies } )
14781478 self .logger .highlight ("" )
1479-
1479+
14801480 def pass_pol (self ):
14811481 search_filter = "(objectClass=domainDNS)"
14821482 attributes = [
14831483 "minPwdLength" ,
1484- "pwdHistoryLength" ,
1484+ "pwdHistoryLength" ,
14851485 "maxPwdAge" ,
14861486 "minPwdAge" ,
14871487 "lockoutThreshold" ,
@@ -1490,17 +1490,17 @@ def pass_pol(self):
14901490 "forceLogoff" ,
14911491 "pwdProperties"
14921492 ]
1493-
1493+
14941494 resp = self .search (search_filter , attributes , sizeLimit = 0 , baseDN = self .baseDN )
14951495 resp_parsed = parse_result_attributes (resp )
1496-
1496+
14971497 if not resp_parsed :
14981498 self .logger .fail ("No domain password policy found!" )
14991499 return
1500-
1500+
15011501 self .logger .highlight ("Domain Password Policy:" )
15021502 self .logger .highlight ("" )
1503-
1503+
15041504 for policy in resp_parsed :
15051505 # Helper function to convert LDAP time to human readable format
15061506 def ldap_time_to_days (ldap_time ):
@@ -1510,15 +1510,15 @@ def ldap_time_to_days(ldap_time):
15101510 seconds = abs (int (ldap_time )) / 10000000
15111511 days = int (seconds / 86400 ) # 86400 seconds in a day
15121512 return f"{ days }
1513-
1513+
15141514 def ldap_time_to_minutes (ldap_time ):
15151515 if not ldap_time or ldap_time == "0" :
15161516 return "Never"
15171517 # LDAP time is in 100-nanosecond intervals
15181518 seconds = abs (int (ldap_time )) / 10000000
15191519 minutes = int (seconds / 60 )
15201520 return f"{ minutes }
1521-
1521+
15221522 # Display password policy information
15231523 min_pwd_length = policy .get ("minPwdLength" , "Not set" )
15241524 pwd_history_length = policy .get ("pwdHistoryLength" , "Not set" )
@@ -1529,7 +1529,7 @@ def ldap_time_to_minutes(ldap_time):
15291529 lockout_observation_window = ldap_time_to_minutes (policy .get ("lockOutObservationWindow" , "0" ))
15301530 force_logoff = ldap_time_to_minutes (policy .get ("forceLogoff" , "0" ))
15311531 pwd_properties = policy .get ("pwdProperties" , "0" )
1532-
1532+
15331533 self .logger .highlight (f"Minimum Password Length: { min_pwd_length } )
15341534 self .logger .highlight (f"Password History Length: { pwd_history_length } )
15351535 self .logger .highlight (f"Maximum Password Age: { max_pwd_age } )
@@ -1538,12 +1538,12 @@ def ldap_time_to_minutes(ldap_time):
15381538 self .logger .highlight (f"Account Lockout Duration: { lockout_duration } )
15391539 self .logger .highlight (f"Account Lockout Observation Window: { lockout_observation_window } )
15401540 self .logger .highlight (f"Force Logoff: { force_logoff } )
1541-
1541+
15421542 # Decode password properties flags
15431543 if pwd_properties and pwd_properties != "0" :
15441544 pwd_props_int = int (pwd_properties )
15451545 properties = []
1546-
1546+
15471547 if pwd_props_int & 0x1 :
15481548 properties .append ("Password complexity enabled" )
15491549 if pwd_props_int & 0x2 :
@@ -1558,7 +1558,7 @@ def ldap_time_to_minutes(ldap_time):
15581558 properties .append ("Store password with weaker obfuscation" )
15591559 if pwd_props_int & 0x40 :
15601560 properties .append ("Refuse password change" )
1561-
1561+
15621562 if properties :
15631563 self .logger .highlight ("Password Properties:" )
15641564 for prop in properties :
0 commit comments