projects
/
mirror
/
userdir-ldap.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Store a mac with confirmed sudo passwords, so that they cannot be modified by editing...
[mirror/userdir-ldap.git]
/
userdir_ldap.py
diff --git
a/userdir_ldap.py
b/userdir_ldap.py
index
539dbae
..
0eb4c13
100644
(file)
--- a/
userdir_ldap.py
+++ b/
userdir_ldap.py
@@
-27,6
+27,10
@@
except:
ConfModule = imp.load_source("userdir_config","/etc/userdir-ldap.conf",File);
File.close();
ConfModule = imp.load_source("userdir_config","/etc/userdir-ldap.conf",File);
File.close();
+File = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r");
+HmacKey = F.readline().strip()
+File.close();
+
# Cheap hack
BaseDn = ConfModule.basedn;
HostBaseDn = ConfModule.hostbasedn;
# Cheap hack
BaseDn = ConfModule.basedn;
HostBaseDn = ConfModule.hostbasedn;
@@
-45,6
+49,11
@@
Ech_MainLog = ConfModule.ech_mainlog;
MultipleSSHFiles = getattr(ConfModule, 'multiplesshfiles', False)
SingleSSHFile = getattr(ConfModule, 'singlesshfile', True)
MultipleSSHFiles = getattr(ConfModule, 'multiplesshfiles', False)
SingleSSHFile = getattr(ConfModule, 'singlesshfile', True)
+try:
+ UseSSL = ConfModule.usessl;
+except AttributeError:
+ UseSSL = False;
+
# Break up the keyring list
userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":"))
# Break up the keyring list
userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":"))
@@
-102,6
+111,16
@@
def PrettyShow(DnRecord):
Result = Result + "%s: %s\n" % (x,i);
return Result[:-1];
Result = Result + "%s: %s\n" % (x,i);
return Result[:-1];
+def connectLDAP(server = None):
+ if server == None:
+ global LDAPServer
+ server = LDAPServer
+ l = ldap.open(server);
+ global UseSSL
+ if UseSSL:
+ l.start_tls_s();
+ return l;
+
# Function to prompt for a password
def getpass(prompt = "Password: "):
import termios, sys;
# Function to prompt for a password
def getpass(prompt = "Password: "):
import termios, sys;
@@
-124,7
+143,7
@@
def getpass(prompt = "Password: "):
print;
return passwd;
print;
return passwd;
-def passwdAccessLDAP(
LDAPServer,
BaseDn, AdminUser):
+def passwdAccessLDAP(BaseDn, AdminUser):
"""
Ask for the AdminUser's password and connect to the LDAP server.
Returns the connection handle.
"""
Ask for the AdminUser's password and connect to the LDAP server.
Returns the connection handle.
@@
-136,7
+155,7
@@
def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser):
if len(Password) == 0:
sys.exit(0)
if len(Password) == 0:
sys.exit(0)
- l =
ldap.open(LDAPServer);
+ l =
connectLDAP()
UserDn = "uid=" + AdminUser + "," + BaseDn;
# Connect to the ldap server
UserDn = "uid=" + AdminUser + "," + BaseDn;
# Connect to the ldap server
@@
-435,3
+454,9
@@
def Group2GID(l, name):
return int(GetAttr(res[0], "gidNumber"))
return -1
return int(GetAttr(res[0], "gidNumber"))
return -1
+
+def make_hmac(str):
+ return hmac.new(HmacKey, str, sha1_module).hexdigest()
+
+def make_sudopasswd_hmac(purpose, uuid, hosts, cryptedpass):
+ return make_hmac(':'.join([purpose, uuid, hosts, cryptedpass]))
projects / mirror / userdir-ldap.git / blobdiff