#!/usr/bin/python import sys from optparse import OptionParser import pysss import SSSDConfig def parse_options(): parser = OptionParser() parser.add_option("-s", "--stdin", action="store_true", dest="stdin", default=False, help="Read input from stdin") parser.add_option("-d", "--domain", dest="domain", default="default", help="The domain to use the password in (default: default)", metavar="DOMNAME") parser.add_option("-f", "--file", dest="filename", default=None, help="Set input file to FILE (default: Use system default, usually /etc/sssd/sssd.conf)", metavar="FILE") (options, args) = parser.parse_args() # If no password given as positional paramater, read up from stdin if len(args) == 0: options.stdin = True return options, args def main(): options, args = parse_options() if not options: print >>sys.stderr, "Cannot parse options" return 1 if not options.stdin: try: password = args[0] except IndexError: # should never happen print "Missing password parameter!" return 1 else: try: password = sys.stdin.read() except KeyboardInterrupt: return 1 # Obfuscate the password obfobj = pysss.password() obfpwd = obfobj.encrypt(password, obfobj.AES_256) # Save the obfuscated password into the domain sssdconfig = SSSDConfig.SSSDConfig() try: sssdconfig.import_config(options.filename) except IOError: print "Cannot open config file %s" % options.filename return 1 try: domain = sssdconfig.get_domain(options.domain) except SSSDConfig.NoDomainError: print "No such domain %s" % options.domain return 1 try: domain.set_option('ldap_default_authtok_type', 'obfuscated_password') domain.set_option('ldap_default_authtok', obfpwd) except SSSDConfig.NoOptionError: print "The domain %s does not seem to support the required options" % \ options.domain return 1 sssdconfig.save_domain(domain) sssdconfig.write() return 0 if __name__ == "__main__": ret = main() sys.exit(ret)