sss_obfuscate revision 0a0d272844108fe3650a206c39dd4047f10003f2
12675N/A#!/usr/bin/python
12675N/A
12675N/Aimport sys
12675N/Afrom optparse import OptionParser
12675N/A
12675N/Aimport pysss
12675N/Aimport SSSDConfig
12675N/Aimport getpass
12675N/A
12675N/Adef parse_options():
12675N/A parser = OptionParser()
12675N/A parser.set_description("sss_obfuscate converts a given password into \
12675N/A human-unreadable format and places it into \
12675N/A appropriate domain section of the SSSD config \
12675N/A file. The password can be passed in by stdin, \
12675N/A specified on the command-line or entered \
12675N/A interactively")
12675N/A parser.add_option("-s", "--stdin", action="store_true",
12675N/A dest="stdin", default=False,
12675N/A help="Read the password from stdin.")
12675N/A parser.add_option("-d", "--domain",
12675N/A dest="domain", default=None,
12675N/A help="The domain to use the password in (mandatory)",
12675N/A metavar="DOMNAME")
12675N/A parser.add_option("-f", "--file",
12675N/A dest="filename", default=None,
12675N/A help="Set input file to FILE (default: Use system default, usually /etc/sssd/sssd.conf)",
12675N/A metavar="FILE")
12675N/A (options, args) = parser.parse_args()
12675N/A
12675N/A return options, args
12675N/A
12675N/Adef main():
12675N/A options, args = parse_options()
12675N/A if not options:
12675N/A print >> sys.stderr, "Cannot parse options"
12675N/A return 1
12675N/A
12675N/A if not options.domain:
12675N/A print >> sys.stderr, "No domain specified"
12675N/A return 1
12675N/A
12675N/A if not options.stdin:
12675N/A pprompt = lambda: (getpass.getpass("Enter password: "), getpass.getpass("Re-enter password: "))
12675N/A p1, p2 = pprompt()
12675N/A while p1 != p2:
12675N/A print('Passwords do not match. Try again')
12675N/A p1, p2 = pprompt()
12675N/A password = p1
12675N/A
12675N/A else:
12675N/A try:
12675N/A password = sys.stdin.read()
12675N/A except KeyboardInterrupt:
12675N/A return 1
12675N/A
12675N/A # Obfuscate the password
12675N/A obfobj = pysss.password()
12675N/A obfpwd = obfobj.encrypt(password, obfobj.AES_256)
12675N/A
12675N/A # Save the obfuscated password into the domain
12675N/A try:
12675N/A sssdconfig = SSSDConfig.SSSDConfig()
12675N/A except IOError:
12675N/A print "Cannot read internal configuration files."
12675N/A return 1
12675N/A try:
12675N/A sssdconfig.import_config(options.filename)
12675N/A except IOError:
12675N/A print "Permissions error reading config file"
12675N/A return 1
12675N/A
12675N/A try:
12675N/A domain = sssdconfig.get_domain(options.domain)
12675N/A except SSSDConfig.NoDomainError:
12675N/A print "No such domain %s" % options.domain
12675N/A return 1
12675N/A
12675N/A try:
12675N/A domain.set_option('ldap_default_authtok_type', 'obfuscated_password')
12675N/A domain.set_option('ldap_default_authtok', obfpwd)
12675N/A except SSSDConfig.NoOptionError:
12675N/A print "The domain %s does not seem to support the required options" % \
12675N/A options.domain
12675N/A return 1
12675N/A
12675N/A
12675N/A sssdconfig.save_domain(domain)
12675N/A try:
12675N/A sssdconfig.write()
12675N/A except IOError:
12675N/A # File could not be written
12675N/A print >> sys.stderr, "Could not write to config file. Check that " \
12675N/A "you have the appropriate permissions to edit " \
12675N/A "this file."
12675N/A return 1
12675N/A
12675N/A return 0
12675N/A
12675N/Aif __name__ == "__main__":
12675N/A ret = main()
12675N/A sys.exit(ret)
12675N/A