+SeenKey = 0;
+SeenDNS = 0;
+mailRBL = {}
+mailRHSBL = {}
+mailWhitelist = {}
+SeenList = {}
+DNS = {}
+
+ArbChanges = {"c": "..",
+ "l": ".*",
+ "facsimileTelephoneNumber": ".*",
+ "telephoneNumber": ".*",
+ "postalAddress": ".*",
+ "postalCode": ".*",
+ "loginShell": ".*",
+ "emailForward": "^([^<>@]+@.+)?$",
+ "jabberJID": "^([^<>@]+@.+)?$",
+ "ircNick": ".*",
+ "icqUin": "^[0-9]*$",
+ "onVacation": ".*",
+ "labeledURI": ".*",
+ "birthDate": "^([0-9]{4})([01][0-9])([0-3][0-9])$",
+ "mailDisableMessage": ".*",
+ "mailGreylisting": "^(TRUE|FALSE)$",
+ "mailCallout": "^(TRUE|FALSE)$",
+};
+
+DelItems = {"c": None,
+ "l": None,
+ "facsimileTelephoneNumber": None,
+ "telephoneNumber": None,
+ "postalAddress": None,
+ "postalCode": None,
+ "emailForward": None,
+ "ircNick": None,
+ "onVacation": None,
+ "labeledURI": None,
+ "latitude": None,
+ "longitude": None,
+ "icqUin": None,
+ "jabberJID": None,
+ "jpegPhoto": None,
+ "dnsZoneEntry": None,
+ "sshRSAAuthKey": None,
+ "sshDSAAuthKey": None,
+ "birthDate" : None,
+ "mailGreylisting": None,
+ "mailCallout": None,
+ "mailRBL": None,
+ "mailRHSBL": None,
+ "mailWhitelist": None,
+ "mailDisableMessage": None,
+ };
+
+# Decode a GPS location from some common forms
+def LocDecode(Str,Dir):
+ # Check for Decimal degrees, DGM, or DGMS
+ if re.match("^[+-]?[\d.]+$",Str) != None:
+ return Str;
+
+ Deg = '0'; Min = None; Sec = None; Dr = Dir[0];
+
+ # Check for DDDxMM.MMMM where x = [nsew]
+ Match = re.match("^(\d+)(["+Dir+"])([\d.]+)$",Str);
+ if Match != None:
+ G = Match.groups();
+ Deg = G[0]; Min = G[2]; Dr = G[1];
+
+ # Check for DD.DD x
+ Match = re.match("^([\d.]+) ?(["+Dir+"])$",Str);
+ if Match != None:
+ G = Match.groups();
+ Deg = G[0]; Dr = G[1];
+
+ # Check for DD:MM.MM x
+ Match = re.match("^(\d+):([\d.]+) ?(["+Dir+"])$",Str);
+ if Match != None:
+ G = Match.groups();
+ Deg = G[0]; Min = G[1]; Dr = G[2];
+
+ # Check for DD:MM:SS.SS x
+ Match = re.match("^(\d+):(\d+):([\d.]+) ?(["+Dir+"])$",Str);
+ if Match != None:
+ G = Match.groups();
+ Deg = G[0]; Min = G[1]; Sec = G[2]; Dr = G[3];
+
+ # Some simple checks
+ if float(Deg) > 180:
+ raise "Failed","Bad degrees";
+ if Min != None and float(Min) > 60:
+ raise "Failed","Bad minutes";
+ if Sec != None and float(Sec) > 60:
+ raise "Failed","Bad seconds";
+
+ # Pad on an extra leading 0 to disambiguate small numbers
+ if len(Deg) <= 1 or Deg[1] == '.':
+ Deg = '0' + Deg;
+ if Min != None and (len(Min) <= 1 or Min[1] == '.'):
+ Min = '0' + Min;
+ if Sec != None and (len(Sec) <= 1 or Sec[1] == '.'):
+ Sec = '0' + Sec;
+
+ # Construct a DGM/DGMS type value from the components.
+ Res = "+"
+ if Dr == Dir[1]:
+ Res = "-";
+ Res = Res + Deg;
+ if Min != None:
+ Res = Res + Min;
+ if Sec != None:
+ Res = Res + Sec;
+ return Res;
+
+# Handle changing a set of arbitary fields
+# <field>: value
+def DoArbChange(Str,Attrs):
+ Match = re.match("^([^ :]+): (.*)$",Str);
+ if Match == None:
+ return None;
+ G = Match.groups();
+
+ attrName = G[0].lower();
+ for i in ArbChanges.keys():
+ if i.lower() == attrName:
+ attrName = i;
+ break;
+ if ArbChanges.has_key(attrName) == 0:
+ return None;
+
+ if re.match(ArbChanges[attrName],G[1]) == None:
+ raise Error, "Item does not match the required format"+ArbChanges[attrName];
+
+# if attrName == 'birthDate':
+# (re.match("^([0-9]{4})([01][0-9])([0-3][0-9])$",G[1]) {
+# $bd_yr = $1; $bd_mo = $2; $bd_day = $3;
+# if ($bd_mo > 0 and $bd_mo <= 12 and $bd_day > 0) {
+# if ($bd_mo == 2) {
+# if ($bd_day == 29 and ($bd_yr == 0 or ($bd_yr % 4 == 0 && ($bd_yr % 100 != 0 || $bd_yr % 400 == 0)))) {
+# $bd_ok = 1;
+# } elsif ($bd_day <= 28) {
+# $bd_ok = 1;
+# }
+# } elsif ($bd_mo == 4 or $bd_mo == 6 or $bd_mo == 9 or $bd_mo == 11) {
+# if ($bd_day <= 30) {
+# $bd_ok = 1;
+# }
+# } else {
+# if ($bd_day <= 31) {
+# $bd_ok = 1;
+# }
+# }
+# }
+# } elsif (not defined($query->param('birthdate')) or $query->param('birthdate') =~ /^\s*$/) {
+# $bd_ok = 1;
+# }
+ Attrs.append((ldap.MOD_REPLACE,attrName,G[1]));
+ return "Changed entry %s to %s"%(attrName,G[1]);
+
+# Handle changing a set of arbitary fields
+# <field>: value
+def DoDel(Str,Attrs):
+ Match = re.match("^del (.*)$",Str);
+ if Match == None:
+ return None;
+ G = Match.groups();
+
+ attrName = G[0].lower();
+ for i in DelItems.keys():
+ if i.lower() == attrName:
+ attrName = i;
+ break;
+ if DelItems.has_key(attrName) == 0:
+ return "Cannot erase entry %s"%(attrName);
+
+ Attrs.append((ldap.MOD_DELETE,attrName,None));
+ return "Removed entry %s"%(attrName);
+
+# Handle a position change message, the line format is:
+# Lat: -12412.23 Long: +12341.2342
+def DoPosition(Str,Attrs):
+ Match = re.match("^lat: ([+\-]?[\d:.ns]+(?: ?[ns])?) long: ([+\-]?[\d:.ew]+(?: ?[ew])?)$", Str.lower())
+ if Match == None:
+ return None;
+
+ G = Match.groups();
+ try:
+ sLat = LocDecode(G[0],"ns");
+ sLong = LocDecode(G[1],"ew");
+ Lat = DecDegree(sLat,1);
+ Long = DecDegree(sLong,1);
+ except:
+ raise Error, "Positions were found, but they are not correctly formed";
+
+ Attrs.append((ldap.MOD_REPLACE,"latitude",sLat));
+ Attrs.append((ldap.MOD_REPLACE,"longitude",sLong));
+ return "Position set to %s/%s (%s/%s decimal degrees)"%(sLat,sLong,Lat,Long);
+
+# Handle an SSH authentication key, the line format is:
+# [options] 1024 35 13188913666680[..] [comment]
+def DoSSH(Str,Attrs):
+ Match = SSH2AuthSplit.match(Str);
+ if Match == None:
+ Match = re.compile('^1024 (\d+) ').match(Str)
+ if Match is not None:
+ return "SSH1 keys not supported anymore"
+ return None;
+
+ global SeenKey;
+ if SeenKey:
+ Attrs.append((ldap.MOD_ADD,"sshRSAAuthKey",Str));
+ return "SSH Key added "+FormatSSHAuth(Str);
+
+ Attrs.append((ldap.MOD_REPLACE,"sshRSAAuthKey",Str));
+ SeenKey = 1;
+ return "SSH Keys replaced with "+FormatSSHAuth(Str);
+
+# Handle changing a dns entry
+# host IN A 12.12.12.12
+# host IN AAAA 1234::5678
+# host IN CNAME foo.bar. <- Trailing dot is required
+# host IN MX foo.bar. <- Trailing dot is required
+def DoDNS(Str,Attrs,DnRecord):
+ cnamerecord = re.match("^[-\w]+\s+IN\s+CNAME\s+([-\w.]+\.)$",Str,re.IGNORECASE)
+ arecord = re.match('^[-\w]+\s+IN\s+A\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$',Str,re.IGNORECASE)
+ mxrecord = re.match("^[-\w]+\s+IN\s+MX\s+(\d{1,3})\s+([-\w.]+\.)$",Str,re.IGNORECASE)
+ #aaaarecord = re.match('^[-\w]+\s+IN\s+AAAA\s+((?:[0-9a-f]{1,4})(?::[0-9a-f]{1,4})*(?::(?:(?::[0-9a-f]{1,4})*|:))?)$',Str,re.IGNORECASE)
+ aaaarecord = re.match('^[-\w]+\s+IN\s+AAAA\s+([A-F0-9:]{2,39})$',Str,re.IGNORECASE)
+
+ if cnamerecord == None and\
+ arecord == None and\
+ mxrecord == None and\
+ aaaarecord == None:
+ return None;
+
+ # Check if the name is already taken
+ G = re.match('^([-\w+]+)\s',Str)
+ if G == None:
+ raise Error, "Hostname not found although we already passed record syntax checks"
+ hostname = G.group(1)
+
+ # Check for collisions
+ global l;
+ # [JT 20070409 - search for both tab and space suffixed hostnames
+ # since we accept either. It'd probably be better to parse the
+ # incoming string in order to construct what we feed LDAP rather
+ # than just passing it through as is.]
+ filter = "(|(dnsZoneEntry=%s *)(dnsZoneEntry=%s *))" % (hostname, hostname)
+ Rec = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,filter,["uid"]);
+ for x in Rec:
+ if GetAttr(x,"uid") != GetAttr(DnRecord,"uid"):
+ return "DNS entry is already owned by " + GetAttr(x,"uid")
+
+ global SeenDNS;
+ global DNS;
+
+ if cnamerecord:
+ if DNS.has_key(hostname):
+ return "CNAME and other RR types not allowed: "+Str
+ else:
+ DNS[hostname] = 2
+ else:
+ if DNS.has_key(hostname) and DNS[hostname] == 2:
+ return "CNAME and other RR types not allowed: "+Str
+ else:
+ DNS[hostname] = 1
+
+ if cnamerecord != None:
+ sanitized = "%s IN CNAME %s" % (hostname, cnamerecord.group(1))
+ elif arecord != None:
+ ipaddress = arecord.group(1)
+ for quad in ipaddress.split('.'):
+ if not (int(quad) >=0 and int(quad) <= 255):
+ return "Invalid quad %s in IP address %s in line %s" %(quad, ipaddress, Str)
+ sanitized = "%s IN A %s"% (hostname, ipaddress)
+ elif mxrecord != None:
+ priority = mxrecord.group(1)
+ mx = mxrecord.group(2)
+ sanitized = "%s IN MX %s %s" % (hostname, priority, mx)
+ elif aaaarecord != None:
+ ipv6address = aaaarecord.group(1)
+ parts = ipv6address.split(':')
+ if len(parts) > 8:
+ return "Invalid IPv6 address (%s): too many parts"%(ipv6address)
+ if len(parts) <= 2:
+ return "Invalid IPv6 address (%s): too few parts"%(ipv6address)
+ if parts[0] == "":
+ parts.pop(0)
+ if parts[-1] == "":
+ parts.pop(-1)
+ seenEmptypart = False
+ for p in parts:
+ if len(p) > 4:
+ return "Invalid IPv6 address (%s): part %s is longer than 4 characters"%(ipv6address, p)
+ if p == "":
+ if seenEmptypart:
+ return "Invalid IPv6 address (%s): more than one :: (nothing in between colons) is not allowed"%(ipv6address)
+ seenEmptypart = True
+ sanitized = "%s IN AAAA %s" % (hostname, ipv6address)
+ else:
+ raise Error, "None of the types I recognize was it. I shouldn't be here. confused."
+
+ if SeenDNS:
+ Attrs.append((ldap.MOD_ADD,"dnsZoneEntry",sanitized));
+ return "DNS Entry added "+sanitized;
+
+ Attrs.append((ldap.MOD_REPLACE,"dnsZoneEntry",sanitized));
+ SeenDNS = 1;
+ return "DNS Entry replaced with "+sanitized;
+
+# Handle an RBL list (mailRBL, mailRHSBL, mailWhitelist)
+def DoRBL(Str,Attrs):
+ Match = re.compile('^mail(rbl|rhsbl|whitelist) ([-a-z0-9.]+)$').match(Str.lower())
+ if Match == None:
+ return None
+
+ if Match.group(1) == "rbl":
+ Key = "mailRBL"
+ if Match.group(1) == "rhsbl":
+ Key = "mailRHSBL"
+ if Match.group(1) == "whitelist":
+ Key = "mailWhitelist"
+ Host = Match.group(2)
+
+ global SeenList
+ if SeenList.has_key(Key):
+ Attrs.append((ldap.MOD_ADD,Key,Host))
+ return "%s added %s" % (Key,Host)
+
+ Attrs.append((ldap.MOD_REPLACE,Key,Host))
+ SeenList[Key] = 1;
+ return "%s replaced with %s" % (Key,Host)