# Copyright (c) 1999-2000 Jason Gunthorpe <jgg@debian.org>
# Copyright (c) 2001-2003 Ryan Murray <rmurray@debian.org>
# Copyright (c) 2004-2005 Joey Schulze <joey@infodrom.org>
+# Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
+# Copyright (c) 2008 Thomas Viehmann <tv@beamnet.de>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
# Some routines and configuration that are used by the ldap progams
-import termios, re, imp, ldap, sys, crypt, rfc822, pwd, os;
+import termios, re, imp, ldap, sys, crypt, rfc822, pwd, os, getpass
import userdir_gpg
import hmac
-import sha as sha1_module
+import hashlib
try:
File = open("/etc/userdir-ldap/userdir-ldap.conf");
EmailAppend = ConfModule.emailappend;
AdminUser = ConfModule.adminuser;
GenerateDir = ConfModule.generatedir;
-GenerateConf = ConfModule.generateconf;
+AllowedGroupsPreload = ConfModule.allowedgroupspreload;
+HomePrefix = ConfModule.homeprefix;
DefaultGID = ConfModule.defaultgid;
TemplatesDir = ConfModule.templatesdir;
PassDir = ConfModule.passdir;
Ech_ErrorLog = ConfModule.ech_errorlog;
Ech_MainLog = ConfModule.ech_mainlog;
-
-# For backwards compatibility, we default to the old behaviour
-MultipleSSHFiles = getattr(ConfModule, 'multiplesshfiles', False)
-SingleSSHFile = getattr(ConfModule, 'singlesshfile', True)
+HostDomain = getattr(ConfModule, "hostdomain", EmailAppend)
try:
UseSSL = ConfModule.usessl;
except AttributeError:
UseSSL = False;
+try:
+ BaseBaseDn = ConfModule.basebasedn;
+except AttributeError:
+ BaseBaseDn = BaseDn
+
+try:
+ IgnoreUsersForUIDNumberGen = ConfModule.ignoreusersforuidnumbergen
+except AttributeError:
+ IgnoreUsersForUIDNumberGen = ['nobody']
+
+
# Break up the keyring list
userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":"))
l.start_tls_s();
return l;
-# Function to prompt for a password
-def getpass(prompt = "Password: "):
- import termios, sys;
- fd = sys.stdin.fileno();
- old = termios.tcgetattr(fd);
- new = termios.tcgetattr(fd);
- new[3] = new[3] & ~termios.ECHO; # lflags
- try:
- termios.tcsetattr(fd, termios.TCSADRAIN, new);
- try:
- passwd = raw_input(prompt);
- except KeyboardInterrupt:
- termios.tcsetattr(fd, termios.TCSADRAIN, old);
- print
- sys.exit(0)
- except EOFError:
- passwd = ""
- finally:
- termios.tcsetattr(fd, termios.TCSADRAIN, old);
- print;
- return passwd;
-
def passwdAccessLDAP(BaseDn, AdminUser):
"""
Ask for the AdminUser's password and connect to the LDAP server.
"""
print "Accessing LDAP directory as '" + AdminUser + "'";
while (1):
- Password = getpass(AdminUser + "'s password: ");
+ if 'LDAP_PASSWORD' in os.environ:
+ Password = os.environ['LDAP_PASSWORD']
+ else:
+ Password = getpass.getpass(AdminUser + "'s password: ")
if len(Password) == 0:
sys.exit(0)
try:
l.simple_bind_s(UserDn,Password);
except ldap.INVALID_CREDENTIALS:
+ if 'LDAP_PASSWORD' in os.environ:
+ print "password in environment does not work"
+ del os.environ['LDAP_PASSWORD']
continue
break
return l
if (len(Str) == 32):
I = 0;
while (I < len(Str)):
- if I+2 == 32/2:
+ if I == 32/2:
Res = "%s %s%s "%(Res,Str[I],Str[I+1]);
else:
Res = "%s%s%s "%(Res,Str[I],Str[I+1]);
# OpenPGP Print
I = 0;
while (I < len(Str)):
- if I+4 == 40/2:
+ if I == 40/2:
Res = "%s %s%s%s%s "%(Res,Str[I],Str[I+1],Str[I+2],Str[I+3]);
else:
Res = "%s%s%s%s%s "%(Res,Str[I],Str[I+1],Str[I+2],Str[I+3]);
return -1
def make_hmac(str):
- File = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r");
- HmacKey = File.readline().strip()
- File.close();
- return hmac.new(HmacKey, str, sha1_module).hexdigest()
+ if 'UD_HMAC_KEY' in os.environ:
+ HmacKey = os.environ['UD_HMAC_KEY']
+ else:
+ File = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r");
+ HmacKey = File.readline().strip()
+ File.close();
+ return hmac.new(HmacKey, str, hashlib.sha1).hexdigest()
def make_passwd_hmac(status, purpose, uid, uuid, hosts, cryptedpass):
return make_hmac(':'.join([status, purpose, uid, uuid, hosts, cryptedpass]))