diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:19:41 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 09:19:41 +0000 |
commit | a27c8b00ebf173659f22f53ce65679e94e7dfb1b (patch) | |
tree | 02c68ec259348b63c6328896aa73265eb7b3d730 /scripts/update-ldap | |
parent | Initial commit. (diff) | |
download | debian-keyring-a27c8b00ebf173659f22f53ce65679e94e7dfb1b.tar.xz debian-keyring-a27c8b00ebf173659f22f53ce65679e94e7dfb1b.zip |
Adding upstream version 2022.12.24.upstream/2022.12.24upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rwxr-xr-x | scripts/update-ldap | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/scripts/update-ldap b/scripts/update-ldap new file mode 100755 index 0000000..02b9b0f --- /dev/null +++ b/scripts/update-ldap @@ -0,0 +1,82 @@ +#!/usr/bin/python3 + +# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> +# Date: 2014-08-30 +# License: GPLv3+ + +# For doing keyring-maint tasks with debian LDAP + +import ldap +import getpass +import sys + +if sys.argv.__len__() != 2 or sys.argv[1] in ['-h', '--help', 'help']: + print('''Usage: update-ldap <FILENAME> + +FILENAME should be a simple text file, utf8 encoded, where each line +is a key replacement with three fields separated by a single space: + +uid oldfpr newfpr +''') + exit(1) + + + +class debldap: + def __init__(self): + self.l = ldap.initialize("ldaps://db.debian.org") + + def auth(self, uid, password): + self.l.simple_bind_s("uid={uid},ou=users,dc=debian,dc=org".format(uid=uid),password) + + def changefpr(self, uid, oldfpr, newfpr): + dn = "uid={uid},ou=users,dc=debian,dc=org".format(uid=uid) + objs = self.l.search_s(dn, ldap.SCOPE_SUBTREE, "objectclass=*") + if not objs: + raise BaseException("No objects found matching {dn}".format(dn=dn)) + for o in objs: + if o[0] != dn: + raise BaseException("Weird/unexpected dn {new} (expected {old})".format(new=o[0], old=dn)) + fprs = o[1]['keyFingerPrint'] + if fprs != [oldfpr.encode('ascii')]: + raise BaseException("old fingerprint was {found}, but we expected {oldfpr}".format(found=fprs, oldfpr=oldfpr)) + self.l.modify_s(dn, [(ldap.MOD_REPLACE, 'keyFingerPrint', [newfpr.encode('ascii')])]) + + + +f = open(sys.argv[1]) + +x = debldap() +username = getpass.getuser() + +try: + passwd = getpass.getpass('Debian LDAP password for {user}: '.format(user=username)) + x.auth(username, passwd) + bound = True +except BaseException as e: + print("Failed to authenticate: {m}".format(m=e.message)) + exit(1) + +errors = [] +lineno = 0 +successes = 0 +for line in f: + lineno += 1 + user = '<unknown>' + try: + data = line.strip('\n').split(' ') + if data.__len__() != 3: + raise BaseException("ignoring malformed line: {line}\n".format(lineno=lineno, line=line)) + user = data[0] + x.changefpr(user, data[1], data[2]) + successes += 1 + except BaseException as e: + print("{lineno}: {user}: {message}".format(lineno=lineno, user=user,message=str(e.message).strip())) + errors.append((lineno, e)) + + +print("{errors} errors, {successes} successfully processed".format(successes=successes, errors=errors.__len__())) + +if errors: + exit(1) + |