X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=ud-mailgate;h=30af5831aed09c0b05ca80d9630449faf1a6407e;hp=80340aac3ef7bafbaf6262ce9baa6bdde3a8e195;hb=HEAD;hpb=06c8b04a006130cd9593d981ddeeb5c1699c8de6

diff --git a/ud-mailgate b/ud-mailgate
index 80340aa..30af583 100755
--- a/ud-mailgate
+++ b/ud-mailgate
@@ -371,6 +371,10 @@ def DoDNS(Str, Attrs, DnRecord):
        aaaarecord is None:
         return None
 
+    # Check for punycode.  We ought to validate it before we allow it in our zone.
+    if Str.lower().startswith('xn--'):
+        return "Punycode not allowed: " + Str
+
     # Check if the name is already taken
     G = re.match(r'^([-\w+]+)\s', Str)
     if G is None:
@@ -704,7 +708,8 @@ def HandleChTOTPSeed(Reply, DnRecord, Key):
     lc = connect_to_ldap_and_check_if_locked(DnRecord)
     # Save the seed so the user can pick it up.
     f = open(os.path.join(TOTPTicketDirectory, totp_file_name), os.O_WRONLY | os.O_CREAT)
-    f.write(seed)
+    print >> f, seed
+    print >> f, GetAttr(DnRecord, "uid")
     f.close()
 
     # Modify the password