X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=userdir_ldap.py;h=00f9d4b6448fcd367e07cc8002fa8f1d9853feb7;hp=c76992c6da3cb20db769040a62a437e02e284f3f;hb=871ab5f2e8bda25130c70834052fa8fb020a5373;hpb=d6a45065258ad2edcf9e83684937b8b36ca7ff64

diff --git a/userdir_ldap.py b/userdir_ldap.py
index c76992c..00f9d4b 100644
--- a/userdir_ldap.py
+++ b/userdir_ldap.py
@@ -22,7 +22,7 @@
 import termios, re, imp, ldap, sys, crypt, rfc822, pwd, os, getpass
 import userdir_gpg
 import hmac
-import sha as sha1_module
+import hashlib
 
 try:
    File = open("/etc/userdir-ldap/userdir-ldap.conf");
@@ -40,7 +40,6 @@ AdminUser = ConfModule.adminuser;
 GenerateDir = ConfModule.generatedir;
 AllowedGroupsPreload = ConfModule.allowedgroupspreload;
 HomePrefix = ConfModule.homeprefix;
-DefaultGID = ConfModule.defaultgid;
 TemplatesDir = ConfModule.templatesdir;
 PassDir = ConfModule.passdir;
 Ech_ErrorLog = ConfModule.ech_errorlog;
@@ -52,6 +51,17 @@ try:
 except AttributeError:
    UseSSL = False;
 
+try:
+   BaseBaseDn = ConfModule.basebasedn;
+except AttributeError:
+   BaseBaseDn = BaseDn
+
+try:
+   IgnoreUsersForUIDNumberGen = ConfModule.ignoreusersforuidnumbergen
+except AttributeError:
+   IgnoreUsersForUIDNumberGen = ['nobody']
+
+
 # Break up the keyring list
 userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":"))
 
@@ -73,7 +83,7 @@ GroupObjectClasses = ("top", "debianGroup")
 # SSH Key splitting. The result is:
 # (options,size,modulous,exponent,comment)
 SSHAuthSplit = re.compile('^(.* )?(\d+) (\d+) (\d+) ?(.+)$');
-SSH2AuthSplit = re.compile('^(.* )?ssh-(dss|rsa) ([a-zA-Z0-9=/+]+) ?(.+)$');
+SSH2AuthSplit = re.compile('^(.* )?ssh-(dss|rsa|ecdsa-sha2-nistp(?:256|384|521)|ed25519) ([a-zA-Z0-9=/+]+) ?(.+)$');
 #'^([^\d](?:[^ "]+(?:".*")?)*)? ?(\d+) (\d+) (\d+) (.+)$');
 
 AddressSplit = re.compile("(.*).*<([^@]*)@([^>]*)>");
@@ -126,7 +136,10 @@ def passwdAccessLDAP(BaseDn, AdminUser):
    """
    print "Accessing LDAP directory as '" + AdminUser + "'";
    while (1):
-      Password = getpass.getpass(AdminUser + "'s password: ")
+      if 'LDAP_PASSWORD' in os.environ:
+          Password = os.environ['LDAP_PASSWORD']
+      else:
+          Password = getpass.getpass(AdminUser + "'s password: ")
 
       if len(Password) == 0:
          sys.exit(0)
@@ -138,6 +151,9 @@ def passwdAccessLDAP(BaseDn, AdminUser):
       try:
          l.simple_bind_s(UserDn,Password);
       except ldap.INVALID_CREDENTIALS:
+         if 'LDAP_PASSWORD' in os.environ:
+             print "password in environment does not work"
+             del os.environ['LDAP_PASSWORD']
          continue
       break
    return l
@@ -438,7 +454,7 @@ def make_hmac(str):
       File = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r");
       HmacKey = File.readline().strip()
       File.close();
-   return hmac.new(HmacKey, str, sha1_module).hexdigest()
+   return hmac.new(HmacKey, str, hashlib.sha1).hexdigest()
 
 def make_passwd_hmac(status, purpose, uid, uuid, hosts, cryptedpass):
    return make_hmac(':'.join([status, purpose, uid, uuid, hosts, cryptedpass]))