From 4761f401f838a00cba01172eeb7183c5b7777b0f Mon Sep 17 00:00:00 2001 From: Tollef Fog Heen Date: Mon, 5 Feb 2018 21:36:40 +0100 Subject: [PATCH] PEP-8-ify a bit Not done yet, but this is much better already. Should be no functional changes --- UDLdap.py | 56 +++--- userdir_exceptions.py | 16 +- userdir_gpg.py | 67 ++++--- userdir_ldap.py | 440 ++++++++++++++++++++++-------------------- 4 files changed, 313 insertions(+), 266 deletions(-) diff --git a/UDLdap.py b/UDLdap.py index f07ba36..ff47124 100644 --- a/UDLdap.py +++ b/UDLdap.py @@ -4,23 +4,24 @@ import datetime import userdir_ldap import sys + class Account: array_values = ['objectClass', 'keyFingerPrint', 'mailWhitelist', 'mailRBL', 'mailRHSBL', 'supplementaryGid', 'sshRSAAuthKey', 'sudoPassword', 'dnsZoneEntry', 'allowedHost'] int_values = ['shadowExpire', 'gidNumber', 'uidNumber'] defaults = { - 'accountStatus': 'active', - 'keyFingerPrint': [] - } + 'accountStatus': 'active', + 'keyFingerPrint': [] + } @staticmethod def from_search(ldap_connection, base, user): - searchresult = ldap_connection.search_s(base, ldap.SCOPE_SUBTREE, 'uid=%s'%(user)) + searchresult = ldap_connection.search_s(base, ldap.SCOPE_SUBTREE, 'uid=%s' % (user,)) if len(searchresult) < 1: - raise IndexError, "No such user: %s\n"%(user) + raise IndexError("No such user: %s\n" % (user,)) elif len(searchresult) > 1: - raise IndexError, "More than one hit when getting %s\n"%(user) + raise IndexError("More than one hit when getting %s\n" % (user,)) else: return Account(searchresult[0][0], searchresult[0][1]) @@ -37,7 +38,7 @@ class Account: if key in self.array_values: self.cache[key] = self.attributes[key] elif not len(self.attributes[key]) == 1: - raise ValueError, 'non-array value has not exactly one value' + raise ValueError('non-array value has not exactly one value') elif key in self.int_values: self.cache[key] = int(self.attributes[key][0]) else: @@ -45,7 +46,7 @@ class Account: elif key in self.defaults: self.cache[key] = self.defaults[key] else: - raise IndexError, "No such key: %s (dn: %s)"%(key, self.dn) + raise IndexError("No such key: %s (dn: %s)" % (key, self.dn)) return self.cache[key] @@ -59,7 +60,7 @@ class Account: # not locked locked, just reset to something invalid like {crypt}*SSLRESET* is still active def pw_active(self): - if not 'userPassword' in self: + if 'userPassword' not in self: return False if self['userPassword'].upper() == '{CRYPT}*LK*': return False @@ -77,7 +78,7 @@ class Account: # not expired def shadow_active(self): if 'shadowExpire' in self and \ - self['shadowExpire'] < (time.time() / 3600 / 24): + self['shadowExpire'] < (time.time() / 3600 / 24): return False return True @@ -92,18 +93,19 @@ class Account: def latitude_dec(self, anonymized=False): return userdir_ldap.DecDegree(self['latitude'], anonymized) + def longitude_dec(self, anonymized=False): return userdir_ldap.DecDegree(self['longitude'], anonymized) def verbose_status(self): status = [] - status.append('mail: %s' %(['disabled', 'active'][ self.has_mail() ])) - status.append('pw: %s' %(['locked', 'active'][ self.pw_active() ])) - status.append('shadow: %s'%(['expired', 'active'][ self.shadow_active() ])) - status.append('keys: %d' %( self.numkeys() )) - status.append('status: %s'%( self['accountStatus'] )) + status.append('mail: %s' % (['disabled', 'active'][self.has_mail()])) + status.append('pw: %s' % (['locked', 'active'][self.pw_active()])) + status.append('shadow: %s' % (['expired', 'active'][self.shadow_active()])) + status.append('keys: %d' % (self.numkeys())) + status.append('status: %s' % (self['accountStatus'])) - return '(%s)'%(', '.join(status)) + return '(%s)' % (', '.join(status)) def delete_mailforward(self): del self.attributes['emailForward'] @@ -114,24 +116,30 @@ class Account: def email_address(self): mailbox = "<%s@%s>" % (self['uid'], userdir_ldap.EmailAppend) tokens = [] - if 'cn' in self: tokens.append(self['cn']) - if 'sn' in self: tokens.append(self['sn']) + if 'cn' in self: + tokens.append(self['cn']) + if 'sn' in self: + tokens.append(self['sn']) tokens.append(mailbox) return ' '.join(tokens) def is_allowed_by_hostacl(self, host): - if not 'allowedHost' in self: return False - if host in self['allowedHost']: return True + if 'allowedHost' not in self: + return False + if host in self['allowedHost']: + return True # or maybe it's a date limited ACL for entry in self['allowedHost']: - list = entry.split(None,1) - if len(list) == 1: continue + list = entry.split(None, 1) + if len(list) == 1: + continue (h, expire) = list - if host != h: continue + if host != h: + continue try: parsed = datetime.datetime.strptime(expire, '%Y%m%d') except ValueError: - print >>sys.stderr, "Cannot parse expiry date in '%s' in hostACL entry for %s."%(entry, self['uid']) + print >>sys.stderr, "Cannot parse expiry date in '%s' in hostACL entry for %s." % (entry, self['uid']) return False return parsed >= datetime.datetime.now() return False diff --git a/userdir_exceptions.py b/userdir_exceptions.py index a9d9d8e..ec879a9 100644 --- a/userdir_exceptions.py +++ b/userdir_exceptions.py @@ -1,12 +1,13 @@ # vim: set fileencoding=utf-8 ai et sts=4 sw=4 tw=0: -# # -*- coding: -*- -## Userdir-LDAP exception classes -## © 2009 Stephen Gran -## © 2009 Mark Hymers +# -*- coding: -*- +# Userdir-LDAP exception classes +# © 2009 Stephen Gran +# © 2009 Mark Hymers """ These classes implement the necessary exceptions in the userdir-ldap namespace """ + class UDError(Exception): """ Base class for exceptions in ud-ldap. @@ -14,12 +15,14 @@ class UDError(Exception): def __init__(self, message): Exception.__init__(self) self.message = message - + def __str__(self): return "%s: %s" % (self._name_, self.message) + __all__ = ['UDError'] + UDERRORS = { "UDPasswdError": """Exception raised for authentication errors.""", "UDFormatError": """Exception raised for data format errors.""", @@ -29,6 +32,7 @@ UDERRORS = { "UDLoadFail": """Exception raised for LDAP lookup failures.""", } + def construct_udld_exception(name, description): """Generator function for userdir-ldap exceptions""" @@ -40,7 +44,7 @@ def construct_udld_exception(name, description): setattr(Error, "_name_", name) return Error + for key in UDERRORS.keys(): globals()[key] = construct_udld_exception(key, UDERRORS[key]) __all__ += [key] - diff --git a/userdir_gpg.py b/userdir_gpg.py index 1b9732c..da8abfc 100644 --- a/userdir_gpg.py +++ b/userdir_gpg.py @@ -26,44 +26,53 @@ # packets so I can tell if a signature is made by pgp2 to enable the # pgp2 encrypting mode. -import sys, StringIO, os, tempfile, re; -import time, fcntl, anydbm -import email, email.message +import sys +import StringIO +import os +import tempfile +import re +import time +import fcntl +import anydbm +import email +import email.message from userdir_exceptions import * # General GPG options GPGPath = "gpg" -# "--load-extension","rsa", -GPGBasicOptions = [ - "--no-options", - "--batch", - "--no-default-keyring", - "--secret-keyring", "/dev/null", - "--always-trust"]; -GPGKeyRings = []; -GPGSigOptions = ["--output","-"]; -GPGSearchOptions = ["--dry-run","--with-colons","--fingerprint",\ - "--fingerprint", "--fixed-list-mode"]; -GPGEncryptOptions = ["--output","-","--quiet","--always-trust",\ - "--armor","--encrypt"]; -GPGEncryptPGP2Options = ["--set-filename","","--rfc1991",\ - "--load-extension","idea",\ - "--cipher-algo","idea"] + GPGEncryptOptions; +# "--load-extension", "rsa", +GPGBasicOptions = ["--no-options", + "--batch", + "--no-default-keyring", + "--secret-keyring", "/dev/null", + "--always-trust"] +GPGKeyRings = [] +GPGSigOptions = ["--output", "-"] +GPGSearchOptions = ["--dry-run", "--with-colons", "--fingerprint", + "--fingerprint", "--fixed-list-mode"] +GPGEncryptOptions = ["--output", "-", "--quiet", "--always-trust", + "--armor", "--encrypt"] +GPGEncryptPGP2Options = ["--set-filename", "", "--rfc1991", + "--load-extension", "idea", + "--cipher-algo", "idea"] + GPGEncryptOptions # Replay cutoff times in seconds -CleanCutOff = 7*24*60*60; -AgeCutOff = 4*24*60*60; -FutureCutOff = 3*24*60*60; +CleanCutOff = 7 * 24 * 60 * 60 +AgeCutOff = 4 * 24 * 60 * 60 +FutureCutOff = 3 * 24 * 60 * 60 + def ClearKeyrings(): del GPGKeyRings[:] + # Set the keyrings, the input is a list of keyrings def SetKeyrings(Rings): for x in Rings: - GPGKeyRings.append("--keyring"); - GPGKeyRings.append(x); + GPGKeyRings.append("--keyring") + GPGKeyRings.append(x) + # GetClearSig takes an un-seekable email message stream (mimetools.Message) # and returns a standard PGP '---BEGIN PGP SIGNED MESSAGE---' bounded @@ -81,7 +90,7 @@ def SetKeyrings(Rings): # # lax_multipart: treat multipart bodies other than multipart/signed # as one big plain text body -def GetClearSig(Msg, Paranoid = 0, lax_multipart = False): +def GetClearSig(Msg, Paranoid=0, lax_multipart=False): if not Msg.__class__ == email.message.Message: raise RuntimeError, "GetClearSign() not called with a email.message.Message" @@ -602,10 +611,10 @@ class ReplayCache: def process(self, sig_info): r = self.Check(sig_info); - if r != None: - raise RuntimeError, "The replay cache rejected your message: %s."%(r); - self.Add(sig_info); - self.close(); + if r is not None: + raise RuntimeError, "The replay cache rejected your message: %s." % (r,) + self.Add(sig_info) + self.close() # vim:set et: # vim:set ts=3: diff --git a/userdir_ldap.py b/userdir_ldap.py index 00f9d4b..d47909d 100644 --- a/userdir_ldap.py +++ b/userdir_ldap.py @@ -19,40 +19,50 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # Some routines and configuration that are used by the ldap progams -import termios, re, imp, ldap, sys, crypt, rfc822, pwd, os, getpass -import userdir_gpg -import hmac +import crypt +import getpass import hashlib +import hmac +import imp +import ldap +import os +import pwd +import re +import rfc822 +import sys +import termios + +import userdir_gpg try: - File = open("/etc/userdir-ldap/userdir-ldap.conf"); -except: - File = open("userdir-ldap.conf"); -ConfModule = imp.load_source("userdir_config","/etc/userdir-ldap.conf",File); -File.close(); + File = open("/etc/userdir-ldap/userdir-ldap.conf") +except IOError: + File = open("userdir-ldap.conf") +ConfModule = imp.load_source("userdir_config", "/etc/userdir-ldap.conf", File) +File.close() # Cheap hack -BaseDn = ConfModule.basedn; -HostBaseDn = ConfModule.hostbasedn; -LDAPServer = ConfModule.ldaphost; -EmailAppend = ConfModule.emailappend; -AdminUser = ConfModule.adminuser; -GenerateDir = ConfModule.generatedir; -AllowedGroupsPreload = ConfModule.allowedgroupspreload; -HomePrefix = ConfModule.homeprefix; -TemplatesDir = ConfModule.templatesdir; -PassDir = ConfModule.passdir; -Ech_ErrorLog = ConfModule.ech_errorlog; -Ech_MainLog = ConfModule.ech_mainlog; +BaseDn = ConfModule.basedn +HostBaseDn = ConfModule.hostbasedn +LDAPServer = ConfModule.ldaphost +EmailAppend = ConfModule.emailappend +AdminUser = ConfModule.adminuser +GenerateDir = ConfModule.generatedir +AllowedGroupsPreload = ConfModule.allowedgroupspreload +HomePrefix = ConfModule.homeprefix +TemplatesDir = ConfModule.templatesdir +PassDir = ConfModule.passdir +Ech_ErrorLog = ConfModule.ech_errorlog +Ech_MainLog = ConfModule.ech_mainlog HostDomain = getattr(ConfModule, "hostdomain", EmailAppend) try: - UseSSL = ConfModule.usessl; + UseSSL = ConfModule.usessl except AttributeError: - UseSSL = False; + UseSSL = False try: - BaseBaseDn = ConfModule.basebasedn; + BaseBaseDn = ConfModule.basebasedn except AttributeError: BaseBaseDn = BaseDn @@ -66,14 +76,14 @@ except AttributeError: userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":")) # This is a list of common last-name prefixes -LastNamesPre = {"van": None, "von": None, "le": None, "de": None, "di": None}; +LastNamesPre = {"van": None, "von": None, "le": None, "de": None, "di": None} # This is a list of common groups on Debian hosts DebianGroups = { - "Debian": 800, - "guest": 60000, - "nogroup": 65534 - } + "Debian": 800, + "guest": 60000, + "nogroup": 65534, +} # ObjectClasses for different object types UserObjectClasses = ("top", "inetOrgPerson", "debianAccount", "shadowAccount", "debianDeveloper") @@ -82,59 +92,62 @@ GroupObjectClasses = ("top", "debianGroup") # SSH Key splitting. The result is: # (options,size,modulous,exponent,comment) -SSHAuthSplit = re.compile('^(.* )?(\d+) (\d+) (\d+) ?(.+)$'); -SSH2AuthSplit = re.compile('^(.* )?ssh-(dss|rsa|ecdsa-sha2-nistp(?:256|384|521)|ed25519) ([a-zA-Z0-9=/+]+) ?(.+)$'); -#'^([^\d](?:[^ "]+(?:".*")?)*)? ?(\d+) (\d+) (\d+) (.+)$'); +SSHAuthSplit = re.compile('^(.* )?(\d+) (\d+) (\d+) ?(.+)$') +SSH2AuthSplit = re.compile('^(.* )?ssh-(dss|rsa|ecdsa-sha2-nistp(?:256|384|521)|ed25519) ([a-zA-Z0-9=/+]+) ?(.+)$') +AddressSplit = re.compile("(.*).*<([^@]*)@([^>]*)>") -AddressSplit = re.compile("(.*).*<([^@]*)@([^>]*)>"); # Safely get an attribute from a tuple representing a dn and an attribute # list. It returns the first attribute if there are multi. -def GetAttr(DnRecord,Attribute,Default = ""): +def GetAttr(DnRecord, Attribute, Default=""): try: - return DnRecord[1][Attribute][0]; + return DnRecord[1][Attribute][0] except IndexError: - return Default; + return Default except KeyError: - return Default; - return Default; + return Default + return Default + # Return a printable email address from the attributes. def EmailAddress(DnRecord): - cn = GetAttr(DnRecord,"cn"); - sn = GetAttr(DnRecord,"sn"); - uid = GetAttr(DnRecord,"uid"); + cn = GetAttr(DnRecord, "cn") + sn = GetAttr(DnRecord, "sn") + uid = GetAttr(DnRecord, "uid") if cn == "" and sn == "": - return "<" + uid + "@" + EmailAppend + ">"; + return "<" + uid + "@" + EmailAppend + ">" return cn + " " + sn + " <" + uid + "@" + EmailAppend + ">" + # Show a dump like ldapsearch def PrettyShow(DnRecord): - Result = ""; - List = DnRecord[1].keys(); - List.sort(); + Result = "" + List = DnRecord[1].keys() + List.sort() for x in List: - Rec = DnRecord[1][x]; + Rec = DnRecord[1][x] for i in Rec: - Result = Result + "%s: %s\n" % (x,i); - return Result[:-1]; + Result = Result + "%s: %s\n" % (x, i) + return Result[:-1] -def connectLDAP(server = None): - if server == None: + +def connectLDAP(server=None): + if server is None: global LDAPServer server = LDAPServer - l = ldap.open(server); + lc = ldap.open(server) global UseSSL if UseSSL: - l.start_tls_s(); - return l; + lc.start_tls_s() + return lc + def passwdAccessLDAP(BaseDn, AdminUser): """ Ask for the AdminUser's password and connect to the LDAP server. Returns the connection handle. """ - print "Accessing LDAP directory as '" + AdminUser + "'"; + print "Accessing LDAP directory as '" + AdminUser + "'" while (1): if 'LDAP_PASSWORD' in os.environ: Password = os.environ['LDAP_PASSWORD'] @@ -144,19 +157,20 @@ def passwdAccessLDAP(BaseDn, AdminUser): if len(Password) == 0: sys.exit(0) - l = connectLDAP() - UserDn = "uid=" + AdminUser + "," + BaseDn; + lc = connectLDAP() + UserDn = "uid=" + AdminUser + "," + BaseDn # Connect to the ldap server try: - l.simple_bind_s(UserDn,Password); + lc.simple_bind_s(UserDn, Password) except ldap.INVALID_CREDENTIALS: if 'LDAP_PASSWORD' in os.environ: print "password in environment does not work" del os.environ['LDAP_PASSWORD'] continue break - return l + return lc + # Split up a name into multiple components. This tries to best guess how # to split up a name @@ -164,272 +178,282 @@ def NameSplit(Name): Words = re.split(" ", Name.strip()) # Insert an empty middle name - if (len(Words) == 2): - Words.insert(1,""); - if (len(Words) < 2): - Words.append(""); + if len(Words) == 2: + Words.insert(1, "") + if len(Words) < 2: + Words.append("") # Put a dot after any 1 letter words, must be an initial - for x in range(0,len(Words)): + for x in range(0, len(Words)): if len(Words[x]) == 1: - Words[x] = Words[x] + '.'; + Words[x] = Words[x] + '.' # If a word starts with a -, ( or [ we assume it marks the start of some # Non-name information and remove the remainder of the string - for x in range(0,len(Words)): - if len(Words[x]) != 0 and (Words[x][0] == '-' or \ - Words[x][0] == '(' or Words[x][0] == '['): - Words = Words[0:x]; - break; - + for x in range(0, len(Words)): + if len(Words[x]) != 0 and (Words[x][0] == '-' or + Words[x][0] == '(' or Words[x][0] == '['): + Words = Words[0:x] + break + # Merge any of the middle initials while len(Words) > 2 and len(Words[2]) == 2 and Words[2][1] == '.': - Words[1] = Words[1] + Words[2]; - del Words[2]; + Words[1] = Words[1] + Words[2] + del Words[2] while len(Words) < 2: - Words.append(''); - + Words.append('') + # Merge any of the last name prefixes into one big last name - while LastNamesPre.has_key(Words[-2].lower()): - Words[-1] = Words[-2] + " " + Words[-1]; - del Words[-2]; + while Words[-2].lower() in LastNamesPre: + Words[-1] = Words[-2] + " " + Words[-1] + del Words[-2] # Fix up a missing middle name after lastname globbing - if (len(Words) == 2): - Words.insert(1,""); + if len(Words) == 2: + Words.insert(1, "") # If the name is multi-word then we glob them all into the last name and # do not worry about a middle name if (len(Words) > 3): Words[2] = " ".join(Words[1:]) - Words[1] = ""; + Words[1] = "" + + return (Words[0].strip(), Words[1].strip(), Words[2].strip()) - return (Words[0].strip(), Words[1].strip(), Words[2].strip()); # Compute a random password using /dev/urandom -def GenPass(): +def GenPass(): # Generate a 10 character random string - SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/."; - Rand = open("/dev/urandom"); - Password = ""; - for i in range(0,15): - Password = Password + SaltVals[ord(Rand.read(1)[0]) % len(SaltVals)]; - return Password; + SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ/." + Rand = open("/dev/urandom") + Password = "" + for i in range(0, 15): + Password = Password + SaltVals[ord(Rand.read(1)[0]) % len(SaltVals)] + return Password + # Compute the MD5 crypted version of the given password def HashPass(Password): # Hash it telling glibc to use the MD5 algorithm - if you dont have # glibc then just change Salt = "$1$" to Salt = ""; - SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/."; - Salt = "$1$"; - Rand = open("/dev/urandom"); - for x in range(0,10): - Salt = Salt + SaltVals[ord(Rand.read(1)[0]) % len(SaltVals)]; - Pass = crypt.crypt(Password,Salt); + SaltVals = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789/." + Salt = "$1$" + Rand = open("/dev/urandom") + for x in range(0, 10): + Salt = Salt + SaltVals[ord(Rand.read(1)[0]) % len(SaltVals)] + Pass = crypt.crypt(Password, Salt) if len(Pass) < 14: - raise "Password Error", "MD5 password hashing failed, not changing the password!"; - return Pass; + raise "Password Error", "MD5 password hashing failed, not changing the password!" + return Pass + # Sync with the server, we count the number of async requests that are pending # and make sure result has been called that number of times -def FlushOutstanding(l,Outstanding,Fast=0): +def FlushOutstanding(l, Outstanding, Fast=0): # Sync with the remote end if Fast == 0: - print "Waiting for",Outstanding,"requests:", + print "Waiting for {} requests:".format(Outstanding), while (Outstanding > 0): try: if Fast == 0 or Outstanding > 50: - sys.stdout.write(".",); - sys.stdout.flush(); - if (l.result(ldap.RES_ANY,1) != (None,None)): - Outstanding = Outstanding - 1; + sys.stdout.write(".",) + sys.stdout.flush() + if (l.result(ldap.RES_ANY, 1) != (None, None)): + Outstanding = Outstanding - 1 else: - if (l.result(ldap.RES_ANY,1,0) != (None,None)): - Outstanding = Outstanding - 1; - else: - break; + if (l.result(ldap.RES_ANY, 1, 0) != (None, None)): + Outstanding = Outstanding - 1 + else: + break except ldap.TYPE_OR_VALUE_EXISTS: - Outstanding = Outstanding - 1; + Outstanding -= 1 except ldap.NO_SUCH_ATTRIBUTE: - Outstanding = Outstanding - 1; + Outstanding -= 1 except ldap.NO_SUCH_OBJECT: - Outstanding = Outstanding - 1; + Outstanding -= 1 if Fast == 0: - print; - return Outstanding; + print + return Outstanding + # Convert a lat/long attribute into Decimal degrees -def DecDegree(Posn,Anon=0): - Parts = re.match('[-+]?(\d*)\\.?(\d*)',Posn).groups(); - Val = float(Posn); +def DecDegree(Posn, Anon=0): + Parts = re.match('[-+]?(\d*)\\.?(\d*)', Posn).groups() + Val = float(Posn) if (abs(Val) >= 1806060.0): - raise ValueError,"Too Big"; + raise ValueError("Too Big") # Val is in DGMS if abs(Val) >= 18060.0 or len(Parts[0]) > 5: - Val = Val/100.0; - Secs = Val - long(Val); - Val = long(Val)/100.0; - Min = Val - long(Val); - Val = long(Val) + (Min*100.0 + Secs*100.0/60.0)/60.0; + Val = Val / 100.0 + Secs = Val - long(Val) + Val = long(Val) / 100.0 + Min = Val - long(Val) + Val = long(Val) + (Min * 100.0 + Secs * 100.0 / 60.0) / 60.0 # Val is in DGM elif abs(Val) >= 180 or len(Parts[0]) > 3: - Val = Val/100.0; - Min = Val - long(Val); - Val = long(Val) + Min*100.0/60.0; - + Val = Val / 100.0 + Min = Val - long(Val) + Val = long(Val) + Min * 100.0 / 60.0 + if Anon != 0: - Str = "%3.2f"%(Val); + Str = "%3.2f" % (Val) else: - Str = str(Val); + Str = str(Val) if Val >= 0: - return "+" + Str; - return Str; + return "+" + Str + return Str + def FormatSSH2Auth(Str): - Match = SSH2AuthSplit.match(Str); - if Match == None: - return ""; - G = Match.groups(); + Match = SSH2AuthSplit.match(Str) + if Match is None: + return "" + G = Match.groups() + + if G[0] is None: + return "ssh-%s %s..%s %s" % (G[1], G[2][:8], G[2][-8:], G[3]) + return "%s ssh-%s %s..%s %s" % (G[0], G[1], G[2][:8], G[2][-8:], G[3]) - if G[0] == None: - return "ssh-%s %s..%s %s"%(G[1],G[2][:8],G[2][-8:],G[3]); - return "%s ssh-%s %s..%s %s"%(G[0],G[1],G[2][:8],G[2][-8:],G[3]); def FormatSSHAuth(Str): - Match = SSHAuthSplit.match(Str); - if Match == None: - return FormatSSH2Auth(Str); - G = Match.groups(); + Match = SSHAuthSplit.match(Str) + if Match is None: + return FormatSSH2Auth(Str) + G = Match.groups() # No options - if G[0] == None: - return "%s %s %s..%s %s"%(G[1],G[2],G[3][:8],G[3][-8:],G[4]); - return "%s %s %s %s..%s %s"%(G[0],G[1],G[2],G[3][:8],G[3][-8:],G[4]); + if G[0] is None: + return "%s %s %s..%s %s" % (G[1], G[2], G[3][:8], G[3][-8:], G[4]) + return "%s %s %s %s..%s %s" % (G[0], G[1], G[2], G[3][:8], G[3][-8:], G[4]) + def FormatPGPKey(Str): - Res = ""; + Res = "" # PGP 2.x Print if (len(Str) == 32): - I = 0; - while (I < len(Str)): - if I == 32/2: - Res = "%s %s%s "%(Res,Str[I],Str[I+1]); + indent = 0 + while (indent < len(Str)): + if indent == 32 / 2: + Res = "%s %s%s " % (Res, Str[indent], Str[indent + 1]) else: - Res = "%s%s%s "%(Res,Str[I],Str[I+1]); - I = I + 2; + Res = "%s%s%s " % (Res, Str[indent], Str[indent + 1]) + indent += 2 elif (len(Str) == 40): # OpenPGP Print - I = 0; - while (I < len(Str)): - if I == 40/2: - Res = "%s %s%s%s%s "%(Res,Str[I],Str[I+1],Str[I+2],Str[I+3]); + indent = 0 + while (indent < len(Str)): + if indent == 40 / 2: + Res = "%s %s%s%s%s " % (Res, Str[indent], Str[indent + 1], Str[indent + 2], Str[indent + 3]) else: - Res = "%s%s%s%s%s "%(Res,Str[I],Str[I+1],Str[I+2],Str[I+3]); - I = I + 4; + Res = "%s%s%s%s%s " % (Res, Str[indent], Str[indent + 1], Str[indent + 2], Str[indent + 3]) + indent += 4 else: - Res = Str; + Res = Str return Res.strip() + # Take an email address and split it into 3 parts, (Name,UID,Domain) def SplitEmail(Addr): # Is not an email address at all if Addr.find('@') == -1: - return (Addr,"",""); - - Res1 = rfc822.AddrlistClass(Addr).getaddress(); + return (Addr, "", "") + + Res1 = rfc822.AddrlistClass(Addr).getaddress() if len(Res1) != 1: - return ("","",Addr); - Res1 = Res1[0]; - if Res1[1] == None: - return (Res1[0],"",""); + return ("", "", Addr) + Res1 = Res1[0] + if Res1[1] is None: + return (Res1[0], "", "") # If there is no @ then the address was not parsed well. Try the alternate # Parsing scheme. This is particularly important when scanning PGP keys. - Res2 = Res1[1].split("@"); + Res2 = Res1[1].split("@") if len(Res2) != 2: - Match = AddressSplit.match(Addr); - if Match == None: - return ("","",Addr); - return Match.groups(); + Match = AddressSplit.match(Addr) + if Match is None: + return ("", "", Addr) + return Match.groups() + + return (Res1[0], Res2[0], Res2[1]) - return (Res1[0],Res2[0],Res2[1]); # Convert the PGP name string to a uid value. The return is a tuple of -# (uid,[message strings]). UnknownMpa is a hash from email to uid that +# (uid,[message strings]). UnknownMpa is a hash from email to uid that # overrides normal searching. -def GetUID(l,Name,UnknownMap = {}): +def GetUID(l, Name, UnknownMap={}): # Crack up the email address into a best guess first/middle/last name - (cn,mn,sn) = NameSplit(re.sub('["]','',Name[0])) - + (cn, mn, sn) = NameSplit(re.sub('["]', '', Name[0])) + # Brackets anger the ldap searcher - cn = re.sub('[(")]','?',cn); - sn = re.sub('[(")]','?',sn); + cn = re.sub('[(")]', '?', cn) + sn = re.sub('[(")]', '?', sn) # First check the unknown map for the email address - if UnknownMap.has_key(Name[1] + '@' + Name[2]): - Stat = "unknown map hit for "+str(Name); - return (UnknownMap[Name[1] + '@' + Name[2]],[Stat]); + if Name[1] + '@' + Name[2] in UnknownMap: + Stat = "unknown map hit for " + str(Name) + return (UnknownMap[Name[1] + '@' + Name[2]], [Stat]) # Then the cruft component (ie there was no email address to match) - if UnknownMap.has_key(Name[2]): - Stat = "unknown map hit for"+str(Name); - return (UnknownMap[Name[2]],[Stat]); + if Name[2] in UnknownMap: + Stat = "unknown map hit for" + str(Name) + return (UnknownMap[Name[2]], [Stat]) # Then the name component (another ie there was no email address to match) - if UnknownMap.has_key(Name[0]): - Stat = "unknown map hit for"+str(Name); - return (UnknownMap[Name[0]],[Stat]); - + if Name[0] in UnknownMap: + Stat = "unknown map hit for" + str(Name) + return (UnknownMap[Name[0]], [Stat]) + # Search for a possible first/last name hit try: - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"(&(cn=%s)(sn=%s))"%(cn,sn),["uid"]); + Attrs = l.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "(&(cn=%s)(sn=%s))" % (cn, sn), ["uid"]) except ldap.FILTER_ERROR: - Stat = "Filter failure: (&(cn=%s)(sn=%s))"%(cn,sn); - return (None,[Stat]); + Stat = "Filter failure: (&(cn=%s)(sn=%s))" % (cn, sn) + return (None, [Stat]) # Try matching on the email address - if (len(Attrs) != 1): + if len(Attrs) != 1: try: - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"emailforward=%s"%(Name[2]),["uid"]); + Attrs = l.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "emailforward=%s" % (Name[2]), ["uid"]) except ldap.FILTER_ERROR: - pass; + pass # Hmm, more than one/no return - if (len(Attrs) != 1): + if len(Attrs) != 1: # Key claims a local address if Name[2] == EmailAppend: # Pull out the record for the claimed user - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"(uid=%s)"%(Name[1]),["uid","sn","cn"]); + Attrs = l.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "(uid=%s)" % (Name[1]), ["uid", "sn", "cn"]) # We require the UID surname to be someplace in the key name, this # deals with special purpose keys like 'James Troup (Alternate Debian key)' - # Some people put their names backwards on their key too.. check that as well + # Some people put their names backwards on their key too.. check that as well if len(Attrs) == 1 and \ - ( sn.lower().find(Attrs[0][1]["sn"][0].lower()) != -1 or \ - cn.lower().find(Attrs[0][1]["sn"][0].lower()) != -1 ): - Stat = EmailAppend+" hit for "+str(Name); - return (Name[1],[Stat]); + (sn.lower().find(Attrs[0][1]["sn"][0].lower()) != -1 or + cn.lower().find(Attrs[0][1]["sn"][0].lower()) != -1): + Stat = EmailAppend + " hit for " + str(Name) + return (Name[1], [Stat]) # Attempt to give some best guess suggestions for use in editing the # override file. - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"(sn~=%s)"%(sn),["uid","sn","cn"]); + Attrs = l.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "(sn~=%s)" % (sn,), ["uid", "sn", "cn"]) - Stat = []; + Stat = [] if len(Attrs) != 0: - Stat = ["None for %s"%(str(Name))]; + Stat = ["None for %s" % (str(Name))] for x in Attrs: - Stat.append("But might be: %s %s <%s@debian.org>"%(x[1]["cn"][0],x[1]["sn"][0],x[1]["uid"][0])); - return (None,Stat); + Stat.append("But might be: %s %s <%s@debian.org>" % (x[1]["cn"][0], x[1]["sn"][0], x[1]["uid"][0])) + return (None, Stat) else: - return (Attrs[0][1]["uid"][0],None); + return (Attrs[0][1]["uid"][0], None) + + return (None, None) - return (None,None); def Group2GID(l, name): """ @@ -441,20 +465,22 @@ def Group2GID(l, name): return DebianGroups[g] filter = "(gid=%s)" % name - res = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,filter,["gidNumber"]); + res = l.search_s(BaseDn, ldap.SCOPE_ONELEVEL, filter, ["gidNumber"]) if res: return int(GetAttr(res[0], "gidNumber")) return -1 + def make_hmac(str): if 'UD_HMAC_KEY' in os.environ: HmacKey = os.environ['UD_HMAC_KEY'] else: - File = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r"); + File = open(PassDir + "/key-hmac-" + pwd.getpwuid(os.getuid())[0], "r") HmacKey = File.readline().strip() - File.close(); + File.close() return hmac.new(HmacKey, str, hashlib.sha1).hexdigest() + def make_passwd_hmac(status, purpose, uid, uuid, hosts, cryptedpass): return make_hmac(':'.join([status, purpose, uid, uuid, hosts, cryptedpass])) -- 2.20.1