#!/usr/bin/env python
# -*- mode: python -*-
import userdir_gpg, userdir_ldap, sys, traceback, time, ldap, os;
-import string, pwd
+import pwd
from userdir_gpg import *;
from userdir_ldap import *;
"icqUin": "^[0-9]*$",
"onVacation": ".*",
"labeledURI": ".*",
+ "birthDate": "^([0-9]{4})([01][0-9])([0-3][0-9])$",
"mailDisableMessage": ".*",
"mailGreylisting": "^(TRUE|FALSE)$",
"mailCallout": "^(TRUE|FALSE)$",
if re.match(ArbChanges[attrName],G[1]) == None:
raise Error, "Item does not match the required format"+ArbChanges[attrName];
+# if attrName == 'birthDate':
+# (re.match("^([0-9]{4})([01][0-9])([0-3][0-9])$",G[1]) {
+# $bd_yr = $1; $bd_mo = $2; $bd_day = $3;
+# if ($bd_mo > 0 and $bd_mo <= 12 and $bd_day > 0) {
+# if ($bd_mo == 2) {
+# if ($bd_day == 29 and ($bd_yr == 0 or ($bd_yr % 4 == 0 && ($bd_yr % 100 != 0 || $bd_yr % 400 == 0)))) {
+# $bd_ok = 1;
+# } elsif ($bd_day <= 28) {
+# $bd_ok = 1;
+# }
+# } elsif ($bd_mo == 4 or $bd_mo == 6 or $bd_mo == 9 or $bd_mo == 11) {
+# if ($bd_day <= 30) {
+# $bd_ok = 1;
+# }
+# } else {
+# if ($bd_day <= 31) {
+# $bd_ok = 1;
+# }
+# }
+# }
+# } elsif (not defined($query->param('birthdate')) or $query->param('birthdate') =~ /^\s*$/) {
+# $bd_ok = 1;
+# }
Attrs.append((ldap.MOD_REPLACE,attrName,G[1]));
return "Changed entry %s to %s"%(attrName,G[1]);
# Handle a position change message, the line format is:
# Lat: -12412.23 Long: +12341.2342
def DoPosition(Str,Attrs):
- Match = re.match("^lat: ([+\-]?[\d:.ns]+(?: ?[ns])?) long: ([+\-]?[\d:.ew]+(?: ?[ew])?)$",string.lower(Str));
+ Match = re.match("^lat: ([+\-]?[\d:.ns]+(?: ?[ns])?) long: ([+\-]?[\d:.ew]+(?: ?[ew])?)$", Str.lower())
if Match == None:
return None;
# Check for collisions
global l;
- Rec = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"dnsZoneEntry="+G[0]+" *",["uid"]);
+ # [JT 20070409 - search for both tab and space suffixed hostnames
+ # since we accept either. It'd probably be better to parse the
+ # incoming string in order to construct what we feed LDAP rather
+ # than just passing it through as is.]
+ filter = "(|(dnsZoneEntry=%s *)(dnsZoneEntry=%s *))" % (G[0], G[0])
+ Rec = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,filter,["uid"]);
for x in Rec:
if GetAttr(x,"uid") != GetAttr(DnRecord,"uid"):
return "DNS entry is already owned by " + GetAttr(x,"uid")
# Handle an RBL list (mailRBL, mailRHSBL, mailWhitelist)
def DoRBL(Str,Attrs):
- Match = re.compile('^mail(rbl|rhsbl|whitelist) ([\w.]+)$').match(string.lower(Str))
+ Match = re.compile('^mail(rbl|rhsbl|whitelist) ([-a-z0-9.]+)$').match(Str.lower())
if Match == None:
return None
Attrs = [];
Show = 0;
for Line in Lines:
- Line = string.strip(Line);
+ Line = Line.strip()
if Line == "":
continue;
# Connect to the ldap server
l = ldap.open(LDAPServer);
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
- AccessPass = string.split(string.strip(F.readline())," ");
+ AccessPass = F.readline().strip().split(" ")
F.close();
# Modify the record
l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]);
oldAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid"));
- if (string.find(GetAttr(oldAttrs[0],"userPassword"),"*LK*") != -1):
+ if ((GetAttr(oldAttrs[0],"userPassword").find("*LK*") != -1)
+ or GetAttr(oldAttrs[0],"userPassword").startswith("!")):
raise Error, "This account is locked";
Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn;
l.modify_s(Dn,Attrs);
# Connect to the ldap server
l = ldap.open(LDAPServer);
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
- AccessPass = string.split(string.strip(F.readline())," ");
+ AccessPass = F.readline().strip().split(" ")
F.close();
l.simple_bind_s("uid="+AccessPass[0]+","+BaseDn,AccessPass[1]);
# Check for a locked account
Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid="+GetAttr(DnRecord,"uid"));
- if (string.find(GetAttr(Attrs[0],"userPassword"),"*LK*") != -1):
+ if (GetAttr(Attrs[0],"userPassword").find("*LK*") != -1) \
+ or GetAttr(Attrs[0],"userPassword").startswith("!"):
raise Error, "This account is locked";
# Modify the password
Msg = GetClearSig(Email);
ErrMsg = "Message is not PGP signed:"
- if string.find(Msg[0],"-----BEGIN PGP SIGNED MESSAGE-----") == -1 and \
- string.find(Msg[0],"-----BEGIN PGP MESSAGE-----") == -1:
+ if Msg[0].find("-----BEGIN PGP SIGNED MESSAGE-----") == -1 and \
+ Msg[0].find("-----BEGIN PGP MESSAGE-----") == -1:
raise Error, "No PGP signature";
# Check the signature
ErrMsg = "Problem stripping MIME headers from the decoded message"
if Msg[1] == 1:
try:
- Index = string.index(Res[3],"\n\n") + 2;
+ Index = Res[3].index("\n\n") + 2;
except ValueError:
- Index = string.index(Res[3],"\n\r\n") + 3;
+ Index = Res[3].index("\n\r\n") + 3;
PlainText = Res[3][Index:];
else:
PlainText = Res[3];
if sys.argv[1] == "ping":
Reply = HandlePing(Reply,Attrs[0],Res[2]);
elif sys.argv[1] == "chpass":
- if string.find(string.strip(PlainText),"Please change my Debian password") != 0:
+ if PlainText.strip().find("Please change my Debian password") != 0:
raise Error,"Please send a signed message where the first line of text is the string 'Please change my Debian password'";
Reply = HandleChPass(Reply,Attrs[0],Res[2]);
elif sys.argv[1] == "change":
projects / mirror / userdir-ldap.git / blobdiff