X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-mailgate;h=073ee4f823af598019db99088252889e9e69d02b;hb=ee31199de9509a59b51ec164b8dcd97b9d4b8ce1;hp=bd77120ebcf1089cb5a88100e5cab8760f0600fd;hpb=b87aa2309e65df00e0134ea5fd6aea63486e70eb;p=mirror%2Fuserdir-ldap.git

diff --git a/ud-mailgate b/ud-mailgate
index bd77120..073ee4f 100755
--- a/ud-mailgate
+++ b/ud-mailgate
@@ -331,10 +331,11 @@ def DoSSH(Str, Attrs, badkeys, uid):
             Subst["__ERROR__"] = "SSH key with fingerprint %s known as bad key" % (g[1])
             ErrReply = TemplateSubst(Subst, open(TemplatesDir + "admin-info", "r").read())
 
-            Child = os.popen("/usr/sbin/sendmail -t", "w")
-            Child.write(ErrReplyHead)
-            Child.write(ErrReply)
-            if Child.close() is not None:
+            Child = subprocess.Popen(['/usr/sbin/sendmail', '-t'], stdin=subprocess.PIPE)
+            Child.stdin.write(ErrReplyHead)
+            Child.stdin.write(ErrReply)
+            Child.stdin.close()
+            if Child.wait() != 0:
                 raise UDExecuteError("Sendmail gave a non-zero return code")
         except Exception:
             sys.exit(EX_TEMPFAIL)
@@ -371,6 +372,10 @@ def DoDNS(Str, Attrs, DnRecord):
        aaaarecord is None:
         return None
 
+    # Check for punycode.  We ought to validate it before we allow it in our zone.
+    if Str.lower().startswith('xn--'):
+        return "Punycode not allowed: " + Str
+
     # Check if the name is already taken
     G = re.match(r'^([-\w+]+)\s', Str)
     if G is None:
@@ -689,7 +694,7 @@ def HandleChTOTPSeed(Reply, DnRecord, Key):
     random_id = binascii.hexlify(open("/dev/urandom", "r").read(32))
     totp_file_name = "%d-%s" % (time.time(), random_id,)
 
-    msg = GPGEncrypt("Please go to %s/fetch-totp-seed?id=%s\n to fetch your TOTP seed" % (WebUILocation, totp_file_name), "0x" + Key[1], Key[4])
+    msg = GPGEncrypt("Please go to %s/fetch-totp-seed.cgi?id=%s\n to fetch your TOTP seed" % (WebUILocation, totp_file_name), "0x" + Key[1], Key[4])
 
     if msg is None:
         raise UDFormatError("Unable to generate the encrypted reply, gpg failed.")
@@ -704,7 +709,8 @@ def HandleChTOTPSeed(Reply, DnRecord, Key):
     lc = connect_to_ldap_and_check_if_locked(DnRecord)
     # Save the seed so the user can pick it up.
     f = open(os.path.join(TOTPTicketDirectory, totp_file_name), os.O_WRONLY | os.O_CREAT)
-    f.write(seed)
+    print >> f, seed
+    print >> f, GetAttr(DnRecord, "uid")
     f.close()
 
     # Modify the password