sss_obfuscate revision c9f6ca2ca7399c301853ff774c20883fef2b2267
04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder#!/usr/bin/python
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder
e6d40133bc9f858308654afb1262b8b483ec5922Till Mossakowskiimport sys
333780eae2be9f20fe46dedbf5eb46ffa0cbfd02Christian Maederfrom optparse import OptionParser
97018cf5fa25b494adffd7e9b4e87320dae6bf47Christian Maeder
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maederimport pysss
2eeec5240b424984e3ee26296da1eeab6c6d739eChristian Maederimport SSSDConfig
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maederimport getpass
54a0a1e10bd93721cf52dbd9b816c8f108997ec0Christian Maeder
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maederdef parse_options():
e6d40133bc9f858308654afb1262b8b483ec5922Till Mossakowski parser = OptionParser()
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder parser.set_description("sss_obfuscate converts a given password into \
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder human-unreadable format and places it into \
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder appropriate domain section of the SSSD config \
846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder file. The password can be passed in by stdin, \
846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder specified on the command-line or entered \
846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder interactively")
846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder parser.add_option("-s", "--stdin", action="store_true",
846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder dest="stdin", default=False,
846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder help="Read the password from stdin.")
846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder parser.add_option("-d", "--domain",
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder dest="domain", default=None,
54a0a1e10bd93721cf52dbd9b816c8f108997ec0Christian Maeder help="The domain to use the password in (mandatory)",
d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian metavar="DOMNAME")
afe76697dd6888856a066934a1112a38809b27faChristian Maeder parser.add_option("-f", "--file",
54a0a1e10bd93721cf52dbd9b816c8f108997ec0Christian Maeder dest="filename", default=None,
d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian help="Set input file to FILE (default: Use system default, usually /etc/sssd/sssd.conf)",
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder metavar="FILE")
7308170a663b06590b9ca5c9470baafbbf411f35Christian Maeder parser.add_option("-p", "--password",
697e63e30aa3c309a1ef1f9357745111f8dfc5a9Christian Maeder dest="password", default=None,
7308170a663b06590b9ca5c9470baafbbf411f35Christian Maeder help="Password to obfuscate.",
54a0a1e10bd93721cf52dbd9b816c8f108997ec0Christian Maeder metavar="PASSWORD")
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder (options, args) = parser.parse_args()
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder return options, args
c4df2219ea6f47a5e510503e475c38362e8464ebChristian Maeder
c4df2219ea6f47a5e510503e475c38362e8464ebChristian Maederdef main():
c4df2219ea6f47a5e510503e475c38362e8464ebChristian Maeder options, args = parse_options()
04d04d19fdd5320953c78ad5b6d2d11f85bc4bcfChristian Maeder if not options:
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder print >> sys.stderr, "Cannot parse options"
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder return 1
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder if not options.domain:
120eec9ff1748e1ae786e2ab073234198bc0f701Christian Maeder print >> sys.stderr, "No domain specified"
afddef51d985ac2ea76a6bd846f04cbbc4311305Razvan Pascanu return 1
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian if not options.stdin and not options.password:
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian pprompt = lambda: (getpass.getpass("Enter password: "), getpass.getpass("Re-enter password: "))
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian p1, p2 = pprompt()
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian while p1 != p2:
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian print('Passwords do not match. Try again')
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian p1, p2 = pprompt()
17d4f8c5576d93f36cafe68161cdb960ec49ce7cChristian Maeder password = p1
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian
e49fd57c63845c7806860a9736ad09f6d44dbaedChristian Maeder else:
6948b7295a0521212803f15cf919395d2073e2c9Christian Maeder try:
6948b7295a0521212803f15cf919395d2073e2c9Christian Maeder password = sys.stdin.read()
6948b7295a0521212803f15cf919395d2073e2c9Christian Maeder except KeyboardInterrupt:
4b136ad539bd9f4e115dff4eee4d552a42d4437eChristian Maeder return 1
7308170a663b06590b9ca5c9470baafbbf411f35Christian Maeder
4b136ad539bd9f4e115dff4eee4d552a42d4437eChristian Maeder # Obfuscate the password
4b136ad539bd9f4e115dff4eee4d552a42d4437eChristian Maeder obfobj = pysss.password()
d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian obfpwd = obfobj.encrypt(password, obfobj.AES_256)
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian # Save the obfuscated password into the domain
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian sssdconfig = SSSDConfig.SSSDConfig()
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian try:
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian sssdconfig.import_config(options.filename)
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian except IOError:
afe76697dd6888856a066934a1112a38809b27faChristian Maeder print "Cannot open config file %s" % options.filename
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian return 1
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian
afe76697dd6888856a066934a1112a38809b27faChristian Maeder try:
afe76697dd6888856a066934a1112a38809b27faChristian Maeder domain = sssdconfig.get_domain(options.domain)
4b136ad539bd9f4e115dff4eee4d552a42d4437eChristian Maeder except SSSDConfig.NoDomainError:
afe76697dd6888856a066934a1112a38809b27faChristian Maeder print "No such domain %s" % options.domain
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian return 1
17d4f8c5576d93f36cafe68161cdb960ec49ce7cChristian Maeder
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian try:
d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian domain.set_option('ldap_default_authtok_type', 'obfuscated_password')
846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder domain.set_option('ldap_default_authtok', obfpwd)
d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jian except SSSDConfig.NoOptionError:
846286f96bb7bd5d2b9db834561a815f832a8d90Christian Maeder print "The domain %s does not seem to support the required options" % \
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian options.domain
17d4f8c5576d93f36cafe68161cdb960ec49ce7cChristian Maeder return 1
17d4f8c5576d93f36cafe68161cdb960ec49ce7cChristian Maeder
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian
4b136ad539bd9f4e115dff4eee4d552a42d4437eChristian Maeder sssdconfig.save_domain(domain)
7308170a663b06590b9ca5c9470baafbbf411f35Christian Maeder sssdconfig.write()
4b136ad539bd9f4e115dff4eee4d552a42d4437eChristian Maeder return 0
4b136ad539bd9f4e115dff4eee4d552a42d4437eChristian Maeder
d6a6c1a2fb6526fdcacd8386c9aa3340169a1049Cui Jianif __name__ == "__main__":
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian ret = main()
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian sys.exit(ret)
99e6fb75f064189db8f26fe74eb8f01af353e58eCui Jian