2015-09-21 19:57:01 +00:00
#!/usr/bin/python -tt
# -*- coding: utf-8 -*-
# Use this script to retrieve the security_question and security_answer from FAS (requires FAS >= 0.8.14)
# Author: Patrick Uiterwijk <puiterwijk@fedoraproject.org>
#
2021-01-25 20:47:53 +01:00
# Copyright 2012-2021 Patrick Uiterwijk. All rights reserved.
2021-01-25 20:47:08 +01:00
#
2015-09-21 19:57:01 +00:00
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# 1. Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE FEDORA PROJECT ''AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
# INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
# BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# The views and conclusions contained in the software and documentation are those
# of the authors and should not be interpreted as representing official policies,
# either expressed or implied, of the Fedora Project.
import os
import getpass
import sys
2021-01-25 20:47:08 +01:00
import gpg . core
2015-09-21 19:57:01 +00:00
from fedora . client import AccountSystem
from fedora . client import AuthError
from fedora . client import ServerError
import argparse
from io import BytesIO
parser = argparse . ArgumentParser ( )
parser . add_argument ( ' admin_user ' , help = ' The user as which to log in to retrieve the question and answer ' )
parser . add_argument ( ' target_user ' , help = ' The user of which to retrieve the security question and answer ' )
parser . add_argument ( ' --verbose ' , action = ' store_true ' )
parser . add_argument ( ' --no-answer ' , action = ' store_true ' , help = ' Only show the question, do not decrypt the answer ' )
parser . add_argument ( ' --site ' , help = ' The FAS URL to get the information from ' )
parser . add_argument ( ' --insecure ' , action = ' store_true ' , default = False ,
help = ' Do not check the certificate for the server. *WARNING*: Only use this for testing ' )
parser . add_argument ( ' --gpg_home ' , help = ' The directory where secring.gpg and pubring.gpg reside ' )
args = parser . parse_args ( )
args . admin_pass = getpass . getpass ( )
if args . site == None :
args . site = ' https://admin.fedoraproject.org/accounts/ '
if args . verbose :
2020-06-25 11:13:31 -07:00
print ( ' Using site: %(site)s ' % { ' site ' : args . site } )
2015-09-21 19:57:01 +00:00
if args . verbose :
if args . gpg_home == None :
2020-06-25 11:13:31 -07:00
print ( ' Using default gpg_home ' )
2015-09-21 19:57:01 +00:00
else :
2020-06-25 11:13:31 -07:00
print ( ' Using gpg_home: %(gpghome)s ' % { ' gpghome ' : args . gpg_home } )
2015-09-21 19:57:01 +00:00
if args . gpg_home != None :
os . putenv ( ' GNUPGHOME ' , args . gpg_home )
fas = AccountSystem ( args . site , username = args . admin_user , password = args . admin_pass , insecure = args . insecure )
if args . verbose :
2020-06-25 11:13:31 -07:00
print ( ' Getting user details... ' )
2015-09-21 19:57:01 +00:00
try :
details = fas . person_by_username ( args . target_user )
except AuthError :
2020-06-25 11:13:31 -07:00
print ( ' Failed to login to FAS. Please check admin_user and admin_pass! ' )
2015-09-21 19:57:01 +00:00
sys . exit ( 2 )
except ServerError :
2020-06-25 11:13:31 -07:00
print ( ' Failed to retrieve user details: the server reported an error! ' )
2015-09-21 19:57:01 +00:00
sys . exit ( 3 )
2020-06-25 11:13:31 -07:00
if not ' username ' in list ( details . keys ( ) ) :
print ( ' Error: user %(username)s is not known on this FAS site! ' % { ' username ' : args . target_user } )
2015-09-21 19:57:01 +00:00
sys . exit ( 4 )
2020-06-25 11:13:31 -07:00
if not ' security_question ' in list ( details . keys ( ) ) :
print ( ' Error: security_question was not retrieved by FAS! Are you sure you are using FAS >= 0.8.14, and that admin_user has the privileges to retrieve security_question? ' )
2015-09-21 19:57:01 +00:00
sys . exit ( 5 )
if details . security_question == None or details . security_answer == None :
2020-06-25 11:13:31 -07:00
print ( ' Error: unable to retrieve security_question or security_answer. Are you sure you have privileges to return this information? ' )
2015-09-21 19:57:01 +00:00
sys . exit ( 6 )
if not args . no_answer :
if args . verbose :
2020-06-25 11:13:31 -07:00
print ( ' Decrypting answer... ' )
2015-09-21 19:57:01 +00:00
cipher = BytesIO ( details . security_answer . encode ( ' utf-8 ' ) )
2021-01-25 20:47:08 +01:00
ctx = gpg . core . Context ( )
plain = ctx . decrypt ( cipher ) [ 0 ] . decode ( ' utf8 ' )
details . security_answer = plain
2015-09-21 19:57:01 +00:00
2020-06-25 11:13:31 -07:00
print ( ' Security question: %(question)s ' % { ' question ' : details . security_question } )
2015-09-21 19:57:01 +00:00
if not args . no_answer :
2020-06-25 11:13:31 -07:00
print ( ' Security answer: %(answer)s ' % { ' answer ' : details . security_answer } )
