X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=ud-echelon;h=36329807b5f882da88be8843cc50d0b0bd3ef3a4;hp=6434f0e7ddba9c78a474f66b6779c29866fb94a5;hb=a6fb69805c3999a85c064a96c93417bb1c284c5c;hpb=d34f4cb87a80d211f07fc1bfb2b9a630d1346e7c diff --git a/ud-echelon b/ud-echelon index 6434f0e..3632980 100755 --- a/ud-echelon +++ b/ud-echelon @@ -1,28 +1,40 @@ #!/usr/bin/env python # -*- mode: python -*- -import userdir_gpg, userdir_ldap, sys, traceback, time, ldap, posix; -import string, pwd +import userdir_gpg, userdir_ldap, sys, traceback, time, ldap, os, getopt; +import pwd from userdir_gpg import *; from userdir_ldap import *; EX_TEMPFAIL = 75; EX_PERMFAIL = 65; # EX_DATAERR +Debug = None; # Try to extract a key fingerprint from a PGP siged message def TryGPG(Email): # Try to get a pgp text - Msg = GetClearSig(Email); - if string.find(Msg[0],"-----BEGIN PGP SIGNED MESSAGE-----") == -1: + try: + Msg = GetClearSig(Email); + except: + # Log an exception.. but continue. This is to deal with 'sort of' + # PGP-MIME things + S = "%s: %s -> %s\n" %(Now,MsgID,ErrMsg); + S = S + " %s: %s\n" %(sys.exc_type,sys.exc_value); + ErrLog.write(S); return None; - + + if Msg[0].find("-----BEGIN PGP SIGNED MESSAGE-----") == -1: + return None; + Res = GPGCheckSig(Msg[0]); # Failed to find a matching sig if Res[0] != None: + S = "%s: %s -> PGP Checking failed '%s': %s %s\n" %(Now,MsgID,Email.getheader("From"),str(Res[0]),str(Res[2])); + ErrLog.write(S); return None; # Search for the matching key fingerprint - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyfingerprint=" + Res[2][1]); + Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyFingerPrint=" + Res[2][1]); if len(Attrs) == 0: return None; if len(Attrs) != 1: @@ -30,71 +42,6 @@ def TryGPG(Email): return (Attrs[0][1]["uid"][0],"PGP",FormatPGPKey(Res[2][1])); -# Convert the PGP name string to a uid value -def GetUID(l,Name,UnknownMap = {}): - # Crack up the email address into a best guess first/middle/last name - (cn,mn,sn) = NameSplit(re.sub('["]','',Name[0])) - - # Brackets anger the ldap searcher - cn = re.sub('[(")]','?',cn); - sn = re.sub('[(")]','?',sn); - - # First check the unknown map for the email address - if UnknownMap.has_key(Name[1] + '@' + Name[2]): - Stat = "unknown map hit for "+str(Name); - return (UnknownMap[Name[1] + '@' + Name[2]],[Stat]); - - # Then the cruft component (ie there was no email address to match) - if UnknownMap.has_key(Name[2]): - Stat = "unknown map hit for"+str(Name); - return (UnknownMap[Name[2]],[Stat]); - - # Search for a possible first/last name hit - try: - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"(&(cn=%s)(sn=%s))"%(cn,sn),["uid"]); - except ldap.FILTER_ERROR: - Stat = "Filter failure: (&(cn=%s)(sn=%s))"%(cn,sn); - return (None,[Stat]); - - # Try matching on the email address - if (len(Attrs) != 1): - try: - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"emailforward=%s"%(Name[2]),["uid"]); - except ldap.FILTER_ERROR: - pass; - - # Hmm, more than one/no return - if (len(Attrs) != 1): - # Key claims a local address - if Name[2] == EmailAppend: - - # Pull out the record for the claimed user - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"(uid=%s)"%(Name[1]),["uid","sn","cn"]); - - # We require the UID surname to be someplace in the key name, this - # deals with special purpose keys like 'James Troup (Alternate Debian key)' - # Some people put their names backwards on their key too.. check that as well - if len(Attrs) == 1 and \ - (string.find(string.lower(sn),string.lower(Attrs[0][1]["sn"][0])) != -1 or \ - string.find(string.lower(cn),string.lower(Attrs[0][1]["sn"][0])) != -1): - Stat = EmailAppend+" hit for "+str(Name); - return (Name[1],[Stat]); - - # Attempt to give some best guess suggestions for use in editing the - # override file. - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"(sn~=%s)"%(sn),["uid","sn","cn"]); - - Stat = []; - if len(Attrs) != 0: - Stat = ["None for %s"%(str(Name))]; - for x in Attrs: - Stat.append("But might be: %s %s <%s@debian.org>"%(x[1]["cn"][0],x[1]["sn"][0],x[1]["uid"][0])); - return (None,Stat); - else: - return (Attrs[0][1]["uid"][0],None); - - return (None,None); - # Try to guess the name from the email address def TryMatcher(Email): Sender = Email.getheader("From"); @@ -116,11 +63,21 @@ def TryMatcher(Email): return None; return (UID[0],"FROM",Sender); + +# Process options +(options, arguments) = getopt.getopt(sys.argv[1:], "dr") +for (switch, val) in options: + if (switch == '-d'): + Debug = ""; # Open the log files -MainLog = open(Ech_MainLog,"a+",0); -ErrLog = open(Ech_ErrorLog,"a+",0); - +if Debug == None: + MainLog = open(Ech_MainLog,"a+",0); + ErrLog = open(Ech_ErrorLog,"a+",0); +else: + MainLog = open("/dev/stdout","a+",0); + ErrLog = open("/dev/stdout","a+",0); + # Start of main program ErrMsg = "Indeterminate Error"; ErrType = EX_TEMPFAIL; @@ -138,10 +95,13 @@ try: ErrMsg = "An error occured while performing the LDAP lookup"; global l; l = ldap.open(LDAPServer); - F = open(PassDir+"/pass-"+pwd.getpwuid(posix.getuid())[0],"r"); - AccessPass = string.split(string.strip(F.readline())," "); - l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]); - F.close(); + if Debug == None: + F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r"); + AccessPass = F.readline().strip().split(" ") + l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]); + F.close(); + else: + l.simple_bind_s("",""); # Try to decode ErrType = EX_TEMPFAIL; @@ -162,7 +122,10 @@ try: MainLog.write("%s %s %s\n"%(User[0],User[1],Msg)); Dn = "uid=" + User[0] + "," + BaseDn; Rec = [(ldap.MOD_REPLACE,"activity-%s"%(User[1]),Msg)]; - l.modify_s(Dn,Rec); + if Debug == None: + l.modify_s(Dn,Rec); + else: + print Rec; else: User = ("-","UKN",Email.getheader("From")); Msg = "[%s] \"%s\" \"%s\" \"%s\""%(Now,User[2],List,MsgID);