Do not call FinishConfirmSudopassword if we already decided to not commit this

[mirror/userdir-ldap.git] / ud-mailgate
diff --git a/ud-mailgate b/ud-mailgate

index 6baf2c4..1c9f998 100755 (executable)
--- a/ud-mailgate
+++ b/ud-mailgate
@@ -82,7 +82,6 @@ DelItems = {"c": None,
              "jpegPhoto": None,
              "dnsZoneEntry": None,
             "sshRSAAuthKey": None,
-           "sshDSAAuthKey": None,
              "birthDate" : None,
              "mailGreylisting": None,
              "mailCallout": None,
@@ -491,15 +490,15 @@ def FinishConfirmSudopassword(l, uid, Attrs):
           confirmedHosts = SudoPasswd[uuid][0]
           confirmedHmac = SudoPasswd[uuid][1]
           if status.startswith('confirmed:'):
-            if status == 'confirmed:'+make_sudopasswd_hmac('password-is-confirmed', uuid, hosts, cryptedpass):
+            if status == 'confirmed:'+make_passwd_hmac('password-is-confirmed', 'sudo', uid, uuid, hosts, cryptedpass):
                 result = result + "Entry %s for sudo password on hosts %s already confirmed.\n"%(uuid, hosts)
              else:
                 result = result + "Entry %s for sudo password on hosts %s is listed as confirmed, but HMAC does not verify.\n"%(uuid, hosts)
           elif confirmedHosts != hosts:
              result = result + "Entry %s hostlist mismatch (%s vs. %s).\n"%(uuid, hosts, confirmedHosts)
-         elif make_sudopasswd_hmac('confirm-new-password', uuid, hosts, cryptedpass) == confirmedHmac:
+         elif make_passwd_hmac('confirm-new-password', 'sudo', uid, uuid, hosts, cryptedpass) == confirmedHmac:
              result = result + "Entry %s for sudo password on hosts %s now confirmed.\n"%(uuid, hosts)
-            status = 'confirmed:'+make_sudopasswd_hmac('password-is-confirmed', uuid, hosts, cryptedpass)
+            status = 'confirmed:'+make_passwd_hmac('password-is-confirmed', 'sudo', uid, uuid, hosts, cryptedpass)
           else:
              result = result + "Entry %s for sudo password on hosts %s HMAC verify failed.\n"%(uuid, hosts)
           del SudoPasswd[uuid]
@@ -566,15 +565,18 @@ def HandleChange(Reply,DnRecord,Key):
     if ((GetAttr(oldAttrs[0],"userPassword").find("*LK*") != -1) 
         or GetAttr(oldAttrs[0],"userPassword").startswith("!")):
        raise Error, "This account is locked";
-   try:
-      Res = FinishConfirmSudopassword(l, GetAttr(DnRecord,"uid"), Attrs)
-      Result = Result + Res + "\n";
-   except Error, e:
-      CommitChanges = 0
-      Result = Result + "FinishConfirmSudopassword raised an error (%s) - no changes committed\n"%(e);
+
+   if CommitChanges == 1: # only if we are still good to go
+      try:
+         Res = FinishConfirmSudopassword(l, GetAttr(DnRecord,"uid"), Attrs)
+         Result = Result + Res + "\n";
+      except Error, e:
+         CommitChanges = 0
+         Result = Result + "FinishConfirmSudopassword raised an error (%s) - no changes committed\n"%(e);
+
     # Modify the record
-   Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn;
     if CommitChanges == 1:
+      Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn;
        l.modify_s(Dn,Attrs);
  
     Attribs = "";
@@ -583,7 +585,7 @@ def HandleChange(Reply,DnRecord,Key):
        if len(Attrs) == 0:
           raise Error, "User not found"
        Attribs = GPGEncrypt(PrettyShow(Attrs[0])+"\n","0x"+Key[1],Key[4]);
-      
+
     Subst = {};
     Subst["__FROM__"] = ChangeFrom;
     Subst["__EMAIL__"] = EmailAddress(DnRecord);
@@ -793,4 +795,7 @@ except:
     if ErrType != EX_PERMFAIL:
        sys.exit(ErrType);
     sys.exit(0);
-   
+
+# vim:set et:
+# vim:set ts=3:
+# vim:set shiftwidth=3: