X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-mailgate;h=1c9f998fc3612c3345a23138b4fcded9ab6f6e70;hb=a2abaa68eb9ca6118ebd24c3d04a5d3170858157;hp=26e4b75d30b1906f200227e6f6f422abac6bdba0;hpb=187d3edfdc561cd4a929811d63f73114e15932e8;p=mirror%2Fuserdir-ldap.git diff --git a/ud-mailgate b/ud-mailgate index 26e4b75..1c9f998 100755 --- a/ud-mailgate +++ b/ud-mailgate @@ -82,7 +82,6 @@ DelItems = {"c": None, "jpegPhoto": None, "dnsZoneEntry": None, "sshRSAAuthKey": None, - "sshDSAAuthKey": None, "birthDate" : None, "mailGreylisting": None, "mailCallout": None, @@ -453,7 +452,7 @@ def DoRBL(Str,Attrs): # Handle a ConfirmSudoPassword request def DoConfirmSudopassword(Str): - Match = re.compile('^confirm sudopassword ('+UUID_FORMAT+') ([a-z0-9,*]+) ([0-9a-f]{40})$').match(Str.lower()) + Match = re.compile('^confirm sudopassword ('+UUID_FORMAT+') ([a-z0-9.,*]+) ([0-9a-f]{40})$').match(Str) if Match == None: return None @@ -479,7 +478,7 @@ def FinishConfirmSudopassword(l, uid, Attrs): newldap = [] for entry in inldap: - Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry.lower()) + Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry) if Match == None: raise Error, "Could not parse existing sudopasswd entry" uuid = Match.group(1) @@ -491,15 +490,15 @@ def FinishConfirmSudopassword(l, uid, Attrs): confirmedHosts = SudoPasswd[uuid][0] confirmedHmac = SudoPasswd[uuid][1] if status.startswith('confirmed:'): - if status == 'confirmed:'+make_sudopasswd_hmac('password-is-confirmed', uuid, hosts, cryptedpass): + if status == 'confirmed:'+make_passwd_hmac('password-is-confirmed', 'sudo', uid, uuid, hosts, cryptedpass): result = result + "Entry %s for sudo password on hosts %s already confirmed.\n"%(uuid, hosts) else: result = result + "Entry %s for sudo password on hosts %s is listed as confirmed, but HMAC does not verify.\n"%(uuid, hosts) elif confirmedHosts != hosts: result = result + "Entry %s hostlist mismatch (%s vs. %s).\n"%(uuid, hosts, confirmedHosts) - elif make_sudopasswd_hmac('confirm-new-password', uuid, hosts, cryptedpass) == confirmedHmac: + elif make_passwd_hmac('confirm-new-password', 'sudo', uid, uuid, hosts, cryptedpass) == confirmedHmac: result = result + "Entry %s for sudo password on hosts %s now confirmed.\n"%(uuid, hosts) - status = 'confirmed:'+make_sudopasswd_hmac('password-is-confirmed', uuid, hosts, cryptedpass) + status = 'confirmed:'+make_passwd_hmac('password-is-confirmed', 'sudo', uid, uuid, hosts, cryptedpass) else: result = result + "Entry %s for sudo password on hosts %s HMAC verify failed.\n"%(uuid, hosts) del SudoPasswd[uuid] @@ -566,15 +565,18 @@ def HandleChange(Reply,DnRecord,Key): if ((GetAttr(oldAttrs[0],"userPassword").find("*LK*") != -1) or GetAttr(oldAttrs[0],"userPassword").startswith("!")): raise Error, "This account is locked"; - try: - Res = FinishConfirmSudopassword(l, GetAttr(DnRecord,"uid"), Attrs) - Result = Result + Res + "\n"; - except Error, e: - CommitChanges = 0 - Result = Result + "FinishConfirmSudopassword raised an error (%s) - no changes committed\n"%(e); + + if CommitChanges == 1: # only if we are still good to go + try: + Res = FinishConfirmSudopassword(l, GetAttr(DnRecord,"uid"), Attrs) + Result = Result + Res + "\n"; + except Error, e: + CommitChanges = 0 + Result = Result + "FinishConfirmSudopassword raised an error (%s) - no changes committed\n"%(e); + # Modify the record - Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn; if CommitChanges == 1: + Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn; l.modify_s(Dn,Attrs); Attribs = ""; @@ -583,7 +585,7 @@ def HandleChange(Reply,DnRecord,Key): if len(Attrs) == 0: raise Error, "User not found" Attribs = GPGEncrypt(PrettyShow(Attrs[0])+"\n","0x"+Key[1],Key[4]); - + Subst = {}; Subst["__FROM__"] = ChangeFrom; Subst["__EMAIL__"] = EmailAddress(DnRecord); @@ -793,4 +795,7 @@ except: if ErrType != EX_PERMFAIL: sys.exit(ErrType); sys.exit(0); - + +# vim:set et: +# vim:set ts=3: +# vim:set shiftwidth=3: