X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-info;h=3d3155561b8c1a611f557befcbff2af42f82f848;hb=05ba896561b5f56fd9dbbadddfcc666a16cee8b8;hp=5e9603e45db44f73ab6d749aa167b0ffcb81362c;hpb=c50d88536a4feb3087d1aa802e110250cb2861fc;p=mirror%2Fuserdir-ldap.git diff --git a/ud-info b/ud-info index 5e9603e..3d31555 100755 --- a/ud-info +++ b/ud-info @@ -16,10 +16,8 @@ # database # -r Enable 'root' functions, do this if your uid has access to # restricted variables. -# -# http://www.geocode.com/eagle.html-ssi -import string, time, posix, pwd, sys, getopt, ldap, crypt, whrandom, readline, copy; +import string, time, os, pwd, sys, getopt, ldap, crypt, whrandom, readline, copy; from userdir_ldap import *; RootMode = 0; @@ -36,14 +34,19 @@ AttrInfo = {"cn": ["First Name", 101], "uid": ["Unix User ID",0], "loginshell": ["Unix Shell",7], "supplementarygid": ["Unix Groups",0], + "allowedhosts": ["Host ACL",0], + "member": ["LDAP Group",0], "emailforward": ["Email Forwarding",8], "ircnick": ["IRC Nickname",9], "onvacation": ["Vacation Message",10], "labeledurl": ["Home Page",11], "latitude": ["Latitude",12], "longitude": ["Longitude",13], - "comment": ["Comment",114], - "userpassword": ["Crypted Password",115]}; + "icquin": ["ICQ UIN",14], + "privatesub": ["Debian-Private",15], + "comment": ["Comment",116], + "userpassword": ["Crypted Password",117], + "dnszoneentry": ["d.net Entry",118]}; AttrPrompt = {"cn": ["Common name or first name"], "mn": ["Middle name (or initial if it ends in a dot)"], @@ -61,9 +64,14 @@ AttrPrompt = {"cn": ["Common name or first name"], "userpassword": ["The users Crypt'd password"], "comment": ["Admin Comment about the account"], "supplementarygid": ["Groups the user is in"], + "allowedhosts": ["Grant access to certain hosts"], + "privatesub": ["Debian-Private mailing list subscription"], + "member": ["LDAP Group Member for slapd ACLs"], "latitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"], "longitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"], - "labeledurl": ["Web home page"]}; + "dnszoneentry": ["DNS Zone fragment associated this this user"], + "labeledurl": ["Web home page"], + "icquin": ["ICQ UIN Number"]}; # Create a map of IDs to desc,value,attr OrderedIndex = {}; @@ -115,27 +123,36 @@ def PrintKeys(Attrs): First = 1; else: print "%-24s:" % (""), + print FormatPGPKey(x); - # PGP Print - if (len(x) == 32): - I = 0; - while (I < len(x)): - print x[I]+x[I+1], - I = I + 2; - if I == 32/2: - print "", - elif (len(x) == 40): - # GPG Print - I = 0; - while (I < len(x)): - print x[I]+x[I+1]+x[I+2]+x[I+3], - I = I + 4; - if I == 40/2: - print "", +# Print the SSH RSA Authentication keys for a user +def PrintSshRSAKeys(Attrs): + if Attrs[1].has_key("sshrsaauthkey") == 0: + return; + First = 0; + for x in Attrs[1]["sshrsaauthkey"]: + if First == 0: + print "%-24s:" % ("SSH RSA Auth Keys"), + First = 1; else: - print x, - print; + print "%-24s:" % (""), + print FormatSSHAuth(x); + +# Print the SSH RSA Authentication keys for a user +def PrintSshDSAKeys(Attrs): + if Attrs[1].has_key("sshdsaauthkey") == 0: + return; + First = 0; + for x in Attrs[1]["sshdsaauthkey"]: + if First == 0: + print "%-24s:" % ("SSH DSA Auth Keys"), + First = 1; + else: + print "%-24s:" % (""), + + print FormatSSH2Auth(x); + # Display all of the attributes in a numbered list def ShowAttrs(Attrs): print; @@ -143,6 +160,8 @@ def ShowAttrs(Attrs): PrintModTime(Attrs); PrintShadow(Attrs); PrintKeys(Attrs); + PrintSshRSAKeys(Attrs); + PrintSshDSAKeys(Attrs); for at in Attrs[1].keys(): if AttrInfo.has_key(at): @@ -167,7 +186,8 @@ def ShowAttrs(Attrs): # Change a single attribute def ChangeAttr(Attrs,Attr): - if (Attr == "supplementarygid"): + if (Attr == "supplementarygid" or Attr == "allowedhosts" or \ + Attr == "member" or Attr == "dnszoneentry"): return MultiChangeAttr(Attrs,Attr); print "Old value: '%s'" % (GetAttr(Attrs,Attr,"")); @@ -234,7 +254,7 @@ def MultiChangeAttr(Attrs,Attr): print; # Main program starts here -User = pwd.getpwuid(posix.getuid())[0]; +User = pwd.getpwuid(os.getuid())[0]; BindUser = User; # Process options (options, arguments) = getopt.getopt(sys.argv[1:], "nu:c:a:r") @@ -272,12 +292,20 @@ UserDn = "uid=" + User + "," + BaseDn; # Enable changing of supplementary gid's if (RootMode == 1): - AttrInfo["supplementarygid"][1] = 100; - OrderedIndex[AttrInfo["supplementarygid"][1]] = [AttrInfo["supplementarygid"][0], "","supplementarygid"]; - OrigOrderedIndex[AttrInfo["supplementarygid"][1]] = [AttrInfo["supplementarygid"][0], "","supplementarygid"]; + # Items that root can edit + list = ["supplementarygid","allowedhosts","member"]; + Count = 0; + for x in list: + AttrInfo[x][1] = 200 + Count; + OrderedIndex[AttrInfo[x][1]] = [AttrInfo[x][0], "",x]; + OrigOrderedIndex[AttrInfo[x][1]] = [AttrInfo[x][0], "",x]; + Count = Count + 1; # Query the server for all of the attributes Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + User); +if len(Attrs) == 0: + print "User",User,"was not found."; + sys.exit(0); # repeatedly show the account configuration while(1): @@ -287,6 +315,7 @@ while(1): if RootMode == 1: print " a) Arbitary Change"; + print " R) Randomize Password"; print " p) Change Password"; print " u) Switch Users"; print " x) Exit"; @@ -302,9 +331,13 @@ while(1): NewUser = raw_input("User? "); if NewUser == "": continue; + NAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + NewUser); + if len(NAttrs) == 0: + print "User",NewUser,"was not found."; + continue; + Attrs = NAttrs; User = NewUser; UserDn = "uid=" + User + "," + BaseDn; - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + User); OrderedIndex = copy.deepcopy(OrigOrderedIndex); continue; @@ -321,21 +354,38 @@ while(1): raw_input("Press a key"); continue; - # Hash it telling glibc to use the MD5 algorithm - if you dont have - # glibc then just change Salt = "$1$" to Salt = ""; - SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/."; - Salt = "$1$"; - for x in range(0,10): - Salt = Salt + SaltVals[whrandom.randint(0,len(SaltVals)-1)]; - Pass = crypt.crypt(Pass1,Salt); - if len(Pass) < 14: - print "Caution! MD5 Password hashing failed, not changing password!"; + try: + Pass = HashPass(Pass1); + except: + print "%s: %s\n" %(sys.exc_type,sys.exc_value); raw_input("Press a key"); continue; print "Setting password.."; Pass = "{crypt}" + Pass; l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userpassword",Pass)]); + Attrs[0][1]["userpassword"] = [Pass]; + continue; + + # Randomize password + if Response == 'R' and RootMode == 1: + Resp = raw_input("Randomize Users Password? [no/yes]"); + if Resp != "yes": + continue; + + # Generate a random password + try: + Password = GenPass(); + Pass = HashPass(Password); + except: + print "%s: %s\n" %(sys.exc_type,sys.exc_value); + raw_input("Press a key"); + continue; + + print "Setting password.."; + Pass = "{crypt}" + Pass; + l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userpassword",Pass)]); + Attrs[0][1]["userpassword"] = [Pass]; continue; # Handle changing an arbitary value