DSA key support

[mirror/userdir-ldap.git] / ud-mailgate

diff --git a/ud-mailgate b/ud-mailgate
index 6e94c75..6764c88 100755 (executable)
--- a/ud-mailgate
+++ b/ud-mailgate
@@ -16,6 +16,7 @@ EX_TEMPFAIL = 75;
 EX_PERMFAIL = 65;      # EX_DATAERR
 Error = 'Message Error';
 SeenRSA = 0;
+SeenDSA = 0;
 SeenDNS = 0;
 
 ArbChanges = {"c": "..",
@@ -27,6 +28,7 @@ ArbChanges = {"c": "..",
               "loginshell": ".*",
               "emailforward": "^([^<>@]+@.+)?$",
               "ircnick": ".*",
+              "icquin": "^[0-9]*$",
               "onvacation": ".*",
               "labeledurl": ".*"};
 
@@ -42,7 +44,9 @@ DelItems = {"c": None,
             "labeledurl": None,
            "latitude": None,
            "longitude": None,
-           "sshrsaauthkey": None};
+            "icquin": None,
+           "sshrsaauthkey": None,
+           "sshdsaauthkey": None};
 
 # Decode a GPS location from some common forms
 def LocDecode(Str,Dir):
@@ -170,13 +174,30 @@ def DoSSH(Str,Attrs):
    SeenRSA = 1;
    return "SSH Keys replaced with "+FormatSSHAuth(Str);
 
+# Handle a SSH DSA authentication key, the line format is:
+#  ssh-dss [key] [comment]
+def DoSSH2(Str,Attrs):
+   Match = SSHDSAAuthSplit.match(Str);
+   if Match == None:
+      return None;
+
+   global SeenDSA;
+   if SeenDSA:
+     Attrs.append((ldap.MOD_ADD,"sshdsaauthkey",Str));
+     return "SSH2 Key added "+FormatSSH2Auth(Str);
+      
+   Attrs.append((ldap.MOD_REPLACE,"sshdsaauthkey",Str));
+   SeenDSA = 1;
+   return "SSH2 Keys replaced with "+FormatSSH2Auth(Str);
+
 # Handle changing a dns entry
 #  host in a 12.12.12.12
 #  host in cname foo.bar.    <- Trailing dot is required
 def DoDNS(Str,Attrs,DnRecord):
    if re.match('^[\w-]+\s+in\s+a\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$',\
         Str,re.IGNORECASE) == None and \
-      re.match("^[\w-]+\s+in\s+cname\s+[\w.\-]+\.$",Str,re.IGNORECASE) == None:
+      re.match("^[\w-]+\s+in\s+cname\s+[\w.\-]+\.$",Str,re.IGNORECASE) == None and \
+      re.match("^[\w-]+\s+in\s+mx\s+\d{1,3}\s+[\w.\-]+\.$",Str,re.IGNORECASE) == None:
      return None;     
 
    # Check if the name is already taken
@@ -201,7 +222,7 @@ def DoDNS(Str,Attrs,DnRecord):
 # Handle an [almost] arbitary change
 def HandleChange(Reply,DnRecord,Key):
    global PlainText;
-   Lines = string.split(PlainText,"\r\n");
+   Lines = re.split("\n *\r?",PlainText);
 
    Result = "";
    Attrs = [];
@@ -220,7 +241,7 @@ def HandleChange(Reply,DnRecord,Key):
          else:
            Res = DoPosition(Line,Attrs) or DoDNS(Line,Attrs,DnRecord) or \
                  DoArbChange(Line,Attrs) or DoSSH(Line,Attrs) or \
-                 DoDel(Line,Attrs);
+                DoSSH2(Line,Attrs) or DoDel(Line,Attrs);
       except:
          Res = None;
          Result = Result + "==> %s: %s\n" %(sys.exc_type,sys.exc_value);
@@ -308,7 +329,7 @@ def HandleChPass(Reply,DnRecord,Key):
 
    # Check for a locked account
    Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid"));
-   if (string.find(GetAttr(Attrs[0],"userPassword"),"*LK*")  != -1):
+   if (string.find(GetAttr(Attrs[0],"userpassword"),"*LK*")  != -1):
       raise Error, "This account is locked";
 
    # Modify the password
@@ -395,7 +416,7 @@ try:
    if Sender == None:
       raise Error, "Unable to determine the sender's address";
 
-   if (string.find(GetAttr(Attrs[0],"userPassword"),"*LK*")  != -1):
+   if (string.find(GetAttr(Attrs[0],"userpassword"),"*LK*")  != -1):
       raise Error, "This account is locked";
 
    # Formulate a reply