X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-mailgate;h=6abeace9250e05ecc4e002540594271c0a1a324e;hb=6efa5603f4519500ac652687e927b9bea4d7ff5e;hp=283ee2236f86078a7d01a34ad470959492d1c774;hpb=68e4c53262fd7ba07d517ac671375565f5904646;p=mirror%2Fuserdir-ldap.git diff --git a/ud-mailgate b/ud-mailgate index 283ee22..6abeace 100755 --- a/ud-mailgate +++ b/ud-mailgate @@ -3,50 +3,45 @@ # Prior copyright probably rmurray, troup, joey, jgg -- weasel 2008 # Copyright (c) 2009 Stephen Gran -# Copyright (c) 2008 Peter Palfrader +# Copyright (c) 2008,2009,2010 Peter Palfrader # Copyright (c) 2008 Joerg Jaspert # Copyright (c) 2010 Helmut Grohne import userdir_gpg, userdir_ldap, sys, traceback, time, ldap, os, commands import pwd, tempfile +import subprocess +import email, email.parser +import binascii from userdir_gpg import * from userdir_ldap import * from userdir_exceptions import * # Error codes from /usr/include/sysexits.h -ReplyTo = ConfModule.replyto; -PingFrom = ConfModule.pingfrom; -ChPassFrom = ConfModule.chpassfrom; -ChangeFrom = ConfModule.changefrom; -ReplayCacheFile = ConfModule.replaycachefile; +ReplyTo = ConfModule.replyto +PingFrom = ConfModule.pingfrom +ChPassFrom = ConfModule.chpassfrom +ChangeFrom = ConfModule.changefrom +ReplayCacheFile = ConfModule.replaycachefile SSHFingerprintFile = ConfModule.fingerprintfile UUID_FORMAT = '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' -EX_TEMPFAIL = 75; -EX_PERMFAIL = 65; # EX_DATAERR -Error = 'Message Error'; -SeenKey = 0; -SeenDNS = 0; +EX_TEMPFAIL = 75 +EX_PERMFAIL = 65 # EX_DATAERR +Error = 'Message Error' +SeenKey = 0 +SeenDNS = 0 mailRBL = {} mailRHSBL = {} mailWhitelist = {} SeenList = {} DNS = {} -SudoPasswd = {} +ValidHostNames = [] # will be initialized in later -SSHFingerprint = re.compile('^(\d+) ([0-9a-f\:]{47}) (.+)$') +SSHFingerprint = re.compile('^(\d+) ([0-9a-f\:]{47}|SHA256:[0-9A-Za-z/+]{43}) (.+)$') SSHRSA1Match = re.compile('^^(.* )?\d+ \d+ \d+') -GenderTable = {"male": 1, - "1": 1, - "female": 2, - "2": 2, - "unspecified": 9, - "9": 9, -}; - ArbChanges = {"c": "..", "l": ".*", "facsimileTelephoneNumber": ".*", @@ -67,9 +62,8 @@ ArbChanges = {"c": "..", "mailCallout": "^(TRUE|FALSE)$", "mailDefaultOptions": "^(TRUE|FALSE)$", "VoIP": ".*", - "gender": "^(1|2|9|male|female|unspecified)$", "mailContentInspectionAction": "^(reject|blackhole|markup)$", -}; +} DelItems = {"c": None, "l": None, @@ -99,92 +93,98 @@ DelItems = {"c": None, "mailDefaultOptions": None, "VoIP": None, "mailContentInspectionAction": None, - }; + } # Decode a GPS location from some common forms def LocDecode(Str,Dir): # Check for Decimal degrees, DGM, or DGMS if re.match("^[+-]?[\d.]+$",Str) != None: - return Str; + return Str - Deg = '0'; Min = None; Sec = None; Dr = Dir[0]; + Deg = '0' + Min = None + Sec = None + Dr = Dir[0] # Check for DDDxMM.MMMM where x = [nsew] - Match = re.match("^(\d+)(["+Dir+"])([\d.]+)$",Str); + Match = re.match("^(\d+)(["+Dir+"])([\d.]+)$",Str) if Match != None: - G = Match.groups(); - Deg = G[0]; Min = G[2]; Dr = G[1]; + G = Match.groups() + Deg = G[0] + Min = G[2] + Dr = G[1] # Check for DD.DD x - Match = re.match("^([\d.]+) ?(["+Dir+"])$",Str); + Match = re.match("^([\d.]+) ?(["+Dir+"])$",Str) if Match != None: - G = Match.groups(); - Deg = G[0]; Dr = G[1]; + G = Match.groups() + Deg = G[0] + Dr = G[1] # Check for DD:MM.MM x - Match = re.match("^(\d+):([\d.]+) ?(["+Dir+"])$",Str); + Match = re.match("^(\d+):([\d.]+) ?(["+Dir+"])$",Str) if Match != None: - G = Match.groups(); - Deg = G[0]; Min = G[1]; Dr = G[2]; + G = Match.groups() + Deg = G[0] + Min = G[1] + Dr = G[2] # Check for DD:MM:SS.SS x - Match = re.match("^(\d+):(\d+):([\d.]+) ?(["+Dir+"])$",Str); + Match = re.match("^(\d+):(\d+):([\d.]+) ?(["+Dir+"])$",Str) if Match != None: - G = Match.groups(); - Deg = G[0]; Min = G[1]; Sec = G[2]; Dr = G[3]; + G = Match.groups() + Deg = G[0] + Min = G[1] + Sec = G[2] + Dr = G[3] # Some simple checks if float(Deg) > 180: - raise UDFormatError, "Bad degrees"; + raise UDFormatError, "Bad degrees" if Min != None and float(Min) > 60: - raise UDFormatError, "Bad minutes"; + raise UDFormatError, "Bad minutes" if Sec != None and float(Sec) > 60: - raise UDFormatError, "Bad seconds"; + raise UDFormatError, "Bad seconds" # Pad on an extra leading 0 to disambiguate small numbers if len(Deg) <= 1 or Deg[1] == '.': - Deg = '0' + Deg; + Deg = '0' + Deg if Min != None and (len(Min) <= 1 or Min[1] == '.'): - Min = '0' + Min; + Min = '0' + Min if Sec != None and (len(Sec) <= 1 or Sec[1] == '.'): - Sec = '0' + Sec; + Sec = '0' + Sec # Construct a DGM/DGMS type value from the components. Res = "+" if Dr == Dir[1]: - Res = "-"; - Res = Res + Deg; + Res = "-" + Res = Res + Deg if Min != None: - Res = Res + Min; + Res = Res + Min if Sec != None: - Res = Res + Sec; - return Res; + Res = Res + Sec + return Res # Handle changing a set of arbitary fields # : value def DoArbChange(Str,Attrs): - Match = re.match("^([^ :]+): (.*)$",Str); + Match = re.match("^([^ :]+): (.*)$",Str) if Match == None: - return None; - G = Match.groups(); + return None + G = Match.groups() - attrName = G[0].lower(); + attrName = G[0].lower() for i in ArbChanges.keys(): if i.lower() == attrName: - attrName = i; - break; + attrName = i + break if ArbChanges.has_key(attrName) == 0: - return None; + return None if re.match(ArbChanges[attrName],G[1]) == None: - raise UDFormatError, "Item does not match the required format"+ArbChanges[attrName]; + raise UDFormatError, "Item does not match the required format"+ArbChanges[attrName] - value = G[1]; - if attrName == 'gender': - if G[1] not in GenderTable: - raise UDFormatError, "Gender not found in table" - value = GenderTable[G[1]] # if attrName == 'birthDate': # (re.match("^([0-9]{4})([01][0-9])([0-3][0-9])$",G[1]) { @@ -209,47 +209,47 @@ def DoArbChange(Str,Attrs): # } elsif (not defined($query->param('birthdate')) or $query->param('birthdate') =~ /^\s*$/) { # $bd_ok = 1; # } - Attrs.append((ldap.MOD_REPLACE,attrName,value)); - return "Changed entry %s to %s"%(attrName,value); + Attrs.append((ldap.MOD_REPLACE,attrName,value)) + return "Changed entry %s to %s"%(attrName,value) # Handle changing a set of arbitary fields # : value def DoDel(Str,Attrs): - Match = re.match("^del (.*)$",Str); + Match = re.match("^del (.*)$",Str) if Match == None: - return None; - G = Match.groups(); + return None + G = Match.groups() - attrName = G[0].lower(); + attrName = G[0].lower() for i in DelItems.keys(): if i.lower() == attrName: - attrName = i; - break; + attrName = i + break if DelItems.has_key(attrName) == 0: - return "Cannot erase entry %s"%(attrName); + return "Cannot erase entry %s"%(attrName) - Attrs.append((ldap.MOD_DELETE,attrName,None)); - return "Removed entry %s"%(attrName); + Attrs.append((ldap.MOD_DELETE,attrName,None)) + return "Removed entry %s"%(attrName) # Handle a position change message, the line format is: # Lat: -12412.23 Long: +12341.2342 def DoPosition(Str,Attrs): Match = re.match("^lat: ([+\-]?[\d:.ns]+(?: ?[ns])?) long: ([+\-]?[\d:.ew]+(?: ?[ew])?)$", Str.lower()) if Match == None: - return None; + return None - G = Match.groups(); + G = Match.groups() try: - sLat = LocDecode(G[0],"ns"); - sLong = LocDecode(G[1],"ew"); - Lat = DecDegree(sLat,1); - Long = DecDegree(sLong,1); + sLat = LocDecode(G[0],"ns") + sLong = LocDecode(G[1],"ew") + Lat = DecDegree(sLat,1) + Long = DecDegree(sLong,1) except: - raise UDFormatError, "Positions were found, but they are not correctly formed"; + raise UDFormatError, "Positions were found, but they are not correctly formed" - Attrs.append((ldap.MOD_REPLACE,"latitude",sLat)); - Attrs.append((ldap.MOD_REPLACE,"longitude",sLong)); - return "Position set to %s/%s (%s/%s decimal degrees)"%(sLat,sLong,Lat,Long); + Attrs.append((ldap.MOD_REPLACE,"latitude",sLat)) + Attrs.append((ldap.MOD_REPLACE,"longitude",sLong)) + return "Position set to %s/%s (%s/%s decimal degrees)"%(sLat,sLong,Lat,Long) # Load bad ssh fingerprints def LoadBadSSH(): @@ -269,16 +269,16 @@ def LoadBadSSH(): # [allowed_hosts=machine1,machine2 ][options ]ssh-rsa keybytes [comment] machine_regex = re.compile("^[0-9a-zA-Z.-]+$") def DoSSH(Str, Attrs, badkeys, uid): - Match = SSH2AuthSplit.match(Str); + Match = SSH2AuthSplit.match(Str) if Match == None: - return None; + return None g = Match.groups() typekey = g[1] if Match == None: Match = SSHRSA1Match.match(Str) if Match is not None: return "RSA1 keys not supported anymore" - return None; + return None # lines can now be prepended with "allowed_hosts=machine1,machine2 " machines = [] @@ -293,6 +293,8 @@ def DoSSH(Str, Attrs, badkeys, uid): return "empty machine specification for ssh key" if not machine_regex.match(m): return "machine specification for ssh key contains invalid characters" + if m not in ValidHostNames: + return "unknown machine {} used in allowed_hosts stanza for ssh keys".format(m) (fd, path) = tempfile.mkstemp(".pub", "sshkeytry", "/tmp") f = open(path, "w") @@ -317,25 +319,22 @@ def DoSSH(Str, Attrs, badkeys, uid): Subst["__USER__"] = uid Match = SSHFingerprint.match(output) + if Match is None: + return "Failed to match SSH fingerprint, has the output of ssh-keygen changed?" g = Match.groups() + key_size = g[0] + fingerprint = g[1] - if int(g[0]) < 1024: - try: - # Body - Subst["__ERROR__"] = "SSH keysize %s is below limit 1024" % (g[0]) - ErrReply = TemplateSubst(Subst,open(TemplatesDir+"admin-info","r").read()) - - Child = os.popen("/usr/sbin/sendmail -t","w") - Child.write(ErrReplyHead) - Child.write(ErrReply) - if Child.close() != None: - raise UDExecuteError, "Sendmail gave a non-zero return code" - except: - sys.exit(EX_TEMPFAIL) + if typekey == "rsa": + key_size_ok = (int(key_size) >= 2048) + elif typekey == "ed25519": + key_size_ok = True + else: + key_size_ok = False - # And now break and stop processing input, which sends a reply to the user. - raise UDFormatError, "SSH keys must have at least 1024 bits, processing halted, NOTHING MODIFIED AT ALL" - elif g[1] in badkeys: + if not key_size_ok: + return "SSH key fails formal criteria, not added. We only accept RSA keys (>= 2048 bits) or ed25519 keys." + elif fingerprint in badkeys: try: # Body Subst["__ERROR__"] = "SSH key with fingerprint %s known as bad key" % (g[1]) @@ -352,17 +351,14 @@ def DoSSH(Str, Attrs, badkeys, uid): # And now break and stop processing input, which sends a reply to the user. raise UDFormatError, "Submitted SSH Key known to be bad and insecure, processing halted, NOTHING MODIFIED AT ALL" - if (typekey == "dss"): - return "DSA keys not accepted anymore" - - global SeenKey; + global SeenKey if SeenKey: - Attrs.append((ldap.MOD_ADD,"sshRSAAuthKey",Str)); - return "SSH Key added "+FormatSSHAuth(Str); - - Attrs.append((ldap.MOD_REPLACE,"sshRSAAuthKey",Str)); - SeenKey = 1; - return "SSH Keys replaced with "+FormatSSHAuth(Str); + Attrs.append((ldap.MOD_ADD,"sshRSAAuthKey",Str)) + return "SSH Key added: %s %s [%s]"%(key_size, fingerprint, FormatSSHAuth(Str)) + + Attrs.append((ldap.MOD_REPLACE,"sshRSAAuthKey",Str)) + SeenKey = 1 + return "SSH Keys replaced with: %s %s [%s]"%(key_size, fingerprint, FormatSSHAuth(Str)) # Handle changing a dns entry # host IN A 12.12.12.12 @@ -373,35 +369,37 @@ def DoDNS(Str,Attrs,DnRecord): cnamerecord = re.match("^[-\w]+\s+IN\s+CNAME\s+([-\w.]+\.)$",Str,re.IGNORECASE) arecord = re.match('^[-\w]+\s+IN\s+A\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$',Str,re.IGNORECASE) mxrecord = re.match("^[-\w]+\s+IN\s+MX\s+(\d{1,3})\s+([-\w.]+\.)$",Str,re.IGNORECASE) + txtrecord = re.match("^[-\w]+\s+IN\s+TXT\s+([-\d. a-z\t<>@:]+)", Str, re.IGNORECASE) #aaaarecord = re.match('^[-\w]+\s+IN\s+AAAA\s+((?:[0-9a-f]{1,4})(?::[0-9a-f]{1,4})*(?::(?:(?::[0-9a-f]{1,4})*|:))?)$',Str,re.IGNORECASE) aaaarecord = re.match('^[-\w]+\s+IN\s+AAAA\s+([A-F0-9:]{2,39})$',Str,re.IGNORECASE) - if cnamerecord == None and\ - arecord == None and\ - mxrecord == None and\ - aaaarecord == None: - return None; + if cnamerecord is None and\ + arecord is None and\ + mxrecord is None and\ + txtrecord is None and\ + aaaarecord is None: + return None # Check if the name is already taken G = re.match('^([-\w+]+)\s',Str) - if G == None: + if G is None: raise UDFormatError, "Hostname not found although we already passed record syntax checks" hostname = G.group(1) # Check for collisions - global l; + global l # [JT 20070409 - search for both tab and space suffixed hostnames # since we accept either. It'd probably be better to parse the # incoming string in order to construct what we feed LDAP rather # than just passing it through as is.] filter = "(|(dnsZoneEntry=%s *)(dnsZoneEntry=%s *))" % (hostname, hostname) - Rec = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,filter,["uid"]); + Rec = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,filter,["uid"]) for x in Rec: if GetAttr(x,"uid") != GetAttr(DnRecord,"uid"): return "DNS entry is already owned by " + GetAttr(x,"uid") - global SeenDNS; - global DNS; + global SeenDNS + global DNS if cnamerecord: if DNS.has_key(hostname): @@ -414,19 +412,21 @@ def DoDNS(Str,Attrs,DnRecord): else: DNS[hostname] = 1 - if cnamerecord != None: + if cnamerecord is not None: sanitized = "%s IN CNAME %s" % (hostname, cnamerecord.group(1)) - elif arecord != None: + elif txtrecord is not None: + sanitized = "%s IN TXT %s" % (hostname, txtrecord.group(1)) + elif arecord is not None: ipaddress = arecord.group(1) for quad in ipaddress.split('.'): if not (int(quad) >=0 and int(quad) <= 255): return "Invalid quad %s in IP address %s in line %s" %(quad, ipaddress, Str) sanitized = "%s IN A %s"% (hostname, ipaddress) - elif mxrecord != None: + elif mxrecord is not None: priority = mxrecord.group(1) mx = mxrecord.group(2) sanitized = "%s IN MX %s %s" % (hostname, priority, mx) - elif aaaarecord != None: + elif aaaarecord is not None: ipv6address = aaaarecord.group(1) parts = ipv6address.split(':') if len(parts) > 8: @@ -450,12 +450,12 @@ def DoDNS(Str,Attrs,DnRecord): raise UDFormatError, "None of the types I recognize was it. I shouldn't be here. confused." if SeenDNS: - Attrs.append((ldap.MOD_ADD,"dnsZoneEntry",sanitized)); - return "DNS Entry added "+sanitized; + Attrs.append((ldap.MOD_ADD,"dnsZoneEntry",sanitized)) + return "DNS Entry added " + sanitized - Attrs.append((ldap.MOD_REPLACE,"dnsZoneEntry",sanitized)); - SeenDNS = 1; - return "DNS Entry replaced with "+sanitized; + Attrs.append((ldap.MOD_REPLACE,"dnsZoneEntry",sanitized)) + SeenDNS = 1 + return "DNS Entry replaced with "+sanitized # Handle an RBL list (mailRBL, mailRHSBL, mailWhitelist) def DoRBL(Str,Attrs): @@ -477,12 +477,12 @@ def DoRBL(Str,Attrs): return "%s added %s" % (Key,Host) Attrs.append((ldap.MOD_REPLACE,Key,Host)) - SeenList[Key] = 1; + SeenList[Key] = 1 return "%s replaced with %s" % (Key,Host) # Handle a ConfirmSudoPassword request -def DoConfirmSudopassword(Str): - Match = re.compile('^confirm sudopassword ('+UUID_FORMAT+') ([a-z0-9.,*]+) ([0-9a-f]{40})$').match(Str) +def DoConfirmSudopassword(Str, SudoPasswd): + Match = re.compile('^confirm sudopassword ('+UUID_FORMAT+') ([a-z0-9.,*-]+) ([0-9a-f]{40})$').match(Str) if Match == None: return None @@ -490,15 +490,16 @@ def DoConfirmSudopassword(Str): hosts = Match.group(2) hmac = Match.group(3) - global SudoPasswd SudoPasswd[uuid] = (hosts, hmac) return "got confirm for sudo password %s on host(s) %s, auth code %s" % (uuid,hosts, hmac) -def FinishConfirmSudopassword(l, uid, Attrs): - global SudoPasswd +def FinishConfirmSudopassword(l, uid, Attrs, SudoPasswd): result = "\n" - res = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+uid, ['sudoPassword']); + if len(SudoPasswd) == 0: + return None + + res = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+uid, ['sudoPassword']) if len(res) != 1: raise UDFormatError, "Not exactly one hit when searching for user" if res[0][1].has_key('sudoPassword'): @@ -508,7 +509,7 @@ def FinishConfirmSudopassword(l, uid, Attrs): newldap = [] for entry in inldap: - Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry) + Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*-]+) ([^ ]+)$').match(entry) if Match == None: raise UDFormatError, "Could not parse existing sudopasswd entry" uuid = Match.group(1) @@ -547,202 +548,259 @@ def FinishConfirmSudopassword(l, uid, Attrs): return result +def connect_to_ldap_and_check_if_locked(DnRecord): + # Connect to the ldap server + l = connectLDAP() + F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r") + AccessPass = F.readline().strip().split(" ") + F.close() + l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]) + + # Check for a locked account + Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid")) + if (GetAttr(Attrs[0],"userPassword").find("*LK*") != -1) \ + or GetAttr(Attrs[0],"userPassword").startswith("!"): + raise UDNotAllowedError, "This account is locked" + + return l + # Handle an [almost] arbitary change def HandleChange(Reply,DnRecord,Key): - global PlainText; - Lines = re.split("\n *\r?",PlainText); + global PlainText + Lines = re.split("\n *\r?",PlainText) - Result = ""; - Attrs = []; - Show = 0; + Result = "" + Attrs = [] + SudoPasswd = {} + Show = 0 CommitChanges = 1 for Line in Lines: Line = Line.strip() if Line == "": - continue; + continue # Try to process a command line - Result = Result + "> "+Line+"\n"; + Result = Result + "> "+Line+"\n" try: if Line == "show": - Show = 1; - Res = "OK"; + Show = 1 + Res = "OK" else: badkeys = LoadBadSSH() Res = DoPosition(Line,Attrs) or DoDNS(Line,Attrs,DnRecord) or \ DoArbChange(Line,Attrs) or DoSSH(Line,Attrs,badkeys,GetAttr(DnRecord,"uid")) or \ - DoDel(Line,Attrs) or DoRBL(Line,Attrs) or DoConfirmSudopassword(Line) + DoDel(Line,Attrs) or DoRBL(Line,Attrs) or DoConfirmSudopassword(Line, SudoPasswd) except: - Res = None; - Result = Result + "==> %s: %s\n" %(sys.exc_type,sys.exc_value); + Res = None + Result = Result + "==> %s: %s\n" %(sys.exc_type,sys.exc_value) # Fail, if someone tries to send someone elses signed email to the # daemon then we want to abort ASAP. if Res == None: CommitChanges = 0 - Result = Result + "Command is not understood. Halted - no changes committed\n"; - break; - Result = Result + Res + "\n"; + Result = Result + "Command is not understood. Halted - no changes committed\n" + break + Result += Res + "\n" # Connect to the ldap server - l = connectLDAP() - F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r"); - AccessPass = F.readline().strip().split(" ") - F.close(); - - l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]); - oldAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid")); - if ((GetAttr(oldAttrs[0],"userPassword").find("*LK*") != -1) - or GetAttr(oldAttrs[0],"userPassword").startswith("!")): - raise UDNotAllowedError, "This account is locked"; + l = connect_to_ldap_and_check_if_locked(DnRecord) - if CommitChanges == 1: # only if we are still good to go + if CommitChanges == 1 and len(SudoPasswd) > 0: # only if we are still good to go try: - Res = FinishConfirmSudopassword(l, GetAttr(DnRecord,"uid"), Attrs) - Result = Result + Res + "\n"; + Res = FinishConfirmSudopassword(l, GetAttr(DnRecord,"uid"), Attrs, SudoPasswd) + if Res is not None: + Result = Result + Res + "\n" except Error, e: CommitChanges = 0 - Result = Result + "FinishConfirmSudopassword raised an error (%s) - no changes committed\n"%(e); + Result = Result + "FinishConfirmSudopassword raised an error (%s) - no changes committed\n"%(e) - # Modify the record - if CommitChanges == 1: - Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn; - l.modify_s(Dn,Attrs); + if CommitChanges == 1 and len(Attrs) > 0: + Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn + l.modify_s(Dn,Attrs) - Attribs = ""; + Attribs = "" if Show == 1: - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid")); + Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid")) if len(Attrs) == 0: raise UDNotAllowedError, "User not found" - Attribs = GPGEncrypt(PrettyShow(Attrs[0])+"\n","0x"+Key[1],Key[4]); + Attribs = GPGEncrypt(PrettyShow(Attrs[0])+"\n","0x"+Key[1],Key[4]) - Subst = {}; - Subst["__FROM__"] = ChangeFrom; - Subst["__EMAIL__"] = EmailAddress(DnRecord); - Subst["__ADMIN__"] = ReplyTo; - Subst["__RESULT__"] = Result; - Subst["__ATTR__"] = Attribs; + Subst = {} + Subst["__FROM__"] = ChangeFrom + Subst["__EMAIL__"] = EmailAddress(DnRecord) + Subst["__ADMIN__"] = ReplyTo + Subst["__RESULT__"] = Result + Subst["__ATTR__"] = Attribs - return Reply + TemplateSubst(Subst,open(TemplatesDir+"change-reply","r").read()); + return Reply + TemplateSubst(Subst,open(TemplatesDir+"change-reply","r").read()) # Handle ping handles an email sent to the 'ping' address (ie this program # called with a ping argument) It replies with a dump of the public records. def HandlePing(Reply,DnRecord,Key): - Subst = {}; - Subst["__FROM__"] = PingFrom; - Subst["__EMAIL__"] = EmailAddress(DnRecord); - Subst["__LDAPFIELDS__"] = PrettyShow(DnRecord); - Subst["__ADMIN__"] = ReplyTo; + Subst = {} + Subst["__FROM__"] = PingFrom + Subst["__EMAIL__"] = EmailAddress(DnRecord) + Subst["__LDAPFIELDS__"] = PrettyShow(DnRecord) + Subst["__ADMIN__"] = ReplyTo + + return Reply + TemplateSubst(Subst,open(TemplatesDir+"ping-reply","r").read()) - return Reply + TemplateSubst(Subst,open(TemplatesDir+"ping-reply","r").read()); + + +def get_crypttype_preamble(key): + if (key[4] == 1): + type = "Your message was encrypted using PGP 2.x\ncompatibility mode." + else: + type = "Your message was encrypted using GPG (OpenPGP)\ncompatibility "\ + "mode, without IDEA. This message cannot be decoded using PGP 2.x" + return type # Handle a change password email sent to the change password address # (this program called with the chpass argument) def HandleChPass(Reply,DnRecord,Key): # Generate a random password - Password = GenPass(); - Pass = HashPass(Password); - + Password = GenPass() + Pass = HashPass(Password) + # Use GPG to encrypt it Message = GPGEncrypt("Your new password is '" + Password + "'\n",\ - "0x"+Key[1],Key[4]); - Password = None; + "0x"+Key[1],Key[4]) + Password = None if Message == None: - raise UDFormatError, "Unable to generate the encrypted reply, gpg failed."; + raise UDFormatError, "Unable to generate the encrypted reply, gpg failed." - if (Key[4] == 1): - Type = "Your message was encrypted using PGP 2.x\ncompatibility mode."; - else: - Type = "Your message was encrypted using GPG (OpenPGP)\ncompatibility "\ - "mode, without IDEA. This message cannot be decoded using PGP 2.x"; - - Subst = {}; - Subst["__FROM__"] = ChPassFrom; - Subst["__EMAIL__"] = EmailAddress(DnRecord); - Subst["__CRYPTTYPE__"] = Type; - Subst["__PASSWORD__"] = Message; - Subst["__ADMIN__"] = ReplyTo; - Reply = Reply + TemplateSubst(Subst,open(TemplatesDir+"passwd-changed","r").read()); - - # Connect to the ldap server - l = connectLDAP() - F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r"); - AccessPass = F.readline().strip().split(" ") - F.close(); - l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]); - - # Check for a locked account - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid")); - if (GetAttr(Attrs[0],"userPassword").find("*LK*") != -1) \ - or GetAttr(Attrs[0],"userPassword").startswith("!"): - raise UDNotAllowedError, "This account is locked"; + Subst = {} + Subst["__FROM__"] = ChPassFrom + Subst["__EMAIL__"] = EmailAddress(DnRecord) + Subst["__CRYPTTYPE__"] = get_crypttype_preamble(Key) + Subst["__PASSWORD__"] = Message + Subst["__ADMIN__"] = ReplyTo + Reply = Reply + TemplateSubst(Subst,open(TemplatesDir+"passwd-changed","r").read()) + l = connect_to_ldap_and_check_if_locked(DnRecord) # Modify the password Rec = [(ldap.MOD_REPLACE,"userPassword","{crypt}"+Pass), - (ldap.MOD_REPLACE,"shadowLastChange",str(int(time.time()/24/60/60)))]; - Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn; - l.modify_s(Dn,Rec); + (ldap.MOD_REPLACE,"shadowLastChange",str(int(time.time()/24/60/60)))] + Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn + l.modify_s(Dn,Rec) + + return Reply + +def HandleChTOTPSeed(Reply, DnRecord, Key): + # Generate a random seed + seed = binascii.hexlify(open("/dev/urandom", "r").read(32)) + msg = GPGEncrypt("Your new TOTP seed is '%s'\n" % (seed,), "0x"+Key[1],Key[4]) + + if msg is None: + raise UDFormatError, "Unable to generate the encrypted reply, gpg failed." + + Subst = {} + Subst["__FROM__"] = ChPassFrom + Subst["__EMAIL__"] = EmailAddress(DnRecord) + Subst["__PASSWORD__"] = msg + Subst["__ADMIN__"] = ReplyTo + Reply = Reply + TemplateSubst(Subst, open(TemplatesDir+"totp-seed-changed", "r").read()) + + l = connect_to_ldap_and_check_if_locked(DnRecord) + # Modify the password + Rec = [(ldap.MOD_REPLACE, "totpSeed", seed)] + Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn + l.modify_s(Dn,Rec) + return Reply + +def HandleChKrbPass(Reply,DnRecord,Key): + # Connect to the ldap server, will throw an exception if account locked. + l = connect_to_ldap_and_check_if_locked(DnRecord) + + user = GetAttr(DnRecord,"uid") + krb_proc = subprocess.Popen( ('ud-krb-reset', user), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + krb_proc.stdin.close() + out = krb_proc.stdout.readlines() + krb_proc.wait() + exitcode = krb_proc.returncode + + # Use GPG to encrypt it + m = "Tried to reset your kerberos principal's password.\n" + if exitcode == 0: + m += "The exitcode of the reset script was zero, indicating that everything\n" + m += "worked. However, this being software who knows. Script's output below." + else: + m += "The exitcode of the reset script was %d, indicating that something\n"%(exitcode) + m += "went terribly, terribly wrong. Please consult the script's output below\n" + m += "for more information. Contact the admins if you have any questions or\n" + m += "require assitance." + + m += "\n"+''.join( map(lambda x: "| "+x, out) ) + + Message = GPGEncrypt(m, "0x"+Key[1],Key[4]) + if Message == None: + raise UDFormatError, "Unable to generate the encrypted reply, gpg failed." + + Subst = {} + Subst["__FROM__"] = ChPassFrom + Subst["__EMAIL__"] = EmailAddress(DnRecord) + Subst["__CRYPTTYPE__"] = get_crypttype_preamble(Key) + Subst["__PASSWORD__"] = Message + Subst["__ADMIN__"] = ReplyTo + Reply = Reply + TemplateSubst(Subst,open(TemplatesDir+"passwd-changed","r").read()) + + return Reply - return Reply; - # Start of main program # Drop messages from a mailer daemon. if os.environ.has_key('SENDER') == 0 or len(os.environ['SENDER']) == 0: - sys.exit(0); + sys.exit(0) -ErrMsg = "Indeterminate Error"; -ErrType = EX_TEMPFAIL; +ErrMsg = "Indeterminate Error" +ErrType = EX_TEMPFAIL try: # Startup the replay cache - ErrType = EX_TEMPFAIL; - ErrMsg = "Failed to initialize the replay cache:"; + ErrType = EX_TEMPFAIL + ErrMsg = "Failed to initialize the replay cache:" # Get the email - ErrType = EX_PERMFAIL; - ErrMsg = "Failed to understand the email or find a signature:"; - Email = mimetools.Message(sys.stdin,0); - Msg = GetClearSig(Email); + ErrType = EX_PERMFAIL + ErrMsg = "Failed to understand the email or find a signature:" + mail = email.parser.Parser().parse(sys.stdin) + Msg = GetClearSig(mail) ErrMsg = "Message is not PGP signed:" if Msg[0].find("-----BEGIN PGP SIGNED MESSAGE-----") == -1 and \ Msg[0].find("-----BEGIN PGP MESSAGE-----") == -1: - raise UDFormatError, "No PGP signature"; + raise UDFormatError, "No PGP signature" # Check the signature - ErrMsg = "Unable to check the signature or the signature was invalid:"; - Res = GPGCheckSig(Msg[0]); + ErrMsg = "Unable to check the signature or the signature was invalid:" + pgp = GPGCheckSig2(Msg[0]) - if Res[0] != None: - raise UDFormatError, Res[0]; + if not pgp.ok: + raise UDFormatError, pgp.why - if Res[3] == None: - raise UDFormatError, "Null signature text"; + if pgp.text is None: + raise UDFormatError, "Null signature text" # Extract the plain message text in the event of mime encoding - global PlainText; + global PlainText ErrMsg = "Problem stripping MIME headers from the decoded message" if Msg[1] == 1: - try: - Index = Res[3].index("\n\n") + 2; - except ValueError: - Index = Res[3].index("\n\r\n") + 3; - PlainText = Res[3][Index:]; + e = email.parser.Parser().parsestr(pgp.text) + PlainText = e.get_payload(decode=True) else: - PlainText = Res[3]; + PlainText = pgp.text # Connect to the ldap server - ErrType = EX_TEMPFAIL; - ErrMsg = "An error occured while performing the LDAP lookup"; - global l; + ErrType = EX_TEMPFAIL + ErrMsg = "An error occured while performing the LDAP lookup" + global l l = connectLDAP() - l.simple_bind_s("",""); + l.simple_bind_s("","") # Search for the matching key fingerprint - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyFingerPrint=" + Res[2][1]); + Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyFingerPrint=" + pgp.key_fpr) - ErrType = EX_PERMFAIL; + ErrType = EX_PERMFAIL if len(Attrs) == 0: raise UDFormatError, "Key not found" if len(Attrs) != 1: @@ -750,83 +808,86 @@ try: # Check the signature against the replay cache - RC = ReplayCache(ReplayCacheFile); - RC.Clean(); - ErrMsg = "The replay cache rejected your message. Check your clock!"; - Rply = RC.Check(Res[1]); - if Rply != None: - RC.close() - raise UDNotAllowedError, Rply; - RC.Add(Res[1]); - RC.close() + RC = ReplayCache(ReplayCacheFile) + RC.process(pgp.sig_info) # Determine the sender address - ErrMsg = "A problem occured while trying to formulate the reply"; - Sender = Email.getheader("Reply-To"); - if Sender == None: - Sender = Email.getheader("From"); - if Sender == None: - raise UDFormatError, "Unable to determine the sender's address"; + ErrMsg = "A problem occured while trying to formulate the reply" + Sender = mail['Reply-To'] + if not Sender: Sender = mail['From'] + if not Sender: raise UDFormatError, "Unable to determine the sender's address" # Formulate a reply - Date = time.strftime("%a, %d %b %Y %H:%M:%S +0000",time.gmtime(time.time())); - Reply = "To: %s\nReply-To: %s\nDate: %s\n" % (Sender,ReplyTo,Date); + Date = time.strftime("%a, %d %b %Y %H:%M:%S +0000",time.gmtime(time.time())) + Reply = "To: %s\nReply-To: %s\nDate: %s\n" % (Sender,ReplyTo,Date) + + Res = l.search_s(HostBaseDn, ldap.SCOPE_SUBTREE, '(objectClass=debianServer)', ['hostname'] ) + # Res is a list of tuples. + # The tuples contain a dn (str) and a dictionary. + # The dictionaries map the key "hostname" to a list. + # These lists contain a single hostname (str). + ValidHostNames = reduce(lambda a,b: a+b, [value.get("hostname", []) for (dn, value) in Res], []) # Dispatch if sys.argv[1] == "ping": - Reply = HandlePing(Reply,Attrs[0],Res[2]); + Reply = HandlePing(Reply,Attrs[0],pgp.key_info) elif sys.argv[1] == "chpass": - if PlainText.strip().find("Please change my Debian password") != 0: - raise UDFormatError,"Please send a signed message where the first line of text is the string 'Please change my Debian password'"; - Reply = HandleChPass(Reply,Attrs[0],Res[2]); + if PlainText.strip().find("Please change my Debian password") >= 0: + Reply = HandleChPass(Reply,Attrs[0],pgp.key_info) + elif PlainText.strip().find("Please change my Kerberos password") >= 0: + Reply = HandleChKrbPass(Reply,Attrs[0],pgp.key_info) + elif PlainText.strip().find("Please change my TOTP seed") >= 0: + Reply = HandleChTOTPSeed(Reply, Attrs[0], pgp.key_info) + else: + raise UDFormatError,"Please send a signed message where the first line of text is the string 'Please change my Debian password' or some other string we accept here." elif sys.argv[1] == "change": - Reply = HandleChange(Reply,Attrs[0],Res[2]); + Reply = HandleChange(Reply,Attrs[0],pgp.key_info) else: - print sys.argv; - raise UDFormatError, "Incorrect Invokation"; + print sys.argv + raise UDFormatError, "Incorrect Invokation" # Send the message through sendmail - ErrMsg = "A problem occured while trying to send the reply"; - Child = os.popen("/usr/sbin/sendmail -t","w"); -# Child = os.popen("cat","w"); - Child.write(Reply); + ErrMsg = "A problem occured while trying to send the reply" + Child = os.popen("/usr/sbin/sendmail -t","w") +# Child = os.popen("cat","w") + Child.write(Reply) if Child.close() != None: - raise UDExecuteError, "Sendmail gave a non-zero return code"; + raise UDExecuteError, "Sendmail gave a non-zero return code" except: # Error Reply Header - Date = time.strftime("%a, %d %b %Y %H:%M:%S +0000",time.gmtime(time.time())); - ErrReplyHead = "To: %s\nReply-To: %s\nDate: %s\n" % (os.environ['SENDER'],ReplyTo,Date); + Date = time.strftime("%a, %d %b %Y %H:%M:%S +0000",time.gmtime(time.time())) + ErrReplyHead = "To: %s\nReply-To: %s\nDate: %s\n" % (os.environ['SENDER'],ReplyTo,Date) # Error Body - Subst = {}; - Subst["__ERROR__"] = ErrMsg; - Subst["__ADMIN__"] = ReplyTo; + Subst = {} + Subst["__ERROR__"] = ErrMsg + Subst["__ADMIN__"] = ReplyTo - Trace = "==> %s: %s\n" %(sys.exc_type,sys.exc_value); - List = traceback.extract_tb(sys.exc_traceback); + Trace = "==> %s: %s\n" %(sys.exc_type,sys.exc_value) + List = traceback.extract_tb(sys.exc_traceback) if len(List) > 1: - Trace = Trace + "Python Stack Trace:\n"; + Trace = Trace + "Python Stack Trace:\n" for x in List: - Trace = Trace + " %s %s:%u: %s\n" %(x[2],x[0],x[1],x[3]); + Trace = Trace + " %s %s:%u: %s\n" %(x[2],x[0],x[1],x[3]) - Subst["__TRACE__"] = Trace; + Subst["__TRACE__"] = Trace # Try to send the bounce try: - ErrReply = TemplateSubst(Subst,open(TemplatesDir+"error-reply","r").read()); + ErrReply = TemplateSubst(Subst,open(TemplatesDir+"error-reply","r").read()) - Child = os.popen("/usr/sbin/sendmail -t -oi -f ''","w"); - Child.write(ErrReplyHead); - Child.write(ErrReply); + Child = os.popen("/usr/sbin/sendmail -t -oi -f ''","w") + Child.write(ErrReplyHead) + Child.write(ErrReply) if Child.close() != None: - raise UDExecuteError, "Sendmail gave a non-zero return code"; + raise UDExecuteError, "Sendmail gave a non-zero return code" except: - sys.exit(EX_TEMPFAIL); + sys.exit(EX_TEMPFAIL) if ErrType != EX_PERMFAIL: - sys.exit(ErrType); - sys.exit(0); + sys.exit(ErrType) + sys.exit(0) # vim:set et: # vim:set ts=3: