[Da-tools-commits] ./debian/userdir-ldap r425: Do SSL when connecting to the ldap server.

Peter Palfrader peter at palfrader.org
Fri May 23 21:52:29 UTC 2008 

------------------------------------------------------------
revno: 425
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Fri 2008-05-23 23:52:29 +0200
message:
  Do SSL when connecting to the ldap server.
modified:
  debian/changelog
  gpgwrapper
  sigcheck
  ud-arbimport
  ud-echelon
  ud-emailmatcher
  ud-generate
  ud-gpgimport
  ud-groupadd
  ud-host
  ud-info
  ud-ldapshow
  ud-mailgate
  ud-passchk
  ud-roleadd
  ud-useradd
  ud-userimport
  ud-xearth
  userdir-ldap.conf
  userdir_ldap.py
-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog	2008-05-23 08:05:27 +0000
+++ b/debian/changelog	2008-05-23 21:52:29 +0000
@@ -1,3 +1,9 @@
+userdir-ldap (0.3.32) unstable; urgency=low
+
+  * Do SSL when connecting to the ldap server.
+
+ -- Peter Palfrader <weasel at debian.org>  Fri, 23 May 2008 23:50:03 +0200
+
 userdir-ldap (0.3.31) unstable; urgency=low
 
   [ Joerg Jaspert ]

=== modified file 'gpgwrapper'
--- a/gpgwrapper	2007-12-26 20:49:42 +0000
+++ b/gpgwrapper	2008-05-23 21:52:29 +0000
@@ -85,7 +85,7 @@
    ErrType = EX_TEMPFAIL;
    ErrMsg = "An error occured while performing the LDAP lookup";
    global l;
-   l = ldap.open(LDAPServer);
+   l = connectLDAP(LDAPServer);
    l.simple_bind_s("","");
 
    # Search for the matching key fingerprint

=== modified file 'sigcheck'
--- a/sigcheck	2007-12-26 20:49:42 +0000
+++ b/sigcheck	2008-05-23 21:52:29 +0000
@@ -54,7 +54,7 @@
    ErrType = EX_TEMPFAIL;
    ErrMsg = "An error occurred while performing the LDAP lookup:";
    global l;
-   l = ldap.open(LDAPServer);
+   l = connectLDAP(LDAPServer);
    l.simple_bind_s("","");
 
    # Search for the matching key fingerprint

=== modified file 'ud-arbimport'
--- a/ud-arbimport	2007-12-26 20:55:32 +0000
+++ b/ud-arbimport	2008-05-23 21:52:29 +0000
@@ -39,7 +39,7 @@
    sys.exit(0)
 
 # Main program starts here
-l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
 
 List = open(arguments[1],"r");
 Set = [];

=== modified file 'ud-echelon'
--- a/ud-echelon	2007-12-26 20:49:42 +0000
+++ b/ud-echelon	2008-05-23 21:52:29 +0000
@@ -94,7 +94,7 @@
    ErrType = EX_TEMPFAIL;
    ErrMsg = "An error occured while performing the LDAP lookup";
    global l;
-   l = ldap.open(LDAPServer);
+   l = connectLDAP()
    if Debug == None:
       F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
       AccessPass = F.readline().strip().split(" ")

=== modified file 'ud-emailmatcher'
--- a/ud-emailmatcher	2007-12-26 20:49:42 +0000
+++ b/ud-emailmatcher	2008-05-23 21:52:29 +0000
@@ -52,8 +52,7 @@
 Args = Args + GPGSearchOptions + [" 2> /dev/null"]
 Keys = os.popen(" ".join(Args),"r")
 
-l = ldap.open(LDAPServer);
-l.simple_bind_s("","");
+l = connectLDAP()
 
 # Fetch the key list and map to email address
 PasswdAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyfingerprint=*",\

=== modified file 'ud-generate'
--- a/ud-generate	2008-05-23 08:00:32 +0000
+++ b/ud-generate	2008-05-23 21:52:29 +0000
@@ -848,7 +848,7 @@
     shutil.copy(k, OutDir)
 
 # Connect to the ldap server
-l = ldap.open(LDAPServer);
+l = connectLDAP()
 F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
 Pass = F.readline().strip().split(" ")
 F.close();

=== modified file 'ud-gpgimport'
--- a/ud-gpgimport	2007-12-26 20:49:42 +0000
+++ b/ud-gpgimport	2008-05-23 21:52:29 +0000
@@ -70,9 +70,9 @@
 
 # Connect to the ldap server
 if NoAct == 0:
-   l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+   l = passwdAccessLDAP(BaseDn, AdminUser)
 else:
-   l = ldap.open(LDAPServer);
+   l = connectLDAP()
    l.simple_bind_s("","");
 
 # Download the existing key list and put it into a map

=== modified file 'ud-groupadd'
--- a/ud-groupadd	2007-12-26 20:49:42 +0000
+++ b/ud-groupadd	2008-05-23 21:52:29 +0000
@@ -53,7 +53,7 @@
    if (switch == '-u'):
       AdminUser = val;
 
-l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
 
 while 1:
    Group = raw_input("Group name? ");

=== modified file 'ud-host'
--- a/ud-host	2007-12-26 20:49:42 +0000
+++ b/ud-host	2008-05-23 21:52:29 +0000
@@ -241,9 +241,9 @@
       FingerPrints = 1
 
 if (BindUser != ""):
-   l = passwdAccessLDAP(LDAPServer, BaseDn, BindUser)
+   l = passwdAccessLDAP(BaseDn, BindUser)
 else:
-   l = ldap.open(LDAPServer);
+   l = connectLDAP()
    l.simple_bind_s("","")
 
 if ListMode == 1:

=== modified file 'ud-info'
--- a/ud-info	2008-05-22 20:41:25 +0000
+++ b/ud-info	2008-05-23 21:52:29 +0000
@@ -315,7 +315,7 @@
    Password = getpass(BindUser + "'s password: ");
 
 # Connect to the ldap server
-l = ldap.open(LDAPServer);
+l = connectLDAP()
 UserDn = "uid=" + BindUser + "," + BaseDn;
 if (BindUser != ""):
    l.simple_bind_s(UserDn,Password);

=== modified file 'ud-ldapshow'
--- a/ud-ldapshow	2007-12-26 20:49:42 +0000
+++ b/ud-ldapshow	2008-05-23 21:52:29 +0000
@@ -31,7 +31,7 @@
 print "Connecting to LDAP directory";
 
 # Connect to the ldap server
-l = ldap.open(LDAPServer);
+l = connectLDAP()
 l.simple_bind_s("","");
 
 if arguments[0] == "nokey":

=== modified file 'ud-mailgate'
--- a/ud-mailgate	2008-05-22 20:26:49 +0000
+++ b/ud-mailgate	2008-05-23 21:52:29 +0000
@@ -467,7 +467,7 @@
       Result = Result + Res + "\n";
 
    # Connect to the ldap server
-   l = ldap.open(LDAPServer);
+   l = connectLDAP()
    F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
    AccessPass = F.readline().strip().split(" ")
    F.close();
@@ -538,7 +538,7 @@
    Reply = Reply + TemplateSubst(Subst,open(TemplatesDir+"passwd-changed","r").read());
    
    # Connect to the ldap server
-   l = ldap.open(LDAPServer);
+   l = connectLDAP()
    F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
    AccessPass = F.readline().strip().split(" ")
    F.close();
@@ -616,7 +616,7 @@
    ErrType = EX_TEMPFAIL;
    ErrMsg = "An error occured while performing the LDAP lookup";
    global l;
-   l = ldap.open(LDAPServer);
+   l = connectLDAP()
    l.simple_bind_s("","");
 
    # Search for the matching key fingerprint

=== modified file 'ud-passchk'
--- a/ud-passchk	2007-12-26 20:49:42 +0000
+++ b/ud-passchk	2008-05-23 21:52:29 +0000
@@ -41,7 +41,7 @@
          print "mismatch",Split[0],Miss;
 
 # Connect to the ldap server
-l = ldap.open(LDAPServer);
+l = connectLDAP()
 l.simple_bind_s("","");
 
 PassCheck(l,sys.argv[1],sys.argv[2]);

=== modified file 'ud-roleadd'
--- a/ud-roleadd	2008-04-21 22:18:09 +0000
+++ b/ud-roleadd	2008-05-23 21:52:29 +0000
@@ -50,7 +50,7 @@
    if (switch == '-u'):
       AdminUser = val
 
-l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
 
 while 1:
    account = raw_input("Who are you going to add? ")

=== modified file 'ud-useradd'
--- a/ud-useradd	2008-05-18 11:45:59 +0000
+++ b/ud-useradd	2008-05-23 21:52:29 +0000
@@ -67,7 +67,7 @@
    elif (switch == '-n'):
       NoAutomaticIDs = 1;
 
-l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
 
 # Locate the key of the user we are adding
 SetKeyrings(ConfModule.add_keyrings.split(":"))

=== modified file 'ud-userimport'
--- a/ud-userimport	2008-01-10 15:03:47 +0000
+++ b/ud-userimport	2008-05-23 21:52:29 +0000
@@ -249,7 +249,7 @@
 # Main program starts here
 
 # Connect to the ldap server
-l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
 
 if (Passwd != ""):
    DoPasswd(l,Passwd);

=== modified file 'ud-xearth'
--- a/ud-xearth	2007-12-26 20:49:42 +0000
+++ b/ud-xearth	2008-05-23 21:52:29 +0000
@@ -30,7 +30,7 @@
       Anon = 1;
 
 # Connect to the ldap server
-l = passwdAccessLDAP(LDAPServer, BaseDn, User)
+l = passwdAccessLDAP(BaseDn, User)
 
 Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"latitude=*",\
          ["uid","cn","mn","sn","latitude","longitude"]);

=== modified file 'userdir-ldap.conf'
--- a/userdir-ldap.conf	2008-05-18 11:45:59 +0000
+++ b/userdir-ldap.conf	2008-05-23 21:52:29 +0000
@@ -8,6 +8,7 @@
 
 # Basic LDAP configuration
 ldaphost = "db.debian.org";
+usessl   = True;
 basedn   = "ou=users,dc=debian,dc=org";
 hostbasedn = "ou=hosts,dc=debian,dc=org";
 adminuser = "admin";

=== modified file 'userdir_ldap.py'
--- a/userdir_ldap.py	2008-05-14 18:55:18 +0000
+++ b/userdir_ldap.py	2008-05-23 21:52:29 +0000
@@ -45,6 +45,11 @@
 MultipleSSHFiles = getattr(ConfModule, 'multiplesshfiles', False)
 SingleSSHFile = getattr(ConfModule, 'singlesshfile', True)
 
+try:
+   UseSSL = ConfModule.usessl;
+except AttributeError:
+   UseSSL = False;
+
 # Break up the keyring list
 userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":"))
 
@@ -102,6 +107,16 @@
          Result = Result + "%s: %s\n" % (x,i);
    return Result[:-1];
 
+def connectLDAP(server = None):
+   if server == None:
+      global LDAPServer
+      server = LDAPServer
+   l = ldap.open(server);
+   global UseSSL
+   if UseSSL:
+      l.start_tls_s();
+   return l;
+
 # Function to prompt for a password 
 def getpass(prompt = "Password: "):
    import termios, sys;
@@ -124,7 +139,7 @@
    print;
    return passwd;
 
-def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser):
+def passwdAccessLDAP(BaseDn, AdminUser):
    """
    Ask for the AdminUser's password and connect to the LDAP server.
    Returns the connection handle.
@@ -136,7 +151,7 @@
       if len(Password) == 0:
          sys.exit(0)
 
-      l = ldap.open(LDAPServer);
+      l = connectLDAP()
       UserDn = "uid=" + AdminUser + "," + BaseDn;
 
       # Connect to the ldap server

More information about the Da-tools-commits mailing list