From 83cc2054feedaaefdb73f02b3cb9a807c6cf06e3 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zolt=C3=A1n=20Felleg?= <zoltan.felleg@userrendszerhaz.hu>
Date: Tue, 29 Mar 2022 21:34:44 +0200
Subject: [PATCH] Updated fdc.in (finished the password expiration mailer
 script).

---
 .../c3d/firstboot/scripts/90_setupservices.sh |  2 +
 .../usr/local/bin/mailpwdexpiration.py        | 87 +++++++++++++++++--
 .../postinstall/scripts/10_setupservices.sh   |  1 +
 .../postinstall/scripts/20_setupcrontab.sh    |  4 +
 sources/fdc.in/envvars                        |  7 +-
 5 files changed, 89 insertions(+), 12 deletions(-)
 create mode 100755 sources/fdc.in/c3d/postinstall/scripts/20_setupcrontab.sh

diff --git a/sources/fdc.in/c3d/firstboot/scripts/90_setupservices.sh b/sources/fdc.in/c3d/firstboot/scripts/90_setupservices.sh
index be4d925..73b97b6 100755
--- a/sources/fdc.in/c3d/firstboot/scripts/90_setupservices.sh
+++ b/sources/fdc.in/c3d/firstboot/scripts/90_setupservices.sh
@@ -3,6 +3,8 @@
 
 systemctl enable oddjobd.service
 systemctl start oddjobd.service
+systemctl enable postfix.service
+systemctl start postfix.service
 systemctl enable sssd.service
 systemctl start sssd.service
 
diff --git a/sources/fdc.in/c3d/postinstall/install-data/usr/local/bin/mailpwdexpiration.py b/sources/fdc.in/c3d/postinstall/install-data/usr/local/bin/mailpwdexpiration.py
index 5bda486..77cb550 100755
--- a/sources/fdc.in/c3d/postinstall/install-data/usr/local/bin/mailpwdexpiration.py
+++ b/sources/fdc.in/c3d/postinstall/install-data/usr/local/bin/mailpwdexpiration.py
@@ -3,28 +3,97 @@
 
 import ldap
 import time
+import email
+import smtplib
 
 
 LDAP_URI='ldaps://fds.useribm.hu'
 USERS_BASE='ou=people,dc=user,dc=hu'
 
 
+PWD_MAX_AGE = 8640000
+PWD_EXP_WARN_DAYS_1 = 7
+PWD_EXP_WARN_DAYS_2 = 3
+PWD_EXP_WARN_DAYS_3 = 1
+
+PWD_WARNING_SUBJECT = 'Your password expires in {} days'
+PWD_WARNING_MESSAGE = '''Dear {},
+
+Your password will expire in {} days.
+Please visit https://fdc.useribm.hu and change it.
+
+Respectfully yours,
+Directory Server'''
+
+PWD_ERROR_SUBJECT = 'Your password has expired'
+PWD_ERROR_MESSAGE = '''Dear {},
+
+Your password has expired.
+Please visit https://fdc.useribm.hu and change it.
+
+Respectfully yours,
+Directory Server'''
+
+
+def send_mail(mail_type, expiration_days, uid, email_address):
+    msg = email.message.EmailMessage()
+    if mail_type == 'WARNING':
+        msg.set_content(PWD_WARNING_MESSAGE.format(uid, expiration_days))
+        msg['Subject'] = PWD_WARNING_SUBJECT.format(expiration_days)
+    elif mail_type == 'ERROR':
+        msg.set_content(PWD_ERROR_MESSAGE.format(uid))
+        msg['Subject'] = PWD_ERROR_SUBJECT
+    elif mail_type == 'CRITICAL':
+        msg.set_content(PWD_ERROR_MESSAGE.format(uid))
+        msg['Subject'] = PWD_ERROR_SUBJECT
+    else:
+        msg.set_content('Invalid mail_type value: {}'.format(mail_type))
+        msg['Subject'] = 'Invalid mail_type value: {}'.format(mail_type)
+        email_address = 'zoltan.felleg@userrendszerhaz.hu'
+    msg['From'] = 'dirsrv@useribm.hu'
+    msg['To'] = email_address
+    srv = smtplib.SMTP()
+    srv.connect()
+    srv.send_message(msg)
+    srv.quit()
+
+
 if __name__ == '__main__':
 
     ldap_object = ldap.initialize(LDAP_URI)
-    #ldap_object.set_option(ldap.OPT_X_TLS_REQUIRE_CERT, ldap.OPT_X_TLS_NEVER)
-    #ldap_object.set_option(ldap.OPT_X_TLS_NEWCTX, 0)
 
-    search_id = ldap_object.search(USERS_BASE, ldap.SCOPE_SUBTREE, attrlist=['uid', 'pwdUpdateTime'])
+    search_id = ldap_object.search(USERS_BASE,
+                                   ldap.SCOPE_SUBTREE,
+                                   attrlist=['uid',
+                                             'mail',
+                                             'pwdUpdateTime'])
     (search_result_type, search_result_data) = ldap_object.result()
 
     current_timestamp = time.mktime(time.gmtime())
     for item in search_result_data:
         (dn, values) = item
-        if 'pwdUpdateTime' in values:
+        if ('mail' in values) and ('pwdUpdateTime' in values):
             uid = values['uid'][0].decode('utf-8')
-            pwdupdatetime = values['pwdUpdateTime'][0].decode('utf-8')
-            pwdupdatetimestamp = time.mktime(time.strptime(pwdupdatetime, '%Y%m%d%H%M%S%z'))
-            days_since_password_update = (current_timestamp - pwdupdatetimestamp) / (24 * 60 * 60)
-            print(uid, pwdupdatetime, days_since_password_update)
-            #print(dn, values)
+            email_address = values['mail'][0].decode('utf-8')
+            pwd_update_time = values['pwdUpdateTime'][0].decode('utf-8')
+            pwd_update_timestamp = time.mktime(time.strptime(pwd_update_time, '%Y%m%d%H%M%S%z'))
+            expiration_seconds = PWD_MAX_AGE - (current_timestamp - pwd_update_timestamp)
+            expiration_days = expiration_seconds / (24 * 60 * 60)
+            rounded_expiration_days = int(expiration_days + 0.5)
+            if expiration_days > PWD_EXP_WARN_DAYS_1:
+                #send_mail('OK', rounded_expiration_days, uid, email_address)
+                continue
+            if (expiration_days + PWD_EXP_WARN_DAYS_2) < 0:
+                #send_mail('CRITICAL', rounded_expiration_days, uid, email_address)
+                continue
+            if expiration_days < 0:
+                send_mail('ERROR', rounded_expiration_days, uid, email_address)
+                continue
+            if expiration_days == PWD_EXP_WARN_DAYS_3:
+                send_mail('WARNING', rounded_expiration_days, uid, email_address)
+                continue
+            if expiration_days == PWD_EXP_WARN_DAYS_2:
+                send_mail('WARNING', rounded_expiration_days, uid, email_address)
+                continue
+            if expiration_days == PWD_EXP_WARN_DAYS_1:
+                send_mail('WARNING', rounded_expiration_days, uid, email_address)
diff --git a/sources/fdc.in/c3d/postinstall/scripts/10_setupservices.sh b/sources/fdc.in/c3d/postinstall/scripts/10_setupservices.sh
index d104b8a..0c374f3 100755
--- a/sources/fdc.in/c3d/postinstall/scripts/10_setupservices.sh
+++ b/sources/fdc.in/c3d/postinstall/scripts/10_setupservices.sh
@@ -3,6 +3,7 @@
 
 systemctl disable httpd.service
 systemctl disable oddjobd.service
+systemctl disable postfix.service
 systemctl disable sssd.service
 
 systemctl disable NetworkManager-wait-online.service
diff --git a/sources/fdc.in/c3d/postinstall/scripts/20_setupcrontab.sh b/sources/fdc.in/c3d/postinstall/scripts/20_setupcrontab.sh
new file mode 100755
index 0000000..7111f32
--- /dev/null
+++ b/sources/fdc.in/c3d/postinstall/scripts/20_setupcrontab.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+
+echo '10 10 * * * root /usr/local/bin/mailpwdexpiration.py' >>/etc/crontab
diff --git a/sources/fdc.in/envvars b/sources/fdc.in/envvars
index 594e4ac..61a4046 100644
--- a/sources/fdc.in/envvars
+++ b/sources/fdc.in/envvars
@@ -1,6 +1,7 @@
 DISTRIBUTION=Fedora
 DISTRIBUTION_VERSION=35
-SPEC_PACKAGES="authselect cronie httpd mailx mod_ssl oddjob-mkhomedir"
+SPEC_PACKAGES="authselect cronie httpd mod_ssl oddjob-mkhomedir"
 SPEC_PACKAGES="$SPEC_PACKAGES openldap-clients openssh-clients"
-SPEC_PACKAGES="$SPEC_PACKAGES openssh-server passwd python3-certbot-apache"
-SPEC_PACKAGES="$SPEC_PACKAGES python3-ldap python3-mod_wsgi rsync sssd-ldap"
+SPEC_PACKAGES="$SPEC_PACKAGES openssh-server passwd postfix"
+SPEC_PACKAGES="$SPEC_PACKAGES python3-certbot-apache python3-ldap"
+SPEC_PACKAGES="$SPEC_PACKAGES python3-mod_wsgi rsync sssd-ldap"
-- 
2.54.0