+# Generate the shadow list
+def GenSSHShadow(l,masterFileName):
+ # Fetch all the users
+ singlefile = None
+ userfiles = []
+ # Depending on config, we write out either a single file,
+ # multiple files, or both
+ if SingleSSHFile:
+ try:
+ OldMask = os.umask(0077);
+ masterFile = open(masterFileName + ".tmp","w",0600);
+ os.umask(OldMask);
+ except IOError:
+ Die(masterFileName,masterFile,None)
+ raise
+
+ global PasswdAttrs;
+ if PasswdAttrs == None:
+ raise "No Users";
+
+ # If we're going to be dealing with multiple keys, empty the
+ # directory before we start to avoid old keys hanging around
+ if MultipleSSHFiles:
+ safe_rmtree(os.path.join(GlobalDir, 'userkeys'))
+ safe_makedirs(os.path.join(GlobalDir, 'userkeys'))
+
+ for x in PasswdAttrs:
+ # If the account is locked, do not write it.
+ # This is a partial stop-gap. The ssh also needs to change this
+ # to ignore ~/.ssh/authorized* files.
+ if (GetAttr(x,"userPassword").find("*LK*") != -1) \
+ or GetAttr(x,"userPassword").startswith("!"):
+ continue;
+
+ if x[1].has_key("uidNumber") == 0 or \
+ x[1].has_key("sshRSAAuthKey") == 0:
+ continue;
+ User = GetAttr(x,"uid");
+ F = None;
+
+ try:
+ if MultipleSSHFiles:
+ OldMask = os.umask(0077);
+ File = os.path.join(GlobalDir, 'userkeys', User)
+ F = open(File + ".tmp","w",0600);
+ os.umask(OldMask);
+
+ for I in x[1]["sshRSAAuthKey"]:
+ if MultipleSSHFiles:
+ MultipleLine = "%s" % I
+ MultipleLine = Sanitize(MultipleLine) + "\n"
+ F.write(MultipleLine)
+ if SingleSSHFile:
+ SingleLine = "%s: %s" % (User, I)
+ SingleLine = Sanitize(SingleLine) + "\n"
+ masterFile.write(SingleLine)
+
+ if MultipleSSHFiles:
+ Done(File,F,None);
+ userfiles.append(os.path.basename(File))
+
+ # Oops, something unspeakable happened.
+ except IOError:
+ Die(File,F,None)
+ Die(masterFileName,masterFile,None)
+ raise;
+
+ if SingleSSHFile:
+ Done(masterFileName,masterFile,None)
+ singlefile = os.path.basename(masterFileName)
+
+ return singlefile, userfiles
+