* ud-generate: Remove support for single ssh key shadow file.

[mirror/userdir-ldap.git] / userdir_ldap.py

diff --git a/userdir_ldap.py b/userdir_ldap.py
index 0ef1099..4477232 100644 (file)
--- a/userdir_ldap.py
+++ b/userdir_ldap.py
@@ -1,6 +1,7 @@
 #   Copyright (c) 1999-2000  Jason Gunthorpe <jgg@debian.org>
 #   Copyright (c) 2001-2003  Ryan Murray <rmurray@debian.org>
 #   Copyright (c) 2004-2005  Joey Schulze <joey@infodrom.org>
 #   Copyright (c) 1999-2000  Jason Gunthorpe <jgg@debian.org>
 #   Copyright (c) 2001-2003  Ryan Murray <rmurray@debian.org>
 #   Copyright (c) 2004-2005  Joey Schulze <joey@infodrom.org>

+#   Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>

 #
 #   This program is free software; you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
 #
 #   This program is free software; you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by


@@ -17,8 +18,10 @@
 #   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
 # Some routines and configuration that are used by the ldap progams
 #   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
 # Some routines and configuration that are used by the ldap progams

-import termios, re, imp, ldap, sys, crypt, rfc822;
+import termios, re, imp, ldap, sys, crypt, rfc822, pwd, os;

 import userdir_gpg
 import userdir_gpg

+import hmac
+import sha as sha1_module

 
 try:
    File = open("/etc/userdir-ldap/userdir-ldap.conf");
 
 try:
    File = open("/etc/userdir-ldap/userdir-ldap.conf");


@@ -41,6 +44,11 @@ PassDir = ConfModule.passdir;
 Ech_ErrorLog = ConfModule.ech_errorlog;
 Ech_MainLog = ConfModule.ech_mainlog;
 
 Ech_ErrorLog = ConfModule.ech_errorlog;
 Ech_MainLog = ConfModule.ech_mainlog;
 

+try:
+   UseSSL = ConfModule.usessl;
+except AttributeError:
+   UseSSL = False;
+

 # Break up the keyring list
 userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":"))
 
 # Break up the keyring list
 userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":"))
 


@@ -98,6 +106,16 @@ def PrettyShow(DnRecord):
          Result = Result + "%s: %s\n" % (x,i);
    return Result[:-1];
 
          Result = Result + "%s: %s\n" % (x,i);
    return Result[:-1];
 

+def connectLDAP(server = None):
+   if server == None:
+      global LDAPServer
+      server = LDAPServer
+   l = ldap.open(server);
+   global UseSSL
+   if UseSSL:
+      l.start_tls_s();
+   return l;
+

 # Function to prompt for a password 
 def getpass(prompt = "Password: "):
    import termios, sys;
 # Function to prompt for a password 
 def getpass(prompt = "Password: "):
    import termios, sys;


@@ -120,7 +138,7 @@ def getpass(prompt = "Password: "):
    print;
    return passwd;
 
    print;
    return passwd;
 

-def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser):
+def passwdAccessLDAP(BaseDn, AdminUser):

    """
    Ask for the AdminUser's password and connect to the LDAP server.
    Returns the connection handle.
    """
    Ask for the AdminUser's password and connect to the LDAP server.
    Returns the connection handle.


@@ -132,7 +150,7 @@ def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser):
       if len(Password) == 0:
          sys.exit(0)
 
       if len(Password) == 0:
          sys.exit(0)
 

-      l = ldap.open(LDAPServer);
+      l = connectLDAP()

       UserDn = "uid=" + AdminUser + "," + BaseDn;
 
       # Connect to the ldap server
       UserDn = "uid=" + AdminUser + "," + BaseDn;
 
       # Connect to the ldap server


@@ -431,3 +449,12 @@ def Group2GID(l, name):
       return int(GetAttr(res[0], "gidNumber"))
 
    return -1
       return int(GetAttr(res[0], "gidNumber"))
 
    return -1

+
+def make_hmac(str):
+   File = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r");
+   HmacKey = File.readline().strip()
+   File.close();
+   return hmac.new(HmacKey, str, sha1_module).hexdigest()
+
+def make_passwd_hmac(status, purpose, uid, uuid, hosts, cryptedpass):
+   return make_hmac(':'.join([status, purpose, uid, uuid, hosts, cryptedpass]))