- Rec = [(ldap.MOD_REPLACE,"userPassword","{crypt}"+Pass),
- (ldap.MOD_REPLACE,"shadowLastChange",str(int(time.time()/24/60/60)))];
- Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn;
- l.modify_s(Dn,Rec);
+ Rec = [(ldap.MOD_REPLACE, "totpSeed", seed)]
+ Dn = "uid=" + GetAttr(DnRecord, "uid") + "," + BaseDn
+ lc.modify_s(Dn, Rec)
+ return Reply
+
+
+def HandleChKrbPass(Reply, DnRecord, Key):
+ # Connect to the ldap server, will throw an exception if account locked.
+ lc = connect_to_ldap_and_check_if_locked(DnRecord)
+
+ user = GetAttr(DnRecord, "uid")
+ krb_proc = subprocess.Popen(('ud-krb-reset', user), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+ krb_proc.stdin.close()
+ out = krb_proc.stdout.readlines()
+ krb_proc.wait()
+ exitcode = krb_proc.returncode
+
+ # Use GPG to encrypt it
+ m = "Tried to reset your kerberos principal's password.\n"
+ if exitcode == 0:
+ m += "The exitcode of the reset script was zero, indicating that everything\n"
+ m += "worked. However, this being software who knows. Script's output below."
+ else:
+ m += "The exitcode of the reset script was %d, indicating that something\n" % (exitcode,)
+ m += "went terribly, terribly wrong. Please consult the script's output below\n"
+ m += "for more information. Contact the admins if you have any questions or\n"
+ m += "require assitance."
+
+ m += "\n" + ''.join(map(lambda x: "| " + x, out))
+
+ Message = GPGEncrypt(m, "0x" + Key[1], Key[4])
+ if Message is None:
+ raise UDFormatError("Unable to generate the encrypted reply, gpg failed.")
+
+ Subst = {}
+ Subst["__FROM__"] = ChPassFrom
+ Subst["__EMAIL__"] = EmailAddress(DnRecord)
+ Subst["__CRYPTTYPE__"] = get_crypttype_preamble(Key)
+ Subst["__PASSWORD__"] = Message
+ Subst["__ADMIN__"] = ReplyTo
+ Reply += TemplateSubst(Subst, open(TemplatesDir + "passwd-changed", "r").read())
+
+ return Reply