sss_obfuscate revision 764bda08267d867a30ceb07d398dc30be1f4b699
803N/A#!/usr/bin/python
803N/A
1577N/Aimport sys
803N/Afrom optparse import OptionParser
803N/A
919N/Aimport pysss
919N/Aimport SSSDConfig
919N/Aimport getpass
919N/A
919N/Adef parse_options():
919N/A parser = OptionParser()
919N/A parser.set_description("sss_obfuscate converts a given password into \
919N/A human-unreadable format and places it into \
919N/A appropriate domain section of the SSSD config \
919N/A file. The password can be passed in by stdin, \
919N/A specified on the command-line or entered \
919N/A interactively")
919N/A parser.add_option("-s", "--stdin", action="store_true",
919N/A dest="stdin", default=False,
919N/A help="Read the password from stdin.")
919N/A parser.add_option("-d", "--domain",
919N/A dest="domain", default=None,
803N/A help="The domain to use the password in (mandatory)",
803N/A metavar="DOMNAME")
803N/A parser.add_option("-f", "--file",
803N/A dest="filename", default=None,
970N/A help="Set input file to FILE (default: Use system default, usually /etc/sssd/sssd.conf)",
970N/A metavar="FILE")
970N/A (options, args) = parser.parse_args()
970N/A
970N/A return options, args
970N/A
970N/Adef main():
1003N/A options, args = parse_options()
1003N/A if not options:
1003N/A print >> sys.stderr, "Cannot parse options"
1003N/A return 1
1356N/A
1356N/A if not options.domain:
1356N/A print >> sys.stderr, "No domain specified"
1356N/A return 1
803N/A
1356N/A if not options.stdin:
803N/A try:
803N/A pprompt = lambda: (getpass.getpass("Enter password: "), getpass.getpass("Re-enter password: "))
1451N/A p1, p2 = pprompt()
1451N/A
1451N/A #Work around bug in Python 2.6
1577N/A if '\x03' in p1 or '\x03' in p2:
1451N/A raise KeyboardInterrupt
803N/A
803N/A while p1 != p2:
803N/A print('Passwords do not match. Try again')
803N/A p1, p2 = pprompt()
803N/A
803N/A #Work around bug in Python 2.6
803N/A if '\x03' in p1 or '\x03' in p2:
910N/A raise KeyboardInterrupt
803N/A password = p1
803N/A
803N/A except EOFError:
803N/A print >> sys.stderr, '\nUnexpected end-of-file. Password change aborted'
803N/A return 1
803N/A except KeyboardInterrupt:
803N/A return 1
1577N/A
803N/A else:
1451N/A try:
803N/A password = sys.stdin.read()
1451N/A except KeyboardInterrupt:
1577N/A return 1
# Obfuscate the password
obfobj = pysss.password()
obfpwd = obfobj.encrypt(password, obfobj.AES_256)
# Save the obfuscated password into the domain
try:
sssdconfig = SSSDConfig.SSSDConfig()
except IOError:
print "Cannot read internal configuration files."
return 1
try:
sssdconfig.import_config(options.filename)
except IOError:
print "Permissions error reading config file"
return 1
try:
domain = sssdconfig.get_domain(options.domain)
except SSSDConfig.NoDomainError:
print "No such domain %s" % options.domain
return 1
try:
domain.set_option('ldap_default_authtok_type', 'obfuscated_password')
domain.set_option('ldap_default_authtok', obfpwd)
except SSSDConfig.NoOptionError:
print "The domain %s does not seem to support the required options" % \
options.domain
return 1
sssdconfig.save_domain(domain)
try:
sssdconfig.write()
except IOError:
# File could not be written
print >> sys.stderr, "Could not write to config file. Check that " \
"you have the appropriate permissions to edit " \
"this file."
return 1
return 0
if __name__ == "__main__":
ret = main()
sys.exit(ret)