projects
/
mirror
/
userdir-ldap.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Also the hmac stuff
[mirror/userdir-ldap.git]
/
userdir_ldap.py
diff --git
a/userdir_ldap.py
b/userdir_ldap.py
index
539dbae
..
1bc9dbb
100644
(file)
--- a/
userdir_ldap.py
+++ b/
userdir_ldap.py
@@
-17,8
+17,10
@@
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
# Some routines and configuration that are used by the ldap progams
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
# Some routines and configuration that are used by the ldap progams
-import termios, re, imp, ldap, sys, crypt, rfc822;
+import termios, re, imp, ldap, sys, crypt, rfc822
, pwd, os
;
import userdir_gpg
import userdir_gpg
+import hmac
+import sha as sha1_module
try:
File = open("/etc/userdir-ldap/userdir-ldap.conf");
try:
File = open("/etc/userdir-ldap/userdir-ldap.conf");
@@
-41,10
+43,19
@@
PassDir = ConfModule.passdir;
Ech_ErrorLog = ConfModule.ech_errorlog;
Ech_MainLog = ConfModule.ech_mainlog;
Ech_ErrorLog = ConfModule.ech_errorlog;
Ech_MainLog = ConfModule.ech_mainlog;
+File = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r");
+HmacKey = File.readline().strip()
+File.close();
+
# For backwards compatibility, we default to the old behaviour
MultipleSSHFiles = getattr(ConfModule, 'multiplesshfiles', False)
SingleSSHFile = getattr(ConfModule, 'singlesshfile', True)
# For backwards compatibility, we default to the old behaviour
MultipleSSHFiles = getattr(ConfModule, 'multiplesshfiles', False)
SingleSSHFile = getattr(ConfModule, 'singlesshfile', True)
+try:
+ UseSSL = ConfModule.usessl;
+except AttributeError:
+ UseSSL = False;
+
# Break up the keyring list
userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":"))
# Break up the keyring list
userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":"))
@@
-102,6
+113,16
@@
def PrettyShow(DnRecord):
Result = Result + "%s: %s\n" % (x,i);
return Result[:-1];
Result = Result + "%s: %s\n" % (x,i);
return Result[:-1];
+def connectLDAP(server = None):
+ if server == None:
+ global LDAPServer
+ server = LDAPServer
+ l = ldap.open(server);
+ global UseSSL
+ if UseSSL:
+ l.start_tls_s();
+ return l;
+
# Function to prompt for a password
def getpass(prompt = "Password: "):
import termios, sys;
# Function to prompt for a password
def getpass(prompt = "Password: "):
import termios, sys;
@@
-124,7
+145,7
@@
def getpass(prompt = "Password: "):
print;
return passwd;
print;
return passwd;
-def passwdAccessLDAP(
LDAPServer,
BaseDn, AdminUser):
+def passwdAccessLDAP(BaseDn, AdminUser):
"""
Ask for the AdminUser's password and connect to the LDAP server.
Returns the connection handle.
"""
Ask for the AdminUser's password and connect to the LDAP server.
Returns the connection handle.
@@
-136,7
+157,7
@@
def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser):
if len(Password) == 0:
sys.exit(0)
if len(Password) == 0:
sys.exit(0)
- l =
ldap.open(LDAPServer);
+ l =
connectLDAP()
UserDn = "uid=" + AdminUser + "," + BaseDn;
# Connect to the ldap server
UserDn = "uid=" + AdminUser + "," + BaseDn;
# Connect to the ldap server
@@
-435,3
+456,9
@@
def Group2GID(l, name):
return int(GetAttr(res[0], "gidNumber"))
return -1
return int(GetAttr(res[0], "gidNumber"))
return -1
+
+def make_hmac(str):
+ return hmac.new(HmacKey, str, sha1_module).hexdigest()
+
+def make_sudopasswd_hmac(purpose, uuid, hosts, cryptedpass):
+ return make_hmac(':'.join([purpose, uuid, hosts, cryptedpass]))
projects / mirror / userdir-ldap.git / blobdiff