projects
/
mirror
/
userdir-ldap.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Store a mac with confirmed sudo passwords, so that they cannot be modified by editing...
[mirror/userdir-ldap.git]
/
userdir_ldap.py
diff --git
a/userdir_ldap.py
b/userdir_ldap.py
index
e90fffd
..
0eb4c13
100644
(file)
--- a/
userdir_ldap.py
+++ b/
userdir_ldap.py
@@
-27,6
+27,10
@@
except:
ConfModule = imp.load_source("userdir_config","/etc/userdir-ldap.conf",File);
File.close();
ConfModule = imp.load_source("userdir_config","/etc/userdir-ldap.conf",File);
File.close();
+File = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r");
+HmacKey = F.readline().strip()
+File.close();
+
# Cheap hack
BaseDn = ConfModule.basedn;
HostBaseDn = ConfModule.hostbasedn;
# Cheap hack
BaseDn = ConfModule.basedn;
HostBaseDn = ConfModule.hostbasedn;
@@
-450,3
+454,9
@@
def Group2GID(l, name):
return int(GetAttr(res[0], "gidNumber"))
return -1
return int(GetAttr(res[0], "gidNumber"))
return -1
+
+def make_hmac(str):
+ return hmac.new(HmacKey, str, sha1_module).hexdigest()
+
+def make_sudopasswd_hmac(purpose, uuid, hosts, cryptedpass):
+ return make_hmac(':'.join([purpose, uuid, hosts, cryptedpass]))