+# Copyright (c) 1999-2000 Jason Gunthorpe <jgg@debian.org>
+# Copyright (c) 2001-2003 Ryan Murray <rmurray@debian.org>
+# Copyright (c) 2004-2005 Joey Schulze <joey@infodrom.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
# Some routines and configuration that are used by the ldap progams
-import termios, TERMIOS, re, string, imp, ldap, sys, whrandom, crypt, rfc822;
+import termios, re, string, imp, ldap, sys, crypt, rfc822;
import userdir_gpg
try:
# Cheap hack
BaseDn = ConfModule.basedn;
-BaseDn = ConfModule.basedn;
+HostBaseDn = ConfModule.hostbasedn;
LDAPServer = ConfModule.ldaphost;
EmailAppend = ConfModule.emailappend;
AdminUser = ConfModule.adminuser;
userdir_gpg.SetKeyrings(string.split(ConfModule.keyrings,":"));
# This is a list of common last-name prefixes
-LastNamesPre = {"van": None, "le": None, "de": None, "di": None};
+LastNamesPre = {"van": None, "von": None, "le": None, "de": None, "di": None};
+
+# This is a list of common groups on Debian hosts
+DebianGroups = {
+ "Debian": 800,
+ "guest": 60000,
+ "nogroup": 65534
+ }
+
+# ObjectClasses for different object types
+UserObjectClasses = ("top", "inetOrgPerson", "debianAccount", "shadowAccount", "debianDeveloper")
+RoleObjectClasses = ("top", "debianAccount", "shadowAccount", "debianRoleAccount")
+GroupObjectClasses = ("top", "debianGroup")
# SSH Key splitting. The result is:
# (options,size,modulous,exponent,comment)
SSHAuthSplit = re.compile('^(.* )?(\d+) (\d+) (\d+) ?(.+)$');
-SSHDSAAuthSplit = re.compile('^ssh-dss ([a-zA-Z0-9=/+]+) (.+)$');
+SSH2AuthSplit = re.compile('^(.* )?ssh-(dss|rsa) ([a-zA-Z0-9=/+]+) ?(.+)$');
#'^([^\d](?:[^ "]+(?:".*")?)*)? ?(\d+) (\d+) (\d+) (.+)$');
AddressSplit = re.compile("(.*).*<([^@]*)@([^>]*)>");
# Function to prompt for a password
def getpass(prompt = "Password: "):
- import termios, TERMIOS, sys;
+ import termios, sys;
fd = sys.stdin.fileno();
old = termios.tcgetattr(fd);
new = termios.tcgetattr(fd);
- new[3] = new[3] & ~TERMIOS.ECHO; # lflags
+ new[3] = new[3] & ~termios.ECHO; # lflags
try:
- termios.tcsetattr(fd, TERMIOS.TCSADRAIN, new);
- passwd = raw_input(prompt);
+ termios.tcsetattr(fd, termios.TCSADRAIN, new);
+ try:
+ passwd = raw_input(prompt);
+ except KeyboardInterrupt:
+ termios.tcsetattr(fd, termios.TCSADRAIN, old);
+ print
+ sys.exit(0)
+ except EOFError:
+ passwd = ""
finally:
- termios.tcsetattr(fd, TERMIOS.TCSADRAIN, old);
+ termios.tcsetattr(fd, termios.TCSADRAIN, old);
print;
return passwd;
+def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser):
+ """
+ Ask for the AdminUser's password and connect to the LDAP server.
+ Returns the connection handle.
+ """
+ print "Accessing LDAP directory as '" + AdminUser + "'";
+ while (1):
+ Password = getpass(AdminUser + "'s password: ");
+
+ if len(Password) == 0:
+ sys.exit(0)
+
+ l = ldap.open(LDAPServer);
+ UserDn = "uid=" + AdminUser + "," + BaseDn;
+
+ # Connect to the ldap server
+ try:
+ l.simple_bind_s(UserDn,Password);
+ except ldap.INVALID_CREDENTIALS:
+ continue
+ break
+ return l
+
# Split up a name into multiple components. This tries to best guess how
# to split up a name
def NameSplit(Name):
def HashPass(Password):
# Hash it telling glibc to use the MD5 algorithm - if you dont have
# glibc then just change Salt = "$1$" to Salt = "";
- SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/.";
+ SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/.";
Salt = "$1$";
Rand = open("/dev/urandom");
for x in range(0,10):
# Convert a lat/long attribute into Decimal degrees
def DecDegree(Posn,Anon=0):
- Parts = re.match('[+-]?(\d*)\\.?(\d*)?',Posn).groups();
+ Parts = re.match('[-+]?(\d*)\\.?(\d*)',Posn).groups();
Val = string.atof(Posn);
if (abs(Val) >= 1806060.0):
return Str;
def FormatSSH2Auth(Str):
- Match = SSHDSAAuthSplit.match(Str);
+ Match = SSH2AuthSplit.match(Str);
if Match == None:
return "<unknown format>";
G = Match.groups();
- return "ssh-dss %s..%s %s"%(G[0][:8],G[0][-8:],G[1]);
+ if G[0] == None:
+ return "ssh-%s %s..%s %s"%(G[1],G[2][:8],G[2][-8:],G[3]);
+ return "%s ssh-%s %s..%s %s"%(G[0],G[1],G[2][:8],G[2][-8:],G[3]);
def FormatSSHAuth(Str):
Match = SSHAuthSplit.match(Str);
if Match == None:
- return "<unknown format>";
+ return FormatSSH2Auth(Str);
G = Match.groups();
# No options
return (None,None);
-
+def Group2GID(l, name):
+ """
+ Returns the numerical id of a common group
+ on error returns -1
+ """
+ for g in DebianGroups.keys():
+ if name == g:
+ return DebianGroups[g]
+
+ filter = "(gid=%s)" % name
+ res = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,filter,["gidNumber"]);
+ if res:
+ return int(GetAttr(res[0], "gidNumber"))
+
+ return -1
projects / mirror / userdir-ldap.git / blobdiff