From a27c8b00ebf173659f22f53ce65679e94e7dfb1b Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Sun, 28 Apr 2024 11:19:41 +0200
Subject: Adding upstream version 2022.12.24.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 scripts/update-ldap | 82 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)
 create mode 100755 scripts/update-ldap

(limited to 'scripts/update-ldap')

diff --git a/scripts/update-ldap b/scripts/update-ldap
new file mode 100755
index 0000000..02b9b0f
--- /dev/null
+++ b/scripts/update-ldap
@@ -0,0 +1,82 @@
+#!/usr/bin/python3
+
+# Author: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
+# Date: 2014-08-30
+# License: GPLv3+
+
+# For doing keyring-maint tasks with debian LDAP
+
+import ldap
+import getpass
+import sys
+
+if sys.argv.__len__() != 2 or sys.argv[1] in ['-h', '--help', 'help']:
+    print('''Usage: update-ldap <FILENAME>
+
+FILENAME should be a simple text file, utf8 encoded, where each line
+is a key replacement with three fields separated by a single space:
+
+uid oldfpr newfpr
+''')
+    exit(1)
+
+
+
+class debldap:
+    def __init__(self):
+        self.l = ldap.initialize("ldaps://db.debian.org")
+
+    def auth(self, uid, password):
+        self.l.simple_bind_s("uid={uid},ou=users,dc=debian,dc=org".format(uid=uid),password)
+
+    def changefpr(self, uid, oldfpr, newfpr):
+        dn = "uid={uid},ou=users,dc=debian,dc=org".format(uid=uid)
+        objs = self.l.search_s(dn, ldap.SCOPE_SUBTREE, "objectclass=*")
+        if not objs:
+            raise BaseException("No objects found matching {dn}".format(dn=dn))
+        for o in objs:
+            if o[0] != dn:
+                raise BaseException("Weird/unexpected dn {new} (expected {old})".format(new=o[0], old=dn))
+            fprs = o[1]['keyFingerPrint']
+            if fprs != [oldfpr.encode('ascii')]:
+                raise BaseException("old fingerprint was {found}, but we expected {oldfpr}".format(found=fprs, oldfpr=oldfpr))
+            self.l.modify_s(dn, [(ldap.MOD_REPLACE, 'keyFingerPrint', [newfpr.encode('ascii')])])
+
+
+
+f = open(sys.argv[1])
+
+x = debldap()
+username = getpass.getuser()
+
+try:
+    passwd = getpass.getpass('Debian LDAP password for {user}: '.format(user=username))
+    x.auth(username, passwd)
+    bound = True
+except BaseException as e:
+    print("Failed to authenticate: {m}".format(m=e.message))
+    exit(1)
+
+errors = []
+lineno = 0
+successes = 0
+for line in f:
+    lineno += 1
+    user = '<unknown>'
+    try:
+        data = line.strip('\n').split(' ')
+        if data.__len__() != 3:
+            raise BaseException("ignoring malformed line: {line}\n".format(lineno=lineno, line=line))
+        user = data[0]
+        x.changefpr(user, data[1], data[2])
+        successes += 1
+    except BaseException as e:
+        print("{lineno}: {user}: {message}".format(lineno=lineno, user=user,message=str(e.message).strip()))
+        errors.append((lineno, e))
+
+
+print("{errors} errors, {successes} successfully processed".format(successes=successes, errors=errors.__len__()))
+
+if errors:
+    exit(1)
+
-- 
cgit v1.2.3