| |
@@ -1,107 +0,0 @@
|
| |
- #!/usr/bin/python -tt
|
| |
- # -*- coding: utf-8 -*-
|
| |
- # Use this script to retrieve the security_question and security_answer from FAS (requires FAS >= 0.8.14)
|
| |
- # Author: Patrick Uiterwijk <puiterwijk@fedoraproject.org>
|
| |
- #
|
| |
- # Copyright 2012-2021 Patrick Uiterwijk. All rights reserved.
|
| |
- #
|
| |
- # Redistribution and use in source and binary forms, with or without
|
| |
- # modification, are permitted provided that the following conditions are met:
|
| |
- #
|
| |
- # 1. Redistributions of source code must retain the above copyright notice,
|
| |
- # this list of conditions and the following disclaimer.
|
| |
- # 2. Redistributions in binary form must reproduce the above copyright notice,
|
| |
- # this list of conditions and the following disclaimer in the documentation
|
| |
- # and/or other materials provided with the distribution.
|
| |
- #
|
| |
- # THIS SOFTWARE IS PROVIDED BY THE FEDORA PROJECT ''AS IS'' AND ANY EXPRESS OR
|
| |
- # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
| |
- # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
|
| |
- # EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
| |
- # INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
| |
- # BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
| |
- # DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
| |
- # LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
| |
- # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
| |
- # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
| |
- #
|
| |
- # The views and conclusions contained in the software and documentation are those
|
| |
- # of the authors and should not be interpreted as representing official policies,
|
| |
- # either expressed or implied, of the Fedora Project.
|
| |
-
|
| |
-
|
| |
- import os
|
| |
- import getpass
|
| |
- import sys
|
| |
- import gpg.core
|
| |
- from fedora.client import AccountSystem
|
| |
- from fedora.client import AuthError
|
| |
- from fedora.client import ServerError
|
| |
- import argparse
|
| |
- from io import BytesIO
|
| |
-
|
| |
-
|
| |
- parser = argparse.ArgumentParser()
|
| |
- parser.add_argument('admin_user', help='The user as which to log in to retrieve the question and answer')
|
| |
- parser.add_argument('target_user', help='The user of which to retrieve the security question and answer')
|
| |
- parser.add_argument('--verbose', action='store_true')
|
| |
- parser.add_argument('--no-answer', action='store_true', help='Only show the question, do not decrypt the answer')
|
| |
- parser.add_argument('--site', help='The FAS URL to get the information from')
|
| |
- parser.add_argument('--insecure', action='store_true', default=False,
|
| |
- help='Do not check the certificate for the server. *WARNING*: Only use this for testing')
|
| |
- parser.add_argument('--gpg_home', help='The directory where secring.gpg and pubring.gpg reside')
|
| |
- args = parser.parse_args()
|
| |
-
|
| |
- args.admin_pass = getpass.getpass()
|
| |
-
|
| |
- if args.site == None:
|
| |
- args.site = 'https://admin.fedoraproject.org/accounts/'
|
| |
-
|
| |
- if args.verbose:
|
| |
- print('Using site: %(site)s' % {'site': args.site})
|
| |
-
|
| |
- if args.verbose:
|
| |
- if args.gpg_home == None:
|
| |
- print('Using default gpg_home')
|
| |
- else:
|
| |
- print('Using gpg_home: %(gpghome)s' % {'gpghome': args.gpg_home})
|
| |
-
|
| |
- if args.gpg_home != None:
|
| |
- os.putenv('GNUPGHOME', args.gpg_home)
|
| |
-
|
| |
- fas = AccountSystem(args.site, username=args.admin_user, password=args.admin_pass, insecure=args.insecure)
|
| |
-
|
| |
- if args.verbose:
|
| |
- print('Getting user details...')
|
| |
- try:
|
| |
- details = fas.person_by_username(args.target_user)
|
| |
- except AuthError:
|
| |
- print('Failed to login to FAS. Please check admin_user and admin_pass!')
|
| |
- sys.exit(2)
|
| |
- except ServerError:
|
| |
- print('Failed to retrieve user details: the server reported an error!')
|
| |
- sys.exit(3)
|
| |
-
|
| |
- if not 'username' in list(details.keys()):
|
| |
- print('Error: user %(username)s is not known on this FAS site!' % {'username': args.target_user})
|
| |
- sys.exit(4)
|
| |
-
|
| |
- if not 'security_question' in list(details.keys()):
|
| |
- print('Error: security_question was not retrieved by FAS! Are you sure you are using FAS >= 0.8.14, and that admin_user has the privileges to retrieve security_question?')
|
| |
- sys.exit(5)
|
| |
-
|
| |
- if details.security_question == None or details.security_answer == None:
|
| |
- print('Error: unable to retrieve security_question or security_answer. Are you sure you have privileges to return this information?')
|
| |
- sys.exit(6)
|
| |
-
|
| |
- if not args.no_answer:
|
| |
- if args.verbose:
|
| |
- print('Decrypting answer...')
|
| |
- cipher = BytesIO(details.security_answer.encode('utf-8'))
|
| |
- ctx = gpg.core.Context()
|
| |
- plain = ctx.decrypt(cipher)[0].decode('utf8')
|
| |
- details.security_answer = plain
|
| |
-
|
| |
- print('Security question: %(question)s' % {'question': details.security_question})
|
| |
- if not args.no_answer:
|
| |
- print('Security answer: %(answer)s' % {'answer': details.security_answer})
|
| |
This PR is to be held until FAS is replaced by Noggin / FreeIPA-FAS
Removes the batcave script, retrieve-security-question.py
which is no longer needed with Noggin / FreeIPA-FAS
Signed-off-by: Ryan Lerch rlerch@redhat.com