+# Copyright (c) 1999-2000 Jason Gunthorpe <jgg@debian.org>
+# Copyright (c) 2001-2003 Ryan Murray <rmurray@debian.org>
+# Copyright (c) 2004 Joey Schulze <joey@infodrom.org>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
# Some routines and configuration that are used by the ldap progams
-import termios, TERMIOS, re, string, imp, ldap, sys, whrandom, crypt, rfc822;
+import termios, re, string, imp, ldap, sys, whrandom, crypt, rfc822;
import userdir_gpg
try:
# Cheap hack
BaseDn = ConfModule.basedn;
-BaseDn = ConfModule.basedn;
+HostBaseDn = ConfModule.hostbasedn;
LDAPServer = ConfModule.ldaphost;
EmailAppend = ConfModule.emailappend;
AdminUser = ConfModule.adminuser;
userdir_gpg.SetKeyrings(string.split(ConfModule.keyrings,":"));
# This is a list of common last-name prefixes
-LastNamesPre = {"van": None, "le": None, "de": None, "di": None};
+LastNamesPre = {"van": None, "von": None, "le": None, "de": None, "di": None};
+
+# This is a list of common groups on Debian hosts
+DebianGroups = {"Debian": 800, "guest": 60000}
# SSH Key splitting. The result is:
# (options,size,modulous,exponent,comment)
SSHAuthSplit = re.compile('^(.* )?(\d+) (\d+) (\d+) ?(.+)$');
+SSH2AuthSplit = re.compile('^(.* )?ssh-(dss|rsa) ([a-zA-Z0-9=/+]+) ?(.+)$');
#'^([^\d](?:[^ "]+(?:".*")?)*)? ?(\d+) (\d+) (\d+) (.+)$');
AddressSplit = re.compile("(.*).*<([^@]*)@([^>]*)>");
# Function to prompt for a password
def getpass(prompt = "Password: "):
- import termios, TERMIOS, sys;
+ import termios, sys;
fd = sys.stdin.fileno();
old = termios.tcgetattr(fd);
new = termios.tcgetattr(fd);
- new[3] = new[3] & ~TERMIOS.ECHO; # lflags
+ new[3] = new[3] & ~termios.ECHO; # lflags
try:
- termios.tcsetattr(fd, TERMIOS.TCSADRAIN, new);
- passwd = raw_input(prompt);
+ termios.tcsetattr(fd, termios.TCSADRAIN, new);
+ try:
+ passwd = raw_input(prompt);
+ except KeyboardInterrupt:
+ termios.tcsetattr(fd, termios.TCSADRAIN, old);
+ print
+ sys.exit(0)
+ except EOFError:
+ passwd = ""
finally:
- termios.tcsetattr(fd, TERMIOS.TCSADRAIN, old);
+ termios.tcsetattr(fd, termios.TCSADRAIN, old);
print;
return passwd;
+def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser):
+ """
+ Ask for the AdminUser's password and connect to the LDAP server.
+ Returns the connection handle.
+ """
+ print "Accessing LDAP directory as '" + AdminUser + "'";
+ while (1):
+ Password = getpass(AdminUser + "'s password: ");
+
+ if len(Password) == 0:
+ sys.exit(0)
+
+ l = ldap.open(LDAPServer);
+ UserDn = "uid=" + AdminUser + "," + BaseDn;
+
+ # Connect to the ldap server
+ try:
+ l.simple_bind_s(UserDn,Password);
+ except ldap.INVALID_CREDENTIALS:
+ continue
+ break
+ return l
+
# Split up a name into multiple components. This tries to best guess how
# to split up a name
def NameSplit(Name):
SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/.";
Rand = open("/dev/urandom");
Password = "";
- for i in range(0,10):
+ for i in range(0,15):
Password = Password + SaltVals[ord(Rand.read(1)[0]) % len(SaltVals)];
return Password;
def HashPass(Password):
# Hash it telling glibc to use the MD5 algorithm - if you dont have
# glibc then just change Salt = "$1$" to Salt = "";
- SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/.";
+ SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/.";
Salt = "$1$";
+ Rand = open("/dev/urandom");
for x in range(0,10):
- Salt = Salt + SaltVals[whrandom.randint(0,len(SaltVals)-1)];
+ Salt = Salt + SaltVals[ord(Rand.read(1)[0]) % len(SaltVals)];
Pass = crypt.crypt(Password,Salt);
if len(Pass) < 14:
raise "Password Error", "MD5 password hashing failed, not changing the password!";
# Convert a lat/long attribute into Decimal degrees
def DecDegree(Posn,Anon=0):
- Parts = re.match('[+-]?(\d*)\\.?(\d*)?',Posn).groups();
+ Parts = re.match('[-+]?(\d*)\\.?(\d*)',Posn).groups();
Val = string.atof(Posn);
if (abs(Val) >= 1806060.0):
return "+" + Str;
return Str;
+def FormatSSH2Auth(Str):
+ Match = SSH2AuthSplit.match(Str);
+ if Match == None:
+ return "<unknown format>";
+ G = Match.groups();
+
+ if G[0] == None:
+ return "ssh-%s %s..%s %s"%(G[1],G[2][:8],G[2][-8:],G[3]);
+ return "%s ssh-%s %s..%s %s"%(G[0],G[1],G[2][:8],G[2][-8:],G[3]);
+
def FormatSSHAuth(Str):
Match = SSHAuthSplit.match(Str);
if Match == None:
- return "<unknown format>";
+ return FormatSSH2Auth(Str);
G = Match.groups();
# No options
# Take an email address and split it into 3 parts, (Name,UID,Domain)
def SplitEmail(Addr):
+ # Is not an email address at all
+ if string.find(Addr,'@') == -1:
+ return (Addr,"","");
+
Res1 = rfc822.AddrlistClass(Addr).getaddress();
if len(Res1) != 1:
return ("","",Addr);
Stat = "unknown map hit for"+str(Name);
return (UnknownMap[Name[2]],[Stat]);
+ # Then the name component (another ie there was no email address to match)
+ if UnknownMap.has_key(Name[0]):
+ Stat = "unknown map hit for"+str(Name);
+ return (UnknownMap[Name[0]],[Stat]);
+
# Search for a possible first/last name hit
try:
Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"(&(cn=%s)(sn=%s))"%(cn,sn),["uid"]);
return (None,None);
-
+def Group2GID(name):
+ """Returns the numerical id of a common group"""
+ for g in DebianGroups.keys():
+ if name == g:
+ return DebianGroups[g]
+ return name
projects / mirror / userdir-ldap.git / blobdiff