X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=userdir_ldap.py;h=447723254b83a52ee2c7ccab2f4329b5c9162a02;hb=9800f02fe77bb5025d71cc7c9fe29b425e681f28;hp=0ef10996c91bb95d05045d9822707ce94729b7b7;hpb=dc2644ca6761003bc2ede1d8c92235096b11c6fb;p=mirror%2Fuserdir-ldap.git

diff --git a/userdir_ldap.py b/userdir_ldap.py
index 0ef1099..4477232 100644
--- a/userdir_ldap.py
+++ b/userdir_ldap.py
@@ -1,6 +1,7 @@
 #   Copyright (c) 1999-2000  Jason Gunthorpe <jgg@debian.org>
 #   Copyright (c) 2001-2003  Ryan Murray <rmurray@debian.org>
 #   Copyright (c) 2004-2005  Joey Schulze <joey@infodrom.org>
+#   Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
 #
 #   This program is free software; you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
@@ -17,8 +18,10 @@
 #   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
 # Some routines and configuration that are used by the ldap progams
-import termios, re, imp, ldap, sys, crypt, rfc822;
+import termios, re, imp, ldap, sys, crypt, rfc822, pwd, os;
 import userdir_gpg
+import hmac
+import sha as sha1_module
 
 try:
    File = open("/etc/userdir-ldap/userdir-ldap.conf");
@@ -41,6 +44,11 @@ PassDir = ConfModule.passdir;
 Ech_ErrorLog = ConfModule.ech_errorlog;
 Ech_MainLog = ConfModule.ech_mainlog;
 
+try:
+   UseSSL = ConfModule.usessl;
+except AttributeError:
+   UseSSL = False;
+
 # Break up the keyring list
 userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":"))
 
@@ -98,6 +106,16 @@ def PrettyShow(DnRecord):
          Result = Result + "%s: %s\n" % (x,i);
    return Result[:-1];
 
+def connectLDAP(server = None):
+   if server == None:
+      global LDAPServer
+      server = LDAPServer
+   l = ldap.open(server);
+   global UseSSL
+   if UseSSL:
+      l.start_tls_s();
+   return l;
+
 # Function to prompt for a password 
 def getpass(prompt = "Password: "):
    import termios, sys;
@@ -120,7 +138,7 @@ def getpass(prompt = "Password: "):
    print;
    return passwd;
 
-def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser):
+def passwdAccessLDAP(BaseDn, AdminUser):
    """
    Ask for the AdminUser's password and connect to the LDAP server.
    Returns the connection handle.
@@ -132,7 +150,7 @@ def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser):
       if len(Password) == 0:
          sys.exit(0)
 
-      l = ldap.open(LDAPServer);
+      l = connectLDAP()
       UserDn = "uid=" + AdminUser + "," + BaseDn;
 
       # Connect to the ldap server
@@ -431,3 +449,12 @@ def Group2GID(l, name):
       return int(GetAttr(res[0], "gidNumber"))
 
    return -1
+
+def make_hmac(str):
+   File = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r");
+   HmacKey = File.readline().strip()
+   File.close();
+   return hmac.new(HmacKey, str, sha1_module).hexdigest()
+
+def make_passwd_hmac(status, purpose, uid, uuid, hosts, cryptedpass):
+   return make_hmac(':'.join([status, purpose, uid, uuid, hosts, cryptedpass]))