X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=ud-info;h=8fde99a39343a85b00ff285fcb217882a56b5337;hp=5e9603e45db44f73ab6d749aa167b0ffcb81362c;hb=a6fb69805c3999a85c064a96c93417bb1c284c5c;hpb=c50d88536a4feb3087d1aa802e110250cb2861fc diff --git a/ud-info b/ud-info index 5e9603e..8fde99a 100755 --- a/ud-info +++ b/ud-info @@ -16,10 +16,8 @@ # database # -r Enable 'root' functions, do this if your uid has access to # restricted variables. -# -# http://www.geocode.com/eagle.html-ssi -import string, time, posix, pwd, sys, getopt, ldap, crypt, whrandom, readline, copy; +import time, os, pwd, sys, getopt, ldap, crypt, readline, copy; from userdir_ldap import *; RootMode = 0; @@ -29,41 +27,69 @@ AttrInfo = {"cn": ["First Name", 101], "c": ["Country Code",1], "l": ["Locality",2], "ou": ["Membership",0], - "facsimiletelephonenumber": ["Fax Phone Number",3], - "telephonenumber": ["Phone Number",4], - "postaladdress": ["Mailing Address",5], - "postalcode": ["Postal Code",6], + "facsimileTelephoneNumber": ["Fax Phone Number",3], + "telephoneNumber": ["Phone Number",4], + "postalAddress": ["Mailing Address",5], + "postalCode": ["Postal Code",6], "uid": ["Unix User ID",0], - "loginshell": ["Unix Shell",7], - "supplementarygid": ["Unix Groups",0], - "emailforward": ["Email Forwarding",8], - "ircnick": ["IRC Nickname",9], - "onvacation": ["Vacation Message",10], - "labeledurl": ["Home Page",11], + "loginShell": ["Unix Shell",7], + "supplementaryGid": ["Unix Groups",0], + "allowedHost": ["Host ACL",0], + "member": ["LDAP Group",0], + "emailForward": ["Email Forwarding",8], + "ircNick": ["IRC Nickname",9], + "onVacation": ["Vacation Message",10], + "labeledURI": ["Home Page",11], "latitude": ["Latitude",12], "longitude": ["Longitude",13], - "comment": ["Comment",114], - "userpassword": ["Crypted Password",115]}; + "icqUin": ["ICQ UIN",14], + "jabberJID": ["Jabber ID",15], + "privateSub": ["Debian-Private",16], + "gender": ["Gender",17], + "birthDate": ["Date of Birth",18], + "mailDisableMessage": ["Mail Disabled",19], + "mailGreylisting": ["Mail Greylisting",20], + "mailCallout": ["Mail Callouts",21], + "mailRBL": ["Mail RBLs",22], + "mailRHSBL": ["Mail RHSBLs",23], + "mailWhitelist": ["Mail Whitelist",24], + "comment": ["Comment",116], + "userPassword": ["Crypted Password",117], + "dnsZoneEntry": ["d.net Entry",118]}; AttrPrompt = {"cn": ["Common name or first name"], "mn": ["Middle name (or initial if it ends in a dot)"], "sn": ["Surname or last name"], "c": ["ISO 2 letter country code, such as US, DE, etc"], "l": ["City name, State/Provice (Locality)\n e.g. Dallas, Texas"], - "facsimiletelephonenumber": ["Fax phone number, with area code and country code"], - "telephonenumber": ["Voice phone number"], - "postaladdress": ["Complete mailing address including postal codes and country designations\nSeperate lines using a $ character"], - "postalcode": ["Postal Code or Zip Code"], - "loginshell": ["Login shell with full path (no check is done for validity)"], - "emailforward": ["EMail address to send all mail to or blank to disable"], - "ircnick": ["IRC nickname if you use IRC"], - "onvacation": ["A message if on vaction, indicating the time of departure and return"], - "userpassword": ["The users Crypt'd password"], + "facsimileTelephoneNumber": ["Fax phone number, with area code and country code"], + "telephoneNumber": ["Voice phone number"], + "postalAddress": ["Complete mailing address including postal codes and country designations\nSeperate lines using a $ character"], + "postalCode": ["Postal Code or Zip Code"], + "loginShell": ["Login shell with full path (no check is done for validity)"], + "emailForward": ["EMail address to send all mail to or blank to disable"], + "ircNick": ["IRC nickname if you use IRC"], + "onVacation": ["A message if on vaction, indicating the time of departure and return"], + "userPassword": ["The users Crypt'd password"], "comment": ["Admin Comment about the account"], - "supplementarygid": ["Groups the user is in"], + "supplementaryGid": ["Groups the user is in"], + "allowedHost": ["Grant access to certain hosts"], + "privateSub": ["Debian-Private mailing list subscription"], + "gender": ["ISO5218 Gender code (1=male,2=female,9=unspecified)"], + "birthDate": ["Date of Birth (YYYYMMDD)"], + "mailDisableMessage": ["Error message to return via SMTP"], + "mailGreylisting": ["SMTP Greylisting (TRUE/FALSE)"], + "mailCallout": ["SMTP Callouts (TRUE/FALSE)"], + "mailRBL": ["SMTP time RBL lists"], + "mailRHSBL": ["SMTP time RHSBL lists"], + "mailWhitelist": ["SMTP time whitelist from other checks"], + "member": ["LDAP Group Member for slapd ACLs"], "latitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"], "longitude": ["XEarth latitude in ISO 6709 format - see /usr/share/zoneinfo/zone.tab or etak.com"], - "labeledurl": ["Web home page"]}; + "dnsZoneEntry": ["DNS Zone fragment associated this this user"], + "labeledURI": ["Web home page"], + "jabberJID": ["Jabber ID"], + "icqUin": ["ICQ UIN Number"]}; # Create a map of IDs to desc,value,attr OrderedIndex = {}; @@ -74,10 +100,10 @@ OrigOrderedIndex = copy.deepcopy(OrderedIndex); # Show shadow information def PrintShadow(Attrs): - Changed = int(GetAttr(Attrs,"shadowlastchange","0")); - MinDays = int(GetAttr(Attrs,"shadowmin","0")); - MaxDays = int(GetAttr(Attrs,"shadowmax","0")); - WarnDays = int(GetAttr(Attrs,"shadowwarning","0")); + Changed = int(GetAttr(Attrs,"shadowLastChange","0")); + MinDays = int(GetAttr(Attrs,"shadowMin","0")); + MaxDays = int(GetAttr(Attrs,"shadowMax","0")); + WarnDays = int(GetAttr(Attrs,"shadowWarning","0")); InactDays = int(GetAttr(Attrs,"shadowinactive","0")); Expire = int(GetAttr(Attrs,"shadowexpire","0")); @@ -91,14 +117,14 @@ def PrintShadow(Attrs): # Print out the automatic time stamp information def PrintModTime(Attrs): - Stamp = GetAttr(Attrs,"modifytimestamp",""); + Stamp = GetAttr(Attrs,"modifyTimestamp",""); if len(Stamp) >= 13: Time = (int(Stamp[0:4]),int(Stamp[4:6]),int(Stamp[6:8]), int(Stamp[8:10]),int(Stamp[10:12]),int(Stamp[12:14]),0,0,-1); print "%-24s:" % ("Record last modified on"), time.strftime("%a %d/%m/%Y %X UTC",Time), - print "by",ldap.explode_dn(GetAttr(Attrs,"modifiersname"),1)[0]; + print "by",ldap.explode_dn(GetAttr(Attrs,"modifiersName"),1)[0]; - Stamp = GetAttr(Attrs,"createtimestamp",""); + Stamp = GetAttr(Attrs,"createTimestamp",""); if len(Stamp) >= 13: Time = (int(Stamp[0:4]),int(Stamp[4:6]),int(Stamp[6:8]), int(Stamp[8:10]),int(Stamp[10:12]),int(Stamp[12:14]),0,0,-1); @@ -106,36 +132,31 @@ def PrintModTime(Attrs): # Print the PGP key for a user def PrintKeys(Attrs): - if Attrs[1].has_key("keyfingerprint") == 0: + if Attrs[1].has_key("keyFingerPrint") == 0: return; First = 0; - for x in Attrs[1]["keyfingerprint"]: + for x in Attrs[1]["keyFingerPrint"]: if First == 0: print "%-24s:" % ("PGP/GPG Key Fingerprints"), First = 1; else: print "%-24s:" % (""), + print FormatPGPKey(x); - # PGP Print - if (len(x) == 32): - I = 0; - while (I < len(x)): - print x[I]+x[I+1], - I = I + 2; - if I == 32/2: - print "", - elif (len(x) == 40): - # GPG Print - I = 0; - while (I < len(x)): - print x[I]+x[I+1]+x[I+2]+x[I+3], - I = I + 4; - if I == 40/2: - print "", +# Print the SSH RSA Authentication keys for a user +def PrintSshRSAKeys(Attrs): + if Attrs[1].has_key("sshRSAAuthKey") == 0: + return; + First = 0; + for x in Attrs[1]["sshRSAAuthKey"]: + if First == 0: + print "%-24s:" % ("SSH Auth Keys"), + First = 1; else: - print x, - print; + print "%-24s:" % (""), + print FormatSSHAuth(x); + # Display all of the attributes in a numbered list def ShowAttrs(Attrs): print; @@ -143,6 +164,7 @@ def ShowAttrs(Attrs): PrintModTime(Attrs); PrintShadow(Attrs); PrintKeys(Attrs); + PrintSshRSAKeys(Attrs); for at in Attrs[1].keys(): if AttrInfo.has_key(at): @@ -151,7 +173,7 @@ def ShowAttrs(Attrs): for x in Attrs[1][at]: print "'%s'" % (x), if at == "uid": - print "(id=%s, gid=%s)" % (GetAttr(Attrs,"uidnumber","-1"),GetAttr(Attrs,"gidnumber","-1")), + print "(id=%s, gid=%s)" % (GetAttr(Attrs,"uidNumber","-1"),GetAttr(Attrs,"gidNumber","-1")), print; else: OrderedIndex[AttrInfo[at][1]][1] = Attrs[1][at]; @@ -167,7 +189,9 @@ def ShowAttrs(Attrs): # Change a single attribute def ChangeAttr(Attrs,Attr): - if (Attr == "supplementarygid"): + if (Attr == "supplementaryGid" or Attr == "allowedHost" or \ + Attr == "member" or Attr == "dnsZoneEntry" or Attr == "mailWhitelist" or \ + Attr == "mailRBL" or Attr == "mailRHSBL"): return MultiChangeAttr(Attrs,Attr); print "Old value: '%s'" % (GetAttr(Attrs,Attr,"")); @@ -205,7 +229,7 @@ def MultiChangeAttr(Attrs,Attr): Attrs[1][Attr].sort(); print "Old values: ",Attrs[1][Attr]; - Mode = string.upper(raw_input("[D]elete or [A]dd? ")); + Mode = raw_input("[D]elete or [A]dd? ").upper() if (Mode != 'D' and Mode != 'A'): return; @@ -234,10 +258,15 @@ def MultiChangeAttr(Attrs,Attr): print; # Main program starts here -User = pwd.getpwuid(posix.getuid())[0]; +User = pwd.getpwuid(os.getuid())[0]; BindUser = User; # Process options -(options, arguments) = getopt.getopt(sys.argv[1:], "nu:c:a:r") +try: + (options, arguments) = getopt.getopt(sys.argv[1:], "nu:c:a:r") +except getopt.GetoptError, data: + print data + sys.exit(1) + for (switch, val) in options: if (switch == '-u'): User = val; @@ -272,12 +301,20 @@ UserDn = "uid=" + User + "," + BaseDn; # Enable changing of supplementary gid's if (RootMode == 1): - AttrInfo["supplementarygid"][1] = 100; - OrderedIndex[AttrInfo["supplementarygid"][1]] = [AttrInfo["supplementarygid"][0], "","supplementarygid"]; - OrigOrderedIndex[AttrInfo["supplementarygid"][1]] = [AttrInfo["supplementarygid"][0], "","supplementarygid"]; + # Items that root can edit + list = ["supplementaryGid","allowedHost","member"]; + Count = 0; + for x in list: + AttrInfo[x][1] = 200 + Count; + OrderedIndex[AttrInfo[x][1]] = [AttrInfo[x][0], "",x]; + OrigOrderedIndex[AttrInfo[x][1]] = [AttrInfo[x][0], "",x]; + Count = Count + 1; # Query the server for all of the attributes Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + User); +if len(Attrs) == 0: + print "User",User,"was not found."; + sys.exit(0); # repeatedly show the account configuration while(1): @@ -287,6 +324,7 @@ while(1): if RootMode == 1: print " a) Arbitary Change"; + print " R) Randomize Password"; print " p) Change Password"; print " u) Switch Users"; print " x) Exit"; @@ -302,9 +340,13 @@ while(1): NewUser = raw_input("User? "); if NewUser == "": continue; + NAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + NewUser); + if len(NAttrs) == 0: + print "User",NewUser,"was not found."; + continue; + Attrs = NAttrs; User = NewUser; UserDn = "uid=" + User + "," + BaseDn; - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=" + User); OrderedIndex = copy.deepcopy(OrigOrderedIndex); continue; @@ -321,21 +363,38 @@ while(1): raw_input("Press a key"); continue; - # Hash it telling glibc to use the MD5 algorithm - if you dont have - # glibc then just change Salt = "$1$" to Salt = ""; - SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/."; - Salt = "$1$"; - for x in range(0,10): - Salt = Salt + SaltVals[whrandom.randint(0,len(SaltVals)-1)]; - Pass = crypt.crypt(Pass1,Salt); - if len(Pass) < 14: - print "Caution! MD5 Password hashing failed, not changing password!"; + try: + Pass = HashPass(Pass1); + except: + print "%s: %s\n" %(sys.exc_type,sys.exc_value); raw_input("Press a key"); continue; print "Setting password.."; Pass = "{crypt}" + Pass; - l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userpassword",Pass)]); + l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userPassword",Pass)]); + Attrs[0][1]["userPassword"] = [Pass]; + continue; + + # Randomize password + if Response == 'R' and RootMode == 1: + Resp = raw_input("Randomize Users Password? [no/yes]"); + if Resp != "yes": + continue; + + # Generate a random password + try: + Password = GenPass(); + Pass = HashPass(Password); + except: + print "%s: %s\n" %(sys.exc_type,sys.exc_value); + raw_input("Press a key"); + continue; + + print "Setting password.."; + Pass = "{crypt}" + Pass; + l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userPassword",Pass)]); + Attrs[0][1]["userPassword"] = [Pass]; continue; # Handle changing an arbitary value