#!/usr/bin/env python
# -*- mode: python -*-
+
+# Copyright (c) 1999-2000 Jason Gunthorpe <jgg@debian.org>
+# Copyright (c) 2004 Joey Schulze <joey@debian.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
# This script tries to match key fingerprints from a keyring with user
# name in a directory. When an unassigned key is found a heuristic match
# against the keys given cn/sn and the directory is performed to try to get
# in the directory but not in the key ring will be removed from the
# directory.
-import string, re, time, ldap, getopt, sys, pwd, os;
+import re, time, ldap, getopt, sys, pwd, os;
from userdir_ldap import *;
from userdir_gpg import *;
if Line == "":
break;
Split = re.split("[:\n]",Line);
- UnknownMap[Split[0]] = string.strip(Split[1]);
+ UnknownMap[Split[0]] = Split[1].strip()
# Process options
AdminUser = pwd.getpwuid(os.getuid())[0];
# Main program starts here
# Connect to the ldap server
-l = ldap.open(LDAPServer);
if NoAct == 0:
- print "Accessing LDAP directory as '" + AdminUser + "'";
- Password = getpass(AdminUser + "'s password: ");
- UserDn = "uid=" + AdminUser + "," + BaseDn;
- l.simple_bind_s(UserDn,Password);
+ l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
else:
+ l = ldap.open(LDAPServer);
l.simple_bind_s("","");
# Download the existing key list and put it into a map
print "Fetching key list..",
sys.stdout.flush();
-Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyfingerprint=*",["keyfingerprint","uid"]);
+Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyFingerPrint=*",["keyFingerPrint","uid"]);
KeyMap = {};
KeyCount = {};
for x in Attrs:
try:
# Sense a bad fingerprint.. Slapd has problems, it will store a null
# value that ldapsearch doesn't show up.. detect and remove
- if len(x[1]["keyfingerprint"]) == 0 or x[1]["keyfingerprint"][0] == "":
+ if len(x[1]["keyFingerPrint"]) == 0 or x[1]["keyFingerPrint"][0] == "":
print;
print "Fixing bad fingerprint for",x[1]["uid"][0],
sys.stdout.flush();
if NoAct == 0:
l.modify_s("uid="+x[1]["uid"][0]+","+BaseDn,\
- [(ldap.MOD_DELETE,"keyfingerprint",None)]);
+ [(ldap.MOD_DELETE,"keyFingerPrint",None)]);
else:
- for I in x[1]["keyfingerprint"]:
+ for I in x[1]["keyFingerPrint"]:
KeyMap[I] = [x[1]["uid"][0],0];
if KeyCount.has_key(x[1]["uid"][0]):
KeyCount[x[1]["uid"][0]] = KeyCount[x[1]["uid"][0]] + 1;
Args = [GPGPath] + GPGBasicOptions;
for x in arguments:
Args.append("--keyring");
- if string.find(x,"/") == -1:
+ if x.find("/") == -1:
Args.append("./"+x);
else:
Args.append(x);
Args = Args + GPGSearchOptions + [" 2> /dev/null"]
-Keys = os.popen(string.join(Args," "),"r");
+Keys = os.popen(" ".join(Args),"r");
# Loop over the GPG key file
Outstanding = 0;
if Line == "":
break;
- Split = string.split(Line,":");
+ Split = Line.split(":")
if len(Split) < 8 or Split[0] != "pub":
continue;
Line2 = Keys.readline();
if Line2 == "":
break;
- Split2 = string.split(Line2,":");
+ Split2 = Line2.split(":");
if len(Split2) < 11 or Split2[0] != "fpr":
continue;
break;
continue;
UID = UID[0]
- Rec = [(ldap.MOD_ADD,"keyfingerprint",Split2[9])];
+ Rec = [(ldap.MOD_ADD,"keyFingerPrint",Split2[9])];
Dn = "uid=" + UID + "," + BaseDn;
print "Adding key 0x"+Split2[9],"to",UID;
if KeyCount.has_key(UID):
print "**",KeyMap[x][0],"no longer has any keys";
if NoAct == 0:
l.modify_s("uid="+KeyMap[x][0]+","+BaseDn,\
- [(ldap.MOD_DELETE,"keyfingerprint",x)]);
+ [(ldap.MOD_DELETE,"keyFingerPrint",x)]);