@ -140,6 +140,89 @@ class shareLdap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
# DN сервисов относительно базового
self . ServicesDN = " ou=Services "
def verifyPasswordInFile ( self , userName , userPassword ) :
""" проверяет пароль пользователя
Данные из / etc / shadow
"""
def searchShadowUser ( userName ) :
""" Ищет пользователей в /etc/shadow """
fileShadow = " /etc/shadow "
return self . searchLineInFile ( userName , fileShadow )
import md5
def md5crypt ( password , salt , magic = ' $1$ ' ) :
""" Функция криптования """
m = md5 . new ( )
m . update ( password + magic + salt )
mixin = md5 . md5 ( password + salt + password ) . digest ( )
for i in range ( 0 , len ( password ) ) :
m . update ( mixin [ i % 16 ] )
i = len ( password )
while i :
if i & 1 :
m . update ( ' \x00 ' )
else :
m . update ( password [ 0 ] )
i >> = 1
final = m . digest ( )
for i in range ( 1000 ) :
m2 = md5 . md5 ( )
if i & 1 :
m2 . update ( password )
else :
m2 . update ( final )
if i % 3 :
m2 . update ( salt )
if i % 7 :
m2 . update ( password )
if i & 1 :
m2 . update ( final )
else :
m2 . update ( password )
final = m2 . digest ( )
itoa64 = ' ./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqr \
stuvwxyz '
rearranged = ' '
for a , b , c in ( ( 0 , 6 , 12 ) , ( 1 , 7 , 13 ) , ( 2 , 8 , 14 ) , ( 3 , 9 , 15 ) ,
( 4 , 10 , 5 ) ) :
v = ord ( final [ a ] ) << 16 | ord ( final [ b ] ) << 8 | ord ( final [ c ] )
for i in range ( 4 ) :
rearranged + = itoa64 [ v & 0x3f ] ; v >> = 6
v = ord ( final [ 11 ] )
for i in range ( 2 ) :
rearranged + = itoa64 [ v & 0x3f ] ; v >> = 6
return magic + salt + ' $ ' + rearranged
def test ( clear_password , the_hash ) :
""" Сравнение пароля и хеша из файла """
magic , salt = the_hash [ 1 : ] . split ( ' $ ' ) [ : 2 ]
magic = ' $ ' + magic + ' $ '
return md5crypt ( clear_password , salt , magic ) == the_hash
searchUserSahdow = searchShadowUser ( userName )
if not searchUserSahdow :
return False
userHash = searchUserSahdow . split ( ' : ' ) [ 1 ]
if userHash == ' * ' or userHash == ' ! ' :
return False
return test ( userPassword , userHash )
def restorePathDelUser ( self , userName , destDir , relDir , message , unixObj = False ) :
""" Восстанавливает директорию удаленного пользователя """
removeDir = False
@ -572,6 +655,7 @@ class shareLdap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
def setJpegPhotoUser ( self , userName , photoPath , attr = " uid " ) :
""" Добавляем jpeg фотографию пользователя в LDAP """
import popen2
try :
FD = open ( photoPath )
photoData = FD . read ( )
@ -586,9 +670,23 @@ class shareLdap(imp_cl_err, imp_cl_xml, imp_cl_help, imp_cl_smcon):
return False
modAttrs = [ ]
if not self . stringIsJpeg ( photoData ) :
self . printERROR ( _ ( " File " ) + " " + str ( photoPath ) + " " + \
_ ( " is not jpeg " ) )
return False
flagError = False
fOut , fIn , fErr = popen2 . popen3 ( " convert %s jpg:- " % photoPath )
fIn . close ( )
if fErr . read ( ) :
self . printERROR ( _ ( " Can not convert file ' %s ' in jpeg format " ) \
% photoPath )
flagError = True
fErr . close ( )
if not flagError :
photoData = fOut . read ( )
if not self . stringIsJpeg ( photoData ) :
self . printERROR ( \
_ ( " Can not convert file ' %s ' in jpeg format " ) % photoPath )
flagError = True
fOut . close ( )
if flagError :
return False
if searchUser [ 0 ] [ 0 ] [ 1 ] . has_key ( ' jpegPhoto ' ) :
modAttrs . append ( ( ldap . MOD_REPLACE , ' jpegPhoto ' , photoData ) )
else :
@ -3254,8 +3352,8 @@ in Unix service ...") %str(primaryMail))
self . clVars . Set ( " cl_pass_service " , " mail " )
self . clVars . Write ( " sr_mail_set " , " off " )
# Почтовый ност
if options . has_key ( " mail- host" ) :
fullHostName = options [ ' mail- host' ]
if options . has_key ( " host" ) :
fullHostName = options [ ' host' ]
else :
fullHostName = " %s . %s " % ( self . clVars . Get ( ' os_net_hostname ' ) ,
self . clVars . Get ( ' os_net_domain ' ) )
@ -3896,8 +3994,8 @@ class servJabber(shareLdap):
# Имя устанавливаемого сервиса
self . clVars . Set ( " cl_pass_service " , " jabber " )
self . clVars . Write ( " sr_jabber_set " , " off " )
if options . has_key ( " jabber- host" ) :
fullHostName = options [ ' jabber- host' ]
if options . has_key ( " host" ) :
fullHostName = options [ ' host' ]
else :
fullHostName = " %s . %s " % ( self . clVars . Get ( ' os_net_hostname ' ) ,
self . clVars . Get ( ' os_net_domain ' ) )
@ -4099,7 +4197,7 @@ class servSamba(shareLdap):
@adminConnectLdap
def addUserSambaServer ( self , userName , options , pwDialog = False ,
checkSetup = True ):
checkSetup = True ,pwd = False ):
""" Добавляет LDAP пользователя в LDAP-сервер """
# Проверим установлен ли сервис samba
if checkSetup and not self . isServiceSetup ( " samba " ) :
@ -4127,11 +4225,14 @@ class servSamba(shareLdap):
return False
#пароль пользователя
userPwd = " "
#диалог ввода пароля
if not pwDialog :
pwDialog = [ _ ( " New SMB password " ) ,
_ ( " Retype new SMB password " ) ]
userPwd = self . getUserPassword ( options , " p " , " P " , pwDialog )
if pwd :
userPwd = pwd
else :
#диалог ввода пароля
if not pwDialog :
pwDialog = [ _ ( " New SMB password " ) ,
_ ( " Retype new SMB password " ) ]
userPwd = self . getUserPassword ( options , " p " , " P " , pwDialog )
if userPwd == False :
return False
flagCreateUnixUser = False
@ -4272,7 +4373,6 @@ class servSamba(shareLdap):
% netbios
fileDirectory = os . path . join ( createDirLogon ,
" start.cmd " )
print " FILE = " , fileDirectory
if not self . createUserFile ( fileDirectory ,
fileTxt , uid , gid ) :
flagError = True
@ -4483,9 +4583,20 @@ class servSamba(shareLdap):
self . printNotOK ( _ ( " Starting " ) + " Samba ... " )
return False
print _ ( " Enter existing ROOT password " )
pwDialog = [ _ ( " ROOT password " ) ,
_ ( " Retype ROOT password " ) ]
if not self . addUserSambaServer ( ' root ' , { ' p ' : " " } , pwDialog , False ) :
pwDialog = " ROOT password "
rootPwdOK = False
for i in range ( 3 ) :
rootPwd = getpass . getpass ( pwDialog + " : " )
if self . verifyPasswordInFile ( ' root ' , rootPwd ) :
rootPwdOK = True
break
elif i < 2 :
self . printERROR ( _ ( " incorrect root password, try again " ) )
if not rootPwdOK :
self . printERROR ( _ ( " Incorrect root password " ) + " ... " )
self . printERROR ( _ ( " Samba service can not configured " ) + " ... " )
return False
if not self . addUserSambaServer ( ' root ' , { } , False , False , rootPwd ) :
return False
clientName = ' client '
clientGroup = ' client '
@ -5764,15 +5875,15 @@ preferences and data (for users with uid<1000)")
} ,
{ ' progAccess ' : ( 6 , ) ,
' optVal ' : " HOST " ,
' longOption ' : " mail- host" ,
' longOption ' : " host" ,
' helpChapter ' : _ ( " Mail service options " ) ,
' help ' : _ ( " mail - host, default - hostname" )
' help ' : _ ( " mail host, default - hostname" )
} ,
{ ' progAccess ' : ( 6 , ) ,
' optVal ' : " HOST " ,
' longOption ' : " jabber- host" ,
' longOption ' : " host" ,
' helpChapter ' : _ ( " Jabber service options " ) ,
' help ' : _ ( " jabber - host, default - hostname" )
' help ' : _ ( " jabber host, default - hostname" )
} ,
# Опции cl-passwd
# LDAP пользователь