X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-mailgate;h=1ba2c53412b23158c4a7e1b6f08a88fe77f60449;hb=0539c19e661f05d992fdeb6e05ec9dcf99bb691d;hp=c01513c1b3c95b611253c8f05d3c6ffe20faf1c0;hpb=4767c94f71bc35ba279bc53ae0649702e940eb38;p=mirror%2Fuserdir-ldap.git diff --git a/ud-mailgate b/ud-mailgate index c01513c..1ba2c53 100755 --- a/ud-mailgate +++ b/ud-mailgate @@ -7,8 +7,6 @@ import userdir_gpg, userdir_ldap, sys, traceback, time, ldap, os, commands import pwd, tempfile -import hmac -import sha as sha1_module from userdir_gpg import * from userdir_ldap import * @@ -84,7 +82,6 @@ DelItems = {"c": None, "jpegPhoto": None, "dnsZoneEntry": None, "sshRSAAuthKey": None, - "sshDSAAuthKey": None, "birthDate" : None, "mailGreylisting": None, "mailCallout": None, @@ -95,14 +92,6 @@ DelItems = {"c": None, "VoIP": None, }; -def make_hmac(str): - F = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r"); - key = F.readline().strip() - F.close(); - - return hmac.new(key, str, sha1_module).hexdigest() - - # Decode a GPS location from some common forms def LocDecode(Str,Dir): @@ -463,7 +452,7 @@ def DoRBL(Str,Attrs): # Handle a ConfirmSudoPassword request def DoConfirmSudopassword(Str): - Match = re.compile('^confirm sudopassword ('+UUID_FORMAT+') ([a-z0-9,*]+) ([0-9a-f]{40})$').match(Str.lower()) + Match = re.compile('^confirm sudopassword ('+UUID_FORMAT+') ([a-z0-9.,*]+) ([0-9a-f]{40})$').match(Str) if Match == None: return None @@ -489,7 +478,7 @@ def FinishConfirmSudopassword(l, uid, Attrs): newldap = [] for entry in inldap: - Match = re.compile('^('+UUID_FORMAT+') (confirmed|unconfirmed) ([a-z0-9,*]+) ([^ ]+)$').match(entry.lower()) + Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry) if Match == None: raise Error, "Could not parse existing sudopasswd entry" uuid = Match.group(1) @@ -500,13 +489,16 @@ def FinishConfirmSudopassword(l, uid, Attrs): if SudoPasswd.has_key(uuid): confirmedHosts = SudoPasswd[uuid][0] confirmedHmac = SudoPasswd[uuid][1] - if status == "confirmed": - result = result + "Entry %s for sudo password on hosts %s already confirmed.\n"%(uuid, hosts) + if status.startswith('confirmed:'): + if status == 'confirmed:'+make_passwd_hmac('password-is-confirmed', 'sudo', uid, ,uuid, hosts, cryptedpass): + result = result + "Entry %s for sudo password on hosts %s already confirmed.\n"%(uuid, hosts) + else: + result = result + "Entry %s for sudo password on hosts %s is listed as confirmed, but HMAC does not verify.\n"%(uuid, hosts) elif confirmedHosts != hosts: result = result + "Entry %s hostlist mismatch (%s vs. %s).\n"%(uuid, hosts, confirmedHosts) - elif make_hmac(':'.join([uuid, hosts, cryptedpass])) == confirmedHmac: + elif make_passwd_hmac('confirm-new-password', 'sudo', uid, uuid, hosts, cryptedpass) == confirmedHmac: result = result + "Entry %s for sudo password on hosts %s now confirmed.\n"%(uuid, hosts) - status = 'confirmed' + status = 'confirmed:'+make_passwd_hmac('password-is-confirmed', 'sudo', uid, uuid, hosts, cryptedpass) else: result = result + "Entry %s for sudo password on hosts %s HMAC verify failed.\n"%(uuid, hosts) del SudoPasswd[uuid]