# database
# -r Enable 'root' functions, do this if your uid has access to
# restricted variables.
-#
-# http://www.geocode.com/eagle.html-ssi
-import string, time, posix, pwd, sys, getopt, ldap, crypt, whrandom, readline, copy;
+import string, time, os, pwd, sys, getopt, ldap, crypt, whrandom, readline, copy;
from userdir_ldap import *;
RootMode = 0;
"uid": ["Unix User ID",0],
"loginshell": ["Unix Shell",7],
"supplementarygid": ["Unix Groups",0],
+ "allowedhosts": ["Host ACL",0],
+ "member": ["LDAP Group",0],
"emailforward": ["Email Forwarding",8],
"ircnick": ["IRC Nickname",9],
"onvacation": ["Vacation Message",10],
"labeledurl": ["Home Page",11],
"latitude": ["Latitude",12],
"longitude": ["Longitude",13],
- "comment": ["Comment",114],
- "userpassword": ["Crypted Password",115]};
+ "icquin": ["ICQ UIN",14],
+ "privatesub": ["Debian-Private",15],
+ "comment": ["Comment",116],
+ "userpassword": ["Crypted Password",117],
+ "dnszoneentry": ["d.net Entry",118]};
AttrPrompt = {"cn": ["Common name or first name"],
"mn": ["Middle name (or initial if it ends in a dot)"],
"userpassword": ["The users Crypt'd password"],
"comment": ["Admin Comment about the account"],
"supplementarygid": ["Groups the user is in"],
+ "allowedhosts": ["Grant access to certain hosts"],
+ "privatesub": ["Debian-Private mailing list subscription"],
+ "member": ["LDAP Group Member for slapd ACLs"],
"latitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"],
"longitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"],
- "labeledurl": ["Web home page"]};
+ "dnszoneentry": ["DNS Zone fragment associated this this user"],
+ "labeledurl": ["Web home page"],
+ "icquin": ["ICQ UIN Number"]};
# Create a map of IDs to desc,value,attr
OrderedIndex = {};
First = 1;
else:
print "%-24s:" % (""),
+ print FormatPGPKey(x);
- # PGP Print
- if (len(x) == 32):
- I = 0;
- while (I < len(x)):
- print x[I]+x[I+1],
- I = I + 2;
- if I == 32/2:
- print "",
- elif (len(x) == 40):
- # GPG Print
- I = 0;
- while (I < len(x)):
- print x[I]+x[I+1]+x[I+2]+x[I+3],
- I = I + 4;
- if I == 40/2:
- print "",
+# Print the SSH RSA Authentication keys for a user
+def PrintSshRSAKeys(Attrs):
+ if Attrs[1].has_key("sshrsaauthkey") == 0:
+ return;
+ First = 0;
+ for x in Attrs[1]["sshrsaauthkey"]:
+ if First == 0:
+ print "%-24s:" % ("SSH RSA Auth Keys"),
+ First = 1;
else:
- print x,
- print;
+ print "%-24s:" % (""),
+ print FormatSSHAuth(x);
+
# Display all of the attributes in a numbered list
def ShowAttrs(Attrs):
print;
PrintModTime(Attrs);
PrintShadow(Attrs);
PrintKeys(Attrs);
+ PrintSshRSAKeys(Attrs);
for at in Attrs[1].keys():
if AttrInfo.has_key(at):
# Change a single attribute
def ChangeAttr(Attrs,Attr):
- if (Attr == "supplementarygid"):
+ if (Attr == "supplementarygid" or Attr == "allowedhosts" or \
+ Attr == "member" or Attr == "dnszoneentry"):
return MultiChangeAttr(Attrs,Attr);
print "Old value: '%s'" % (GetAttr(Attrs,Attr,""));
print;
# Main program starts here
-User = pwd.getpwuid(posix.getuid())[0];
+User = pwd.getpwuid(os.getuid())[0];
BindUser = User;
# Process options
(options, arguments) = getopt.getopt(sys.argv[1:], "nu:c:a:r")
# Enable changing of supplementary gid's
if (RootMode == 1):
- AttrInfo["supplementarygid"][1] = 100;
- OrderedIndex[AttrInfo["supplementarygid"][1]] = [AttrInfo["supplementarygid"][0], "","supplementarygid"];
- OrigOrderedIndex[AttrInfo["supplementarygid"][1]] = [AttrInfo["supplementarygid"][0], "","supplementarygid"];
+ # Items that root can edit
+ list = ["supplementarygid","allowedhosts","member"];
+ Count = 0;
+ for x in list:
+ AttrInfo[x][1] = 200 + Count;
+ OrderedIndex[AttrInfo[x][1]] = [AttrInfo[x][0], "",x];
+ OrigOrderedIndex[AttrInfo[x][1]] = [AttrInfo[x][0], "",x];
+ Count = Count + 1;
# Query the server for all of the attributes
Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + User);
+if len(Attrs) == 0:
+ print "User",User,"was not found.";
+ sys.exit(0);
# repeatedly show the account configuration
while(1):
if RootMode == 1:
print " a) Arbitary Change";
+ print " R) Randomize Password";
print " p) Change Password";
print " u) Switch Users";
print " x) Exit";
NewUser = raw_input("User? ");
if NewUser == "":
continue;
+ NAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + NewUser);
+ if len(NAttrs) == 0:
+ print "User",NewUser,"was not found.";
+ continue;
+ Attrs = NAttrs;
User = NewUser;
UserDn = "uid=" + User + "," + BaseDn;
- Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + User);
OrderedIndex = copy.deepcopy(OrigOrderedIndex);
continue;
raw_input("Press a key");
continue;
- # Hash it telling glibc to use the MD5 algorithm - if you dont have
- # glibc then just change Salt = "$1$" to Salt = "";
- SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/.";
- Salt = "$1$";
- for x in range(0,10):
- Salt = Salt + SaltVals[whrandom.randint(0,len(SaltVals)-1)];
- Pass = crypt.crypt(Pass1,Salt);
- if len(Pass) < 14:
- print "Caution! MD5 Password hashing failed, not changing password!";
+ try:
+ Pass = HashPass(Pass1);
+ except:
+ print "%s: %s\n" %(sys.exc_type,sys.exc_value);
raw_input("Press a key");
continue;
print "Setting password..";
Pass = "{crypt}" + Pass;
l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userpassword",Pass)]);
+ Attrs[0][1]["userpassword"] = [Pass];
+ continue;
+
+ # Randomize password
+ if Response == 'R' and RootMode == 1:
+ Resp = raw_input("Randomize Users Password? [no/yes]");
+ if Resp != "yes":
+ continue;
+
+ # Generate a random password
+ try:
+ Password = GenPass();
+ Pass = HashPass(Password);
+ except:
+ print "%s: %s\n" %(sys.exc_type,sys.exc_value);
+ raw_input("Press a key");
+ continue;
+
+ print "Setting password..";
+ Pass = "{crypt}" + Pass;
+ l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userpassword",Pass)]);
+ Attrs[0][1]["userpassword"] = [Pass];
continue;
# Handle changing an arbitary value
projects / mirror / userdir-ldap.git / blobdiff