X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=userdir_ldap.py;h=c84a655d6dfce24b78cf093053c7a77e0541da1b;hb=0539c19e661f05d992fdeb6e05ec9dcf99bb691d;hp=0ef10996c91bb95d05045d9822707ce94729b7b7;hpb=7e02135e1259847ac592fc58a408452f2e9e41af;p=mirror%2Fuserdir-ldap.git diff --git a/userdir_ldap.py b/userdir_ldap.py index 0ef1099..c84a655 100644 --- a/userdir_ldap.py +++ b/userdir_ldap.py @@ -17,8 +17,10 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # Some routines and configuration that are used by the ldap progams -import termios, re, imp, ldap, sys, crypt, rfc822; +import termios, re, imp, ldap, sys, crypt, rfc822, pwd, os; import userdir_gpg +import hmac +import sha as sha1_module try: File = open("/etc/userdir-ldap/userdir-ldap.conf"); @@ -41,6 +43,15 @@ PassDir = ConfModule.passdir; Ech_ErrorLog = ConfModule.ech_errorlog; Ech_MainLog = ConfModule.ech_mainlog; +# For backwards compatibility, we default to the old behaviour +MultipleSSHFiles = getattr(ConfModule, 'multiplesshfiles', False) +SingleSSHFile = getattr(ConfModule, 'singlesshfile', True) + +try: + UseSSL = ConfModule.usessl; +except AttributeError: + UseSSL = False; + # Break up the keyring list userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":")) @@ -98,6 +109,16 @@ def PrettyShow(DnRecord): Result = Result + "%s: %s\n" % (x,i); return Result[:-1]; +def connectLDAP(server = None): + if server == None: + global LDAPServer + server = LDAPServer + l = ldap.open(server); + global UseSSL + if UseSSL: + l.start_tls_s(); + return l; + # Function to prompt for a password def getpass(prompt = "Password: "): import termios, sys; @@ -120,7 +141,7 @@ def getpass(prompt = "Password: "): print; return passwd; -def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser): +def passwdAccessLDAP(BaseDn, AdminUser): """ Ask for the AdminUser's password and connect to the LDAP server. Returns the connection handle. @@ -132,7 +153,7 @@ def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser): if len(Password) == 0: sys.exit(0) - l = ldap.open(LDAPServer); + l = connectLDAP() UserDn = "uid=" + AdminUser + "," + BaseDn; # Connect to the ldap server @@ -431,3 +452,12 @@ def Group2GID(l, name): return int(GetAttr(res[0], "gidNumber")) return -1 + +def make_hmac(str): + File = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r"); + HmacKey = File.readline().strip() + File.close(); + return hmac.new(HmacKey, str, sha1_module).hexdigest() + +def make_passwd_hmac(status, purpose, uid, uuid, hosts, cryptedpass): + return make_hmac(':'.join([status, purpose, uid, uuid, hosts, cryptedpass]))