X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=userdir_ldap.py;h=1bc9dbbe060c548c1d3d4ac7b6f96e60c782888e;hb=187d3edfdc561cd4a929811d63f73114e15932e8;hp=539dbaef3c21c24a4fb9e4a9d4763802897c119d;hpb=a9ebb6f2afbf0fbc0e94ab73726dedb6a8ae5d75;p=mirror%2Fuserdir-ldap.git diff --git a/userdir_ldap.py b/userdir_ldap.py index 539dbae..1bc9dbb 100644 --- a/userdir_ldap.py +++ b/userdir_ldap.py @@ -17,8 +17,10 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # Some routines and configuration that are used by the ldap progams -import termios, re, imp, ldap, sys, crypt, rfc822; +import termios, re, imp, ldap, sys, crypt, rfc822, pwd, os; import userdir_gpg +import hmac +import sha as sha1_module try: File = open("/etc/userdir-ldap/userdir-ldap.conf"); @@ -41,10 +43,19 @@ PassDir = ConfModule.passdir; Ech_ErrorLog = ConfModule.ech_errorlog; Ech_MainLog = ConfModule.ech_mainlog; +File = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r"); +HmacKey = File.readline().strip() +File.close(); + # For backwards compatibility, we default to the old behaviour MultipleSSHFiles = getattr(ConfModule, 'multiplesshfiles', False) SingleSSHFile = getattr(ConfModule, 'singlesshfile', True) +try: + UseSSL = ConfModule.usessl; +except AttributeError: + UseSSL = False; + # Break up the keyring list userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":")) @@ -102,6 +113,16 @@ def PrettyShow(DnRecord): Result = Result + "%s: %s\n" % (x,i); return Result[:-1]; +def connectLDAP(server = None): + if server == None: + global LDAPServer + server = LDAPServer + l = ldap.open(server); + global UseSSL + if UseSSL: + l.start_tls_s(); + return l; + # Function to prompt for a password def getpass(prompt = "Password: "): import termios, sys; @@ -124,7 +145,7 @@ def getpass(prompt = "Password: "): print; return passwd; -def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser): +def passwdAccessLDAP(BaseDn, AdminUser): """ Ask for the AdminUser's password and connect to the LDAP server. Returns the connection handle. @@ -136,7 +157,7 @@ def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser): if len(Password) == 0: sys.exit(0) - l = ldap.open(LDAPServer); + l = connectLDAP() UserDn = "uid=" + AdminUser + "," + BaseDn; # Connect to the ldap server @@ -435,3 +456,9 @@ def Group2GID(l, name): return int(GetAttr(res[0], "gidNumber")) return -1 + +def make_hmac(str): + return hmac.new(HmacKey, str, sha1_module).hexdigest() + +def make_sudopasswd_hmac(purpose, uuid, hosts, cryptedpass): + return make_hmac(':'.join([purpose, uuid, hosts, cryptedpass]))