4 import string, re, time, ldap, getopt, sys, os, pwd;
5 from userdir_ldap import *;
6 from userdir_gpg import *;
8 # This tries to search for a free UID. There are two possible ways to do
9 # this, one is to fetch all the entires and pick the highest, the other
10 # is to randomly guess uids until one is free. This uses the former.
11 # Regrettably ldap doesn't have an integer attribute comparision function
12 # so we can only cut the search down slightly
14 # [JT] This is broken with Woody LDAP and the Schema; for now just
15 # search through all UIDs.
17 Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,
18 "uidNumber=*",["uidNumber"]);
21 ID = int(GetAttr(I,"uidNumber","0"));
24 return HighestUID + 1;
27 AdminUser = pwd.getpwuid(os.getuid())[0];
31 OldGPGKeyRings = GPGKeyRings;
32 userdir_gpg.GPGKeyRings = [];
33 (options, arguments) = getopt.getopt(sys.argv[1:], "u:ma")
34 for (switch, val) in options:
37 elif (switch == '-m'):
39 elif (switch == '-a'):
40 userdir_gpg.GPGKeyRings = OldGPGKeyRings;
42 print "Accessing LDAP directory as '" + AdminUser + "'";
44 Password = getpass(AdminUser + "'s password: ");
46 if len(Password) == 0:
49 l = ldap.open(LDAPServer);
50 UserDn = "uid=" + AdminUser + "," + BaseDn;
52 # Connect to the ldap server
54 l.simple_bind_s(UserDn,Password);
55 except ldap.INVALID_CREDENTIALS:
59 # Locate the key of the user we are adding
60 SetKeyrings(["/org/keyring.debian.org/keyrings/debian-keyring.gpg"])
62 Foo = raw_input("Who are you going to add (for a GPG search)? ");
66 Keys = GPGKeySearch(Foo);
69 print "Sorry, that search did not turn up any keys";
72 print "Sorry, more than one key was found, please specify the key to use by\nfingerprint:";
78 print "A matching key was found:"
79 GPGPrintKeyInfo(Keys[0]);
82 # Crack up the email address from the key into a best guess
83 # first/middle/last name
84 Addr = SplitEmail(Keys[0][2]);
85 (cn,mn,sn) = NameSplit(re.sub('["]','',Addr[0]))
86 email = Addr[1] + '@' + Addr[2];
90 gidNumber = str(DefaultGID);
93 # Decide if we should use IDEA encryption
95 while len(Keys[0][1]) < 40:
96 Res = raw_input("Use PGP2.x compatibility [no]? ");
103 Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyFingerPrint=" + Keys[0][1]);
105 print "*** This key already belongs to",GetAttr(Attrs[0],"uid");
106 account = GetAttr(Attrs[0],"uid");
108 # Try to get a uniq account name
111 Res = raw_input("Login account [" + account + "]? ");
114 Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + account);
116 privsub = "%s@debian.org"%(account);
118 Res = raw_input("That account already exists, update [No/yes]? ");
120 # Update mode, fetch the default values from the directory
122 privsub = GetAttr(Attrs[0],"privateSub");
123 gidNumber = GetAttr(Attrs[0],"gidNumber");
124 uidNumber = GetAttr(Attrs[0],"uidNumber");
125 email = GetAttr(Attrs[0],"emailForward");
126 cn = GetAttr(Attrs[0],"cn");
127 sn = GetAttr(Attrs[0],"sn");
128 mn = GetAttr(Attrs[0],"mn");
129 if privsub == None or privsub == "":
133 # Prompt for the first/last name and email address
134 Res = raw_input("First name [" + cn + "]? ");
137 Res = raw_input("Middle name [" + mn + "]? ");
140 Res = raw_input("Last name [" + sn + "]? ");
143 Res = raw_input("Email forwarding address [" + email + "]? ");
147 # Debian-Private subscription
148 Res = raw_input("Subscribe to debian-private (space is none) [" + privsub + "]? ");
153 Res = raw_input("Group ID Number [" + gidNumber + "]? ");
159 uidNumber = GetFreeID(l);
161 # Generate a random password
162 if Update == 0 or ForceMail == 1:
163 Password = raw_input("User's Password (Enter for random)? ");
166 print "Randomizing and encrypting password"
167 Password = GenPass();
168 Pass = HashPass(Password);
170 # Use GPG to encrypt it, pass the fingerprint to ID it
171 CryptedPass = GPGEncrypt("Your new password is '" + Password + "'\n",\
172 "0x"+Keys[0][1],UsePGP2);
174 if CryptedPass == None:
175 raise "Error","Password Encryption failed"
177 Pass = HashPass(Password);
178 CryptedPass = "Your password has been set to the previously agreed value.";
183 # Now we have all the bits of information.
185 FullName = "%s %s %s" % (cn,mn,sn);
187 FullName = "%s %s" % (cn,sn);
188 print "------------";
189 print "Final information collected:"
190 print " %s <%s@%s>:" % (FullName,account,EmailAppend);
191 print " Assigned UID:",uidNumber," GID:", gidNumber;
192 print " Email forwarded to:",email;
193 print " Private Subscription:",privsub;
194 print " GECOS Field: \"%s,,,,\"" % (FullName);
195 print " Login Shell: /bin/bash";
196 print " Key Fingerprint:",Keys[0][1];
197 Res = raw_input("Continue [No/yes]? ");
201 # Initialize the substitution Map
203 Subst["__REALNAME__"] = FullName;
204 Subst["__WHOAMI__"] = pwd.getpwuid(os.getuid())[0];
205 Subst["__DATE__"] = time.strftime("%a, %d %b %Y %H:%M:%S +0000",time.gmtime(time.time()));
206 Subst["__LOGIN__"] = account;
207 Subst["__PRIVATE__"] = privsub;
208 Subst["__EMAIL__"] = email;
209 Subst["__PASSWORD__"] = CryptedPass;
211 # Submit the modification request
212 Dn = "uid=" + account + "," + BaseDn;
213 print "Updating LDAP directory..",
218 Details = [("uid",account),
220 ("top","inetOrgPerson","debianAccount","shadowAccount","debianDeveloper")),
221 ("uidNumber",str(uidNumber)),
222 ("gidNumber",str(gidNumber)),
223 ("gecos",FullName+",,,,"),
224 ("loginShell","/bin/bash"),
225 ("keyFingerPrint",Keys[0][1]),
228 ("emailForward",email),
229 ("shadowLastChange",str(int(time.time()/24/60/60))),
231 ("shadowMax","99999"),
232 ("shadowWarning","7"),
233 ("privateSub",privsub),
234 ("userPassword","{crypt}"+Pass)];
236 Details.append(("mn",mn));
240 Rec = [(ldap.MOD_REPLACE,"uidNumber",str(uidNumber)),
241 (ldap.MOD_REPLACE,"gidNumber",str(gidNumber)),
242 (ldap.MOD_REPLACE,"gecos",FullName+",,,,"),
243 (ldap.MOD_REPLACE,"loginShell","/bin/bash"),
244 (ldap.MOD_REPLACE,"keyFingerPrint",Keys[0][1]),
245 (ldap.MOD_REPLACE,"cn",cn),
246 (ldap.MOD_REPLACE,"mn",mn),
247 (ldap.MOD_REPLACE,"sn",sn),
248 (ldap.MOD_REPLACE,"emailForward",email),
249 (ldap.MOD_REPLACE,"shadowLastChange",str(int(time.time()/24/60/60))),
250 (ldap.MOD_REPLACE,"shadowMin","0"),
251 (ldap.MOD_REPLACE,"shadowMax","99999"),
252 (ldap.MOD_REPLACE,"shadowWarning","7"),
253 (ldap.MOD_REPLACE,"shadowInactive",""),
254 (ldap.MOD_REPLACE,"shadowExpire","")];
256 Rec.append((ldap.MOD_REPLACE,"privateSub",privsub));
258 Rec.append((ldap.MOD_REPLACE,"userPassword","{crypt}"+Pass));
264 # Abort email sends for an update operation
265 if Update == 1 and ForceMail == 0:
266 print "Account is not new, Not sending mails"
269 # Send the Welcome message
270 print "Sending Welcome Email"
271 Reply = TemplateSubst(Subst,open(TemplatesDir+"/welcome-message-"+gidNumber,"r").read());
272 Child = os.popen("/usr/sbin/sendmail -t","w");
273 #Child = os.popen("cat","w");
275 if Child.close() != None:
276 raise Error, "Sendmail gave a non-zero return code";