sss_obfuscate revision 530ba03ecabb472f17d5d1ab546aec9390492de1
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek#!/usr/bin/python
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozekimport sys
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozekfrom optparse import OptionParser
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozekimport pysss
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozekimport SSSDConfig
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozekdef parse_options():
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek parser = OptionParser()
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek parser.add_option("-s", "--stdin", action="store_true",
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek dest="stdin", default=False,
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek help="Read input from stdin")
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek parser.add_option("-d", "--domain",
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek dest="domain", default="default",
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek help="The domain to use the password in (default: default)",
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek metavar="DOMNAME")
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek parser.add_option("-f", "--file",
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek dest="filename", default=None,
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek help="Set input file to FILE (default: Use system default, usually /etc/sssd/sssd.conf)",
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek metavar="FILE")
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek (options, args) = parser.parse_args()
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek # If no password given as positional paramater, read up from stdin
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek if len(args) == 0:
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek options.stdin = True
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek return options, args
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozekdef main():
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek options, args = parse_options()
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek if not options:
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek print >>sys.stderr, "Cannot parse options"
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek return 1
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek if not options.stdin:
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek try:
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek password = args[0]
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek except IndexError: # should never happen
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek print "Missing password parameter!"
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek return 1
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek else:
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek try:
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek password = sys.stdin.read()
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek except KeyboardInterrupt:
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek return 1
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek # Obfuscate the password
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek obfobj = pysss.password()
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek obfpwd = obfobj.encrypt(password, obfobj.AES_256)
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek # Save the obfuscated password into the domain
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek sssdconfig = SSSDConfig.SSSDConfig()
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek try:
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek sssdconfig.import_config(options.filename)
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek except IOError:
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek print "Cannot open config file %s" % options.filename
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek return 1
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek try:
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek domain = sssdconfig.get_domain(options.domain)
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek except SSSDConfig.NoDomainError:
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek print "No such domain %s" % options.domain
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek return 1
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek try:
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek domain.set_option('ldap_default_authtok_type', 'obfuscated_password')
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek domain.set_option('ldap_default_authtok', obfpwd)
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek except SSSDConfig.NoOptionError:
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek print "The domain %s does not seem to support the required options" % \
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek options.domain
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek return 1
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek sssdconfig.save_domain(domain)
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek sssdconfig.write()
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek return 0
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozekif __name__ == "__main__":
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek ret = main()
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek sys.exit(ret)