Store a mac with confirmed sudo passwords, so that they cannot be modified by editing...

[mirror/userdir-ldap.git] / ud-generate

diff --git a/ud-generate b/ud-generate
index 4852003..1782f09 100755 (executable)
--- a/ud-generate
+++ b/ud-generate
@@ -223,14 +223,15 @@ def GenShadowSudo(l,File):
 
       Pass = None
       for entry in x[1]['sudoPassword']:
-         Match = re.compile('^('+UUID_FORMAT+') (confirmed|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry.lower())
+         Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry.lower())
          if Match == None:
             continue
+         uuid = Match.group(1)
          status = Match.group(2)
          hosts = Match.group(3)
          cryptedpass = Match.group(4)
 
-         if status != 'confirmed':
+         if status != 'confirmed:'+make_sudopasswd_hmac('password-is-confirmed', uuid, hosts, cryptedpass):
             continue
          for_all = hosts == "*"
          for_this_host = CurrentHost in hosts.split(',')