null

	sss_obfuscate revision 530ba03ecabb472f17d5d1ab546aec9390492de1
97a9a944b5887e91042b019776c41d5dd74557aferikabele#!/usr/bin/python
97a9a944b5887e91042b019776c41d5dd74557aferikabele
97a9a944b5887e91042b019776c41d5dd74557aferikabeleimport sys
a945f35eff8b6a88009ce73de6d4c862ce58de3cslivefrom optparse import OptionParser
a945f35eff8b6a88009ce73de6d4c862ce58de3cslive
a945f35eff8b6a88009ce73de6d4c862ce58de3csliveimport pysss
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4ndimport SSSDConfig
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nddef parse_options():
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd    parser = OptionParser()
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen    parser.add_option("-s", "--stdin", action="store_true",
2e545ce2450a9953665f701bb05350f0d3f26275nd                      dest="stdin", default=False,
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen                      help="Read input from stdin")
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen    parser.add_option("-d", "--domain",
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd                      dest="domain", default="default",
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd                      help="The domain to use the password in (default: default)",
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd                      metavar="DOMNAME")
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen    parser.add_option("-f", "--file",
3f08db06526d6901aa08c110b5bc7dde6bc39905nd                      dest="filename", default=None,
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd                      help="Set input file to FILE (default: Use system default, usually /etc/sssd/sssd.conf)",
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd                      metavar="FILE")
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd    (options, args) = parser.parse_args()
3f08db06526d6901aa08c110b5bc7dde6bc39905nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd    # If no password given as positional paramater, read up from stdin
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd    if len(args) == 0:
3b3b7fc78d1f5bfc2769903375050048ff41ff26nd        options.stdin = True
8529679ec1c2e3285d9a2b0e124d3af16154c406kess
8529679ec1c2e3285d9a2b0e124d3af16154c406kess    return options, args
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
7f5b59ccc63c0c0e3e678a168f09ee6a2f51f9d0nddef main():
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung    options, args = parse_options()
3b3b7fc78d1f5bfc2769903375050048ff41ff26nd    if not options:
864d6d55a72bdb982ebabbc95cf8f051c43fa6ddrbowen        print >>sys.stderr, "Cannot parse options"
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd        return 1
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd    if not options.stdin:
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd        try:
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd            password = args[0]
97a9a944b5887e91042b019776c41d5dd74557aferikabele        except IndexError:  # should never happen
20189240503ef2c8f5dc6e2248b57faab4b23b5and            print "Missing password parameter!"
97a9a944b5887e91042b019776c41d5dd74557aferikabele            return 1
06ba4a61654b3763ad65f52283832ebf058fdf1cslive    else:
06ba4a61654b3763ad65f52283832ebf058fdf1cslive        try:
20189240503ef2c8f5dc6e2248b57faab4b23b5and            password = sys.stdin.read()
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd        except KeyboardInterrupt:
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd            return 1
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
117c1f888a14e73cdd821dc6c23eb0411144a41cnd    # Obfuscate the password
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd    obfobj = pysss.password()
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd    obfpwd = obfobj.encrypt(password, obfobj.AES_256)
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd    # Save the obfuscated password into the domain
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd    sssdconfig = SSSDConfig.SSSDConfig()
aa0c9ba3adef6e0e98c6f38d2bf690283b609aacrbowen    try:
30471a4650391f57975f60bbb6e4a90be7b284bfhumbedooh        sssdconfig.import_config(options.filename)
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd    except IOError:
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd        print "Cannot open config file %s" % options.filename
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd        return 1
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd    try:
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd        domain = sssdconfig.get_domain(options.domain)
62160b002faf84ed5427a5b4ad264031eba3f908nd    except SSSDConfig.NoDomainError:
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd        print "No such domain %s" % options.domain
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd        return 1
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd    try:
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd        domain.set_option('ldap_default_authtok_type', 'obfuscated_password')
06ba4a61654b3763ad65f52283832ebf058fdf1cslive        domain.set_option('ldap_default_authtok', obfpwd)
20189240503ef2c8f5dc6e2248b57faab4b23b5and    except SSSDConfig.NoOptionError:
20189240503ef2c8f5dc6e2248b57faab4b23b5and        print "The domain %s does not seem to support the required options" % \
20189240503ef2c8f5dc6e2248b57faab4b23b5and              options.domain
20189240503ef2c8f5dc6e2248b57faab4b23b5and        return 1
20189240503ef2c8f5dc6e2248b57faab4b23b5and
20189240503ef2c8f5dc6e2248b57faab4b23b5and
20189240503ef2c8f5dc6e2248b57faab4b23b5and    sssdconfig.save_domain(domain)
20189240503ef2c8f5dc6e2248b57faab4b23b5and    sssdconfig.write()
06ba4a61654b3763ad65f52283832ebf058fdf1cslive    return 0
4aa603e6448b99f9371397d439795c91a93637eand
4aa603e6448b99f9371397d439795c91a93637eandif __name__ == "__main__":
e487d6c09669296f94a5190cc34586a98e624a00nd    ret = main()
06ba4a61654b3763ad65f52283832ebf058fdf1cslive    sys.exit(ret)
be43dfdc0292dc9ec54820ced4ebb82507e3bd76rbowen