Cross Reference: /bind-9.11.3/bin/dig/dig.docbook

	sss_obfuscate revision 8d00718b943ab8b326320feb50820f0663031817
5cd4555ad444fd391002ae32450572054369fd42Rob Austein#!/usr/bin/python
0af902c0df86a1ddfa54f68b4cf0fab7b469d4e7Mark Andrews
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austeinimport sys
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafssonfrom optparse import OptionParser
1124950b35ae05a12e804e670607fe5ba775cb4aTinderbox User
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrewsimport pysss
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafssonimport SSSDConfig
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updaterimport getpass
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafssondef parse_options():
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson    parser = OptionParser()
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews    parser.set_description("sss_obfuscate converts a given password into \
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews                            human-unreadable format and places it into \
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews                            appropriate domain section of the SSSD config \
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews                            file. The password can be passed in by stdin, \
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews                            specified on the command-line or entered \
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews                            interactively")
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews    parser.add_option("-s", "--stdin", action="store_true",
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson                      dest="stdin", default=False,
f5d30e2864e048a42c4dc1134993ae7efdb5d6c3Mark Andrews                      help="Read the password from stdin.")
b5ad6dfea4cc3e7d1d322ac99f1e5a31096837c4Mark Andrews    parser.add_option("-d", "--domain",
f202f2587b9ba4753afba49b796f599cc12b4d0fAndreas Gustafsson                      dest="domain", default="default",
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein                      help="The domain to use the password in (default: default)",
1753d3c4d74241a847794f7e7cfd94cc79be6600Evan Hunt                      metavar="DOMNAME")
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    parser.add_option("-f", "--file",
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein                      dest="filename", default=None,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein                      help="Set input file to FILE (default: Use system default, usually /etc/sssd/sssd.conf)",
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein                      metavar="FILE")
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    parser.add_option("-p", "--password",
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein                      dest="password", default=None,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein                      help="Password to obfuscate.",
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein                      metavar="PASSWORD")
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    (options, args) = parser.parse_args()
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    return options, args
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austeindef main():
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    options, args = parse_options()
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    if not options:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        print >> sys.stderr, "Cannot parse options"
f5d30e2864e048a42c4dc1134993ae7efdb5d6c3Mark Andrews        return 1
26e2a07a0b6a3b1eccef82ba31270d0c54ad4f06Mark Andrews
c1a883f2e04d94e99c433b1f6cfd0c0338f4ed85Mark Andrews    if not options.stdin and not options.password:
7b8b5e34b6daf793373580dfb095f56af5e918ceAutomatic Updater        pprompt = lambda: (getpass.getpass("Enter password: "), getpass.getpass("Re-enter password: "))
d60212e03fbef1d3dd7f7eb05c0545cc373cb9fcAutomatic Updater        p1, p2 = pprompt()
4d42b714be10e6f163d23507e4e3a396a8ac0364Automatic Updater        while p1 != p2:
0e27506ce3135f9bd49e12564ad0e15256135118Automatic Updater            print('Passwords do not match. Try again')
5c6b95ba1b2e35f8dd6b0a7f25aacba91fff3aa2Tinderbox User            p1, p2 = pprompt()
1124950b35ae05a12e804e670607fe5ba775cb4aTinderbox User        password = p1
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    else:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        try:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            password = sys.stdin.read()
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        except KeyboardInterrupt:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein            return 1
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
f5d30e2864e048a42c4dc1134993ae7efdb5d6c3Mark Andrews    # Obfuscate the password
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    obfobj = pysss.password()
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    obfpwd = obfobj.encrypt(password, obfobj.AES_256)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    # Save the obfuscated password into the domain
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    sssdconfig = SSSDConfig.SSSDConfig()
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    try:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        sssdconfig.import_config(options.filename)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    except IOError:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        print "Cannot open config file %s" % options.filename
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        return 1
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
0db6bf459f7afa1f9dc0690a521df19955c89dbfJeremy Reed    try:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        domain = sssdconfig.get_domain(options.domain)
a268fec7f54a89a0772a91da0511c8eae09e6157Mark Andrews    except SSSDConfig.NoDomainError:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        print "No such domain %s" % options.domain
67d01dcacb2051a03377c8ec5c0e36604c17aea5Evan Hunt        return 1
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
c6d4f781529d2f28693546b25b2967d44ec89e60Mark Andrews    try:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        domain.set_option('ldap_default_authtok_type', 'obfuscated_password')
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        domain.set_option('ldap_default_authtok', obfpwd)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    except SSSDConfig.NoOptionError:
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        print "The domain %s does not seem to support the required options" % \
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein              options.domain
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein        return 1
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    sssdconfig.save_domain(domain)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    sssdconfig.write()
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    return 0
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austeinif __name__ == "__main__":
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    ret = main()
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein    sys.exit(ret)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein