From 8f7eef09b7d95edd4e0bd65dc0119925346a869b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A1=D0=B0=D0=BC=D0=BE=D1=83=D0=BA=D0=B8=D0=BD=20=D0=90?= =?UTF-8?q?=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9?= Date: Fri, 26 Feb 2010 17:46:25 +0300 Subject: [PATCH] Add pym/encrypt.py and scripts/cl-passwd --- pym/encrypt.py | 94 +++++++++++++++++++++++++++++++++++++++++++++++ scripts/cl-passwd | 68 ++++++++++++++++++++++++++++++++++ 2 files changed, 162 insertions(+) create mode 100644 pym/encrypt.py create mode 100644 scripts/cl-passwd diff --git a/pym/encrypt.py b/pym/encrypt.py new file mode 100644 index 0000000..f6f2380 --- /dev/null +++ b/pym/encrypt.py @@ -0,0 +1,94 @@ +#-*- coding: utf-8 -*- + +# Copyright 2008-2010 Mir Calculate Ltd. http://www.calculate-linux.org +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import sys +import os +import hashlib +import crypt +import string +import time +from random import choice +from base64 import urlsafe_b64encode as b64encode +import smbpasswd +import cl_base +# Перевод модуля +tr = cl_base.lang() +tr.setLanguage(sys.modules[__name__]) + +class encrypt: + """Класс хранения общих методов используемых для настройки сервисов + + Методы шифрования, создания сертификатов и.т. д + """ + + def __GenCryptSalt__(self): + """Генерация соли для хеширования пароля (CRYPT)""" + chars = string.letters + string.digits + "./" + salt = "" + for i in range(2): + salt = salt + choice(chars) + return salt + + def getHashPasswd(self, password, SecHashAlg): + """Генерация хеша пароля, + + Поддерживаемые алгоритмы шифрования пароля: + plain, md5, smd5, crypt, sha, ssha, lm, nt + """ + if not password: + print _("ERROR") + " getHashPasswd: " +\ + _("password empty") + return False + + hashPwd = "" + if SecHashAlg == "plain": + hashPwd = password + + elif SecHashAlg == "md5": + h = hashlib.md5(password) + hashPwd = "{MD5}" + b64encode(h.digest()) + + elif SecHashAlg == "smd5": + salt = os.urandom(4) + h = hashlib.md5(password) + h.update(salt) + hashPwd = "{SMD5}" + b64encode(h.digest() + salt) + + elif SecHashAlg == "crypt": + salt = self.__GenCryptSalt__() + hashPwd = "{CRYPT}" + crypt.crypt(password, salt) + + elif SecHashAlg == "sha": + h = hashlib.sha1(password) + hashPwd = "{SHA}" + b64encode(h.digest()) + + elif SecHashAlg == "ssha": + salt = os.urandom(4) + h = hashlib.sha1(password) + h.update(salt) + hashPwd = "{SSHA}" + b64encode(h.digest() + salt) + + elif SecHashAlg == "lm": + hashPwd = smbpasswd.lmhash(password) + + elif SecHashAlg == "nt": + hashPwd = smbpasswd.nthash(password) + + else: + print _("ERROR") + " getHashPasswd: " +\ + _("Can not support '%s' crypto algoritm")%SecHashAlg + return False + return hashPwd diff --git a/scripts/cl-passwd b/scripts/cl-passwd new file mode 100644 index 0000000..bbd3c67 --- /dev/null +++ b/scripts/cl-passwd @@ -0,0 +1,68 @@ +#!/usr/bin/python +#-*- coding: utf-8 -*- + +# Copyright 2008-2010 Mir Calculate Ltd. http://www.calculate-linux.org +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import sys +import os +sys.path.insert(0,os.path.abspath('/usr/lib/calculate/calculate-lib/pym')) +sys.path.insert(0,os.path.abspath('/usr/lib/calculate/calculate-client/pym')) +import cl_base +import cl_client +tr = cl_base.lang() +tr.setGlobalDomain('cl_client') +tr.setLanguage(sys.modules[__name__]) + +if __name__ == "__main__": + ldapObj = cl_client.cl_client("cl-passwd") + cl_base.exit = lambda x: ldapObj.exit(x) + optObj = cl_client.tsOpt(ldapObj, False, False) + flagError = False + if not optObj.flagHelp and optObj.opt.has_key('vars'): + terms = optObj.opt['vars'].split(",") + clVars = cl_base.DataVars() + clVars.flClient() + clVars.flIniFile() + if terms == ["all"]: + clVars.printVars() + else: + clVars.printVars(terms) + elif not optObj.flagHelp: + if optObj.opt.has_key('color'): + if not (optObj.opt["color"]=="never" or\ + optObj.opt["color"]=="auto" or\ + optObj.opt["color"]=="always"): + optObj.handlerErrOpt() + sys.exit(1) + if optObj.opt["color"]=="never": + newClass = type("cl_client_nocolor",(cl_client.printNoColor, + cl_client.cl_client,object), + {}) + ldapObj = newClass("cl-passwd") + cl_base.exit = lambda x: ldapObj.exit(x) + #userName = optObj.params['user'].strip() + if not ldapObj.setUserPasswordToServer(optObj.opt): + flagError = True + else: + if not optObj.flagHelp: + ldapObj.printERROR(_("Not found 'user' in command line")) + ldapObj.printERROR(\ + _('Try "cl-passwd --help" for more information')) + flagError = True + if flagError: + sys.exit(1) + else: + sys.exit(0) +