4 # Prior copyright probably rmurray, troup, joey, jgg -- weasel 2008
5 # Copyright (c) 2009 Stephen Gran <steve@lobefin.net>
6 # Copyright (c) 2008,2009,2010 Peter Palfrader <peter@palfrader.org>
7 # Copyright (c) 2008 Joerg Jaspert <joerg@debian.org>
8 # Copyright (c) 2010 Helmut Grohne <helmut@subdivi.de>
25 from userdir_gpg import *
26 from userdir_ldap import *
27 from userdir_exceptions import *
29 # Error codes from /usr/include/sysexits.h
30 ReplyTo = ConfModule.replyto
31 PingFrom = ConfModule.pingfrom
32 ChPassFrom = ConfModule.chpassfrom
33 ChangeFrom = ConfModule.changefrom
34 ReplayCacheFile = ConfModule.replaycachefile
35 SSHFingerprintFile = ConfModule.fingerprintfile
36 TOTPTicketDirectory = ConfModule.totpticketdirectory
37 WebUILocation = ConfModule.webuilocation
39 UUID_FORMAT = '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'
40 machine_regex = re.compile("^[0-9a-zA-Z.-]+$")
43 EX_PERMFAIL = 65 # EX_DATAERR
44 Error = 'Message Error'
52 ValidHostNames = [] # will be initialized in later
54 SSHFingerprint = re.compile(r'^(\d+) ([0-9a-f\:]{47}|SHA256:[0-9A-Za-z/+]{43}) (.+)$')
55 SSHRSA1Match = re.compile(r'^^(.* )?\d+ \d+ \d+')
57 ArbChanges = {"c": "..",
59 "facsimileTelephoneNumber": ".*",
60 "telephoneNumber": ".*",
61 "postalAddress": ".*",
65 "emailForward": "^([^<>@]+@.+)?$",
66 "jabberJID": "^([^<>@]+@.+)?$",
71 "birthDate": "^([0-9]{4})([01][0-9])([0-3][0-9])$",
72 "mailDisableMessage": ".*",
73 "mailGreylisting": "^(TRUE|FALSE)$",
74 "mailCallout": "^(TRUE|FALSE)$",
75 "mailDefaultOptions": "^(TRUE|FALSE)$",
77 "mailContentInspectionAction": "^(reject|blackhole|markup)$", }
79 DelItems = {"c": None,
81 "facsimileTelephoneNumber": None,
82 "telephoneNumber": None,
83 "postalAddress": None,
96 "sshRSAAuthKey": None,
98 "mailGreylisting": None,
102 "mailWhitelist": None,
103 "mailDisableMessage": None,
104 "mailDefaultOptions": None,
106 "mailContentInspectionAction": None,
110 # Decode a GPS location from some common forms
111 def LocDecode(Str, Dir):
112 # Check for Decimal degrees, DGM, or DGMS
113 if re.match(r"^[+-]?[\d.]+$", Str) is not None:
121 # Check for DDDxMM.MMMM where x = [nsew]
122 Match = re.match(r"^(\d+)([" + Dir + r"])([\d.]+)$", Str)
130 Match = re.match(r"^([\d.]+) ?([" + Dir + r"])$", Str)
136 # Check for DD:MM.MM x
137 Match = re.match(r"^(\d+):([\d.]+) ?([" + Dir + "])$", Str)
144 # Check for DD:MM:SS.SS x
145 Match = re.match(r"^(\d+):(\d+):([\d.]+) ?([" + Dir + "])$", Str)
155 raise UDFormatError("Bad degrees")
156 if Min is not None and float(Min) > 60:
157 raise UDFormatError("Bad minutes")
158 if Sec is not None and float(Sec) > 60:
159 raise UDFormatError("Bad seconds")
161 # Pad on an extra leading 0 to disambiguate small numbers
162 if len(Deg) <= 1 or Deg[1] == '.':
164 if Min is not None and (len(Min) <= 1 or Min[1] == '.'):
166 if Sec is not None and (len(Sec) <= 1 or Sec[1] == '.'):
169 # Construct a DGM/DGMS type value from the components.
181 # Handle changing a set of arbitary fields
183 def DoArbChange(Str, Attrs):
184 Match = re.match("^([^ :]+): (.*)$", Str)
189 attrName = G[0].lower()
190 for i in ArbChanges.keys():
191 if i.lower() == attrName:
194 if attrName not in ArbChanges:
198 if re.match(ArbChanges[attrName], value) is None:
199 raise UDFormatError("Item does not match the required format" + ArbChanges[attrName])
201 Attrs.append((ldap.MOD_REPLACE, attrName, value))
202 return "Changed entry %s to %s" % (attrName, value)
205 # Handle changing a set of arbitary fields
207 def DoDel(Str, Attrs):
208 Match = re.match("^del (.*)$", Str)
213 attrName = G[0].lower()
214 for i in DelItems.keys():
215 if i.lower() == attrName:
218 if attrName not in DelItems:
219 return "Cannot erase entry %s" % (attrName,)
221 Attrs.append((ldap.MOD_DELETE, attrName, None))
222 return "Removed entry %s" % (attrName)
225 # Handle a position change message, the line format is:
226 # Lat: -12412.23 Long: +12341.2342
227 def DoPosition(Str, Attrs):
228 Match = re.match(r"^lat: ([+\-]?[\d:.ns]+(?: ?[ns])?) long: ([+\-]?[\d:.ew]+(?: ?[ew])?)$", Str.lower())
234 sLat = LocDecode(G[0], "ns")
235 sLong = LocDecode(G[1], "ew")
236 Lat = DecDegree(sLat, 1)
237 Long = DecDegree(sLong, 1)
239 raise UDFormatError("Positions were found, but they are not correctly formed")
241 Attrs.append((ldap.MOD_REPLACE, "latitude", sLat))
242 Attrs.append((ldap.MOD_REPLACE, "longitude", sLong))
243 return "Position set to %s/%s (%s/%s decimal degrees)" % (sLat, sLong, Lat, Long)
246 # Load bad ssh fingerprints
248 f = open(SSHFingerprintFile, "r")
250 FingerprintLine = re.compile(r'^([0-9a-f:]{47}).*$')
251 for line in f.readlines():
252 Match = FingerprintLine.match(line)
253 if Match is not None:
259 # Handle an SSH authentication key, the line format is:
260 # [options] 1024 35 13188913666680[..] [comment]
261 # maybe it really should be:
262 # [allowed_hosts=machine1,machine2 ][options ]ssh-rsa keybytes [comment]
263 def DoSSH(Str, Attrs, badkeys, uid):
264 Match = SSH2AuthSplit.match(Str)
270 Match = SSHRSA1Match.match(Str)
271 if Match is not None:
272 return "RSA1 keys not supported anymore"
275 # lines can now be prepended with "allowed_hosts=machine1,machine2 "
277 if Str.startswith("allowed_hosts="):
278 Str = Str.split("=", 1)[1]
280 return "invalid ssh key syntax with machine specification"
281 machines, Str = Str.split(' ', 1)
282 machines = machines.split(",")
285 return "empty machine specification for ssh key"
286 if not machine_regex.match(m):
287 return "machine specification for ssh key contains invalid characters"
288 if m not in ValidHostNames:
289 return "unknown machine {} used in allowed_hosts stanza for ssh keys".format(m)
291 (fd, path) = tempfile.mkstemp(".pub", "sshkeytry", "/tmp")
293 f.write("%s\n" % (Str))
295 cmd = "/usr/bin/ssh-keygen -l -f %s < /dev/null" % (path)
296 (result, output) = commands.getstatusoutput(cmd)
299 raise UDExecuteError("ssh-keygen -l invocation failed!\n%s\n" % (output))
301 # format the string again for ldap:
303 Str = "allowed_hosts=%s %s" % (",".join(machines), Str)
306 Date = time.strftime("%a, %d %b %Y %H:%M:%S +0000", time.gmtime(time.time()))
307 ErrReplyHead = "From: %s\nCc: %s\nReply-To: %s\nDate: %s\n" % (os.environ['SENDER'], os.environ['SENDER'], ReplyTo, Date)
309 Subst["__ADMIN__"] = ReplyTo
310 Subst["__USER__"] = uid
312 Match = SSHFingerprint.match(output)
314 return "Failed to match SSH fingerprint, has the output of ssh-keygen changed?"
320 key_size_ok = (int(key_size) >= 2048)
321 elif typekey == "ed25519":
327 return "SSH key fails formal criteria, not added. We only accept RSA keys (>= 2048 bits) or ed25519 keys."
328 elif fingerprint in badkeys:
331 Subst["__ERROR__"] = "SSH key with fingerprint %s known as bad key" % (g[1])
332 ErrReply = TemplateSubst(Subst, open(TemplatesDir + "admin-info", "r").read())
334 Child = subprocess.Popen(['/usr/sbin/sendmail', '-t'], stdin=subprocess.PIPE)
335 Child.stdin.write(ErrReplyHead)
336 Child.stdin.write(ErrReply)
338 if Child.wait() != 0:
339 raise UDExecuteError("Sendmail gave a non-zero return code")
341 sys.exit(EX_TEMPFAIL)
343 # And now break and stop processing input, which sends a reply to the user.
344 raise UDFormatError("Submitted SSH key known to be bad and insecure, processing halted, NOTHING MODIFIED AT ALL")
348 Attrs.append((ldap.MOD_ADD, "sshRSAAuthKey", Str))
349 return "SSH Key added: %s %s [%s]" % (key_size, fingerprint, FormatSSHAuth(Str))
351 Attrs.append((ldap.MOD_REPLACE, "sshRSAAuthKey", Str))
353 return "SSH Keys replaced with: %s %s [%s]" % (key_size, fingerprint, FormatSSHAuth(Str))
356 # Handle changing a dns entry
357 # host IN A 12.12.12.12
358 # host IN AAAA 1234::5678
359 # host IN CNAME foo.bar. <- Trailing dot is required
360 # host IN MX foo.bar. <- Trailing dot is required
361 def DoDNS(Str, Attrs, DnRecord):
362 cnamerecord = re.match(r"^[-\w]+\s+IN\s+CNAME\s+([-\w.]+\.)$", Str, re.IGNORECASE)
363 arecord = re.match(r'^[-\w]+\s+IN\s+A\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$', Str, re.IGNORECASE)
364 mxrecord = re.match(r"^[-\w]+\s+IN\s+MX\s+(\d{1,3})\s+([-\w.]+\.)$", Str, re.IGNORECASE)
365 txtrecord = re.match(r"^[-\w]+\s+IN\s+TXT\s+([-\d. a-z\t<>@:]+)", Str, re.IGNORECASE)
366 aaaarecord = re.match(r'^[-\w]+\s+IN\s+AAAA\s+([A-F0-9:]{2,39})$', Str, re.IGNORECASE)
368 if cnamerecord is None and\
370 mxrecord is None and\
371 txtrecord is None and\
375 # Check for punycode. We ought to validate it before we allow it in our zone.
376 if Str.lower().startswith('xn--'):
377 return "Punycode not allowed: " + Str
379 # Check if the name is already taken
380 G = re.match(r'^([-\w+]+)\s', Str)
382 raise UDFormatError("Hostname not found although we already passed record syntax checks")
383 hostname = G.group(1)
385 # Check for collisions
387 # [JT 20070409 - search for both tab and space suffixed hostnames
388 # since we accept either. It'd probably be better to parse the
389 # incoming string in order to construct what we feed LDAP rather
390 # than just passing it through as is.]
391 filter = "(|(dnsZoneEntry=%s *)(dnsZoneEntry=%s *))" % (hostname, hostname)
392 Rec = lc.search_s(BaseDn, ldap.SCOPE_ONELEVEL, filter, ["uid"])
394 if GetAttr(x, "uid") != GetAttr(DnRecord, "uid"):
395 return "DNS entry is already owned by " + GetAttr(x, "uid")
402 return "CNAME and other RR types not allowed: " + Str
406 if DNS.get(hostname) == 2:
407 return "CNAME and other RR types not allowed: " + Str
411 if cnamerecord is not None:
412 sanitized = "%s IN CNAME %s" % (hostname, cnamerecord.group(1))
413 elif txtrecord is not None:
414 sanitized = "%s IN TXT %s" % (hostname, txtrecord.group(1))
415 elif arecord is not None:
416 ipaddress = arecord.group(1)
417 for quad in ipaddress.split('.'):
418 if not (int(quad) >= 0 and int(quad) <= 255):
419 return "Invalid quad %s in IP address %s in line %s" % (quad, ipaddress, Str)
420 sanitized = "%s IN A %s" % (hostname, ipaddress)
421 elif mxrecord is not None:
422 priority = mxrecord.group(1)
423 mx = mxrecord.group(2)
424 sanitized = "%s IN MX %s %s" % (hostname, priority, mx)
425 elif aaaarecord is not None:
426 ipv6address = aaaarecord.group(1)
427 parts = ipv6address.split(':')
429 return "Invalid IPv6 address (%s): too many parts" % (ipv6address)
431 return "Invalid IPv6 address (%s): too few parts" % (ipv6address)
436 seenEmptypart = False
439 return "Invalid IPv6 address (%s): part %s is longer than 4 characters" % (ipv6address, p)
442 return "Invalid IPv6 address (%s): more than one :: (nothing in between colons) is not allowed" % (ipv6address)
444 sanitized = "%s IN AAAA %s" % (hostname, ipv6address)
446 raise UDFormatError("None of the types I recognize was it. I shouldn't be here. confused.")
449 Attrs.append((ldap.MOD_ADD, "dnsZoneEntry", sanitized))
450 return "DNS Entry added " + sanitized
452 Attrs.append((ldap.MOD_REPLACE, "dnsZoneEntry", sanitized))
454 return "DNS Entry replaced with " + sanitized
457 # Handle an RBL list (mailRBL, mailRHSBL, mailWhitelist)
458 def DoRBL(Str, Attrs):
459 Match = re.compile('^mail(rbl|rhsbl|whitelist) ([-a-z0-9.]+)$').match(Str.lower())
463 if Match.group(1) == "rbl":
465 if Match.group(1) == "rhsbl":
467 if Match.group(1) == "whitelist":
468 Key = "mailWhitelist"
469 Host = Match.group(2)
473 Attrs.append((ldap.MOD_ADD, Key, Host))
474 return "%s added %s" % (Key, Host)
476 Attrs.append((ldap.MOD_REPLACE, Key, Host))
478 return "%s replaced with %s" % (Key, Host)
481 # Handle a ConfirmSudoPassword request
482 def DoConfirmSudopassword(Str, SudoPasswd):
483 Match = re.compile('^confirm sudopassword (' + UUID_FORMAT + ') ([a-z0-9.,*-]+) ([0-9a-f]{40})$').match(Str)
487 uuid = Match.group(1)
488 hosts = Match.group(2)
489 hmac = Match.group(3)
491 SudoPasswd[uuid] = (hosts, hmac)
492 return "got confirm for sudo password %s on host(s) %s, auth code %s" % (uuid, hosts, hmac)
495 def FinishConfirmSudopassword(lc, uid, Attrs, SudoPasswd):
498 if len(SudoPasswd) == 0:
501 res = lc.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "uid=" + uid, ['sudoPassword'])
503 raise UDFormatError("Not exactly one hit when searching for user")
504 if 'sudoPassword' in res[0][1]:
505 inldap = res[0][1]['sudoPassword']
511 Match = re.compile('^(' + UUID_FORMAT + ') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*-]+) ([^ ]+)$').match(entry)
513 raise UDFormatError("Could not parse existing sudopasswd entry")
514 uuid = Match.group(1)
515 status = Match.group(2)
516 hosts = Match.group(3)
517 cryptedpass = Match.group(4)
519 if uuid in SudoPasswd:
520 confirmedHosts = SudoPasswd[uuid][0]
521 confirmedHmac = SudoPasswd[uuid][1]
522 if status.startswith('confirmed:'):
523 if status == 'confirmed:' + make_passwd_hmac('password-is-confirmed', 'sudo', uid, uuid, hosts, cryptedpass):
524 result += "Entry %s for sudo password on hosts %s already confirmed.\n" % (uuid, hosts)
526 result += "Entry %s for sudo password on hosts %s is listed as confirmed, but HMAC does not verify.\n" % (uuid, hosts)
527 elif confirmedHosts != hosts:
528 result += "Entry %s hostlist mismatch (%s vs. %s).\n" % (uuid, hosts, confirmedHosts)
529 elif make_passwd_hmac('confirm-new-password', 'sudo', uid, uuid, hosts, cryptedpass) == confirmedHmac:
530 result += "Entry %s for sudo password on hosts %s now confirmed.\n" % (uuid, hosts)
531 status = 'confirmed:' + make_passwd_hmac('password-is-confirmed', 'sudo', uid, uuid, hosts, cryptedpass)
533 result += "Entry %s for sudo password on hosts %s HMAC verify failed.\n" % (uuid, hosts)
536 newentry = " ".join([uuid, status, hosts, cryptedpass])
537 if len(newldap) == 0:
538 newldap.append((ldap.MOD_REPLACE, "sudoPassword", newentry))
540 newldap.append((ldap.MOD_ADD, "sudoPassword", newentry))
542 for entry in SudoPasswd:
543 result += "Entry %s that you confirm is not listed in ldap." % (entry,)
545 for entry in newldap:
551 def connect_to_ldap_and_check_if_locked(DnRecord):
552 # Connect to the ldap server
554 F = open(PassDir + "/pass-" + pwd.getpwuid(os.getuid())[0], "r")
555 AccessPass = F.readline().strip().split(" ")
557 lc.simple_bind_s("uid={},{}".format(AccessPass[0], BaseDn), AccessPass[1])
559 # Check for a locked account
560 Attrs = lc.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "uid=" + GetAttr(DnRecord, "uid"))
561 if (GetAttr(Attrs[0], "userPassword").find("*LK*") != -1) \
562 or GetAttr(Attrs[0], "userPassword").startswith("!"):
563 raise UDNotAllowedError("This account is locked")
567 # Handle an [almost] arbitary change
568 def HandleChange(Reply, DnRecord, Key):
570 Lines = re.split("\n *\r?", PlainText)
582 # Try to process a command line
583 Result += "> " + Line + "\n"
589 badkeys = LoadBadSSH()
590 Res = DoPosition(Line, Attrs) or DoDNS(Line, Attrs, DnRecord) or \
591 DoArbChange(Line, Attrs) or DoSSH(Line, Attrs, badkeys, GetAttr(DnRecord, "uid")) or \
592 DoDel(Line, Attrs) or DoRBL(Line, Attrs) or DoConfirmSudopassword(Line, SudoPasswd)
595 Result += "==> %s: %s\n" % (sys.exc_type, sys.exc_value)
597 # Fail, if someone tries to send someone elses signed email to the
598 # daemon then we want to abort ASAP.
601 Result = Result + "Command is not understood. Halted - no changes committed\n"
605 # Connect to the ldap server
606 lc = connect_to_ldap_and_check_if_locked(DnRecord)
608 if CommitChanges == 1 and len(SudoPasswd) > 0: # only if we are still good to go
610 Res = FinishConfirmSudopassword(lc, GetAttr(DnRecord, "uid"), Attrs, SudoPasswd)
615 Result = Result + "FinishConfirmSudopassword raised an error (%s) - no changes committed\n" % (e)
617 if CommitChanges == 1 and len(Attrs) > 0:
618 Dn = "uid=" + GetAttr(DnRecord, "uid") + "," + BaseDn
619 lc.modify_s(Dn, Attrs)
623 Attrs = lc.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "uid=" + GetAttr(DnRecord, "uid"))
625 raise UDNotAllowedError("User not found")
626 Attribs = GPGEncrypt(PrettyShow(Attrs[0]) + "\n", "0x" + Key[1], Key[4])
629 Subst["__FROM__"] = ChangeFrom
630 Subst["__EMAIL__"] = EmailAddress(DnRecord)
631 Subst["__ADMIN__"] = ReplyTo
632 Subst["__RESULT__"] = Result
633 Subst["__ATTR__"] = Attribs
635 return Reply + TemplateSubst(Subst, open(TemplatesDir + "change-reply", "r").read())
638 # Handle ping handles an email sent to the 'ping' address (ie this program
639 # called with a ping argument) It replies with a dump of the public records.
640 def HandlePing(Reply, DnRecord, Key):
642 Subst["__FROM__"] = PingFrom
643 Subst["__EMAIL__"] = EmailAddress(DnRecord)
644 Subst["__LDAPFIELDS__"] = PrettyShow(DnRecord)
645 Subst["__ADMIN__"] = ReplyTo
647 return Reply + TemplateSubst(Subst, open(TemplatesDir + "ping-reply", "r").read())
650 def get_crypttype_preamble(key):
652 type = "Your message was encrypted using PGP 2.x\ncompatibility mode."
654 type = "Your message was encrypted using GPG (OpenPGP)\ncompatibility "\
655 "mode, without IDEA. This message cannot be decoded using PGP 2.x"
659 # Handle a change password email sent to the change password address
660 # (this program called with the chpass argument)
661 def HandleChPass(Reply, DnRecord, Key):
662 # Generate a random password
664 Pass = HashPass(Password)
666 # Use GPG to encrypt it
667 Message = GPGEncrypt("Your new password is '" + Password + "'\n", "0x" + Key[1], Key[4])
671 raise UDFormatError("Unable to generate the encrypted reply, gpg failed.")
674 Subst["__FROM__"] = ChPassFrom
675 Subst["__EMAIL__"] = EmailAddress(DnRecord)
676 Subst["__CRYPTTYPE__"] = get_crypttype_preamble(Key)
677 Subst["__PASSWORD__"] = Message
678 Subst["__ADMIN__"] = ReplyTo
679 Reply = Reply + TemplateSubst(Subst, open(TemplatesDir + "passwd-changed", "r").read())
681 lc = connect_to_ldap_and_check_if_locked(DnRecord)
682 # Modify the password
683 Rec = [(ldap.MOD_REPLACE, "userPassword", "{crypt}" + Pass),
684 (ldap.MOD_REPLACE, "shadowLastChange", str(int(time.time() / (24 * 60 * 60))))]
685 Dn = "uid=" + GetAttr(DnRecord, "uid") + "," + BaseDn
691 def HandleChTOTPSeed(Reply, DnRecord, Key):
692 # Generate a random seed
693 seed = binascii.hexlify(open("/dev/urandom", "r").read(32))
694 random_id = binascii.hexlify(open("/dev/urandom", "r").read(32))
695 totp_file_name = "%d-%s" % (time.time(), random_id,)
697 msg = GPGEncrypt("Please go to %s/fetch-totp-seed.cgi?id=%s\n to fetch your TOTP seed" % (WebUILocation, totp_file_name), "0x" + Key[1], Key[4])
700 raise UDFormatError("Unable to generate the encrypted reply, gpg failed.")
703 Subst["__FROM__"] = ChPassFrom
704 Subst["__EMAIL__"] = EmailAddress(DnRecord)
705 Subst["__PASSWORD__"] = msg
706 Subst["__ADMIN__"] = ReplyTo
707 Reply += TemplateSubst(Subst, open(TemplatesDir + "totp-seed-changed", "r").read())
709 lc = connect_to_ldap_and_check_if_locked(DnRecord)
710 # Save the seed so the user can pick it up.
711 f = open(os.path.join(TOTPTicketDirectory, totp_file_name), os.O_WRONLY | os.O_CREAT)
713 print >> f, GetAttr(DnRecord, "uid")
716 # Modify the password
717 Rec = [(ldap.MOD_REPLACE, "totpSeed", seed)]
718 Dn = "uid=" + GetAttr(DnRecord, "uid") + "," + BaseDn
723 def HandleChKrbPass(Reply, DnRecord, Key):
724 # Connect to the ldap server, will throw an exception if account locked.
725 lc = connect_to_ldap_and_check_if_locked(DnRecord)
727 user = GetAttr(DnRecord, "uid")
728 krb_proc = subprocess.Popen(('ud-krb-reset', user), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
729 krb_proc.stdin.close()
730 out = krb_proc.stdout.readlines()
732 exitcode = krb_proc.returncode
734 # Use GPG to encrypt it
735 m = "Tried to reset your kerberos principal's password.\n"
737 m += "The exitcode of the reset script was zero, indicating that everything\n"
738 m += "worked. However, this being software who knows. Script's output below."
740 m += "The exitcode of the reset script was %d, indicating that something\n" % (exitcode,)
741 m += "went terribly, terribly wrong. Please consult the script's output below\n"
742 m += "for more information. Contact the admins if you have any questions or\n"
743 m += "require assitance."
745 m += "\n" + ''.join(map(lambda x: "| " + x, out))
747 Message = GPGEncrypt(m, "0x" + Key[1], Key[4])
749 raise UDFormatError("Unable to generate the encrypted reply, gpg failed.")
752 Subst["__FROM__"] = ChPassFrom
753 Subst["__EMAIL__"] = EmailAddress(DnRecord)
754 Subst["__CRYPTTYPE__"] = get_crypttype_preamble(Key)
755 Subst["__PASSWORD__"] = Message
756 Subst["__ADMIN__"] = ReplyTo
757 Reply += TemplateSubst(Subst, open(TemplatesDir + "passwd-changed", "r").read())
761 # Start of main program
764 # Drop messages from a mailer daemon.
765 if not os.environ.get('SENDER'):
768 ErrMsg = "Indeterminate Error"
769 ErrType = EX_TEMPFAIL
771 # Startup the replay cache
772 ErrType = EX_TEMPFAIL
773 ErrMsg = "Failed to initialize the replay cache:"
776 ErrType = EX_PERMFAIL
777 ErrMsg = "Failed to understand the email or find a signature:"
778 mail = email.parser.Parser().parse(sys.stdin)
779 Msg = GetClearSig(mail)
781 ErrMsg = "Message is not PGP signed:"
782 if Msg[0].find("-----BEGIN PGP SIGNED MESSAGE-----") == -1 and \
783 Msg[0].find("-----BEGIN PGP MESSAGE-----") == -1:
784 raise UDFormatError("No PGP signature")
786 # Check the signature
787 ErrMsg = "Unable to check the signature or the signature was invalid:"
788 pgp = GPGCheckSig2(Msg[0])
791 raise UDFormatError(pgp.why)
794 raise UDFormatError("Null signature text")
796 # Extract the plain message text in the event of mime encoding
798 ErrMsg = "Problem stripping MIME headers from the decoded message"
800 e = email.parser.Parser().parsestr(pgp.text)
801 PlainText = e.get_payload(decode=True)
805 # Connect to the ldap server
806 ErrType = EX_TEMPFAIL
807 ErrMsg = "An error occured while performing the LDAP lookup"
810 lc.simple_bind_s("", "")
812 # Search for the matching key fingerprint
813 Attrs = lc.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "keyFingerPrint={}".format(pgp.key_fpr))
815 ErrType = EX_PERMFAIL
817 raise UDFormatError("Key not found")
819 raise UDFormatError("Oddly your key fingerprint is assigned to more than one account..")
821 # Check the signature against the replay cache
822 RC = ReplayCache(ReplayCacheFile)
823 RC.process(pgp.sig_info)
825 # Determine the sender address
826 ErrMsg = "A problem occured while trying to formulate the reply"
827 Sender = mail.get('Reply-To', mail.get('From'))
829 raise UDFormatError("Unable to determine the sender's address")
832 Date = time.strftime("%a, %d %b %Y %H:%M:%S +0000", time.gmtime(time.time()))
833 Reply = "To: %s\nReply-To: %s\nDate: %s\n" % (Sender, ReplyTo, Date)
835 Res = lc.search_s(HostBaseDn, ldap.SCOPE_SUBTREE, '(objectClass=debianServer)', ['hostname'])
836 # Res is a list of tuples.
837 # The tuples contain a dn (str) and a dictionary.
838 # The dictionaries map the key "hostname" to a list.
839 # These lists contain a single hostname (str).
840 ValidHostNames = reduce(lambda a, b: a + b, [value.get("hostname", []) for (dn, value) in Res], [])
843 if sys.argv[1] == "ping":
844 Reply = HandlePing(Reply, Attrs[0], pgp.key_info)
845 elif sys.argv[1] == "chpass":
846 if PlainText.strip().find("Please change my Debian password") >= 0:
847 Reply = HandleChPass(Reply, Attrs[0], pgp.key_info)
848 elif PlainText.strip().find("Please change my Kerberos password") >= 0:
849 Reply = HandleChKrbPass(Reply, Attrs[0], pgp.key_info)
850 elif PlainText.strip().find("Please change my TOTP seed") >= 0:
851 Reply = HandleChTOTPSeed(Reply, Attrs[0], pgp.key_info)
853 raise UDFormatError("Please send a signed message where the first line of text is the string 'Please change my Debian password' or some other string we accept here.")
854 elif sys.argv[1] == "change":
855 Reply = HandleChange(Reply, Attrs[0], pgp.key_info)
858 raise UDFormatError("Incorrect Invokation")
860 # Send the message through sendmail
861 ErrMsg = "A problem occured while trying to send the reply"
862 Child = subprocess.Popen(['/usr/sbin/sendmail', '-t'], stdin=subprocess.PIPE)
863 Child.stdin.write(Reply)
865 if Child.wait() != 0:
866 raise UDExecuteError("Sendmail gave a non-zero return code")
870 Date = time.strftime("%a, %d %b %Y %H:%M:%S +0000", time.gmtime(time.time()))
871 ErrReplyHead = "To: %s\nReply-To: %s\nDate: %s\n" % (os.environ['SENDER'], ReplyTo, Date)
875 Subst["__ERROR__"] = ErrMsg
876 Subst["__ADMIN__"] = ReplyTo
878 Trace = "==> %s: %s\n" % (sys.exc_type, sys.exc_value)
879 List = traceback.extract_tb(sys.exc_traceback)
881 Trace = Trace + "Python Stack Trace:\n"
883 Trace = Trace + " %s %s:%u: %s\n" % (x[2], x[0], x[1], x[3])
885 Subst["__TRACE__"] = Trace
887 # Try to send the bounce
889 ErrReply = TemplateSubst(Subst, open(TemplatesDir + "error-reply", "r").read())
891 Child = subprocess.Popen(['/usr/sbin/sendmail', '-t', '-oi', '-f', ''], stdin=subprocess.PIPE)
892 Child.stdin.write(ErrReplyHead)
893 Child.stdin.write(ErrReply)
895 if Child.wait() != 0:
896 raise UDExecuteError("Sendmail gave a non-zero return code")
898 sys.exit(EX_TEMPFAIL)
900 if ErrType != EX_PERMFAIL:
906 # vim:set shiftwidth=4: