X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-mailgate;h=01e036d2537ef65c356942c6d663b89bab8ed1d7;hb=59d97ebdfe01bf2688ba3c428e8a07f81cf13fbd;hp=6e24f10d0108c165c31c76071a9f84fd973dded6;hpb=162b1cc123ef36b78070248e133d35ba6968a2a8;p=mirror%2Fuserdir-ldap.git

diff --git a/ud-mailgate b/ud-mailgate
index 6e24f10..01e036d 100755
--- a/ud-mailgate
+++ b/ud-mailgate
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 # -*- mode: python -*-
 import userdir_gpg, userdir_ldap, sys, traceback, time, ldap, os;
-import string, pwd
+import pwd
 from userdir_gpg import *;
 from userdir_ldap import *;
 
@@ -195,7 +195,7 @@ def DoDel(Str,Attrs):
 # Handle a position change message, the line format is:
 #  Lat: -12412.23 Long: +12341.2342
 def DoPosition(Str,Attrs):
-   Match = re.match("^lat: ([+\-]?[\d:.ns]+(?: ?[ns])?) long: ([+\-]?[\d:.ew]+(?: ?[ew])?)$",string.lower(Str));
+   Match = re.match("^lat: ([+\-]?[\d:.ns]+(?: ?[ns])?) long: ([+\-]?[\d:.ew]+(?: ?[ew])?)$", Str.lower())
    if Match == None:
       return None;
 
@@ -232,17 +232,28 @@ def DoSSH(Str,Attrs):
    return "SSH Keys replaced with "+FormatSSHAuth(Str);
 
 # Handle changing a dns entry
-#  host in a 12.12.12.12
-#  host in cname foo.bar.    <- Trailing dot is required
+#  host IN A     12.12.12.12
+#  host IN AAAA  1234::5678
+#  host IN CNAME foo.bar.    <- Trailing dot is required
+#  host IN MX    foo.bar.    <- Trailing dot is required
 def DoDNS(Str,Attrs,DnRecord):
-   cname = re.match("^[-\w]+\s+in\s+cname\s+[-\w.]+\.$",Str,re.IGNORECASE);
-   if re.match('^[-\w]+\s+in\s+a\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$',\
-        Str,re.IGNORECASE) == None and cname == None and \
-      re.match("^[-\w]+\s+in\s+mx\s+\d{1,3}\s+[-\w.]+\.$",Str,re.IGNORECASE) == None:
-     return None;     
+   cnamerecord = re.match("^[-\w]+\s+IN\s+CNAME\s+([-\w.]+\.)$",Str,re.IGNORECASE)
+   arecord     = re.match('^[-\w]+\s+IN\s+A\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$',Str,re.IGNORECASE)
+   mxrecord    = re.match("^[-\w]+\s+IN\s+MX\s+(\d{1,3})\s+([-\w.]+\.)$",Str,re.IGNORECASE)
+   #aaaarecord  = re.match('^[-\w]+\s+IN\s+AAAA\s+((?:[0-9a-f]{1,4})(?::[0-9a-f]{1,4})*(?::(?:(?::[0-9a-f]{1,4})*|:))?)$',Str,re.IGNORECASE)
+   aaaarecord  = re.match('^[-\w]+\s+IN\s+AAAA\s+([A-F0-9:]{2,39})$',Str,re.IGNORECASE)
+
+   if cnamerecord == None and\
+      arecord == None and\
+      mxrecord == None and\
+      aaaarecord == None:
+     return None;
 
    # Check if the name is already taken
-   G = re.match('^([-\w+]+)\s',Str).groups();
+   G = re.match('^([-\w+]+)\s',Str)
+   if G == None:
+     raise Error, "Hostname not found although we already passed record syntax checks"
+   hostname = G.group(1)
 
    # Check for collisions
    global l;
@@ -250,7 +261,7 @@ def DoDNS(Str,Attrs,DnRecord):
    #  since we accept either.  It'd probably be better to parse the
    #  incoming string in order to construct what we feed LDAP rather
    #  than just passing it through as is.]
-   filter = "(|(dnsZoneEntry=%s	*)(dnsZoneEntry=%s *))" % (G[0], G[0])
+   filter = "(|(dnsZoneEntry=%s	*)(dnsZoneEntry=%s *))" % (hostname, hostname)
    Rec = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,filter,["uid"]);
    for x in Rec:
       if GetAttr(x,"uid") != GetAttr(DnRecord,"uid"):
@@ -259,28 +270,63 @@ def DoDNS(Str,Attrs,DnRecord):
    global SeenDNS;
    global DNS;
 
-   if cname:
-     if DNS.has_key(G[0]):
+   if cnamerecord:
+     if DNS.has_key(hostname):
        return "CNAME and other RR types not allowed: "+Str
      else:
-       DNS[G[0]] = 2
+       DNS[hostname] = 2
    else:
-     if DNS.has_key(G[0]) and DNS[G[0]] == 2:
+     if DNS.has_key(hostname) and DNS[hostname] == 2:
        return "CNAME and other RR types not allowed: "+Str
      else:
-       DNS[G[0]] = 1
-     
+       DNS[hostname] = 1
+
+   if cnamerecord != None:
+     sanitized = "%s IN CNAME %s" % (hostname, cnamerecord.group(1))
+   elif arecord != None:
+     ipaddress = arecord.group(1)
+     for quad in ipaddress.split('.'):
+       if not (int(quad) >=0 and int(quad) <= 255):
+         return "Invalid quad %s in IP address %s in line %s" %(quad, ipaddress, Str)
+     sanitized = "%s IN A %s"% (hostname, ipaddress)
+   elif mxrecord != None:
+     priority = mxrecord.group(1)
+     mx = mxrecord.group(2)
+     sanitized = "%s IN MX %s %s" % (hostname, priority, mx)
+   elif aaaarecord != None:
+     ipv6address = aaaarecord.group(1)
+     parts = ipv6address.split(':')
+     if len(parts) > 8:
+       return "Invalid IPv6 address (%s): too many parts"%(ipv6address)
+     if len(parts) <= 2:
+       return "Invalid IPv6 address (%s): too few parts"%(ipv6address)
+     if parts[0] == "":
+       parts.pop(0)
+     if parts[-1] == "":
+       parts.pop(-1)
+     seenEmptypart = False
+     for p in parts:
+       if len(p) > 4:
+         return "Invalid IPv6 address (%s): part %s is longer than 4 characters"%(ipv6address, p)
+       if p == "":
+         if seenEmptypart:
+           return "Invalid IPv6 address (%s): more than one :: (nothing in between colons) is not allowed"%(ipv6address)
+         seenEmptypart = True
+     sanitized = "%s IN AAAA %s" % (hostname, ipv6address)
+   else:
+     raise Error, "None of the types I recognize was it.  I shouldn't be here.  confused."
+
    if SeenDNS:
-     Attrs.append((ldap.MOD_ADD,"dnsZoneEntry",Str));
-     return "DNS Entry added "+Str;
-      
-   Attrs.append((ldap.MOD_REPLACE,"dnsZoneEntry",Str));
+     Attrs.append((ldap.MOD_ADD,"dnsZoneEntry",sanitized));
+     return "DNS Entry added "+sanitized;
+
+   Attrs.append((ldap.MOD_REPLACE,"dnsZoneEntry",sanitized));
    SeenDNS = 1;
-   return "DNS Entry replaced with "+Str;
+   return "DNS Entry replaced with "+sanitized;
 
 # Handle an RBL list (mailRBL, mailRHSBL, mailWhitelist)
 def DoRBL(Str,Attrs):
-   Match = re.compile('^mail(rbl|rhsbl|whitelist) ([-a-z0-9.]+)$').match(string.lower(Str))
+   Match = re.compile('^mail(rbl|rhsbl|whitelist) ([-a-z0-9.]+)$').match(Str.lower())
    if Match == None:
       return None
    
@@ -310,7 +356,7 @@ def HandleChange(Reply,DnRecord,Key):
    Attrs = [];
    Show = 0;
    for Line in Lines: 
-      Line = string.strip(Line);
+      Line = Line.strip()
       if Line == "":
          continue;
 
@@ -338,13 +384,13 @@ def HandleChange(Reply,DnRecord,Key):
    # Connect to the ldap server
    l = ldap.open(LDAPServer);
    F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
-   AccessPass = string.split(string.strip(F.readline())," ");
+   AccessPass = F.readline().strip().split(" ")
    F.close();
 
    # Modify the record
    l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]);
    oldAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid"));
-   if ((string.find(GetAttr(oldAttrs[0],"userPassword"),"*LK*")  != -1) 
+   if ((GetAttr(oldAttrs[0],"userPassword").find("*LK*") != -1) 
        or GetAttr(oldAttrs[0],"userPassword").startswith("!")):
       raise Error, "This account is locked";
    Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn;
@@ -409,14 +455,14 @@ def HandleChPass(Reply,DnRecord,Key):
    # Connect to the ldap server
    l = ldap.open(LDAPServer);
    F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
-   AccessPass = string.split(string.strip(F.readline())," ");
+   AccessPass = F.readline().strip().split(" ")
    F.close();
    l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]);
 
    # Check for a locked account
    Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid"));
-   if (string.find(GetAttr(Attrs[0],"userPassword"),"*LK*")  != -1) \
-             or GetAttr(x,"userPassword").startswith("!"):
+   if (GetAttr(Attrs[0],"userPassword").find("*LK*") != -1) \
+             or GetAttr(Attrs[0],"userPassword").startswith("!"):
       raise Error, "This account is locked";
 
    # Modify the password
@@ -448,8 +494,8 @@ try:
    Msg = GetClearSig(Email);
 
    ErrMsg = "Message is not PGP signed:"
-   if string.find(Msg[0],"-----BEGIN PGP SIGNED MESSAGE-----") == -1 and \
-      string.find(Msg[0],"-----BEGIN PGP MESSAGE-----") == -1:
+   if Msg[0].find("-----BEGIN PGP SIGNED MESSAGE-----") == -1 and \
+      Msg[0].find("-----BEGIN PGP MESSAGE-----") == -1:
       raise Error, "No PGP signature";
    
    # Check the signature
@@ -467,9 +513,9 @@ try:
    ErrMsg = "Problem stripping MIME headers from the decoded message"
    if Msg[1] == 1:
       try:
-         Index = string.index(Res[3],"\n\n") + 2;
+         Index = Res[3].index("\n\n") + 2;
       except ValueError:
-         Index = string.index(Res[3],"\n\r\n") + 3;
+         Index = Res[3].index("\n\r\n") + 3;
       PlainText = Res[3][Index:];
    else:
       PlainText = Res[3];   
@@ -514,7 +560,7 @@ try:
    if sys.argv[1] == "ping":
       Reply = HandlePing(Reply,Attrs[0],Res[2]);
    elif sys.argv[1] == "chpass":
-      if string.find(string.strip(PlainText),"Please change my Debian password") != 0:
+      if PlainText.strip().find("Please change my Debian password") != 0:
          raise Error,"Please send a signed message where the first line of text is the string 'Please change my Debian password'";
       Reply = HandleChPass(Reply,Attrs[0],Res[2]);
    elif sys.argv[1] == "change":