projects
/
mirror
/
userdir-ldap.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Do SSL when connecting to the ldap server.
[mirror/userdir-ldap.git]
/
ud-mailgate
diff --git
a/ud-mailgate
b/ud-mailgate
index
51942f1
..
6341130
100755
(executable)
--- a/
ud-mailgate
+++ b/
ud-mailgate
@@
-30,6
+30,7
@@
SeenList = {}
DNS = {}
SSHFingerprint = re.compile('^(\d+) ([0-9a-f\:]{47}) (.+)$')
DNS = {}
SSHFingerprint = re.compile('^(\d+) ([0-9a-f\:]{47}) (.+)$')
+SSHRSA1Match = re.compile('^^(.* )?\d+ \d+ \d+')
ArbChanges = {"c": "..",
"l": ".*",
ArbChanges = {"c": "..",
"l": ".*",
@@
-238,12
+239,14
@@
def LoadBadSSH():
# [options] 1024 35 13188913666680[..] [comment]
def DoSSH(Str, Attrs, badkeys, uid):
Match = SSH2AuthSplit.match(Str);
# [options] 1024 35 13188913666680[..] [comment]
def DoSSH(Str, Attrs, badkeys, uid):
Match = SSH2AuthSplit.match(Str);
+ if Match == None:
+ return None;
g = Match.groups()
typekey = g[1]
if Match == None:
g = Match.groups()
typekey = g[1]
if Match == None:
- Match =
re.compile('^1024 (\d+) ')
.match(Str)
+ Match =
SSHRSA1Match
.match(Str)
if Match is not None:
if Match is not None:
- return "
SSH
1 keys not supported anymore"
+ return "
RSA
1 keys not supported anymore"
return None;
(fd, path) = tempfile.mkstemp(".pub", "sshkeytry", "/tmp")
return None;
(fd, path) = tempfile.mkstemp(".pub", "sshkeytry", "/tmp")
@@
-464,7
+467,7
@@
def HandleChange(Reply,DnRecord,Key):
Result = Result + Res + "\n";
# Connect to the ldap server
Result = Result + Res + "\n";
# Connect to the ldap server
- l =
ldap.open(LDAPServer);
+ l =
connectLDAP()
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
AccessPass = F.readline().strip().split(" ")
F.close();
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
AccessPass = F.readline().strip().split(" ")
F.close();
@@
-535,7
+538,7
@@
def HandleChPass(Reply,DnRecord,Key):
Reply = Reply + TemplateSubst(Subst,open(TemplatesDir+"passwd-changed","r").read());
# Connect to the ldap server
Reply = Reply + TemplateSubst(Subst,open(TemplatesDir+"passwd-changed","r").read());
# Connect to the ldap server
- l =
ldap.open(LDAPServer);
+ l =
connectLDAP()
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
AccessPass = F.readline().strip().split(" ")
F.close();
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
AccessPass = F.readline().strip().split(" ")
F.close();
@@
-548,7
+551,8
@@
def HandleChPass(Reply,DnRecord,Key):
raise Error, "This account is locked";
# Modify the password
raise Error, "This account is locked";
# Modify the password
- Rec = [(ldap.MOD_REPLACE,"userPassword","{crypt}"+Pass)];
+ Rec = [(ldap.MOD_REPLACE,"userPassword","{crypt}"+Pass),
+ (ldap.MOD_REPLACE,"shadowLastChange",str(int(time.time()/24/60/60)))];
Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn;
l.modify_s(Dn,Rec);
Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn;
l.modify_s(Dn,Rec);
@@
-612,7
+616,7
@@
try:
ErrType = EX_TEMPFAIL;
ErrMsg = "An error occured while performing the LDAP lookup";
global l;
ErrType = EX_TEMPFAIL;
ErrMsg = "An error occured while performing the LDAP lookup";
global l;
- l =
ldap.open(LDAPServer);
+ l =
connectLDAP()
l.simple_bind_s("","");
# Search for the matching key fingerprint
l.simple_bind_s("","");
# Search for the matching key fingerprint