- shutil.copy(k, OutDir)
-
-# Connect to the ldap server
-l = connectLDAP()
-F = open(PassDir + "/pass-" + pwd.getpwuid(os.getuid())[0], "r")
-Pass = F.readline().strip().split(" ")
-F.close()
-l.simple_bind_s("uid=" + Pass[0] + "," + BaseDn, Pass[1])
-
-# Fetch all the groups
-GroupIDMap = {}
-Attrs = l.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "gid=*",\
- ["gid", "gidNumber", "subGroup"])
-
-# Generate the SubGroupMap and GroupIDMap
-for x in Attrs:
- if x[1].has_key("gidNumber") == 0:
- continue
- GroupIDMap[x[1]["gid"][0]] = int(x[1]["gidNumber"][0])
- if x[1].has_key("subGroup") != 0:
- SubGroupMap.setdefault(x[1]["gid"][0], []).extend(x[1]["subGroup"])
-
-# Fetch all the users
-PasswdAttrs = l.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "uid=*",\
- ["uid", "uidNumber", "gidNumber", "supplementaryGid",\
- "gecos", "loginShell", "userPassword", "shadowLastChange",\
- "shadowMin", "shadowMax", "shadowWarning", "shadowInactive",
- "shadowExpire", "emailForward", "latitude", "longitude",\
- "allowedHost", "sshRSAAuthKey", "dnsZoneEntry", "cn", "sn",\
- "keyFingerPrint", "privateSub", "mailDisableMessage",\
- "mailGreylisting", "mailCallout", "mailRBL", "mailRHSBL",\
- "mailWhitelist", "sudoPassword", "objectClass", "accountStatus",\
- "mailContentInspectionAction"])
-
-if PasswdAttrs is None:
- raise UDEmptyList, "No Users"
-
-PasswdAttrs.sort(lambda x, y: cmp((GetAttr(x, "uid")).lower(), (GetAttr(y, "uid")).lower()))
-
-# Fetch all the hosts
-HostAttrs = l.search_s(HostBaseDn, ldap.SCOPE_ONELEVEL, "objectClass=debianServer",\
- ["hostname", "sshRSAHostKey", "purpose", "allowedGroups", "exportOptions",\
- "mXRecord", "ipHostNumber", "machine", "architecture"])
-
-if HostAttrs == None:
- raise UDEmptyList, "No Hosts"
-
-HostAttrs.sort(lambda x, y: cmp((GetAttr(x, "hostname")).lower(), (GetAttr(y, "hostname")).lower()))
-
-# Generate global things
-GlobalDir = GenerateDir + "/"
-GenDisabledAccounts(GlobalDir + "disabled-accounts")
-
-PasswdAttrs = filter(lambda x: not IsRetired(x), PasswdAttrs)
-#DebianUsers = filter(lambda x: IsGidDebian(x), PasswdAttrs)
-DebianUsers = PasswdAttrs
-
-CheckForward()
-
-GenMailDisable(GlobalDir + "mail-disable")
-GenCDB(GlobalDir + "mail-forward.cdb", 'emailForward')
-GenCDB(GlobalDir + "mail-contentinspectionaction.cdb", 'mailContentInspectionAction')
-GenPrivate(GlobalDir + "debian-private")
-GenSSHKnown(GlobalDir+"authorized_keys", 'authorized_keys')
-GenMailBool(GlobalDir + "mail-greylist", "mailGreylisting")
-GenMailBool(GlobalDir + "mail-callout", "mailCallout")
-GenMailList(GlobalDir + "mail-rbl", "mailRBL")
-GenMailList(GlobalDir + "mail-rhsbl", "mailRHSBL")
-GenMailList(GlobalDir + "mail-whitelist", "mailWhitelist")
-GenKeyrings(GlobalDir)
-
-# Compatibility.
-GenForward(GlobalDir + "forward-alias")
-
-PasswdAttrs = filter(lambda x: not x in DisabledUsers, PasswdAttrs)
-
-SSHFiles = GenSSHShadow()
-GenMarkers(GlobalDir + "markers")
-GenSSHKnown(GlobalDir + "ssh_known_hosts")
-GenHosts(GlobalDir + "debianhosts")
-
-for host in HostAttrs:
- if not "hostname" in host[1]:
- continue
-
- CurrentHost = host[1]['hostname'][0]
- OutDir = GenerateDir + '/' + CurrentHost + '/'
- try:
+ if os.path.isdir(k):
+ replaceTree(k, OutDir)
+ else:
+ shutil.copy(k, OutDir)
+
+
+def get_accounts(ldap_conn):
+ # Fetch all the users
+ passwd_attrs = ldap_conn.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "(&(uid=*)(!(uidNumber=0))(objectClass=shadowAccount))",\
+ ["uid", "uidNumber", "gidNumber", "supplementaryGid",\
+ "gecos", "loginShell", "userPassword", "shadowLastChange",\
+ "shadowMin", "shadowMax", "shadowWarning", "shadowInactive",
+ "shadowExpire", "emailForward", "latitude", "longitude",\
+ "allowedHost", "sshRSAAuthKey", "dnsZoneEntry", "cn", "sn",\
+ "keyFingerPrint", "privateSub", "mailDisableMessage",\
+ "mailGreylisting", "mailCallout", "mailRBL", "mailRHSBL",\
+ "mailWhitelist", "sudoPassword", "objectClass", "accountStatus",\
+ "mailContentInspectionAction", "webPassword", "rtcPassword",\
+ "bATVToken", "totpSeed"])
+
+ if passwd_attrs is None:
+ raise UDEmptyList, "No Users"
+ accounts = map(lambda x: UDLdap.Account(x[0], x[1]), passwd_attrs)
+ accounts.sort(lambda x,y: cmp(x['uid'].lower(), y['uid'].lower()))
+
+ return accounts
+
+def get_hosts(ldap_conn):
+ # Fetch all the hosts
+ HostAttrs = ldap_conn.search_s(HostBaseDn, ldap.SCOPE_ONELEVEL, "objectClass=debianServer",\
+ ["hostname", "sshRSAHostKey", "purpose", "allowedGroups", "exportOptions",\
+ "mXRecord", "ipHostNumber", "dnsTTL", "machine", "architecture",
+ "sshfpHostname"])
+
+ if HostAttrs == None:
+ raise UDEmptyList, "No Hosts"
+
+ HostAttrs.sort(lambda x, y: cmp((GetAttr(x, "hostname")).lower(), (GetAttr(y, "hostname")).lower()))
+
+ return HostAttrs
+
+
+def make_ldap_conn():
+ # Connect to the ldap server
+ l = connectLDAP()
+ # for testing purposes it's sometimes useful to pass username/password
+ # via the environment
+ if 'UD_CREDENTIALS' in os.environ:
+ Pass = os.environ['UD_CREDENTIALS'].split()
+ else:
+ F = open(PassDir + "/pass-" + pwd.getpwuid(os.getuid())[0], "r")
+ Pass = F.readline().strip().split(" ")
+ F.close()
+ l.simple_bind_s("uid=" + Pass[0] + "," + BaseDn, Pass[1])
+
+ return l
+
+
+
+def setup_group_maps(l):
+ # Fetch all the groups
+ group_id_map = {}
+ subgroup_map = {}
+ attrs = l.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "gid=*",\
+ ["gid", "gidNumber", "subGroup"])
+
+ # Generate the subgroup_map and group_id_map
+ for x in attrs:
+ if x[1].has_key("accountStatus") and x[1]['accountStatus'] == "disabled":
+ continue
+ if x[1].has_key("gidNumber") == 0:
+ continue
+ group_id_map[x[1]["gid"][0]] = int(x[1]["gidNumber"][0])
+ if x[1].has_key("subGroup") != 0:
+ subgroup_map.setdefault(x[1]["gid"][0], []).extend(x[1]["subGroup"])
+
+ global SubGroupMap
+ global GroupIDMap
+ SubGroupMap = subgroup_map
+ GroupIDMap = group_id_map
+
+def generate_all(global_dir, ldap_conn):
+ accounts = get_accounts(ldap_conn)
+ host_attrs = get_hosts(ldap_conn)
+
+ global_dir += '/'
+ # Generate global things
+ accounts_disabled = GenDisabledAccounts(accounts, global_dir + "disabled-accounts")
+
+ accounts = filter(lambda x: not IsRetired(x), accounts)
+
+ CheckForward(accounts)
+
+ GenMailDisable(accounts, global_dir + "mail-disable")
+ GenCDB(accounts, global_dir + "mail-forward.cdb", 'emailForward')
+ GenDBM(accounts, global_dir + "mail-forward.db", 'emailForward')
+ GenCDB(accounts, global_dir + "mail-contentinspectionaction.cdb", 'mailContentInspectionAction')
+ GenDBM(accounts, global_dir + "mail-contentinspectionaction.db", 'mailContentInspectionAction')
+ GenPrivate(accounts, global_dir + "debian-private")
+ GenSSHKnown(host_attrs, global_dir+"authorized_keys", 'authorized_keys', global_dir+'ud-generate.lock')
+ GenMailBool(accounts, global_dir + "mail-greylist", "mailGreylisting")
+ GenMailBool(accounts, global_dir + "mail-callout", "mailCallout")
+ GenMailList(accounts, global_dir + "mail-rbl", "mailRBL")
+ GenMailList(accounts, global_dir + "mail-rhsbl", "mailRHSBL")
+ GenMailList(accounts, global_dir + "mail-whitelist", "mailWhitelist")
+ GenWebPassword(accounts, global_dir + "web-passwords")
+ GenRtcPassword(accounts, global_dir + "rtc-passwords")
+ GenTOTPSeed(accounts, global_dir + "users.oath")
+ GenKeyrings(global_dir)
+
+ # Compatibility.
+ GenForward(accounts, global_dir + "forward-alias")
+
+ GenAllUsers(accounts, global_dir + 'all-accounts.json')
+ accounts = filter(lambda a: not a in accounts_disabled, accounts)
+
+ ssh_userkeys = GenSSHShadow(global_dir, accounts)
+ GenMarkers(accounts, global_dir + "markers")
+ GenSSHKnown(host_attrs, global_dir + "ssh_known_hosts")
+ GenHosts(host_attrs, global_dir + "debianhosts")
+
+ GenDNS(accounts, global_dir + "dns-zone")
+ GenZoneRecords(host_attrs, global_dir + "dns-sshfp")
+
+ setup_group_maps(ldap_conn)
+
+ for host in host_attrs:
+ if not "hostname" in host[1]:
+ continue
+ generate_host(host, global_dir, accounts, host_attrs, ssh_userkeys)
+
+def generate_host(host, global_dir, all_accounts, all_hosts, ssh_userkeys):
+ current_host = host[1]['hostname'][0]
+ OutDir = global_dir + current_host + '/'
+ if not os.path.isdir(OutDir):