X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=userdir_ldap.py;h=0eb4c13bbdb33ee65da5f19f3b3bf818abe09a73;hb=14908ffbe8886fdd85bf143ef14200e0171c18cd;hp=0ef10996c91bb95d05045d9822707ce94729b7b7;hpb=dc2644ca6761003bc2ede1d8c92235096b11c6fb;p=mirror%2Fuserdir-ldap.git

diff --git a/userdir_ldap.py b/userdir_ldap.py
index 0ef1099..0eb4c13 100644
--- a/userdir_ldap.py
+++ b/userdir_ldap.py
@@ -27,6 +27,10 @@ except:
 ConfModule = imp.load_source("userdir_config","/etc/userdir-ldap.conf",File);
 File.close();
 
+File = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r");
+HmacKey = F.readline().strip()
+File.close();
+
 # Cheap hack
 BaseDn = ConfModule.basedn;
 HostBaseDn = ConfModule.hostbasedn;
@@ -41,6 +45,15 @@ PassDir = ConfModule.passdir;
 Ech_ErrorLog = ConfModule.ech_errorlog;
 Ech_MainLog = ConfModule.ech_mainlog;
 
+# For backwards compatibility, we default to the old behaviour
+MultipleSSHFiles = getattr(ConfModule, 'multiplesshfiles', False)
+SingleSSHFile = getattr(ConfModule, 'singlesshfile', True)
+
+try:
+   UseSSL = ConfModule.usessl;
+except AttributeError:
+   UseSSL = False;
+
 # Break up the keyring list
 userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":"))
 
@@ -98,6 +111,16 @@ def PrettyShow(DnRecord):
          Result = Result + "%s: %s\n" % (x,i);
    return Result[:-1];
 
+def connectLDAP(server = None):
+   if server == None:
+      global LDAPServer
+      server = LDAPServer
+   l = ldap.open(server);
+   global UseSSL
+   if UseSSL:
+      l.start_tls_s();
+   return l;
+
 # Function to prompt for a password 
 def getpass(prompt = "Password: "):
    import termios, sys;
@@ -120,7 +143,7 @@ def getpass(prompt = "Password: "):
    print;
    return passwd;
 
-def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser):
+def passwdAccessLDAP(BaseDn, AdminUser):
    """
    Ask for the AdminUser's password and connect to the LDAP server.
    Returns the connection handle.
@@ -132,7 +155,7 @@ def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser):
       if len(Password) == 0:
          sys.exit(0)
 
-      l = ldap.open(LDAPServer);
+      l = connectLDAP()
       UserDn = "uid=" + AdminUser + "," + BaseDn;
 
       # Connect to the ldap server
@@ -431,3 +454,9 @@ def Group2GID(l, name):
       return int(GetAttr(res[0], "gidNumber"))
 
    return -1
+
+def make_hmac(str):
+   return hmac.new(HmacKey, str, sha1_module).hexdigest()
+
+def make_sudopasswd_hmac(purpose, uuid, hosts, cryptedpass):
+   return make_hmac(':'.join([purpose, uuid, hosts, cryptedpass]))