print FormatSSHAuth(x);
+# Print the SSH RSA Authentication keys for a user
+def PrintSshDSAKeys(Attrs):
+ if Attrs[1].has_key("sshdsaauthkey") == 0:
+ return;
+ First = 0;
+ for x in Attrs[1]["sshdsaauthkey"]:
+ if First == 0:
+ print "%-24s:" % ("SSH DSA Auth Keys"),
+ First = 1;
+ else:
+ print "%-24s:" % (""),
+
+ print FormatSSH2Auth(x);
+
# Display all of the attributes in a numbered list
def ShowAttrs(Attrs):
print;
PrintShadow(Attrs);
PrintKeys(Attrs);
PrintSshRSAKeys(Attrs);
+ PrintSshDSAKeys(Attrs);
for at in Attrs[1].keys():
if AttrInfo.has_key(at):
EX_PERMFAIL = 65; # EX_DATAERR
Error = 'Message Error';
SeenRSA = 0;
+SeenDSA = 0;
SeenDNS = 0;
ArbChanges = {"c": "..",
"latitude": None,
"longitude": None,
"icquin": None,
- "sshrsaauthkey": None};
+ "sshrsaauthkey": None,
+ "sshdsaauthkey": None};
# Decode a GPS location from some common forms
def LocDecode(Str,Dir):
SeenRSA = 1;
return "SSH Keys replaced with "+FormatSSHAuth(Str);
+# Handle a SSH DSA authentication key, the line format is:
+# ssh-dss [key] [comment]
+def DoSSH2(Str,Attrs):
+ Match = SSHDSAAuthSplit.match(Str);
+ if Match == None:
+ return None;
+
+ global SeenDSA;
+ if SeenDSA:
+ Attrs.append((ldap.MOD_ADD,"sshdsaauthkey",Str));
+ return "SSH2 Key added "+FormatSSH2Auth(Str);
+
+ Attrs.append((ldap.MOD_REPLACE,"sshdsaauthkey",Str));
+ SeenDSA = 1;
+ return "SSH2 Keys replaced with "+FormatSSH2Auth(Str);
+
# Handle changing a dns entry
# host in a 12.12.12.12
# host in cname foo.bar. <- Trailing dot is required
else:
Res = DoPosition(Line,Attrs) or DoDNS(Line,Attrs,DnRecord) or \
DoArbChange(Line,Attrs) or DoSSH(Line,Attrs) or \
- DoDel(Line,Attrs);
+ DoSSH2(Line,Attrs) or DoDel(Line,Attrs);
except:
Res = None;
Result = Result + "==> %s: %s\n" %(sys.exc_type,sys.exc_value);
# SSH Key splitting. The result is:
# (options,size,modulous,exponent,comment)
SSHAuthSplit = re.compile('^(.* )?(\d+) (\d+) (\d+) ?(.+)$');
+SSHDSAAuthSplit = re.compile('^ssh-dss ([a-zA-Z0-9=/+]+) (.+)$');
#'^([^\d](?:[^ "]+(?:".*")?)*)? ?(\d+) (\d+) (\d+) (.+)$');
AddressSplit = re.compile("(.*).*<([^@]*)@([^>]*)>");
return "+" + Str;
return Str;
+def FormatSSH2Auth(Str):
+ Match = SSHDSAAuthSplit.match(Str);
+ if Match == None:
+ return "<unknown format>";
+ G = Match.groups();
+
+ return "ssh-dss %s..%s %s"%(G[0][:8],G[0][-8:],G[1]);
+
def FormatSSHAuth(Str):
Match = SSHAuthSplit.match(Str);
if Match == None: