From d3d5dd5a3fc470f834f5f021cf86ebfede644fcf Mon Sep 17 00:00:00 2001 From: rmurray <> Date: Sun, 12 Aug 2007 17:40:02 +0000 Subject: [PATCH] change *PK* to !, and fully implement it. remove obsolete/broken ud-killcrypt --- ud-generate | 10 +++++++--- ud-killcrypt | 53 ---------------------------------------------------- ud-mailgate | 30 +++++++++++++++++++++++++++-- 3 files changed, 35 insertions(+), 58 deletions(-) delete mode 100644 ud-killcrypt diff --git a/ud-generate b/ud-generate index b7ca633..d55f10b 100755 --- a/ud-generate +++ b/ud-generate @@ -180,7 +180,8 @@ def GenSSHShadow(l,File): # If the account is locked, do not write it. # This is a partial stop-gap. The ssh also needs to change this # to ignore ~/.ssh/authorized* files. - if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1): + if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1) \ + or GetAttr(x,"userPassword").startswith("!"): continue; if x[1].has_key("uidNumber") == 0 or \ @@ -365,7 +366,7 @@ def GenPrivate(l,File): # If the account is locked, do not write it if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1) \ - or (string.find(GetAttr(x,"userPassword"),"*PK*") != -1): + or GetAttr(x,"userPassword").startswith("!"): continue; # If the account has no PGP key, do not write it @@ -405,7 +406,10 @@ def GenMailDisable(l,File): # If the account is locked, disable incoming mail if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1): - Reason = "user account locked" + if GetAttr(x,"uid") == "luther": + continue + else: + Reason = "user account locked" else: if x[1].has_key("mailDisableMessage"): Reason = GetAttr(x,"mailDisableMessage") diff --git a/ud-killcrypt b/ud-killcrypt deleted file mode 100644 index 45dbcc2..0000000 --- a/ud-killcrypt +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/env python -# -*- mode: python -*- - -# Copyright (c) 2001 Jason Gunthorpe -# Copyright (c) 2004 Joey Schulze -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -import string, re, time, ldap, getopt, sys, pwd, os, posix; -from userdir_ldap import *; - -# Main program starts here -User = pwd.getpwuid(posix.getuid())[0]; -BindUser = User; -(options, arguments) = getopt.getopt(sys.argv[1:], "au:") -for (switch, val) in options: - if (switch == '-u'): - User = val; - if (switch == '-a'): - Anon = 1; - -# Connect to the ldap server -l = passwdAccessLDAP(LDAPServer, BaseDn, User) - -Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"userpassword=*",\ - ["uid","cn","mn","sn","userpassword"]); - -Attrs.sort(); -for x in Attrs: - if x[1].has_key("userpassword") == 0: continue; - Passwd = x[1]["userpassword"][0]; - if string.find(Passwd,"*LK*") != -1 or string.find(Passwd,"}*") != -1: - continue; - if len(Passwd) > 21: continue; - - print EmailAddress(x); - - UserDn = "uid=" + x[1]["uid"][0] + "," + BaseDn; - Password = GenPass(); - Pass = "{crypt}" + HashPass(Password); - l.modify_s(UserDn,[(ldap.MOD_REPLACE,"userpassword",Pass)]); diff --git a/ud-mailgate b/ud-mailgate index d8dfbff..2d8ce8c 100755 --- a/ud-mailgate +++ b/ud-mailgate @@ -36,6 +36,7 @@ ArbChanges = {"c": "..", "icqUin": "^[0-9]*$", "onVacation": ".*", "labeledURI": ".*", + "birthDate": "^([0-9]{4})([01][0-9])([0-3][0-9])$", "mailDisableMessage": ".*", "mailGreylisting": "^(TRUE|FALSE)$", "mailCallout": "^(TRUE|FALSE)$", @@ -146,6 +147,29 @@ def DoArbChange(Str,Attrs): if re.match(ArbChanges[attrName],G[1]) == None: raise Error, "Item does not match the required format"+ArbChanges[attrName]; +# if attrName == 'birthDate': +# (re.match("^([0-9]{4})([01][0-9])([0-3][0-9])$",G[1]) { +# $bd_yr = $1; $bd_mo = $2; $bd_day = $3; +# if ($bd_mo > 0 and $bd_mo <= 12 and $bd_day > 0) { +# if ($bd_mo == 2) { +# if ($bd_day == 29 and ($bd_yr == 0 or ($bd_yr % 4 == 0 && ($bd_yr % 100 != 0 || $bd_yr % 400 == 0)))) { +# $bd_ok = 1; +# } elsif ($bd_day <= 28) { +# $bd_ok = 1; +# } +# } elsif ($bd_mo == 4 or $bd_mo == 6 or $bd_mo == 9 or $bd_mo == 11) { +# if ($bd_day <= 30) { +# $bd_ok = 1; +# } +# } else { +# if ($bd_day <= 31) { +# $bd_ok = 1; +# } +# } +# } +# } elsif (not defined($query->param('birthdate')) or $query->param('birthdate') =~ /^\s*$/) { +# $bd_ok = 1; +# } Attrs.append((ldap.MOD_REPLACE,attrName,G[1])); return "Changed entry %s to %s"%(attrName,G[1]); @@ -320,7 +344,8 @@ def HandleChange(Reply,DnRecord,Key): # Modify the record l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]); oldAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid")); - if (string.find(GetAttr(oldAttrs[0],"userPassword"),"*LK*") != -1): + if (string.find(GetAttr(oldAttrs[0],"userPassword"),"*LK*") != -1) \ + or GetAttr(x,"userPassword").startswith("!"): raise Error, "This account is locked"; Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn; l.modify_s(Dn,Attrs); @@ -390,7 +415,8 @@ def HandleChPass(Reply,DnRecord,Key): # Check for a locked account Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid")); - if (string.find(GetAttr(Attrs[0],"userPassword"),"*LK*") != -1): + if (string.find(GetAttr(Attrs[0],"userPassword"),"*LK*") != -1) \ + or GetAttr(x,"userPassword").startswith("!"): raise Error, "This account is locked"; # Modify the password -- 2.20.1