DNS = {}
SSHFingerprint = re.compile('^(\d+) ([0-9a-f\:]{47}) (.+)$')
+SSHRSA1Match = re.compile('^^(.* )?\d+ \d+ \d+')
+
+GenderTable = {"male": 1,
+ "1": 1,
+ "female": 2,
+ "2": 2,
+ "unspecified": 9,
+ "9": 9,
+};
ArbChanges = {"c": "..",
"l": ".*",
"mailGreylisting": "^(TRUE|FALSE)$",
"mailCallout": "^(TRUE|FALSE)$",
"VoIP": ".*",
+ "gender": "^(1|2|9|male|female|unspecified)$",
};
DelItems = {"c": None,
if re.match(ArbChanges[attrName],G[1]) == None:
raise Error, "Item does not match the required format"+ArbChanges[attrName];
+ value = G[1];
+ if attrName == 'gender':
+ if G[1] not in GenderTable:
+ raise Error, "Gender not found in table"
+ value = GenderTable[G[1]]
+
# if attrName == 'birthDate':
# (re.match("^([0-9]{4})([01][0-9])([0-3][0-9])$",G[1]) {
# $bd_yr = $1; $bd_mo = $2; $bd_day = $3;
# } elsif (not defined($query->param('birthdate')) or $query->param('birthdate') =~ /^\s*$/) {
# $bd_ok = 1;
# }
- Attrs.append((ldap.MOD_REPLACE,attrName,G[1]));
- return "Changed entry %s to %s"%(attrName,G[1]);
+ Attrs.append((ldap.MOD_REPLACE,attrName,value));
+ return "Changed entry %s to %s"%(attrName,value);
# Handle changing a set of arbitary fields
# <field>: value
# [options] 1024 35 13188913666680[..] [comment]
def DoSSH(Str, Attrs, badkeys, uid):
Match = SSH2AuthSplit.match(Str);
+ if Match == None:
+ return None;
g = Match.groups()
typekey = g[1]
if Match == None:
- Match = re.compile('^1024 (\d+) ').match(Str)
+ Match = SSHRSA1Match.match(Str)
if Match is not None:
- return "SSH1 keys not supported anymore"
+ return "RSA1 keys not supported anymore"
return None;
(fd, path) = tempfile.mkstemp(".pub", "sshkeytry", "/tmp")
Result = "";
Attrs = [];
Show = 0;
+ CommitChanges = 1
for Line in Lines:
Line = Line.strip()
if Line == "":
# Fail, if someone tries to send someone elses signed email to the
# daemon then we want to abort ASAP.
if Res == None:
- Result = Result + "Command is not understood. Halted\n";
+ CommitChanges = 0
+ Result = Result + "Command is not understood. Halted - no changes committed\n";
break;
Result = Result + Res + "\n";
# Connect to the ldap server
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
AccessPass = F.readline().strip().split(" ")
F.close();
or GetAttr(oldAttrs[0],"userPassword").startswith("!")):
raise Error, "This account is locked";
Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn;
- l.modify_s(Dn,Attrs);
+ if CommitChanges == 1:
+ l.modify_s(Dn,Attrs);
Attribs = "";
if Show == 1:
Reply = Reply + TemplateSubst(Subst,open(TemplatesDir+"passwd-changed","r").read());
# Connect to the ldap server
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
AccessPass = F.readline().strip().split(" ")
F.close();
raise Error, "This account is locked";
# Modify the password
- Rec = [(ldap.MOD_REPLACE,"userPassword","{crypt}"+Pass)];
+ Rec = [(ldap.MOD_REPLACE,"userPassword","{crypt}"+Pass),
+ (ldap.MOD_REPLACE,"shadowLastChange",str(int(time.time()/24/60/60)))];
Dn = "uid=" + GetAttr(DnRecord,"uid") + "," + BaseDn;
l.modify_s(Dn,Rec);
ErrType = EX_TEMPFAIL;
ErrMsg = "An error occured while performing the LDAP lookup";
global l;
- l = ldap.open(LDAPServer);
+ l = connectLDAP()
l.simple_bind_s("","");
# Search for the matching key fingerprint
projects / mirror / userdir-ldap.git / blobdiff