summaryrefslogtreecommitdiff
path: root/src/tools/sss_obfuscate
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2010-08-30 11:46:47 +0200
committerStephen Gallagher <sgallagh@redhat.com>2010-09-08 09:36:22 -0400
commit530ba03ecabb472f17d5d1ab546aec9390492de1 (patch)
tree7df0edd9d105262721cc6fcda6375ffa6f77a8a9 /src/tools/sss_obfuscate
parent4f5405595730a106f7406eba849f65cda2eb53f1 (diff)
downloadsssd-530ba03ecabb472f17d5d1ab546aec9390492de1.tar.gz
sssd-530ba03ecabb472f17d5d1ab546aec9390492de1.tar.bz2
sssd-530ba03ecabb472f17d5d1ab546aec9390492de1.zip
sss_obfuscate tool
A tool to add obfuscated passwords into the SSSD config file
Diffstat (limited to 'src/tools/sss_obfuscate')
-rw-r--r--src/tools/sss_obfuscate81
1 files changed, 81 insertions, 0 deletions
diff --git a/src/tools/sss_obfuscate b/src/tools/sss_obfuscate
new file mode 100644
index 00000000..220cd9be
--- /dev/null
+++ b/src/tools/sss_obfuscate
@@ -0,0 +1,81 @@
+#!/usr/bin/python
+
+import sys
+from optparse import OptionParser
+
+import pysss
+import SSSDConfig
+
+def parse_options():
+ parser = OptionParser()
+ parser.add_option("-s", "--stdin", action="store_true",
+ dest="stdin", default=False,
+ help="Read input from stdin")
+ parser.add_option("-d", "--domain",
+ dest="domain", default="default",
+ help="The domain to use the password in (default: default)",
+ metavar="DOMNAME")
+ parser.add_option("-f", "--file",
+ dest="filename", default=None,
+ help="Set input file to FILE (default: Use system default, usually /etc/sssd/sssd.conf)",
+ metavar="FILE")
+ (options, args) = parser.parse_args()
+
+ # If no password given as positional paramater, read up from stdin
+ if len(args) == 0:
+ options.stdin = True
+
+ return options, args
+
+def main():
+ options, args = parse_options()
+ if not options:
+ print >>sys.stderr, "Cannot parse options"
+ return 1
+
+ if not options.stdin:
+ try:
+ password = args[0]
+ except IndexError: # should never happen
+ print "Missing password parameter!"
+ return 1
+ else:
+ try:
+ password = sys.stdin.read()
+ except KeyboardInterrupt:
+ return 1
+
+ # Obfuscate the password
+ obfobj = pysss.password()
+ obfpwd = obfobj.encrypt(password, obfobj.AES_256)
+
+ # Save the obfuscated password into the domain
+ sssdconfig = SSSDConfig.SSSDConfig()
+ try:
+ sssdconfig.import_config(options.filename)
+ except IOError:
+ print "Cannot open config file %s" % options.filename
+ return 1
+
+ try:
+ domain = sssdconfig.get_domain(options.domain)
+ except SSSDConfig.NoDomainError:
+ print "No such domain %s" % options.domain
+ return 1
+
+ try:
+ domain.set_option('ldap_default_authtok_type', 'obfuscated_password')
+ domain.set_option('ldap_default_authtok', obfpwd)
+ except SSSDConfig.NoOptionError:
+ print "The domain %s does not seem to support the required options" % \
+ options.domain
+ return 1
+
+
+ sssdconfig.save_domain(domain)
+ sssdconfig.write()
+ return 0
+
+if __name__ == "__main__":
+ ret = main()
+ sys.exit(ret)