+def GenShadow(File):
+ F = None
+ try:
+ OldMask = os.umask(0077)
+ F = open(File + ".tdb.tmp", "w", 0600)
+ os.umask(OldMask)
+
+ # Fetch all the users
+ global PasswdAttrs
+
+ I = 0
+ for x in PasswdAttrs:
+ if x[1].has_key("uidNumber") == 0 or not IsInGroup(x):
+ continue
+
+ Pass = GetAttr(x, "userPassword")
+ if Pass[0:7] != "{crypt}" or len(Pass) > 50:
+ Pass = '*'
+ else:
+ Pass = Pass[7:]
+
+ # If the account is locked, mark it as such in shadow
+ # See Debian Bug #308229 for why we set it to 1 instead of 0
+ if (GetAttr(x, "userPassword").find("*LK*") != -1) \
+ or GetAttr(x, "userPassword").startswith("!"):
+ ShadowExpire = '1'
+ else:
+ ShadowExpire = GetAttr(x, "shadowExpire")
+
+ Line = "%s:%s:%s:%s:%s:%s:%s:%s:" % (GetAttr(x, "uid"),\
+ Pass, GetAttr(x, "shadowLastChange"),\
+ GetAttr(x, "shadowMin"), GetAttr(x, "shadowMax"),\
+ GetAttr(x, "shadowWarning"), GetAttr(x, "shadowInactive"),\
+ ShadowExpire)
+ Line = Sanitize(Line) + "\n"
+ F.write("0%u %s" % (I, Line))
+ F.write(".%s %s" % (GetAttr(x, "uid"), Line))
+ I = I + 1
+
+ # Oops, something unspeakable happened.
+ except:
+ Die(File, None, F)
+ raise
+ Done(File, None, F)
+
+# Generate the sudo passwd file
+def GenShadowSudo(File, untrusted):
+ F = None
+ try:
+ OldMask = os.umask(0077)
+ F = open(File + ".tmp", "w", 0600)
+ os.umask(OldMask)
+
+ # Fetch all the users
+ global PasswdAttrs
+
+ for x in PasswdAttrs:
+ Pass = '*'
+ if x[1].has_key("uidNumber") == 0 or not IsInGroup(x):
+ continue
+
+ if x[1].has_key('sudoPassword'):
+ for entry in x[1]['sudoPassword']:
+ Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry)
+ if Match == None:
+ continue
+ uuid = Match.group(1)
+ status = Match.group(2)
+ hosts = Match.group(3)
+ cryptedpass = Match.group(4)
+
+ if status != 'confirmed:'+make_passwd_hmac('password-is-confirmed', 'sudo', x[1]['uid'][0], uuid, hosts, cryptedpass):
+ continue
+ for_all = hosts == "*"
+ for_this_host = CurrentHost in hosts.split(',')
+ if not (for_all or for_this_host):
+ continue
+ # ignore * passwords for untrusted hosts, but copy host specific passwords
+ if for_all and untrusted:
+ continue
+ Pass = cryptedpass
+ if for_this_host: # this makes sure we take a per-host entry over the for-all entry
+ break
+ if len(Pass) > 50:
+ Pass = '*'
+
+ Line = "%s:%s" % (GetAttr(x, "uid"), Pass)
+ Line = Sanitize(Line) + "\n"
+ F.write("%s" % (Line))
+
+ # Oops, something unspeakable happened.
+ except:
+ Die(File, F, None)
+ raise
+ Done(File, F, None)