confirmedHosts = SudoPasswd[uuid][0]
confirmedHmac = SudoPasswd[uuid][1]
if status.startswith('confirmed:'):
- if status == 'confirmed:'+make_passwd_hmac('password-is-confirmed', 'sudo', uid, ,uuid, hosts, cryptedpass):
+ if status == 'confirmed:'+make_passwd_hmac('password-is-confirmed', 'sudo', uid, uuid, hosts, cryptedpass):
result = result + "Entry %s for sudo password on hosts %s already confirmed.\n"%(uuid, hosts)
else:
result = result + "Entry %s for sudo password on hosts %s is listed as confirmed, but HMAC does not verify.\n"%(uuid, hosts)
if ((GetAttr(oldAttrs[0],"userPassword").find("*LK*") != -1)
or GetAttr(oldAttrs[0],"userPassword").startswith("!")):
raise Error, "This account is locked";
- try:
- Res = FinishConfirmSudopassword(l, GetAttr(DnRecord,"uid"), Attrs)
- Result = Result + Res + "\n";
- except Error, e:
- CommitChanges = 0
- Result = Result + "FinishConfirmSudopassword raised an error (%s) - no changes committed\n"%(e);
+
+ if CommitChanges == 1: # only if we are still good to go
+ try:
+ Res = FinishConfirmSudopassword(l, GetAttr(DnRecord,"uid"), Attrs)
+ Result = Result + Res + "\n";
+ except Error, e:
+ CommitChanges = 0
+ Result = Result + "FinishConfirmSudopassword raised an error (%s) - no changes committed\n"%(e);
+
# Modify the record
- Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn;
if CommitChanges == 1:
+ Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn;
l.modify_s(Dn,Attrs);
Attribs = "";
if len(Attrs) == 0:
raise Error, "User not found"
Attribs = GPGEncrypt(PrettyShow(Attrs[0])+"\n","0x"+Key[1],Key[4]);
-
+
Subst = {};
Subst["__FROM__"] = ChangeFrom;
Subst["__EMAIL__"] = EmailAddress(DnRecord);
# Startup the replay cache
ErrType = EX_TEMPFAIL;
ErrMsg = "Failed to initialize the replay cache:";
- RC = ReplayCache(ReplayCacheFile);
- RC.Clean();
# Get the email
ErrType = EX_PERMFAIL;
else:
PlainText = Res[3];
- # Check the signature against the replay cache
- ErrMsg = "The replay cache rejected your message. Check your clock!";
- Rply = RC.Check(Res[1]);
- if Rply != None:
- raise Error, Rply;
-
# Connect to the ldap server
ErrType = EX_TEMPFAIL;
ErrMsg = "An error occured while performing the LDAP lookup";
if len(Attrs) != 1:
raise Error, "Oddly your key fingerprint is assigned to more than one account.."
+
+ # Check the signature against the replay cache
+ RC = ReplayCache(ReplayCacheFile);
+ RC.Clean();
+ ErrMsg = "The replay cache rejected your message. Check your clock!";
+ Rply = RC.Check(Res[1]);
+ if Rply != None:
+ RC.close()
+ raise Error, Rply;
RC.Add(Res[1]);
+ RC.close()
# Determine the sender address
ErrMsg = "A problem occured while trying to formulate the reply";
try:
ErrReply = TemplateSubst(Subst,open(TemplatesDir+"error-reply","r").read());
- Child = os.popen("/usr/sbin/sendmail -t","w");
+ Child = os.popen("/usr/sbin/sendmail -t -oi -f ''","w");
Child.write(ErrReplyHead);
Child.write(ErrReply);
if Child.close() != None:
if ErrType != EX_PERMFAIL:
sys.exit(ErrType);
sys.exit(0);
-
+
+# vim:set et:
+# vim:set ts=3:
+# vim:set shiftwidth=3:
projects / mirror / userdir-ldap.git / blobdiff