X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-mailgate;h=e8b509acd032465fa8bb77253dcf9c0f937cc4bc;hb=22fc98e6d60823d6740d7aa1ab42675bf76eb971;hp=8f9e0925876b7d3b11aa2dc041ab16f0bbe61eed;hpb=d5416c75fd5435530aa08379c4194894dff821e4;p=mirror%2Fuserdir-ldap.git

diff --git a/ud-mailgate b/ud-mailgate
index 8f9e092..e8b509a 100755
--- a/ud-mailgate
+++ b/ud-mailgate
@@ -3,7 +3,7 @@
 
 #   Prior copyright probably rmurray, troup, joey, jgg -- weasel 2008
 #   Copyright (c) 2009 Stephen Gran <steve@lobefin.net>
-#   Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
+#   Copyright (c) 2008,2009,2010 Peter Palfrader <peter@palfrader.org>
 #   Copyright (c) 2008 Joerg Jaspert <joerg@debian.org>
 #   Copyright (c) 2010 Helmut Grohne <helmut@subdivi.de>
 
@@ -376,18 +376,20 @@ def DoDNS(Str,Attrs,DnRecord):
    cnamerecord = re.match("^[-\w]+\s+IN\s+CNAME\s+([-\w.]+\.)$",Str,re.IGNORECASE)
    arecord     = re.match('^[-\w]+\s+IN\s+A\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$',Str,re.IGNORECASE)
    mxrecord    = re.match("^[-\w]+\s+IN\s+MX\s+(\d{1,3})\s+([-\w.]+\.)$",Str,re.IGNORECASE)
+   txtrecord   = re.match("^[-\w]+\s+IN\s+TXT\s+([-\d. a-z\t<>@]+)", Str, re.IGNORECASE)
    #aaaarecord  = re.match('^[-\w]+\s+IN\s+AAAA\s+((?:[0-9a-f]{1,4})(?::[0-9a-f]{1,4})*(?::(?:(?::[0-9a-f]{1,4})*|:))?)$',Str,re.IGNORECASE)
    aaaarecord  = re.match('^[-\w]+\s+IN\s+AAAA\s+([A-F0-9:]{2,39})$',Str,re.IGNORECASE)
 
-   if cnamerecord == None and\
-      arecord == None and\
-      mxrecord == None and\
-      aaaarecord == None:
+   if cnamerecord is None and\
+      arecord is None and\
+      mxrecord is None and\
+      txtrecord is None and
+      aaaarecord is None:
      return None;
 
    # Check if the name is already taken
    G = re.match('^([-\w+]+)\s',Str)
-   if G == None:
+   if G is None:
      raise UDFormatError, "Hostname not found although we already passed record syntax checks"
    hostname = G.group(1)
 
@@ -417,19 +419,21 @@ def DoDNS(Str,Attrs,DnRecord):
      else:
        DNS[hostname] = 1
 
-   if cnamerecord != None:
+   if cnamerecord is not None:
      sanitized = "%s IN CNAME %s" % (hostname, cnamerecord.group(1))
-   elif arecord != None:
+   elif txtrecord is not None:
+      sanitized = "%s IN TXT %s" % (hostname, txtrecord.group(1))
+   elif arecord is not None:
      ipaddress = arecord.group(1)
      for quad in ipaddress.split('.'):
        if not (int(quad) >=0 and int(quad) <= 255):
          return "Invalid quad %s in IP address %s in line %s" %(quad, ipaddress, Str)
      sanitized = "%s IN A %s"% (hostname, ipaddress)
-   elif mxrecord != None:
+   elif mxrecord is not None:
      priority = mxrecord.group(1)
      mx = mxrecord.group(2)
      sanitized = "%s IN MX %s %s" % (hostname, priority, mx)
-   elif aaaarecord != None:
+   elif aaaarecord is not None:
      ipv6address = aaaarecord.group(1)
      parts = ipv6address.split(':')
      if len(parts) > 8:
@@ -715,25 +719,25 @@ try:
    
    # Check the signature
    ErrMsg = "Unable to check the signature or the signature was invalid:";
-   Res = GPGCheckSig(Msg[0]);
+   pgp = GPGCheckSig2(Msg[0])
 
-   if Res[0] != None:
-      raise UDFormatError, Res[0];
+   if not pgp.ok:
+      raise UDFormatError, pgp.why
       
-   if Res[3] == None:
-      raise UDFormatError, "Null signature text";
+   if pgp.text is None:
+      raise UDFormatError, "Null signature text"
 
    # Extract the plain message text in the event of mime encoding
    global PlainText;
    ErrMsg = "Problem stripping MIME headers from the decoded message"
    if Msg[1] == 1:
       try:
-         Index = Res[3].index("\n\n") + 2;
+         Index = pgp.text.index("\n\n") + 2
       except ValueError:
-         Index = Res[3].index("\n\r\n") + 3;
-      PlainText = Res[3][Index:];
+         Index = pgp.text.index("\n\r\n") + 3
+      PlainText = pgp.text[Index:]
    else:
-      PlainText = Res[3];   
+      PlainText = pgp.text
 
    # Connect to the ldap server
    ErrType = EX_TEMPFAIL;
@@ -743,7 +747,7 @@ try:
    l.simple_bind_s("","");
 
    # Search for the matching key fingerprint
-   Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyFingerPrint=" + Res[2][1]);
+   Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"keyFingerPrint=" + pgp.key_fpr)
 
    ErrType = EX_PERMFAIL;
    if len(Attrs) == 0:
@@ -756,11 +760,11 @@ try:
    RC = ReplayCache(ReplayCacheFile);
    RC.Clean();
    ErrMsg = "The replay cache rejected your message. Check your clock!";
-   Rply = RC.Check(Res[1]);
+   Rply = RC.Check(pgp.sig_info);
    if Rply != None:
       RC.close()
       raise UDNotAllowedError, Rply;
-   RC.Add(Res[1]);
+   RC.Add(pgp.sig_info);
    RC.close()
 
    # Determine the sender address
@@ -784,13 +788,13 @@ try:
 
    # Dispatch
    if sys.argv[1] == "ping":
-      Reply = HandlePing(Reply,Attrs[0],Res[2]);
+      Reply = HandlePing(Reply,Attrs[0],pgp.key_info);
    elif sys.argv[1] == "chpass":
       if PlainText.strip().find("Please change my Debian password") != 0:
          raise UDFormatError,"Please send a signed message where the first line of text is the string 'Please change my Debian password'";
-      Reply = HandleChPass(Reply,Attrs[0],Res[2]);
+      Reply = HandleChPass(Reply,Attrs[0],pgp.key_info);
    elif sys.argv[1] == "change":
-      Reply = HandleChange(Reply,Attrs[0],Res[2]);
+      Reply = HandleChange(Reply,Attrs[0],pgp.key_info);
    else:
       print sys.argv;
       raise UDFormatError, "Incorrect Invokation";