sss_obfuscate revision c9f6ca2ca7399c301853ff774c20883fef2b2267
1842N/A#!/usr/bin/python
1842N/A
1842N/Aimport sys
1842N/Afrom optparse import OptionParser
1842N/A
1842N/Aimport pysss
1842N/Aimport SSSDConfig
1842N/Aimport getpass
1842N/A
1842N/Adef parse_options():
1842N/A parser = OptionParser()
1842N/A parser.set_description("sss_obfuscate converts a given password into \
1842N/A human-unreadable format and places it into \
1842N/A appropriate domain section of the SSSD config \
1842N/A file. The password can be passed in by stdin, \
1842N/A specified on the command-line or entered \
1842N/A interactively")
1842N/A parser.add_option("-s", "--stdin", action="store_true",
1842N/A dest="stdin", default=False,
1842N/A help="Read the password from stdin.")
1842N/A parser.add_option("-d", "--domain",
1842N/A dest="domain", default=None,
1842N/A help="The domain to use the password in (mandatory)",
1842N/A metavar="DOMNAME")
4156N/A parser.add_option("-f", "--file",
1842N/A dest="filename", default=None,
1842N/A help="Set input file to FILE (default: Use system default, usually /etc/sssd/sssd.conf)",
1842N/A metavar="FILE")
1842N/A parser.add_option("-p", "--password",
2601N/A dest="password", default=None,
2601N/A help="Password to obfuscate.",
2601N/A metavar="PASSWORD")
2601N/A (options, args) = parser.parse_args()
2601N/A
2601N/A return options, args
2601N/A
3352N/Adef main():
2601N/A options, args = parse_options()
2601N/A if not options:
2601N/A print >> sys.stderr, "Cannot parse options"
2601N/A return 1
1842N/A
1842N/A if not options.domain:
2601N/A print >> sys.stderr, "No domain specified"
2601N/A return 1
2601N/A
3352N/A if not options.stdin and not options.password:
1842N/A pprompt = lambda: (getpass.getpass("Enter password: "), getpass.getpass("Re-enter password: "))
1842N/A p1, p2 = pprompt()
1842N/A while p1 != p2:
1842N/A print('Passwords do not match. Try again')
2601N/A p1, p2 = pprompt()
2601N/A password = p1
2601N/A
2601N/A else:
2601N/A try:
2601N/A password = sys.stdin.read()
1842N/A except KeyboardInterrupt:
1842N/A return 1
1842N/A
1842N/A # Obfuscate the password
1842N/A obfobj = pysss.password()
1842N/A obfpwd = obfobj.encrypt(password, obfobj.AES_256)
2601N/A
2601N/A # Save the obfuscated password into the domain
2601N/A sssdconfig = SSSDConfig.SSSDConfig()
2601N/A try:
1842N/A sssdconfig.import_config(options.filename)
2601N/A except IOError:
2601N/A print "Cannot open config file %s" % options.filename
2601N/A return 1
2601N/A
2601N/A try:
2601N/A domain = sssdconfig.get_domain(options.domain)
2601N/A except SSSDConfig.NoDomainError:
4156N/A print "No such domain %s" % options.domain
4156N/A return 1
4156N/A
4156N/A try:
2601N/A domain.set_option('ldap_default_authtok_type', 'obfuscated_password')
4156N/A domain.set_option('ldap_default_authtok', obfpwd)
4156N/A except SSSDConfig.NoOptionError:
4156N/A print "The domain %s does not seem to support the required options" % \
4156N/A options.domain
2601N/A return 1
4156N/A
4156N/A
4156N/A sssdconfig.save_domain(domain)
4156N/A sssdconfig.write()
2601N/A return 0
4156N/A
4156N/Aif __name__ == "__main__":
4156N/A ret = main()
4156N/A sys.exit(ret)
1842N/A