[Da-tools-commits] ./debian/userdir-ldap r425: Do SSL when connecting to the ldap server.
Peter Palfrader
peter at palfrader.org
Fri May 23 21:52:29 UTC 2008
------------------------------------------------------------
revno: 425
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Fri 2008-05-23 23:52:29 +0200
message:
Do SSL when connecting to the ldap server.
modified:
debian/changelog
gpgwrapper
sigcheck
ud-arbimport
ud-echelon
ud-emailmatcher
ud-generate
ud-gpgimport
ud-groupadd
ud-host
ud-info
ud-ldapshow
ud-mailgate
ud-passchk
ud-roleadd
ud-useradd
ud-userimport
ud-xearth
userdir-ldap.conf
userdir_ldap.py
-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog 2008-05-23 08:05:27 +0000
+++ b/debian/changelog 2008-05-23 21:52:29 +0000
@@ -1,3 +1,9 @@
+userdir-ldap (0.3.32) unstable; urgency=low
+
+ * Do SSL when connecting to the ldap server.
+
+ -- Peter Palfrader <weasel at debian.org> Fri, 23 May 2008 23:50:03 +0200
+
userdir-ldap (0.3.31) unstable; urgency=low
[ Joerg Jaspert ]
=== modified file 'gpgwrapper'
--- a/gpgwrapper 2007-12-26 20:49:42 +0000
+++ b/gpgwrapper 2008-05-23 21:52:29 +0000
@@ -85,7 +85,7 @@
ErrType = EX_TEMPFAIL;
ErrMsg = "An error occured while performing the LDAP lookup";
global l;
- l = ldap.open(LDAPServer);
+ l = connectLDAP(LDAPServer);
l.simple_bind_s("","");
# Search for the matching key fingerprint
=== modified file 'sigcheck'
--- a/sigcheck 2007-12-26 20:49:42 +0000
+++ b/sigcheck 2008-05-23 21:52:29 +0000
@@ -54,7 +54,7 @@
ErrType = EX_TEMPFAIL;
ErrMsg = "An error occurred while performing the LDAP lookup:";
global l;
- l = ldap.open(LDAPServer);
+ l = connectLDAP(LDAPServer);
l.simple_bind_s("","");
# Search for the matching key fingerprint
=== modified file 'ud-arbimport'
--- a/ud-arbimport 2007-12-26 20:55:32 +0000
+++ b/ud-arbimport 2008-05-23 21:52:29 +0000
@@ -39,7 +39,7 @@
sys.exit(0)
# Main program starts here
-l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
List = open(arguments[1],"r");
Set = [];
=== modified file 'ud-echelon'
--- a/ud-echelon 2007-12-26 20:49:42 +0000
+++ b/ud-echelon 2008-05-23 21:52:29 +0000
@@ -94,7 +94,7 @@
ErrType = EX_TEMPFAIL;
ErrMsg = "An error occured while performing the LDAP lookup";
global l;
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
if Debug == None:
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
AccessPass = F.readline().strip().split(" ")
=== modified file 'ud-emailmatcher'
--- a/ud-emailmatcher 2007-12-26 20:49:42 +0000
+++ b/ud-emailmatcher 2008-05-23 21:52:29 +0000
@@ -52,8 +52,7 @@
Args = Args + GPGSearchOptions + [" 2> /dev/null"]
Keys = os.popen(" ".join(Args),"r")
-l = ldap.open(LDAPServer);
-l.simple_bind_s("","");
+l = connectLDAP()
# Fetch the key list and map to email address
PasswdAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyfingerprint=*",\
=== modified file 'ud-generate'
--- a/ud-generate 2008-05-23 08:00:32 +0000
+++ b/ud-generate 2008-05-23 21:52:29 +0000
@@ -848,7 +848,7 @@
shutil.copy(k, OutDir)
# Connect to the ldap server
-l = ldap.open(LDAPServer);
+l = connectLDAP()
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
Pass = F.readline().strip().split(" ")
F.close();
=== modified file 'ud-gpgimport'
--- a/ud-gpgimport 2007-12-26 20:49:42 +0000
+++ b/ud-gpgimport 2008-05-23 21:52:29 +0000
@@ -70,9 +70,9 @@
# Connect to the ldap server
if NoAct == 0:
- l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+ l = passwdAccessLDAP(BaseDn, AdminUser)
else:
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
l.simple_bind_s("","");
# Download the existing key list and put it into a map
=== modified file 'ud-groupadd'
--- a/ud-groupadd 2007-12-26 20:49:42 +0000
+++ b/ud-groupadd 2008-05-23 21:52:29 +0000
@@ -53,7 +53,7 @@
if (switch == '-u'):
AdminUser = val;
-l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
while 1:
Group = raw_input("Group name? ");
=== modified file 'ud-host'
--- a/ud-host 2007-12-26 20:49:42 +0000
+++ b/ud-host 2008-05-23 21:52:29 +0000
@@ -241,9 +241,9 @@
FingerPrints = 1
if (BindUser != ""):
- l = passwdAccessLDAP(LDAPServer, BaseDn, BindUser)
+ l = passwdAccessLDAP(BaseDn, BindUser)
else:
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
l.simple_bind_s("","")
if ListMode == 1:
=== modified file 'ud-info'
--- a/ud-info 2008-05-22 20:41:25 +0000
+++ b/ud-info 2008-05-23 21:52:29 +0000
@@ -315,7 +315,7 @@
Password = getpass(BindUser + "'s password: ");
# Connect to the ldap server
-l = ldap.open(LDAPServer);
+l = connectLDAP()
UserDn = "uid=" + BindUser + "," + BaseDn;
if (BindUser != ""):
l.simple_bind_s(UserDn,Password);
=== modified file 'ud-ldapshow'
--- a/ud-ldapshow 2007-12-26 20:49:42 +0000
+++ b/ud-ldapshow 2008-05-23 21:52:29 +0000
@@ -31,7 +31,7 @@
print "Connecting to LDAP directory";
# Connect to the ldap server
-l = ldap.open(LDAPServer);
+l = connectLDAP()
l.simple_bind_s("","");
if arguments[0] == "nokey":
=== modified file 'ud-mailgate'
--- a/ud-mailgate 2008-05-22 20:26:49 +0000
+++ b/ud-mailgate 2008-05-23 21:52:29 +0000
@@ -467,7 +467,7 @@
Result = Result + Res + "\n";
# Connect to the ldap server
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
AccessPass = F.readline().strip().split(" ")
F.close();
@@ -538,7 +538,7 @@
Reply = Reply + TemplateSubst(Subst,open(TemplatesDir+"passwd-changed","r").read());
# Connect to the ldap server
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
AccessPass = F.readline().strip().split(" ")
F.close();
@@ -616,7 +616,7 @@
ErrType = EX_TEMPFAIL;
ErrMsg = "An error occured while performing the LDAP lookup";
global l;
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
l.simple_bind_s("","");
# Search for the matching key fingerprint
=== modified file 'ud-passchk'
--- a/ud-passchk 2007-12-26 20:49:42 +0000
+++ b/ud-passchk 2008-05-23 21:52:29 +0000
@@ -41,7 +41,7 @@
print "mismatch",Split[0],Miss;
# Connect to the ldap server
-l = ldap.open(LDAPServer);
+l = connectLDAP()
l.simple_bind_s("","");
PassCheck(l,sys.argv[1],sys.argv[2]);
=== modified file 'ud-roleadd'
--- a/ud-roleadd 2008-04-21 22:18:09 +0000
+++ b/ud-roleadd 2008-05-23 21:52:29 +0000
@@ -50,7 +50,7 @@
if (switch == '-u'):
AdminUser = val
-l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
while 1:
account = raw_input("Who are you going to add? ")
=== modified file 'ud-useradd'
--- a/ud-useradd 2008-05-18 11:45:59 +0000
+++ b/ud-useradd 2008-05-23 21:52:29 +0000
@@ -67,7 +67,7 @@
elif (switch == '-n'):
NoAutomaticIDs = 1;
-l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
# Locate the key of the user we are adding
SetKeyrings(ConfModule.add_keyrings.split(":"))
=== modified file 'ud-userimport'
--- a/ud-userimport 2008-01-10 15:03:47 +0000
+++ b/ud-userimport 2008-05-23 21:52:29 +0000
@@ -249,7 +249,7 @@
# Main program starts here
# Connect to the ldap server
-l = passwdAccessLDAP(LDAPServer, BaseDn, AdminUser)
+l = passwdAccessLDAP(BaseDn, AdminUser)
if (Passwd != ""):
DoPasswd(l,Passwd);
=== modified file 'ud-xearth'
--- a/ud-xearth 2007-12-26 20:49:42 +0000
+++ b/ud-xearth 2008-05-23 21:52:29 +0000
@@ -30,7 +30,7 @@
Anon = 1;
# Connect to the ldap server
-l = passwdAccessLDAP(LDAPServer, BaseDn, User)
+l = passwdAccessLDAP(BaseDn, User)
Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"latitude=*",\
["uid","cn","mn","sn","latitude","longitude"]);
=== modified file 'userdir-ldap.conf'
--- a/userdir-ldap.conf 2008-05-18 11:45:59 +0000
+++ b/userdir-ldap.conf 2008-05-23 21:52:29 +0000
@@ -8,6 +8,7 @@
# Basic LDAP configuration
ldaphost = "db.debian.org";
+usessl = True;
basedn = "ou=users,dc=debian,dc=org";
hostbasedn = "ou=hosts,dc=debian,dc=org";
adminuser = "admin";
=== modified file 'userdir_ldap.py'
--- a/userdir_ldap.py 2008-05-14 18:55:18 +0000
+++ b/userdir_ldap.py 2008-05-23 21:52:29 +0000
@@ -45,6 +45,11 @@
MultipleSSHFiles = getattr(ConfModule, 'multiplesshfiles', False)
SingleSSHFile = getattr(ConfModule, 'singlesshfile', True)
+try:
+ UseSSL = ConfModule.usessl;
+except AttributeError:
+ UseSSL = False;
+
# Break up the keyring list
userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":"))
@@ -102,6 +107,16 @@
Result = Result + "%s: %s\n" % (x,i);
return Result[:-1];
+def connectLDAP(server = None):
+ if server == None:
+ global LDAPServer
+ server = LDAPServer
+ l = ldap.open(server);
+ global UseSSL
+ if UseSSL:
+ l.start_tls_s();
+ return l;
+
# Function to prompt for a password
def getpass(prompt = "Password: "):
import termios, sys;
@@ -124,7 +139,7 @@
print;
return passwd;
-def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser):
+def passwdAccessLDAP(BaseDn, AdminUser):
"""
Ask for the AdminUser's password and connect to the LDAP server.
Returns the connection handle.
@@ -136,7 +151,7 @@
if len(Password) == 0:
sys.exit(0)
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
UserDn = "uid=" + AdminUser + "," + BaseDn;
# Connect to the ldap server
More information about the Da-tools-commits
mailing list