projects
/
mirror
/
userdir-ldap.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
ud-generate: Create all ssh-gitolite individually
[mirror/userdir-ldap.git]
/
ud-generate
diff --git
a/ud-generate
b/ud-generate
index
41350d0
..
a4a74b5
100755
(executable)
--- a/
ud-generate
+++ b/
ud-generate
@@
-77,6
+77,10
@@
GitoliteSSHRestrictions = getattr(ConfModule, "gitolitesshrestrictions", None)
GitoliteSSHCommand = getattr(ConfModule, "gitolitesshcommand", None)
GitoliteExportHosts = re.compile(getattr(ConfModule, "gitoliteexporthosts", "."))
MX_remap = json.loads(ConfModule.MX_remap)
GitoliteSSHCommand = getattr(ConfModule, "gitolitesshcommand", None)
GitoliteExportHosts = re.compile(getattr(ConfModule, "gitoliteexporthosts", "."))
MX_remap = json.loads(ConfModule.MX_remap)
+use_mq = getattr(ConfModule, "use_mq", True)
+
+rtc_realm = getattr(ConfModule, "rtc_realm", None)
+rtc_append = getattr(ConfModule, "rtc_append", None)
def prettify(elem):
"""Return a pretty-printed XML string for the Element.
def prettify(elem):
"""Return a pretty-printed XML string for the Element.
@@
-161,9
+165,6
@@
def IsRetired(account):
return False
return False
-#def IsGidDebian(account):
-# return account['gidNumber'] == 800
-
# See if this user is in the group list
def IsInGroup(account, allowed, current_host):
# See if the primary group is in the list
# See if this user is in the group list
def IsInGroup(account, allowed, current_host):
# See if the primary group is in the list
@@
-307,7
+308,7
@@
def GenShadowSudo(accounts, File, untrusted, current_host):
Pass = '*'
if 'sudoPassword' in a:
for entry in a['sudoPassword']:
Pass = '*'
if 'sudoPassword' in a:
for entry in a['sudoPassword']:
- Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry)
+ Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*
-
]+) ([^ ]+)$').match(entry)
if Match == None:
continue
uuid = Match.group(1)
if Match == None:
continue
uuid = Match.group(1)
@@
-436,10
+437,11
@@
def GenRtcPassword(accounts, File):
os.umask(OldMask)
for a in accounts:
os.umask(OldMask)
for a in accounts:
+ if a.is_guest_account(): continue
if not 'rtcPassword' in a: continue
if not a.pw_active(): continue
if not 'rtcPassword' in a: continue
if not a.pw_active(): continue
- Line = "%s
@debian.org:%s:rtc.debian.org:AUTHORIZED" % (a['uid'], str(a['rtcPassword'])
)
+ Line = "%s
%s:%s:%s:AUTHORIZED" % (a['uid'], rtc_append, str(a['rtcPassword']), rtc_realm
)
Line = Sanitize(Line) + "\n"
F.write("%s" % (Line))
Line = Sanitize(Line) + "\n"
F.write("%s" % (Line))
@@
-886,17
+888,21
@@
def ExtractDNSInfo(x):
Algorithm = 1
if Split[0] == 'ssh-dss':
Algorithm = 2
Algorithm = 1
if Split[0] == 'ssh-dss':
Algorithm = 2
+ if Split[0] == 'ssh-ed25519':
+ Algorithm = 4
if Algorithm == None:
continue
Fingerprint = hashlib.new('sha1', base64.decodestring(Split[1])).hexdigest()
DNSInfo.append("%sIN\tSSHFP\t%u 1 %s" % (TTLprefix, Algorithm, Fingerprint))
if Algorithm == None:
continue
Fingerprint = hashlib.new('sha1', base64.decodestring(Split[1])).hexdigest()
DNSInfo.append("%sIN\tSSHFP\t%u 1 %s" % (TTLprefix, Algorithm, Fingerprint))
+ Fingerprint = hashlib.new('sha256', base64.decodestring(Split[1])).hexdigest()
+ DNSInfo.append("%sIN\tSSHFP\t%u 2 %s" % (TTLprefix, Algorithm, Fingerprint))
if 'architecture' in x[1]:
Arch = GetAttr(x, "architecture")
Mach = ""
if x[1].has_key("machine"):
Mach = " " + GetAttr(x, "machine")
if 'architecture' in x[1]:
Arch = GetAttr(x, "architecture")
Mach = ""
if x[1].has_key("machine"):
Mach = " " + GetAttr(x, "machine")
- DNSInfo.append("%sIN\tHINFO\t\"%s%s\" \"%s\"" % (TTLprefix, Arch, Mach, "Debian
GNU/Linux
"))
+ DNSInfo.append("%sIN\tHINFO\t\"%s%s\" \"%s\"" % (TTLprefix, Arch, Mach, "Debian"))
if x[1].has_key("mXRecord"):
for I in x[1]["mXRecord"]:
if x[1].has_key("mXRecord"):
for I in x[1]["mXRecord"]:
@@
-1191,7
+1197,6
@@
def generate_all(global_dir, ldap_conn):
accounts_disabled = GenDisabledAccounts(accounts, global_dir + "disabled-accounts")
accounts = filter(lambda x: not IsRetired(x), accounts)
accounts_disabled = GenDisabledAccounts(accounts, global_dir + "disabled-accounts")
accounts = filter(lambda x: not IsRetired(x), accounts)
- #accounts_DDs = filter(lambda x: IsGidDebian(x), accounts)
CheckForward(accounts)
CheckForward(accounts)
@@
-1221,7
+1226,6
@@
def generate_all(global_dir, ldap_conn):
GenMarkers(accounts, global_dir + "markers")
GenSSHKnown(host_attrs, global_dir + "ssh_known_hosts")
GenHosts(host_attrs, global_dir + "debianhosts")
GenMarkers(accounts, global_dir + "markers")
GenSSHKnown(host_attrs, global_dir + "ssh_known_hosts")
GenHosts(host_attrs, global_dir + "debianhosts")
- GenSSHGitolite(accounts, host_attrs, global_dir + "ssh-gitolite")
GenDNS(accounts, global_dir + "dns-zone")
GenZoneRecords(host_attrs, global_dir + "dns-sshfp")
GenDNS(accounts, global_dir + "dns-zone")
GenZoneRecords(host_attrs, global_dir + "dns-sshfp")
@@
-1316,7
+1320,7
@@
def generate_host(host, global_dir, all_accounts, all_hosts, ssh_userkeys):
DoLink(global_dir, OutDir, "debian-private")
if 'GITOLITE' in ExtraList:
DoLink(global_dir, OutDir, "debian-private")
if 'GITOLITE' in ExtraList:
-
DoLink(global_dir, OutDir, "ssh-gitolite"
)
+
GenSSHGitolite(all_accounts, all_hosts, OutDir + "ssh-gitolite", current_host=current_host
)
if 'exportOptions' in host[1]:
for entry in host[1]['exportOptions']:
v = entry.split('=',1)
if 'exportOptions' in host[1]:
for entry in host[1]['exportOptions']:
v = entry.split('=',1)
@@
-1476,7
+1480,8
@@
def ud_generate():
if need_update or options.force:
msg = 'Update forced' if options.force else 'Update needed'
generate_all(generate_dir, l)
if need_update or options.force:
msg = 'Update forced' if options.force else 'Update needed'
generate_all(generate_dir, l)
- mq_notify(options, msg)
+ if use_mq:
+ mq_notify(options, msg)
last_run = int(time.time())
fd.write("%s\n%s\n%s\n" % (ldap_last_mod, unix_last_mod, last_run))
fd.close()
last_run = int(time.time())
fd.write("%s\n%s\n%s\n" % (ldap_last_mod, unix_last_mod, last_run))
fd.close()