ud-mailgate: remove exception for münchen.debian.net

[mirror/userdir-ldap.git] / ud-mailgate

diff --git a/ud-mailgate b/ud-mailgate
index bd77120..30af583 100755 (executable)
--- a/ud-mailgate
+++ b/ud-mailgate
@@ -371,6 +371,10 @@ def DoDNS(Str, Attrs, DnRecord):
        aaaarecord is None:
         return None
 
+    # Check for punycode.  We ought to validate it before we allow it in our zone.
+    if Str.lower().startswith('xn--'):
+        return "Punycode not allowed: " + Str
+
     # Check if the name is already taken
     G = re.match(r'^([-\w+]+)\s', Str)
     if G is None:
@@ -689,7 +693,7 @@ def HandleChTOTPSeed(Reply, DnRecord, Key):
     random_id = binascii.hexlify(open("/dev/urandom", "r").read(32))
     totp_file_name = "%d-%s" % (time.time(), random_id,)
 
-    msg = GPGEncrypt("Please go to %s/fetch-totp-seed?id=%s\n to fetch your TOTP seed" % (WebUILocation, totp_file_name), "0x" + Key[1], Key[4])
+    msg = GPGEncrypt("Please go to %s/fetch-totp-seed.cgi?id=%s\n to fetch your TOTP seed" % (WebUILocation, totp_file_name), "0x" + Key[1], Key[4])
 
     if msg is None:
         raise UDFormatError("Unable to generate the encrypted reply, gpg failed.")
@@ -704,7 +708,8 @@ def HandleChTOTPSeed(Reply, DnRecord, Key):
     lc = connect_to_ldap_and_check_if_locked(DnRecord)
     # Save the seed so the user can pick it up.
     f = open(os.path.join(TOTPTicketDirectory, totp_file_name), os.O_WRONLY | os.O_CREAT)
-    f.write(seed)
+    print >> f, seed
+    print >> f, GetAttr(DnRecord, "uid")
     f.close()
 
     # Modify the password