Change the hmac that protect sudopassword entries to also hash the purpose

[mirror/userdir-ldap.git] / userdir_ldap.py

diff --git a/userdir_ldap.py b/userdir_ldap.py
index 0eb4c13..c84a655 100644 (file)
--- a/userdir_ldap.py
+++ b/userdir_ldap.py
@@ -17,8 +17,10 @@
 #   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 
 # Some routines and configuration that are used by the ldap progams
-import termios, re, imp, ldap, sys, crypt, rfc822;
+import termios, re, imp, ldap, sys, crypt, rfc822, pwd, os;
 import userdir_gpg
+import hmac
+import sha as sha1_module
 
 try:
    File = open("/etc/userdir-ldap/userdir-ldap.conf");
@@ -27,10 +29,6 @@ except:
 ConfModule = imp.load_source("userdir_config","/etc/userdir-ldap.conf",File);
 File.close();
 
-File = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r");
-HmacKey = F.readline().strip()
-File.close();
-
 # Cheap hack
 BaseDn = ConfModule.basedn;
 HostBaseDn = ConfModule.hostbasedn;
@@ -456,7 +454,10 @@ def Group2GID(l, name):
    return -1
 
 def make_hmac(str):
+   File = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r");
+   HmacKey = File.readline().strip()
+   File.close();
    return hmac.new(HmacKey, str, sha1_module).hexdigest()
 
-def make_sudopasswd_hmac(purpose, uuid, hosts, cryptedpass):
-   return make_hmac(':'.join([purpose, uuid, hosts, cryptedpass]))
+def make_passwd_hmac(status, purpose, uid, uuid, hosts, cryptedpass):
+   return make_hmac(':'.join([status, purpose, uid, uuid, hosts, cryptedpass]))