+ GroupList = {}
+ for groupname in AllowedGroupsPreload.strip().split(" "):
+ GroupList[groupname] = True
+ if 'allowedGroups' in host[1]:
+ for groupname in host[1]['allowedGroups']:
+ GroupList[groupname] = True
+ for groupname in GroupList.keys():
+ if groupname in GroupIDMap:
+ GroupList[str(GroupIDMap[groupname])] = True
+
+ ExtraList = {}
+ if 'exportOptions' in host[1]:
+ for extra in host[1]['exportOptions']:
+ ExtraList[extra.upper()] = True
+
+ global Allowed
+ Allowed = GroupList
+ if Allowed == {}:
+ Allowed = None
+
+ DoLink(global_dir, OutDir, "debianhosts")
+ DoLink(global_dir, OutDir, "ssh_known_hosts")
+ DoLink(global_dir, OutDir, "disabled-accounts")
+
+ sys.stdout.flush()
+ if 'NOPASSWD' in ExtraList:
+ userlist = GenPasswd(accounts, OutDir + "passwd", HomePrefix, "*")
+ else:
+ userlist = GenPasswd(accounts, OutDir + "passwd", HomePrefix, "x")
+ sys.stdout.flush()
+ grouprevmap = GenGroup(accounts, OutDir + "group")
+ GenShadowSudo(accounts, OutDir + "sudo-passwd", ('UNTRUSTED' in ExtraList) or ('NOPASSWD' in ExtraList))
+
+ # Now we know who we're allowing on the machine, export
+ # the relevant ssh keys
+ GenSSHtarballs(global_dir, userlist, ssh_files, grouprevmap, os.path.join(OutDir, 'ssh-keys.tar.gz'))
+
+ if not 'NOPASSWD' in ExtraList:
+ GenShadow(accounts, OutDir + "shadow")
+
+ # Link in global things
+ if not 'NOMARKERS' in ExtraList:
+ DoLink(global_dir, OutDir, "markers")
+ DoLink(global_dir, OutDir, "mail-forward.cdb")
+ DoLink(global_dir, OutDir, "mail-contentinspectionaction.cdb")
+ DoLink(global_dir, OutDir, "mail-disable")
+ DoLink(global_dir, OutDir, "mail-greylist")
+ DoLink(global_dir, OutDir, "mail-callout")
+ DoLink(global_dir, OutDir, "mail-rbl")
+ DoLink(global_dir, OutDir, "mail-rhsbl")
+ DoLink(global_dir, OutDir, "mail-whitelist")
+ DoLink(global_dir, OutDir, "all-accounts.json")
+ GenCDB(filter(lambda x: IsInGroup(x), accounts), OutDir + "user-forward.cdb", 'emailForward')
+ GenCDB(filter(lambda x: IsInGroup(x), accounts), OutDir + "batv-tokens.cdb", 'bATVToken')
+ GenCDB(filter(lambda x: IsInGroup(x), accounts), OutDir + "default-mail-options.cdb", 'mailDefaultOptions')
+
+ # Compatibility.
+ DoLink(global_dir, OutDir, "forward-alias")
+
+ if 'DNS' in ExtraList:
+ DoLink(global_dir, OutDir, "dns-zone")
+ DoLink(global_dir, OutDir, "dns-sshfp")
+
+ if 'AUTHKEYS' in ExtraList:
+ DoLink(global_dir, OutDir, "authorized_keys")
+
+ if 'BSMTP' in ExtraList:
+ GenBSMTP(accounts, OutDir + "bsmtp", HomePrefix)
+
+ if 'PRIVATE' in ExtraList:
+ DoLink(global_dir, OutDir, "debian-private")
+
+ if 'KEYRING' in ExtraList:
+ for k in Keyrings:
+ bn = os.path.basename(k)
+ if os.path.isdir(k):
+ src = os.path.join(global_dir, bn)
+ replaceTree(src, OutDir)
+ else:
+ DoLink(global_dir, OutDir, bn)
+ else:
+ for k in Keyrings:
+ try:
+ bn = os.path.basename(k)
+ target = os.path.join(OutDir, bn)
+ if os.path.isdir(target):
+ safe_rmtree(dst)
+ else:
+ posix.remove(target)
+ except:
+ pass
+
+l = make_ldap_conn()
+
+mods = l.search_s('cn=log',
+ ldap.SCOPE_ONELEVEL,
+ '(&(&(!(reqMod=activity-from*))(!(reqMod=activity-pgp*)))(|(reqType=add)(reqType=delete)(reqType=modify)(reqType=modrdn)))',
+ ['reqEnd'])
+
+last = 0
+
+# Sort the list by reqEnd
+sorted_mods = sorted(mods, key=lambda mod: mod[1]['reqEnd'][0].split('.')[0])
+# Take the last element in the array
+last = sorted_mods[-1][1]['reqEnd'][0].split('.')[0]
+
+# override globaldir for testing
+if 'UD_GENERATEDIR' in os.environ:
+ GenerateDir = os.environ['UD_GENERATEDIR']
+
+cache_last_mod = 0
+
+try:
+ fd = open(os.path.join(GenerateDir, "last_update.trace"), "r")
+ cache_last_mod=fd.read().strip()
+ fd.close()
+except IOError, e:
+ if e.errno == errno.ENOENT:
+ pass
+ else:
+ raise e
+if cache_last_mod >= last:
+ sys.exit(0)
+
+fd = open(os.path.join(GenerateDir, "last_update.trace"), "w")
+fd.write(last)
+fd.close()
+
+# Fetch all the groups
+GroupIDMap = {}
+attrs = l.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "gid=*",\
+ ["gid", "gidNumber", "subGroup"])
+
+# Generate the SubGroupMap and GroupIDMap
+for x in attrs:
+ if x[1].has_key("accountStatus") and x[1]['accountStatus'] == "disabled":
+ continue
+ if x[1].has_key("gidNumber") == 0:
+ continue
+ GroupIDMap[x[1]["gid"][0]] = int(x[1]["gidNumber"][0])
+ if x[1].has_key("subGroup") != 0:
+ SubGroupMap.setdefault(x[1]["gid"][0], []).extend(x[1]["subGroup"])
+
+lock = None
+try:
+ lockf = os.path.join(GenerateDir, 'ud-generate.lock')
+ lock = get_lock( lockf )
+ if lock is None:
+ sys.stderr.write("Could not acquire lock %s.\n"%(lockf))
+ sys.exit(1)
+
+ generate_all(GenerateDir, l)
+
+finally:
+ if lock is not None:
+ lock.release()