X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-mailgate;h=ae86f6311cffaed92ab23faf5eab1d2116c4ead5;hb=77661e58f39415c6cee20e537d9a65afd7827ca7;hp=65955f6048dcb32ee0448f34e9a9425697052fe3;hpb=82aef85537e4199e9db0bf2fcec7db2137561795;p=mirror%2Fuserdir-ldap.git

diff --git a/ud-mailgate b/ud-mailgate
index 65955f6..ae86f63 100755
--- a/ud-mailgate
+++ b/ud-mailgate
@@ -3,7 +3,7 @@
 
 #   Prior copyright probably rmurray, troup, joey, jgg -- weasel 2008
 #   Copyright (c) 2009 Stephen Gran <steve@lobefin.net>
-#   Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
+#   Copyright (c) 2008,2009,2010 Peter Palfrader <peter@palfrader.org>
 #   Copyright (c) 2008 Joerg Jaspert <joerg@debian.org>
 #   Copyright (c) 2010 Helmut Grohne <helmut@subdivi.de>
 
@@ -376,18 +376,20 @@ def DoDNS(Str,Attrs,DnRecord):
    cnamerecord = re.match("^[-\w]+\s+IN\s+CNAME\s+([-\w.]+\.)$",Str,re.IGNORECASE)
    arecord     = re.match('^[-\w]+\s+IN\s+A\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$',Str,re.IGNORECASE)
    mxrecord    = re.match("^[-\w]+\s+IN\s+MX\s+(\d{1,3})\s+([-\w.]+\.)$",Str,re.IGNORECASE)
+   txtrecord   = re.match("^[-\w]+\s+IN\s+TXT\s+([-\d. a-z\t<>@]+)", Str, re.IGNORECASE)
    #aaaarecord  = re.match('^[-\w]+\s+IN\s+AAAA\s+((?:[0-9a-f]{1,4})(?::[0-9a-f]{1,4})*(?::(?:(?::[0-9a-f]{1,4})*|:))?)$',Str,re.IGNORECASE)
    aaaarecord  = re.match('^[-\w]+\s+IN\s+AAAA\s+([A-F0-9:]{2,39})$',Str,re.IGNORECASE)
 
-   if cnamerecord == None and\
-      arecord == None and\
-      mxrecord == None and\
-      aaaarecord == None:
+   if cnamerecord is None and\
+      arecord is None and\
+      mxrecord is None and\
+      txtrecord is None and\
+      aaaarecord is None:
      return None;
 
    # Check if the name is already taken
    G = re.match('^([-\w+]+)\s',Str)
-   if G == None:
+   if G is None:
      raise UDFormatError, "Hostname not found although we already passed record syntax checks"
    hostname = G.group(1)
 
@@ -417,19 +419,21 @@ def DoDNS(Str,Attrs,DnRecord):
      else:
        DNS[hostname] = 1
 
-   if cnamerecord != None:
+   if cnamerecord is not None:
      sanitized = "%s IN CNAME %s" % (hostname, cnamerecord.group(1))
-   elif arecord != None:
+   elif txtrecord is not None:
+      sanitized = "%s IN TXT %s" % (hostname, txtrecord.group(1))
+   elif arecord is not None:
      ipaddress = arecord.group(1)
      for quad in ipaddress.split('.'):
        if not (int(quad) >=0 and int(quad) <= 255):
          return "Invalid quad %s in IP address %s in line %s" %(quad, ipaddress, Str)
      sanitized = "%s IN A %s"% (hostname, ipaddress)
-   elif mxrecord != None:
+   elif mxrecord is not None:
      priority = mxrecord.group(1)
      mx = mxrecord.group(2)
      sanitized = "%s IN MX %s %s" % (hostname, priority, mx)
-   elif aaaarecord != None:
+   elif aaaarecord is not None:
      ipv6address = aaaarecord.group(1)
      parts = ipv6address.split(':')
      if len(parts) > 8:
@@ -715,25 +719,25 @@ try:
    
    # Check the signature
    ErrMsg = "Unable to check the signature or the signature was invalid:";
-   Res = GPGCheckSig(Msg[0]);
+   pgp = GPGCheckSig2(Msg[0])
 
-   if Res[0] != None:
-      raise UDFormatError, Res[0];
+   if not pgp.ok:
+      raise UDFormatError, pgp.why
       
-   if Res[3] == None:
-      raise UDFormatError, "Null signature text";
+   if pgp.text is None:
+      raise UDFormatError, "Null signature text"
 
    # Extract the plain message text in the event of mime encoding
    global PlainText;
    ErrMsg = "Problem stripping MIME headers from the decoded message"
    if Msg[1] == 1:
       try:
-         Index = Res[3].index("\n\n") + 2;
+         Index = pgp.text.index("\n\n") + 2
       except ValueError:
-         Index = Res[3].index("\n\r\n") + 3;
-      PlainText = Res[3][Index:];
+         Index = pgp.text.index("\n\r\n") + 3
+      PlainText = pgp.text[Index:]
    else:
-      PlainText = Res[3];   
+      PlainText = pgp.text
 
    # Connect to the ldap server
    ErrType = EX_TEMPFAIL;
@@ -743,7 +747,7 @@ try:
    l.simple_bind_s("","");
 
    # Search for the matching key fingerprint
-   Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyFingerPrint=" + Res[2][1]);
+   Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyFingerPrint=" + pgp.key_fpr)
 
    ErrType = EX_PERMFAIL;
    if len(Attrs) == 0:
@@ -756,11 +760,11 @@ try:
    RC = ReplayCache(ReplayCacheFile);
    RC.Clean();
    ErrMsg = "The replay cache rejected your message. Check your clock!";
-   Rply = RC.Check(Res[1]);
+   Rply = RC.Check(pgp.sig_info);
    if Rply != None:
       RC.close()
       raise UDNotAllowedError, Rply;
-   RC.Add(Res[1]);
+   RC.Add(pgp.sig_info);
    RC.close()
 
    # Determine the sender address
@@ -775,7 +779,6 @@ try:
    Date = time.strftime("%a, %d %b %Y %H:%M:%S +0000",time.gmtime(time.time()));
    Reply = "To: %s\nReply-To: %s\nDate: %s\n" % (Sender,ReplyTo,Date);
 
-   global ValidHostNames
    Res = l.search_s(HostBaseDn, ldap.SCOPE_SUBTREE, '(objectClass=debianServer)', ['hostname'] )
    # Res is a list of tuples.
    # The tuples contain a dn (str) and a dictionary.
@@ -785,13 +788,13 @@ try:
 
    # Dispatch
    if sys.argv[1] == "ping":
-      Reply = HandlePing(Reply,Attrs[0],Res[2]);
+      Reply = HandlePing(Reply,Attrs[0],pgp.key_info);
    elif sys.argv[1] == "chpass":
       if PlainText.strip().find("Please change my Debian password") != 0:
          raise UDFormatError,"Please send a signed message where the first line of text is the string 'Please change my Debian password'";
-      Reply = HandleChPass(Reply,Attrs[0],Res[2]);
+      Reply = HandleChPass(Reply,Attrs[0],pgp.key_info);
    elif sys.argv[1] == "change":
-      Reply = HandleChange(Reply,Attrs[0],Res[2]);
+      Reply = HandleChange(Reply,Attrs[0],pgp.key_info);
    else:
       print sys.argv;
       raise UDFormatError, "Incorrect Invokation";