import string, re, time, ldap, getopt, sys, os, pwd, posix, socket, base64, sha, shutil, errno, tarfile, grp
from userdir_ldap import *
from userdir_exceptions import *
+import UDLdap
try:
from cStringIO import StringIO
except ImportError:
global Allowed
global CurrentHost
+if os.getuid() == 0:
+ sys.stderr.write("You should probably not run ud-generate as root.\n")
+ sys.exit(1)
+
PasswdAttrs = None
DebianUsers = None
DisabledUsers = []
PurposeHostField = re.compile(r".*\[\[([\*\-]?[a-z0-9.\-]*)(?:\|.*)?\]\]")
IsV6Addr = re.compile("^[a-fA-F0-9:]+$")
IsDebianHost = re.compile(ConfModule.dns_hostmatch)
+isSSHFP = re.compile("^\s*IN\s+SSHFP")
DNSZone = ".debian.net"
Keyrings = ConfModule.sync_keyrings.split(":")
# Write out the position for each user
for x in PasswdAttrs:
- if x[1].has_key("latitude") == 0 or x[1].has_key("longitude") == 0:
+ a = UDLdap.Account(x[0], x[1])
+ if not ('latitude' in a and 'longitude' in a):
continue
try:
- Line = "%8s %8s \"\""%(DecDegree(GetAttr(x, "latitude"), 1), DecDegree(GetAttr(x, "longitude"), 1))
+ Line = "%8s %8s \"\""%(a.latitude_dec(True), a.longitude_dec(True))
Line = Sanitize(Line) + "\n"
F.write(Line)
except:
# Write out the position for each user
for x in DebianDDUsers:
- if x[1].has_key("privateSub") == 0:
+ a = UDLdap.Account(x[0], x[1])
+ if not a.is_active_user():
continue
-
- # If the account has no PGP key, do not write it
- if x[1].has_key("keyFingerPrint") == 0:
+ if not 'privateSub' in a:
continue
-
try:
- Line = "%s"%(GetAttr(x, "privateSub"))
+ Line = "%s"%(a['privateSub'])
Line = Sanitize(Line) + "\n"
F.write(Line)
except:
I = 0
for x in PasswdAttrs:
- if x[1].has_key("uidNumber") == 0:
+ a = UDLdap.Account(x[0], x[1])
+ if a.pw_active():
continue
-
- Pass = GetAttr(x, "userPassword")
- Line = ""
- # *LK* is the reference value for a locked account
- # password starting with ! is also a locked account
- if Pass.find("*LK*") != -1 or Pass.startswith("!"):
- # Format is <login>:<reason>
- Line = "%s:%s" % (GetAttr(x, "uid"), "Account is locked")
- DisabledUsers.append(x)
-
- if Line != "":
- F.write(Sanitize(Line) + "\n")
-
-
+ Line = "%s:%s" % (a['uid'], "Account is locked")
+ DisabledUsers.append(x)
+ F.write(Sanitize(Line) + "\n")
+
# Oops, something unspeakable happened.
except:
Die(File, F, None)
# Fetch all the users
global PasswdAttrs
+ RRs = {}
# Write out the zone file entry for each user
for x in PasswdAttrs:
F.write("; Has BSMTP\n")
# Write some identification information
- if Split[2].lower() == "a":
- Line = "%s IN TXT \"%s\"\n"%(Split[0], EmailAddress(x))
- for y in x[1]["keyFingerPrint"]:
- Line = Line + "%s IN TXT \"PGP %s\"\n"%(Split[0], FormatPGPKey(y))
- F.write(Line)
+ if not RRs.has_key(Host):
+ if Split[2].lower() in ["a", "aaaa"]:
+ Line = "%s IN TXT \"%s\"\n"%(Split[0], EmailAddress(x))
+ for y in x[1]["keyFingerPrint"]:
+ Line = Line + "%s IN TXT \"PGP %s\"\n"%(Split[0], FormatPGPKey(y))
+ F.write(Line)
+ RRs[Host] = 1
else:
Line = "; Err %s"%(str(Split))
F.write(Line)
F.write(Line + "\n")
+ # this would write sshfp lines for services on machines
+ # but we can't yet, since some are cnames and we'll make
+ # an invalid zonefile
+ #
+ # for i in x[1].get("purpose", []):
+ # m = PurposeHostField.match(i)
+ # if m:
+ # m = m.group(1)
+ # # we ignore [[*..]] entries
+ # if m.startswith('*'):
+ # continue
+ # if m.startswith('-'):
+ # m = m[1:]
+ # if m:
+ # if not m.endswith(HostDomain):
+ # continue
+ # if not m.endswith('.'):
+ # m = m + "."
+ # for Line in DNSInfo:
+ # if isSSHFP.match(Line):
+ # Line = "%s\t%s" % (m, Line)
+ # F.write(Line + "\n")
+
# Oops, something unspeakable happened.
except:
Die(File, F, None)
# Connect to the ldap server
l = connectLDAP()
-F = open(PassDir + "/pass-" + pwd.getpwuid(os.getuid())[0], "r")
-Pass = F.readline().strip().split(" ")
-F.close()
+# for testing purposes it's sometimes useful to pass username/password
+# via the environment
+if 'UD_CREDENTIALS' in os.environ:
+ Pass = os.environ['UD_CREDENTIALS'].split()
+else:
+ F = open(PassDir + "/pass-" + pwd.getpwuid(os.getuid())[0], "r")
+ Pass = F.readline().strip().split(" ")
+ F.close()
l.simple_bind_s("uid=" + Pass[0] + "," + BaseDn, Pass[1])
# Fetch all the groups
SubGroupMap.setdefault(x[1]["gid"][0], []).extend(x[1]["subGroup"])
# Fetch all the users
-PasswdAttrs = l.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "uid=*",\
+PasswdAttrs = l.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "(&(uid=*)(!(uidNumber=0)))",\
["uid", "uidNumber", "gidNumber", "supplementaryGid",\
"gecos", "loginShell", "userPassword", "shadowLastChange",\
"shadowMin", "shadowMax", "shadowWarning", "shadowInactive",
HostAttrs.sort(lambda x, y: cmp((GetAttr(x, "hostname")).lower(), (GetAttr(y, "hostname")).lower()))
+# override globaldir for testing
+if 'UD_GENERATEDIR' in os.environ:
+ GenerateDir = os.environ['UD_GENERATEDIR']
+
# Generate global things
GlobalDir = GenerateDir + "/"
GenDisabledAccounts(GlobalDir + "disabled-accounts")