ud-generate: deal with users without loginShell

[mirror/userdir-ldap.git] / ud-mailgate

diff --git a/ud-mailgate b/ud-mailgate
index 80340aa..1f63e68 100755 (executable)
--- a/ud-mailgate
+++ b/ud-mailgate
@@ -331,10 +331,11 @@ def DoSSH(Str, Attrs, badkeys, uid):
             Subst["__ERROR__"] = "SSH key with fingerprint %s known as bad key" % (g[1])
             ErrReply = TemplateSubst(Subst, open(TemplatesDir + "admin-info", "r").read())
 
-            Child = os.popen("/usr/sbin/sendmail -t", "w")
-            Child.write(ErrReplyHead)
-            Child.write(ErrReply)
-            if Child.close() is not None:
+            Child = subprocess.Popen(['/usr/sbin/sendmail', '-t'], stdin=subprocess.PIPE)
+            Child.stdin.write(ErrReplyHead)
+            Child.stdin.write(ErrReply)
+            Child.stdin.close()
+            if Child.wait() != 0:
                 raise UDExecuteError("Sendmail gave a non-zero return code")
         except Exception:
             sys.exit(EX_TEMPFAIL)
@@ -371,6 +372,10 @@ def DoDNS(Str, Attrs, DnRecord):
        aaaarecord is None:
         return None
 
+    # Check for punycode.  We ought to validate it before we allow it in our zone.
+    if Str.lower().startswith('xn--'):
+        return "Punycode not allowed: " + Str
+
     # Check if the name is already taken
     G = re.match(r'^([-\w+]+)\s', Str)
     if G is None:
@@ -704,7 +709,8 @@ def HandleChTOTPSeed(Reply, DnRecord, Key):
     lc = connect_to_ldap_and_check_if_locked(DnRecord)
     # Save the seed so the user can pick it up.
     f = open(os.path.join(TOTPTicketDirectory, totp_file_name), os.O_WRONLY | os.O_CREAT)
-    f.write(seed)
+    print >> f, seed
+    print >> f, GetAttr(DnRecord, "uid")
     f.close()
 
     # Modify the password
@@ -853,10 +859,10 @@ try:
 
     # Send the message through sendmail
     ErrMsg = "A problem occured while trying to send the reply"
-    Child = os.popen("/usr/sbin/sendmail -t", "w")
-    #   Child = os.popen("cat","w")
-    Child.write(Reply)
-    if Child.close() is not None:
+    Child = subprocess.Popen(['/usr/sbin/sendmail', '-t'], stdin=subprocess.PIPE)
+    Child.stdin.write(Reply)
+    Child.stdin.close()
+    if Child.wait() != 0:
         raise UDExecuteError("Sendmail gave a non-zero return code")
 
 except Exception:
@@ -882,10 +888,11 @@ except Exception:
     try:
         ErrReply = TemplateSubst(Subst, open(TemplatesDir + "error-reply", "r").read())
 
-        Child = os.popen("/usr/sbin/sendmail -t -oi -f ''", "w")
-        Child.write(ErrReplyHead)
-        Child.write(ErrReply)
-        if Child.close() is not None:
+        Child = subprocess.Popen(['/usr/sbin/sendmail', '-t', '-oi', '-f', ''], stdin=subprocess.PIPE)
+        Child.stdin.write(ErrReplyHead)
+        Child.stdin.write(ErrReply)
+        Child.stdin.close()
+        if Child.wait() != 0:
             raise UDExecuteError("Sendmail gave a non-zero return code")
     except Exception:
         sys.exit(EX_TEMPFAIL)