projects
/
mirror
/
userdir-ldap.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Bump the minimum key size to 2048
[mirror/userdir-ldap.git]
/
ud-mailgate
diff --git
a/ud-mailgate
b/ud-mailgate
index
05756aa
..
1eb42c1
100755
(executable)
--- a/
ud-mailgate
+++ b/
ud-mailgate
@@
-323,10
+323,10
@@
def DoSSH(Str, Attrs, badkeys, uid):
Match = SSHFingerprint.match(output)
g = Match.groups()
Match = SSHFingerprint.match(output)
g = Match.groups()
- if int(g[0]) <
1024
:
+ if int(g[0]) <
2048 and (typekey != "ed25519")
:
try:
# Body
try:
# Body
- Subst["__ERROR__"] = "SSH keysize %s is below limit
1024
" % (g[0])
+ Subst["__ERROR__"] = "SSH keysize %s is below limit
2048
" % (g[0])
ErrReply = TemplateSubst(Subst,open(TemplatesDir+"admin-info","r").read())
Child = os.popen("/usr/sbin/sendmail -t","w")
ErrReply = TemplateSubst(Subst,open(TemplatesDir+"admin-info","r").read())
Child = os.popen("/usr/sbin/sendmail -t","w")
@@
-338,7
+338,7
@@
def DoSSH(Str, Attrs, badkeys, uid):
sys.exit(EX_TEMPFAIL)
# And now break and stop processing input, which sends a reply to the user.
sys.exit(EX_TEMPFAIL)
# And now break and stop processing input, which sends a reply to the user.
- raise UDFormatError, "SSH keys must have at least
1024
bits, processing halted, NOTHING MODIFIED AT ALL"
+ raise UDFormatError, "SSH keys must have at least
2048
bits, processing halted, NOTHING MODIFIED AT ALL"
elif g[1] in badkeys:
try:
# Body
elif g[1] in badkeys:
try:
# Body
@@
-490,7
+490,7
@@
def DoRBL(Str,Attrs):
# Handle a ConfirmSudoPassword request
def DoConfirmSudopassword(Str, SudoPasswd):
# Handle a ConfirmSudoPassword request
def DoConfirmSudopassword(Str, SudoPasswd):
- Match = re.compile('^confirm sudopassword ('+UUID_FORMAT+') ([a-z0-9.,*]+) ([0-9a-f]{40})$').match(Str)
+ Match = re.compile('^confirm sudopassword ('+UUID_FORMAT+') ([a-z0-9.,*
-
]+) ([0-9a-f]{40})$').match(Str)
if Match == None:
return None
if Match == None:
return None
@@
-517,7
+517,7
@@
def FinishConfirmSudopassword(l, uid, Attrs, SudoPasswd):
newldap = []
for entry in inldap:
newldap = []
for entry in inldap:
- Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry)
+ Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*
-
]+) ([^ ]+)$').match(entry)
if Match == None:
raise UDFormatError, "Could not parse existing sudopasswd entry"
uuid = Match.group(1)
if Match == None:
raise UDFormatError, "Could not parse existing sudopasswd entry"
uuid = Match.group(1)