From: jgg <>
Date: Fri, 5 Nov 1999 04:26:30 +0000 (+0000)
Subject: Locked accounts
X-Git-Tag: debian_userdir-ldap_0-3-7~196
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=8be45fd03d84447c0f75dc77bd94ed4e6580f0f6

Locked accounts
---

diff --git a/doc/ud-info.1.yo b/doc/ud-info.1.yo
index b72db4d..816d664 100644
--- a/doc/ud-info.1.yo
+++ b/doc/ud-info.1.yo
@@ -138,6 +138,12 @@ are password equivelents, whoever has the private half of the key can use it
 to login to any machine, but not affect changes to the LDAP entry. SSH
 authentication keys are kept private.
 
+manpagesection(NOTES)
+To lock out an account take the password and prepend *LK* before the hash
+and after the {crypt} this is understood by ssh, shadow and the mailgateway to
+indicate a disabled account. No manipulations what so ever will be permitted.
+
+
 manpageoptions()
 startdit()
 dit(bf(-a))
diff --git a/ud-gpgimport b/ud-gpgimport
index 73e2a03..c85c9ba 100755
--- a/ud-gpgimport
+++ b/ud-gpgimport
@@ -159,6 +159,7 @@ Keys = os.popen(string.join(Args," "),"r");
 # Loop over the GPG key file
 Outstanding = 0;
 Ignored = 0;
+SeenKeys = {};
 while(1):
    Line = Keys.readline();
    if Line == "":
@@ -179,6 +180,11 @@ while(1):
    if Line2 == "":
       break;
 
+   if SeenKeys.has_key(Split2[9]):
+      print "Dup key 0x",Split2[9],"belonging to",KeyMap[Split2[9]][0];
+      continue;
+   SeenKeys[Split2[9]] = None;
+
    if KeyMap.has_key(Split2[9]):
       Ignored = Ignored + 1;
       # print "Ignoring keyID",Split2[9],"belonging to",KeyMap[Split2[9]][0];
@@ -197,7 +203,7 @@ while(1):
 
    Rec = [(ldap.MOD_ADD,"keyfingerprint",Split2[9])];
    Dn = "uid=" + UID + "," + BaseDn;
-   print "Adding keyID",Split2[9],"to",UID;
+   print "Adding key 0x",Split2[9],"to",UID;
    if KeyCount.has_key(UID):
       KeyCount[UID] = KeyCount[UID] + 1;
    else:
@@ -223,7 +229,7 @@ print Ignored,"keys already in the directory (ignored)";
 # Look for unmatched keys
 for x in KeyMap.keys():
    if KeyMap[x][1] == 0:
-      print "keyID",x,"belonging to",KeyMap[x][0],"removed";
+      print "key 0x",x,"belonging to",KeyMap[x][0],"removed";
       if KeyCount.has_key(KeyMap[x][0]) :
          KeyCount[KeyMap[x][0]] = KeyCount[KeyMap[x][0]] - 1
          if KeyCount[KeyMap[x][0]] <= 0:
diff --git a/ud-mailgate b/ud-mailgate
index 38f9aca..91dcf40 100755
--- a/ud-mailgate
+++ b/ud-mailgate
@@ -352,6 +352,9 @@ try:
    if Sender == None:
       raise Error, "Unable to determine the sender's address";
 
+   if (string.find(GetAttr(Attrs[0],"userPassword"),"*LK*")  != -1):
+      raise Error, "This account is locked";
+
    # Formulate a reply
    Date = time.strftime("%a, %d %b %Y %H:%M:%S +0000",time.gmtime(time.time()));
    Reply = "To: %s\nReply-To: %s\nDate: %s\n" % (Sender,ReplyTo,Date);