-def GenShadow(l,File):
- F = None;
- try:
- OldMask = os.umask(0077);
- F = open(File + ".tdb.tmp","w",0600);
- os.umask(OldMask);
-
- # Fetch all the users
- global PasswdAttrs;
- if PasswdAttrs == None:
- raise "No Users";
-
- I = 0;
- for x in PasswdAttrs:
- if x[1].has_key("uidNumber") == 0 or IsInGroup(x) == 0:
- continue;
-
- Pass = GetAttr(x,"userPassword");
- if Pass[0:7] != "{crypt}" or len(Pass) > 50:
- Pass = '*';
- else:
- Pass = Pass[7:];
-
- # If the account is locked, mark it as such in shadow
- # See Debian Bug #308229 for why we set it to 1 instead of 0
- if (GetAttr(x,"userPassword").find("*LK*") != -1) \
- or GetAttr(x,"userPassword").startswith("!"):
- ShadowExpire = '1'
- else:
- ShadowExpire = GetAttr(x,"shadowExpire")
-
- Line = "%s:%s:%s:%s:%s:%s:%s:%s:" % (GetAttr(x,"uid"),\
- Pass,GetAttr(x,"shadowLastChange"),\
- GetAttr(x,"shadowMin"),GetAttr(x,"shadowMax"),\
- GetAttr(x,"shadowWarning"),GetAttr(x,"shadowInactive"),\
- ShadowExpire);
- Line = Sanitize(Line) + "\n";
- F.write("0%u %s" % (I,Line));
- F.write(".%s %s" % (GetAttr(x,"uid"),Line));
- I = I + 1;
-
- # Oops, something unspeakable happened.
- except:
- Die(File,None,F);
- raise;
- Done(File,None,F);
-
-# Generate the sudo passwd file
-def GenShadowSudo(l,File, untrusted):
- F = None;
- try:
- OldMask = os.umask(0077);
- F = open(File + ".tmp","w",0600);
- os.umask(OldMask);
-
- # Fetch all the users
- global PasswdAttrs;
- if PasswdAttrs == None:
- raise "No Users";
-
- for x in PasswdAttrs:
- Pass = '*'
- if x[1].has_key("uidNumber") == 0 or IsInGroup(x) == 0:
- continue;
-
- if x[1].has_key('sudoPassword'):
- for entry in x[1]['sudoPassword']:
- Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry)
- if Match == None:
- continue
- uuid = Match.group(1)
- status = Match.group(2)
- hosts = Match.group(3)
- cryptedpass = Match.group(4)
-
- if status != 'confirmed:'+make_passwd_hmac('password-is-confirmed', 'sudo', x[1]['uid'][0], uuid, hosts, cryptedpass):
- continue
- for_all = hosts == "*"
- for_this_host = CurrentHost in hosts.split(',')
- if not (for_all or for_this_host):
- continue
- # ignore * passwords for untrusted hosts, but copy host specific passwords
- if for_all and untrusted:
- continue
- Pass = cryptedpass
- if for_this_host: # this makes sure we take a per-host entry over the for-all entry
- break
- if len(Pass) > 50: