reset-my-password.py 2.79 KB
Newer Older
1 2 3 4 5 6 7
#!/usr/bin/python

import string
import smtplib
import sys
import os

8 9
from email.MIMEText import MIMEText
from gnome_ldap_utils import *
10

11
execfile('/home/admin/secret/freeipa')
12

13
glu = Gnome_ldap_utils(LDAP_GROUP_BASE, LDAP_HOST, LDAP_USER_BASE, 'cn=Directory Manager', ldap_password)
14 15


16
def gen_passwd(length=12, chars=string.letters + string.digits):
17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
    urandom = open("/dev/urandom")
    # ensure even distribution of randomly selected characters
    m = 255 - 255 % len(chars)

    buf = ''
    pos = 0
    pwd = ''
    while len(pwd) < length:
        if pos == len(buf):
            buf = urandom.read(length * 2)
            pos = 0
        v = ord(buf[pos])
        pos += 1

        if v > m:
            continue
        pwd += chars[v % len(chars)]

    urandom.close()

    return pwd


def check_existing_password(userid):
41 42
    accountsteam =  glu.get_group_from_ldap('accounts')
    sysadminteam =  glu.get_group_from_ldap('sysadmin')
43

44
    if glu.get_attributes_from_ldap(userid, 'uid') == None:
45 46 47 48 49 50 51
       print 'The specified UID does not exist, please get in contact with the GNOME Accounts Team to know more'
       sys.exit(1)

    if userid in (accountsteam or sysadminteam):
       print 'You are not allowed to reset your password, please contact the GNOME Sysadmin Team to know why'
       sys.exit(1)

52
    update_password(userid)
53 54


55
def update_password(userid):
56 57
    getattr_name = glu.get_attributes_from_ldap(userid, 'cn')
    getattr_mail = glu.get_attributes_from_ldap(userid, 'mail')
58

59
    newpassword = {'userPassword': gen_passwd()}
60

61
    glu.replace_ldap_password(userid, newpassword['userPassword'])
62

63
    send_password_to_user(getattr_name, getattr_mail, newpassword['userPassword'])
64 65 66 67


def send_password_to_user(name, email, password):
    form_letter = """
68
Hello %s, your password has been reset successfully. Your temporary password is
69

Andrea Veri's avatar
Andrea Veri committed
70
%s
71

72 73 74
Please login at https://account.gnome.org and update your password within the next couple
of hours (the password cannot be changed instantly as the reset that was just performed
toggles a timer (1h) that has to expire before another reset can occur).
75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92

With cordiality,

the GNOME Accounts Team""" % (name, password)

    try:
        msg = MIMEText(form_letter)
        msg['Subject'] = "Your GNOME password has been reset"
        msg['From']    = "noreply@gnome.org"
        msg['To']      = "%s" % (email)
        msg['Reply-To']  = "accounts@gnome.org"
        server = smtplib.SMTP("localhost")
        server.sendmail(msg['From'], msg['To'], msg.as_string())
        server.quit()
        print "Successfully sent your password to the registered email address being %s" % (email)
    except smtplib.SMTPException:
        print "ERROR: I wasn't able to send the email correctly, please check /var/log/maillog!"

Andrea Veri's avatar
Andrea Veri committed
93
my_userid = os.getenv('SUDO_USER')
94
check_existing_password(my_userid)