From 1fba345532896a49d61b365dbbe5fa52135f2ab3 Mon Sep 17 00:00:00 2001
From: Tollef Fog Heen <tfheen@err.no>
Date: Sat, 12 Aug 2017 22:07:55 +0200
Subject: [PATCH] Fix ud-mailgate to handle the SHA256:$fingerprint output
 format that stretch's ssh-keygen has switched to.

---
 debian/changelog | 2 ++
 ud-mailgate      | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 4ee8ee2..55f58c4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,8 @@ userdir-ldap (0.3.90) UNRELEASED; urgency=medium
   [ Tollef Fog Heen ]
   * Add totpSeed to LDAP schema.
   * Add support for changing TOTP seed by mailing ud-mailgate.
+  * Fix ud-mailgate to handle the SHA256:$fingerprint output format that
+    stretch's ssh-keygen has switched to.
 
  -- Paul Wise <pabs@debian.org>  Sat, 17 Jun 2017 14:38:00 +0800
 
diff --git a/ud-mailgate b/ud-mailgate
index 427a024..b23e8a5 100755
--- a/ud-mailgate
+++ b/ud-mailgate
@@ -39,7 +39,7 @@ SeenList = {}
 DNS = {}
 ValidHostNames = [] # will be initialized in later
 
-SSHFingerprint = re.compile('^(\d+) ([0-9a-f\:]{47}) (.+)$')
+SSHFingerprint = re.compile('^(\d+) ([0-9a-f\:]{47}|SHA256:[0-9A-Za-z/+]{43}) (.+)$')
 SSHRSA1Match = re.compile('^^(.* )?\d+ \d+ \d+')
 
 GenderTable = {"male": '1',
@@ -322,6 +322,8 @@ def DoSSH(Str, Attrs, badkeys, uid):
    Subst["__USER__"] = uid
 
    Match = SSHFingerprint.match(output)
+   if Match is None:
+      return "Failed to match SSH fingerprint, has the output of ssh-keygen changed?"
    g = Match.groups()
    key_size = g[0]
    fingerprint = g[1]
-- 
2.20.1