aaaarecord is None:
return None
+ # Check for punycode. We ought to validate it before we allow it in our zone.
+ if Str.lower().startswith('xn--'):
+ return "Punycode not allowed: " + Str
+
# Check if the name is already taken
G = re.match(r'^([-\w+]+)\s', Str)
if G is None:
random_id = binascii.hexlify(open("/dev/urandom", "r").read(32))
totp_file_name = "%d-%s" % (time.time(), random_id,)
- msg = GPGEncrypt("Please go to %s/fetch-totp-seed?id=%s\n to fetch your TOTP seed" % (WebUILocation, totp_file_name), "0x" + Key[1], Key[4])
+ msg = GPGEncrypt("Please go to %s/fetch-totp-seed.cgi?id=%s\n to fetch your TOTP seed" % (WebUILocation, totp_file_name), "0x" + Key[1], Key[4])
if msg is None:
raise UDFormatError("Unable to generate the encrypted reply, gpg failed.")
lc = connect_to_ldap_and_check_if_locked(DnRecord)
# Save the seed so the user can pick it up.
f = open(os.path.join(TOTPTicketDirectory, totp_file_name), os.O_WRONLY | os.O_CREAT)
- f.write(seed)
+ print >> f, seed
+ print >> f, GetAttr(DnRecord, "uid")
f.close()
# Modify the password