+ArbChanges = {"c": "..",
+ "l": ".*",
+ "facsimileTelephoneNumber": ".*",
+ "telephoneNumber": ".*",
+ "postalAddress": ".*",
+ "postalCode": ".*",
+ "loginShell": ".*",
+ "emailForward": "^([^<>@]+@.+)?$",
+ "ircNick": ".*",
+ "icqUin": "^[0-9]*$",
+ "onVacation": ".*",
+ "labledURI": ".*"};
+
+DelItems = {"c": None,
+ "l": None,
+ "facsimileTelephoneNumber": None,
+ "telephoneNumber": None,
+ "postalAddress": None,
+ "postalCode": None,
+ "emailForward": None,
+ "ircNick": None,
+ "onVacation": None,
+ "labledURI": None,
+ "latitude": None,
+ "longitude": None,
+ "icqUin": None,
+ "sshRSAAuthKey": None,
+ "sshDSAAuthKey": None};
+
+# Decode a GPS location from some common forms
+def LocDecode(Str,Dir):
+ # Check for Decimal degrees, DGM, or DGMS
+ if re.match("^[+-]?[\d.]+$",Str) != None:
+ return Str;
+
+ Deg = '0'; Min = None; Sec = None; Dr = Dir[0];
+
+ # Check for DDDxMM.MMMM where x = [nsew]
+ Match = re.match("^(\d+)(["+Dir+"])([\d.]+)$",Str);
+ if Match != None:
+ G = Match.groups();
+ Deg = G[0]; Min = G[2]; Dr = G[1];
+
+ # Check for DD.DD x
+ Match = re.match("^([\d.]+) ?(["+Dir+"])$",Str);
+ if Match != None:
+ G = Match.groups();
+ Deg = G[0]; Dr = G[1];
+
+ # Check for DD:MM.MM x
+ Match = re.match("^(\d+):([\d.]+) ?(["+Dir+"])$",Str);
+ if Match != None:
+ G = Match.groups();
+ Deg = G[0]; Min = G[1]; Dr = G[2];
+
+ # Check for DD:MM:SS.SS x
+ Match = re.match("^(\d+):(\d+):([\d.]+) ?(["+Dir+"])$",Str);
+ if Match != None:
+ G = Match.groups();
+ Deg = G[0]; Min = G[1]; Sec = G[2]; Dr = G[3];
+
+ # Some simple checks
+ if float(Deg) > 180:
+ raise "Failed","Bad degrees";
+ if Min != None and float(Min) > 60:
+ raise "Failed","Bad minutes";
+ if Sec != None and float(Sec) > 60:
+ raise "Failed","Bad seconds";
+
+ # Pad on an extra leading 0 to disambiguate small numbers
+ if len(Deg) <= 1 or Deg[1] == '.':
+ Deg = '0' + Deg;
+ if Min != None and (len(Min) <= 1 or Min[1] == '.'):
+ Min = '0' + Min;
+ if Sec != None and (len(Sec) <= 1 or Sec[1] == '.'):
+ Sec = '0' + Sec;
+
+ # Construct a DGM/DGMS type value from the components.
+ Res = "+"
+ if Dr == Dir[1]:
+ Res = "-";
+ Res = Res + Deg;
+ if Min != None:
+ Res = Res + Min;
+ if Sec != None:
+ Res = Res + Sec;
+ return Res;
+
+# Handle changing a set of arbitary fields
+# <field>: value
+def DoArbChange(Str,Attrs):
+ Match = re.match("^([^ :]+): (.*)$",Str);
+ if Match == None:
+ return None;
+ G = Match.groups();
+
+ attrName = G[0].lower();
+ for i in ArbChanges.keys():
+ if i.lower() == attrName:
+ attrName = i;
+ break;
+ if ArbChanges.has_key(attrName) == 0:
+ return None;
+
+ if re.match(ArbChanges[attrName],G[1]) == None:
+ raise Error, "Item does not match the required format"+ArbChanges[attrName];
+
+ Attrs.append((ldap.MOD_REPLACE,attrName,G[1]));
+ return "Changed entry %s to %s"%(attrName,G[1]);
+
+# Handle changing a set of arbitary fields
+# <field>: value
+def DoDel(Str,Attrs):
+ Match = re.match("^del (.*)$",Str);
+ if Match == None:
+ return None;
+ G = Match.groups();
+
+ attrName = G[0].lower();
+ for i in DelItems.keys():
+ if i.lower() == attrName:
+ attrName = i;
+ break;
+ if DelItems.has_key(attrName) == 0:
+ return "Cannot erase entry %s"%(attrName);
+
+ Attrs.append((ldap.MOD_DELETE,attrName,None));
+ return "Removed entry %s"%(attrName);
+
+# Handle a position change message, the line format is:
+# Lat: -12412.23 Long: +12341.2342
+def DoPosition(Str,Attrs):
+ Match = re.match("^lat: ([+\-]?[\d:.ns]+(?: ?[ns])?) long: ([+\-]?[\d:.ew]+(?: ?[ew])?)$",string.lower(Str));
+ if Match == None:
+ return None;
+
+ G = Match.groups();
+ try:
+ sLat = LocDecode(G[0],"ns");
+ sLong = LocDecode(G[1],"ew");
+ Lat = DecDegree(sLat,1);
+ Long = DecDegree(sLong,1);
+ except:
+ raise Error, "Positions were found, but they are not correctly formed";
+
+ Attrs.append((ldap.MOD_REPLACE,"latitude",sLat));
+ Attrs.append((ldap.MOD_REPLACE,"longitude",sLong));
+ return "Position set to %s/%s (%s/%s decimal degrees)"%(sLat,sLong,Lat,Long);
+
+# Handle an SSH authentication key, the line format is:
+# [options] 1024 35 13188913666680[..] [comment]
+def DoSSH(Str,Attrs):
+ Match = SSH2AuthSplit.match(Str);
+ if Match == None:
+ return None;
+
+ global SeenKey;
+ if SeenKey:
+ Attrs.append((ldap.MOD_ADD,"sshRSAAuthKey",Str));
+ return "SSH Key added "+FormatSSHAuth(Str);
+
+ Attrs.append((ldap.MOD_REPLACE,"sshRSAAuthKey",Str));
+ SeenKey = 1;
+ return "SSH Keys replaced with "+FormatSSHAuth(Str);
+
+# Handle changing a dns entry
+# host in a 12.12.12.12
+# host in cname foo.bar. <- Trailing dot is required
+def DoDNS(Str,Attrs,DnRecord):
+ cname = re.match("^[-\w]+\s+in\s+cname\s+[-\w.]+\.$",Str,re.IGNORECASE);
+ if re.match('^[-\w]+\s+in\s+a\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$',\
+ Str,re.IGNORECASE) == None and cname == None and \
+ re.match("^[-\w]+\s+in\s+mx\s+\d{1,3}\s+[-\w.]+\.$",Str,re.IGNORECASE) == None:
+ return None;
+
+ # Check if the name is already taken
+ G = re.match('^([-\w+]+)\s',Str).groups();
+
+ # Check for collisions
+ global l;
+ Rec = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"dnsZoneEntry="+G[0]+" *",["uid"]);
+ for x in Rec:
+ if GetAttr(x,"uid") != GetAttr(DnRecord,"uid"):
+ return "DNS entry is already owned by " + GetAttr(x,"uid")
+
+ global SeenDNS;
+ global DNS;
+
+ if cname:
+ if DNS.has_key(G[0]):
+ return "CNAME and other RR types not allowed: "+Str
+ else:
+ DNS[G[0]] = 2
+ else:
+ if DNS.has_key(G[0]) and DNS[G[0]] == 2:
+ return "CNAME and other RR types not allowed: "+Str
+ else:
+ DNS[G[0]] = 1
+
+ if SeenDNS:
+ Attrs.append((ldap.MOD_ADD,"dnsZoneEntry",Str));
+ return "DNS Entry added "+Str;
+
+ Attrs.append((ldap.MOD_REPLACE,"dnsZoneEntry",Str));
+ SeenDNS = 1;
+ return "DNS Entry replaced with "+Str;
+
+# Handle an [almost] arbitary change
+def HandleChange(Reply,DnRecord,Key):
+ global PlainText;
+ Lines = re.split("\n *\r?",PlainText);
+
+ Result = "";
+ Attrs = [];
+ Show = 0;
+ for Line in Lines:
+ Line = string.strip(Line);
+ if Line == "":
+ continue;
+
+ # Try to process a command line
+ Result = Result + "> "+Line+"\n";
+ try:
+ if Line == "show":
+ Show = 1;
+ Res = "OK";
+ else:
+ Res = DoPosition(Line,Attrs) or DoDNS(Line,Attrs,DnRecord) or \
+ DoArbChange(Line,Attrs) or DoSSH(Line,Attrs) or \
+ DoDel(Line,Attrs);
+ except:
+ Res = None;
+ Result = Result + "==> %s: %s\n" %(sys.exc_type,sys.exc_value);
+
+ # Fail, if someone tries to send someone elses signed email to the
+ # daemon then we want to abort ASAP.
+ if Res == None:
+ Result = Result + "Command is not understood. Halted\n";
+ break;
+ Result = Result + Res + "\n";
+
+ # Connect to the ldap server
+ l = ldap.open(LDAPServer);
+ F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
+ AccessPass = string.split(string.strip(F.readline())," ");
+ F.close();
+
+ # Modify the record
+ l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]);
+ oldAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid"));
+ if (string.find(GetAttr(oldAttrs[0],"userPassword"),"*LK*") != -1):
+ raise Error, "This account is locked";
+ Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn;
+ l.modify_s(Dn,Attrs);
+
+ Attribs = "";
+ if Show == 1:
+ Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid"));
+ if len(Attrs) == 0:
+ raise Error, "User not found"
+ Attribs = GPGEncrypt(PrettyShow(Attrs[0])+"\n","0x"+Key[1],Key[4]);
+
+ Subst = {};
+ Subst["__FROM__"] = ChangeFrom;
+ Subst["__EMAIL__"] = EmailAddress(DnRecord);
+ Subst["__ADMIN__"] = ReplyTo;
+ Subst["__RESULT__"] = Result;
+ Subst["__ATTR__"] = Attribs;
+
+ return Reply + TemplateSubst(Subst,open(TemplatesDir+"change-reply","r").read());
+