X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=ud-mailgate;h=7edb3fd33b074752581d7f1b480c700babae4cb4;hp=fb5b7ba88a60bd05695422242f196b8e56190e7d;hb=f8181b0dfa59390433a8329e61f0cfbc2f720644;hpb=ff8414ee178cde843c3174e481b6c19d6f7bf116 diff --git a/ud-mailgate b/ud-mailgate index fb5b7ba..7edb3fd 100755 --- a/ud-mailgate +++ b/ud-mailgate @@ -2,16 +2,19 @@ # -*- mode: python -*- # Prior copyright probably rmurray, troup, joey, jgg -- weasel 2008 -# Copyright (c) 2008 Peter Palfrader +# Copyright (c) 2009 Stephen Gran +# Copyright (c) 2008,2009,2010 Peter Palfrader # Copyright (c) 2008 Joerg Jaspert +# Copyright (c) 2010 Helmut Grohne import userdir_gpg, userdir_ldap, sys, traceback, time, ldap, os, commands import pwd, tempfile -import hmac -import sha as sha1_module +import subprocess +import email, email.parser from userdir_gpg import * from userdir_ldap import * +from userdir_exceptions import * # Error codes from /usr/include/sysexits.h ReplyTo = ConfModule.replyto; @@ -33,17 +36,17 @@ mailRHSBL = {} mailWhitelist = {} SeenList = {} DNS = {} -SudoPasswd = {} +ValidHostNames = [] # will be initialized in later SSHFingerprint = re.compile('^(\d+) ([0-9a-f\:]{47}) (.+)$') SSHRSA1Match = re.compile('^^(.* )?\d+ \d+ \d+') -GenderTable = {"male": 1, - "1": 1, - "female": 2, - "2": 2, - "unspecified": 9, - "9": 9, +GenderTable = {"male": '1', + "1": '1', + "female": '2', + "2": '2', + "unspecified": '9', + "9": '9', }; ArbChanges = {"c": "..", @@ -51,6 +54,7 @@ ArbChanges = {"c": "..", "facsimileTelephoneNumber": ".*", "telephoneNumber": ".*", "postalAddress": ".*", + "bATVToken": ".*", "postalCode": ".*", "loginShell": ".*", "emailForward": "^([^<>@]+@.+)?$", @@ -63,8 +67,10 @@ ArbChanges = {"c": "..", "mailDisableMessage": ".*", "mailGreylisting": "^(TRUE|FALSE)$", "mailCallout": "^(TRUE|FALSE)$", + "mailDefaultOptions": "^(TRUE|FALSE)$", "VoIP": ".*", "gender": "^(1|2|9|male|female|unspecified)$", + "mailContentInspectionAction": "^(reject|blackhole|markup)$", }; DelItems = {"c": None, @@ -72,6 +78,7 @@ DelItems = {"c": None, "facsimileTelephoneNumber": None, "telephoneNumber": None, "postalAddress": None, + "bATVToken": None, "postalCode": None, "emailForward": None, "ircNick": None, @@ -84,7 +91,6 @@ DelItems = {"c": None, "jpegPhoto": None, "dnsZoneEntry": None, "sshRSAAuthKey": None, - "sshDSAAuthKey": None, "birthDate" : None, "mailGreylisting": None, "mailCallout": None, @@ -92,17 +98,11 @@ DelItems = {"c": None, "mailRHSBL": None, "mailWhitelist": None, "mailDisableMessage": None, + "mailDefaultOptions": None, "VoIP": None, + "mailContentInspectionAction": None, }; -def make_hmac(str): - F = open(PassDir+"/key-hmac","r"); - key = F.readline().strip() - F.close(); - - return hmac.new(key, str, sha1_module).hexdigest() - - # Decode a GPS location from some common forms def LocDecode(Str,Dir): @@ -138,11 +138,11 @@ def LocDecode(Str,Dir): # Some simple checks if float(Deg) > 180: - raise "Failed","Bad degrees"; + raise UDFormatError, "Bad degrees"; if Min != None and float(Min) > 60: - raise "Failed","Bad minutes"; + raise UDFormatError, "Bad minutes"; if Sec != None and float(Sec) > 60: - raise "Failed","Bad seconds"; + raise UDFormatError, "Bad seconds"; # Pad on an extra leading 0 to disambiguate small numbers if len(Deg) <= 1 or Deg[1] == '.': @@ -180,12 +180,12 @@ def DoArbChange(Str,Attrs): return None; if re.match(ArbChanges[attrName],G[1]) == None: - raise Error, "Item does not match the required format"+ArbChanges[attrName]; + raise UDFormatError, "Item does not match the required format"+ArbChanges[attrName]; value = G[1]; if attrName == 'gender': if G[1] not in GenderTable: - raise Error, "Gender not found in table" + raise UDFormatError, "Gender not found in table" value = GenderTable[G[1]] # if attrName == 'birthDate': @@ -247,7 +247,7 @@ def DoPosition(Str,Attrs): Lat = DecDegree(sLat,1); Long = DecDegree(sLong,1); except: - raise Error, "Positions were found, but they are not correctly formed"; + raise UDFormatError, "Positions were found, but they are not correctly formed"; Attrs.append((ldap.MOD_REPLACE,"latitude",sLat)); Attrs.append((ldap.MOD_REPLACE,"longitude",sLong)); @@ -267,6 +267,9 @@ def LoadBadSSH(): # Handle an SSH authentication key, the line format is: # [options] 1024 35 13188913666680[..] [comment] +# maybe it really should be: +# [allowed_hosts=machine1,machine2 ][options ]ssh-rsa keybytes [comment] +machine_regex = re.compile("^[0-9a-zA-Z.-]+$") def DoSSH(Str, Attrs, badkeys, uid): Match = SSH2AuthSplit.match(Str); if Match == None: @@ -279,6 +282,22 @@ def DoSSH(Str, Attrs, badkeys, uid): return "RSA1 keys not supported anymore" return None; + # lines can now be prepended with "allowed_hosts=machine1,machine2 " + machines = [] + if Str.startswith("allowed_hosts="): + Str = Str.split("=", 1)[1] + if ' ' not in Str: + return "invalid ssh key syntax with machine specification" + machines, Str = Str.split(' ', 1) + machines = machines.split(",") + for m in machines: + if not m: + return "empty machine specification for ssh key" + if not machine_regex.match(m): + return "machine specification for ssh key contains invalid characters" + if m not in ValidHostNames: + return "unknown machine used in allowed_hosts stanza for ssh keys" + (fd, path) = tempfile.mkstemp(".pub", "sshkeytry", "/tmp") f = open(path, "w") f.write("%s\n" % (Str)) @@ -287,7 +306,11 @@ def DoSSH(Str, Attrs, badkeys, uid): (result, output) = commands.getstatusoutput(cmd) os.remove(path) if (result != 0): - raise Error, "ssh-keygen -l invocation failed!\n%s\n" % (output) + raise UDExecuteError, "ssh-keygen -l invocation failed!\n%s\n" % (output) + + # format the string again for ldap: + if machines: + Str = "allowed_hosts=%s %s" % (",".join(machines), Str) # Head @@ -300,22 +323,29 @@ def DoSSH(Str, Attrs, badkeys, uid): Match = SSHFingerprint.match(output) g = Match.groups() - if int(g[0]) < 1024: + if typekey == "ssh-rsa": + key_size_ok = (g[0]) >= 2048) + elif typekey == "ed25519": + key_size_ok = True + else: + key_size_ok = False + + if not key_size_ok: try: # Body - Subst["__ERROR__"] = "SSH keysize %s is below limit 1024" % (g[0]) + Subst["__ERROR__"] = "SSH key fails formal criteria. We only accept RSA keys (>= 2048 bits) or ed25519 keys." % (g[0]) ErrReply = TemplateSubst(Subst,open(TemplatesDir+"admin-info","r").read()) Child = os.popen("/usr/sbin/sendmail -t","w") Child.write(ErrReplyHead) Child.write(ErrReply) if Child.close() != None: - raise Error, "Sendmail gave a non-zero return code" + raise UDExecuteError, "Sendmail gave a non-zero return code" except: sys.exit(EX_TEMPFAIL) # And now break and stop processing input, which sends a reply to the user. - raise Error, "SSH keys must have at least 1024 bits, processing halted, NOTHING MODIFIED AT ALL" + raise UDFormatError, "SSH key fails formal criteria, NOTHING MODIFIED AT ALL" elif g[1] in badkeys: try: # Body @@ -326,21 +356,18 @@ def DoSSH(Str, Attrs, badkeys, uid): Child.write(ErrReplyHead) Child.write(ErrReply) if Child.close() != None: - raise Error, "Sendmail gave a non-zero return code" + raise UDExecuteError, "Sendmail gave a non-zero return code" except: sys.exit(EX_TEMPFAIL) # And now break and stop processing input, which sends a reply to the user. - raise Error, "Submitted SSH Key known to be bad and insecure, processing halted, NOTHING MODIFIED AT ALL" - - if (typekey == "dss"): - return "DSA keys not accepted anymore" + raise UDFormatError, "Submitted SSH Key known to be bad and insecure, processing halted, NOTHING MODIFIED AT ALL" global SeenKey; if SeenKey: Attrs.append((ldap.MOD_ADD,"sshRSAAuthKey",Str)); return "SSH Key added "+FormatSSHAuth(Str); - + Attrs.append((ldap.MOD_REPLACE,"sshRSAAuthKey",Str)); SeenKey = 1; return "SSH Keys replaced with "+FormatSSHAuth(Str); @@ -354,19 +381,21 @@ def DoDNS(Str,Attrs,DnRecord): cnamerecord = re.match("^[-\w]+\s+IN\s+CNAME\s+([-\w.]+\.)$",Str,re.IGNORECASE) arecord = re.match('^[-\w]+\s+IN\s+A\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$',Str,re.IGNORECASE) mxrecord = re.match("^[-\w]+\s+IN\s+MX\s+(\d{1,3})\s+([-\w.]+\.)$",Str,re.IGNORECASE) + txtrecord = re.match("^[-\w]+\s+IN\s+TXT\s+([-\d. a-z\t<>@]+)", Str, re.IGNORECASE) #aaaarecord = re.match('^[-\w]+\s+IN\s+AAAA\s+((?:[0-9a-f]{1,4})(?::[0-9a-f]{1,4})*(?::(?:(?::[0-9a-f]{1,4})*|:))?)$',Str,re.IGNORECASE) aaaarecord = re.match('^[-\w]+\s+IN\s+AAAA\s+([A-F0-9:]{2,39})$',Str,re.IGNORECASE) - if cnamerecord == None and\ - arecord == None and\ - mxrecord == None and\ - aaaarecord == None: + if cnamerecord is None and\ + arecord is None and\ + mxrecord is None and\ + txtrecord is None and\ + aaaarecord is None: return None; # Check if the name is already taken G = re.match('^([-\w+]+)\s',Str) - if G == None: - raise Error, "Hostname not found although we already passed record syntax checks" + if G is None: + raise UDFormatError, "Hostname not found although we already passed record syntax checks" hostname = G.group(1) # Check for collisions @@ -395,19 +424,21 @@ def DoDNS(Str,Attrs,DnRecord): else: DNS[hostname] = 1 - if cnamerecord != None: + if cnamerecord is not None: sanitized = "%s IN CNAME %s" % (hostname, cnamerecord.group(1)) - elif arecord != None: + elif txtrecord is not None: + sanitized = "%s IN TXT %s" % (hostname, txtrecord.group(1)) + elif arecord is not None: ipaddress = arecord.group(1) for quad in ipaddress.split('.'): if not (int(quad) >=0 and int(quad) <= 255): return "Invalid quad %s in IP address %s in line %s" %(quad, ipaddress, Str) sanitized = "%s IN A %s"% (hostname, ipaddress) - elif mxrecord != None: + elif mxrecord is not None: priority = mxrecord.group(1) mx = mxrecord.group(2) sanitized = "%s IN MX %s %s" % (hostname, priority, mx) - elif aaaarecord != None: + elif aaaarecord is not None: ipv6address = aaaarecord.group(1) parts = ipv6address.split(':') if len(parts) > 8: @@ -428,7 +459,7 @@ def DoDNS(Str,Attrs,DnRecord): seenEmptypart = True sanitized = "%s IN AAAA %s" % (hostname, ipv6address) else: - raise Error, "None of the types I recognize was it. I shouldn't be here. confused." + raise UDFormatError, "None of the types I recognize was it. I shouldn't be here. confused." if SeenDNS: Attrs.append((ldap.MOD_ADD,"dnsZoneEntry",sanitized)); @@ -462,8 +493,8 @@ def DoRBL(Str,Attrs): return "%s replaced with %s" % (Key,Host) # Handle a ConfirmSudoPassword request -def DoConfirmSudopassword(Str): - Match = re.compile('^confirm sudopassword ('+UUID_FORMAT+') ([a-z0-9,*]+) ([0-9a-f]{40})$').match(Str.lower()) +def DoConfirmSudopassword(Str, SudoPasswd): + Match = re.compile('^confirm sudopassword ('+UUID_FORMAT+') ([a-z0-9.,*-]+) ([0-9a-f]{40})$').match(Str) if Match == None: return None @@ -471,28 +502,28 @@ def DoConfirmSudopassword(Str): hosts = Match.group(2) hmac = Match.group(3) - global SudoPasswd SudoPasswd[uuid] = (hosts, hmac) return "got confirm for sudo password %s on host(s) %s, auth code %s" % (uuid,hosts, hmac) -def FinishConfirmSudopassword(l, uid, Attrs): - global SudoPasswd +def FinishConfirmSudopassword(l, uid, Attrs, SudoPasswd): result = "\n" + if len(SudoPasswd) == 0: + return None + res = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+uid, ['sudoPassword']); if len(res) != 1: - raise Error, "Not exactly one hit when searching for user" - Attrs = res[0][1] - if Attrs.has_key('sudoPassword'): - inldap = Attrs['sudoPassword'] + raise UDFormatError, "Not exactly one hit when searching for user" + if res[0][1].has_key('sudoPassword'): + inldap = res[0][1]['sudoPassword'] else: inldap = [] newldap = [] for entry in inldap: - Match = re.compile('^('+UUID_FORMAT+') (confirmed|unconfirmed) ([a-z0-9,*]+) ([^ ]+)$'),match(entry.lower()) + Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*-]+) ([^ ]+)$').match(entry) if Match == None: - raise Error, "Could not parse existing sudopasswd entry" + raise UDFormatError, "Could not parse existing sudopasswd entry" uuid = Match.group(1) status = Match.group(2) hosts = Match.group(3) @@ -501,22 +532,25 @@ def FinishConfirmSudopassword(l, uid, Attrs): if SudoPasswd.has_key(uuid): confirmedHosts = SudoPasswd[uuid][0] confirmedHmac = SudoPasswd[uuid][1] - if status == "confirmed": - result = result + "Entry %s for sudo password on hosts %s already confirmed.\n"%(uuid, hosts) + if status.startswith('confirmed:'): + if status == 'confirmed:'+make_passwd_hmac('password-is-confirmed', 'sudo', uid, uuid, hosts, cryptedpass): + result = result + "Entry %s for sudo password on hosts %s already confirmed.\n"%(uuid, hosts) + else: + result = result + "Entry %s for sudo password on hosts %s is listed as confirmed, but HMAC does not verify.\n"%(uuid, hosts) elif confirmedHosts != hosts: result = result + "Entry %s hostlist mismatch (%s vs. %s).\n"%(uuid, hosts, confirmedHosts) - elif make_hmac(':'.join([uuid, hosts, cryptedpass])) == confirmedHmac: + elif make_passwd_hmac('confirm-new-password', 'sudo', uid, uuid, hosts, cryptedpass) == confirmedHmac: result = result + "Entry %s for sudo password on hosts %s now confirmed.\n"%(uuid, hosts) - status = 'confirmed' + status = 'confirmed:'+make_passwd_hmac('password-is-confirmed', 'sudo', uid, uuid, hosts, cryptedpass) else: result = result + "Entry %s for sudo password on hosts %s HMAC verify failed.\n"%(uuid, hosts) del SudoPasswd[uuid] newentry = " ".join([uuid, status, hosts, cryptedpass]) if len(newldap) == 0: - newldap.append((ldap.MOD_ADD,"sudoPassword",newentry)) - else: newldap.append((ldap.MOD_REPLACE,"sudoPassword",newentry)) + else: + newldap.append((ldap.MOD_ADD,"sudoPassword",newentry)) for entry in SudoPasswd: result = result + "Entry %s that you confirm is not listed in ldap."%(entry) @@ -526,6 +560,22 @@ def FinishConfirmSudopassword(l, uid, Attrs): return result +def connect_to_ldap_and_check_if_locked(DnRecord): + # Connect to the ldap server + l = connectLDAP() + F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r"); + AccessPass = F.readline().strip().split(" ") + F.close(); + l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]); + + # Check for a locked account + Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid")); + if (GetAttr(Attrs[0],"userPassword").find("*LK*") != -1) \ + or GetAttr(Attrs[0],"userPassword").startswith("!"): + raise UDNotAllowedError, "This account is locked"; + + return l + # Handle an [almost] arbitary change def HandleChange(Reply,DnRecord,Key): global PlainText; @@ -533,6 +583,7 @@ def HandleChange(Reply,DnRecord,Key): Result = ""; Attrs = []; + SudoPasswd = {} Show = 0; CommitChanges = 1 for Line in Lines: @@ -550,7 +601,7 @@ def HandleChange(Reply,DnRecord,Key): badkeys = LoadBadSSH() Res = DoPosition(Line,Attrs) or DoDNS(Line,Attrs,DnRecord) or \ DoArbChange(Line,Attrs) or DoSSH(Line,Attrs,badkeys,GetAttr(DnRecord,"uid")) or \ - DoDel(Line,Attrs) or DoRBL(Line,Attrs) or DoConfirmSudopassword(Line) + DoDel(Line,Attrs) or DoRBL(Line,Attrs) or DoConfirmSudopassword(Line, SudoPasswd) except: Res = None; Result = Result + "==> %s: %s\n" %(sys.exc_type,sys.exc_value); @@ -564,34 +615,28 @@ def HandleChange(Reply,DnRecord,Key): Result = Result + Res + "\n"; # Connect to the ldap server - l = connectLDAP() - F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r"); - AccessPass = F.readline().strip().split(" ") - F.close(); + l = connect_to_ldap_and_check_if_locked(DnRecord) - l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]); - oldAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid")); - if ((GetAttr(oldAttrs[0],"userPassword").find("*LK*") != -1) - or GetAttr(oldAttrs[0],"userPassword").startswith("!")): - raise Error, "This account is locked"; - try: - Res = FinishConfirmSudopassword(l, GetAttr(DnRecord,"uid"), Attrs) - Result = Result + Res + "\n"; - except Error, e: - CommitChanges = 0 - Result = Result + "FinishConfirmSudopassword raised an error (%s) - no changes committed\n"%(e); - # Modify the record - Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn; - if CommitChanges == 1: + if CommitChanges == 1 and len(SudoPasswd) > 0: # only if we are still good to go + try: + Res = FinishConfirmSudopassword(l, GetAttr(DnRecord,"uid"), Attrs, SudoPasswd) + if not Res is None: + Result = Result + Res + "\n"; + except Error, e: + CommitChanges = 0 + Result = Result + "FinishConfirmSudopassword raised an error (%s) - no changes committed\n"%(e); + + if CommitChanges == 1 and len(Attrs) > 0: + Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn; l.modify_s(Dn,Attrs); Attribs = ""; if Show == 1: Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid")); if len(Attrs) == 0: - raise Error, "User not found" + raise UDNotAllowedError, "User not found" Attribs = GPGEncrypt(PrettyShow(Attrs[0])+"\n","0x"+Key[1],Key[4]); - + Subst = {}; Subst["__FROM__"] = ChangeFrom; Subst["__EMAIL__"] = EmailAddress(DnRecord); @@ -612,48 +657,40 @@ def HandlePing(Reply,DnRecord,Key): return Reply + TemplateSubst(Subst,open(TemplatesDir+"ping-reply","r").read()); + + +def get_crypttype_preamble(key): + if (key[4] == 1): + type = "Your message was encrypted using PGP 2.x\ncompatibility mode."; + else: + type = "Your message was encrypted using GPG (OpenPGP)\ncompatibility "\ + "mode, without IDEA. This message cannot be decoded using PGP 2.x"; + return type + # Handle a change password email sent to the change password address # (this program called with the chpass argument) def HandleChPass(Reply,DnRecord,Key): # Generate a random password Password = GenPass(); Pass = HashPass(Password); - + # Use GPG to encrypt it Message = GPGEncrypt("Your new password is '" + Password + "'\n",\ "0x"+Key[1],Key[4]); Password = None; if Message == None: - raise Error, "Unable to generate the encrypted reply, gpg failed."; + raise UDFormatError, "Unable to generate the encrypted reply, gpg failed."; - if (Key[4] == 1): - Type = "Your message was encrypted using PGP 2.x\ncompatibility mode."; - else: - Type = "Your message was encrypted using GPG (OpenPGP)\ncompatibility "\ - "mode, without IDEA. This message cannot be decoded using PGP 2.x"; - Subst = {}; Subst["__FROM__"] = ChPassFrom; Subst["__EMAIL__"] = EmailAddress(DnRecord); - Subst["__CRYPTTYPE__"] = Type; + Subst["__CRYPTTYPE__"] = get_crypttype_preamble(Key) Subst["__PASSWORD__"] = Message; Subst["__ADMIN__"] = ReplyTo; Reply = Reply + TemplateSubst(Subst,open(TemplatesDir+"passwd-changed","r").read()); - - # Connect to the ldap server - l = connectLDAP() - F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r"); - AccessPass = F.readline().strip().split(" ") - F.close(); - l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]); - - # Check for a locked account - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid")); - if (GetAttr(Attrs[0],"userPassword").find("*LK*") != -1) \ - or GetAttr(Attrs[0],"userPassword").startswith("!"): - raise Error, "This account is locked"; + l = connect_to_ldap_and_check_if_locked(DnRecord) # Modify the password Rec = [(ldap.MOD_REPLACE,"userPassword","{crypt}"+Pass), (ldap.MOD_REPLACE,"shadowLastChange",str(int(time.time()/24/60/60)))]; @@ -661,7 +698,45 @@ def HandleChPass(Reply,DnRecord,Key): l.modify_s(Dn,Rec); return Reply; - + +def HandleChKrbPass(Reply,DnRecord,Key): + # Connect to the ldap server, will throw an exception if account locked. + l = connect_to_ldap_and_check_if_locked(DnRecord) + + user = GetAttr(DnRecord,"uid") + krb_proc = subprocess.Popen( ('ud-krb-reset', user), stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT) + krb_proc.stdin.close() + out = krb_proc.stdout.readlines() + krb_proc.wait() + exitcode = krb_proc.returncode + + # Use GPG to encrypt it + m = "Tried to reset your kerberos principal's password.\n" + if exitcode == 0: + m += "The exitcode of the reset script was zero, indicating that everything\n" + m += "worked. However, this being software who knows. Script's output below." + else: + m += "The exitcode of the reset script was %d, indicating that something\n"%(exitcode) + m += "went terribly, terribly wrong. Please consult the script's output below\n" + m += "for more information. Contact the admins if you have any questions or\n" + m += "require assitance." + + m += "\n"+''.join( map(lambda x: "| "+x, out) ) + + Message = GPGEncrypt(m, "0x"+Key[1],Key[4]); + if Message == None: + raise UDFormatError, "Unable to generate the encrypted reply, gpg failed."; + + Subst = {}; + Subst["__FROM__"] = ChPassFrom; + Subst["__EMAIL__"] = EmailAddress(DnRecord); + Subst["__CRYPTTYPE__"] = get_crypttype_preamble(Key) + Subst["__PASSWORD__"] = Message; + Subst["__ADMIN__"] = ReplyTo; + Reply = Reply + TemplateSubst(Subst,open(TemplatesDir+"passwd-changed","r").read()); + + return Reply; + # Start of main program # Drop messages from a mailer daemon. @@ -674,47 +749,36 @@ try: # Startup the replay cache ErrType = EX_TEMPFAIL; ErrMsg = "Failed to initialize the replay cache:"; - RC = ReplayCache(ReplayCacheFile); - RC.Clean(); # Get the email ErrType = EX_PERMFAIL; ErrMsg = "Failed to understand the email or find a signature:"; - Email = mimetools.Message(sys.stdin,0); - Msg = GetClearSig(Email); + mail = email.parser.Parser().parse(sys.stdin); + Msg = GetClearSig(mail); ErrMsg = "Message is not PGP signed:" if Msg[0].find("-----BEGIN PGP SIGNED MESSAGE-----") == -1 and \ Msg[0].find("-----BEGIN PGP MESSAGE-----") == -1: - raise Error, "No PGP signature"; + raise UDFormatError, "No PGP signature"; # Check the signature ErrMsg = "Unable to check the signature or the signature was invalid:"; - Res = GPGCheckSig(Msg[0]); + pgp = GPGCheckSig2(Msg[0]) - if Res[0] != None: - raise Error, Res[0]; + if not pgp.ok: + raise UDFormatError, pgp.why - if Res[3] == None: - raise Error, "Null signature text"; + if pgp.text is None: + raise UDFormatError, "Null signature text" # Extract the plain message text in the event of mime encoding global PlainText; ErrMsg = "Problem stripping MIME headers from the decoded message" if Msg[1] == 1: - try: - Index = Res[3].index("\n\n") + 2; - except ValueError: - Index = Res[3].index("\n\r\n") + 3; - PlainText = Res[3][Index:]; + e = email.parser.Parser().parsestr(pgp.text) + PlainText = e.get_payload(decode=True) else: - PlainText = Res[3]; - - # Check the signature against the replay cache - ErrMsg = "The replay cache rejected your message. Check your clock!"; - Rply = RC.Check(Res[1]); - if Rply != None: - raise Error, Rply; + PlainText = pgp.text # Connect to the ldap server ErrType = EX_TEMPFAIL; @@ -724,40 +788,51 @@ try: l.simple_bind_s("",""); # Search for the matching key fingerprint - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyFingerPrint=" + Res[2][1]); + Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyFingerPrint=" + pgp.key_fpr) ErrType = EX_PERMFAIL; if len(Attrs) == 0: - raise Error, "Key not found" + raise UDFormatError, "Key not found" if len(Attrs) != 1: - raise Error, "Oddly your key fingerprint is assigned to more than one account.." + raise UDFormatError, "Oddly your key fingerprint is assigned to more than one account.." - RC.Add(Res[1]); + + # Check the signature against the replay cache + RC = ReplayCache(ReplayCacheFile); + RC.process(pgp.sig_info) # Determine the sender address ErrMsg = "A problem occured while trying to formulate the reply"; - Sender = Email.getheader("Reply-To"); - if Sender == None: - Sender = Email.getheader("From"); - if Sender == None: - raise Error, "Unable to determine the sender's address"; + Sender = mail['Reply-To'] + if not Sender: Sender = mail['From'] + if not Sender: raise UDFormatError, "Unable to determine the sender's address"; # Formulate a reply Date = time.strftime("%a, %d %b %Y %H:%M:%S +0000",time.gmtime(time.time())); Reply = "To: %s\nReply-To: %s\nDate: %s\n" % (Sender,ReplyTo,Date); + Res = l.search_s(HostBaseDn, ldap.SCOPE_SUBTREE, '(objectClass=debianServer)', ['hostname'] ) + # Res is a list of tuples. + # The tuples contain a dn (str) and a dictionary. + # The dictionaries map the key "hostname" to a list. + # These lists contain a single hostname (str). + ValidHostNames = reduce(lambda a,b: a+b, [value.get("hostname", []) for (dn, value) in Res], []) + # Dispatch if sys.argv[1] == "ping": - Reply = HandlePing(Reply,Attrs[0],Res[2]); + Reply = HandlePing(Reply,Attrs[0],pgp.key_info); elif sys.argv[1] == "chpass": - if PlainText.strip().find("Please change my Debian password") != 0: - raise Error,"Please send a signed message where the first line of text is the string 'Please change my Debian password'"; - Reply = HandleChPass(Reply,Attrs[0],Res[2]); + if PlainText.strip().find("Please change my Debian password") >= 0: + Reply = HandleChPass(Reply,Attrs[0],pgp.key_info); + elif PlainText.strip().find("Please change my Kerberos password") >= 0: + Reply = HandleChKrbPass(Reply,Attrs[0],pgp.key_info); + else: + raise UDFormatError,"Please send a signed message where the first line of text is the string 'Please change my Debian password' or some other string we accept here."; elif sys.argv[1] == "change": - Reply = HandleChange(Reply,Attrs[0],Res[2]); + Reply = HandleChange(Reply,Attrs[0],pgp.key_info); else: print sys.argv; - raise Error, "Incorrect Invokation"; + raise UDFormatError, "Incorrect Invokation"; # Send the message through sendmail ErrMsg = "A problem occured while trying to send the reply"; @@ -765,7 +840,7 @@ try: # Child = os.popen("cat","w"); Child.write(Reply); if Child.close() != None: - raise Error, "Sendmail gave a non-zero return code"; + raise UDExecuteError, "Sendmail gave a non-zero return code"; except: # Error Reply Header @@ -790,15 +865,18 @@ except: try: ErrReply = TemplateSubst(Subst,open(TemplatesDir+"error-reply","r").read()); - Child = os.popen("/usr/sbin/sendmail -t","w"); + Child = os.popen("/usr/sbin/sendmail -t -oi -f ''","w"); Child.write(ErrReplyHead); Child.write(ErrReply); if Child.close() != None: - raise Error, "Sendmail gave a non-zero return code"; + raise UDExecuteError, "Sendmail gave a non-zero return code"; except: sys.exit(EX_TEMPFAIL); if ErrType != EX_PERMFAIL: sys.exit(ErrType); sys.exit(0); - + +# vim:set et: +# vim:set ts=3: +# vim:set shiftwidth=3: