if len(GetAttr(x,"gecos")) > 100 or len(GetAttr(x,"loginShell")) > 50:
continue;
- userlist[GetAttr(x, "uid")] = GetAttr(x, "gidNumber")
+ userlist[GetAttr(x, "uid")] = int(GetAttr(x, "gidNumber"))
Line = "%s:%s:%s:%s:%s:%s%s:%s" % (GetAttr(x,"uid"),\
PwdMarker,\
GetAttr(x,"uidNumber"),GetAttr(x,"gidNumber"),\
for x in PasswdAttrs:
Reason = None
-
- # If the account is locked, disable incoming mail
- if (GetAttr(x,"userPassword").find("*LK*") != -1):
- if GetAttr(x,"uid") == "luther":
- continue
- else:
- Reason = "user account locked"
+
+ if x[1].has_key("mailDisableMessage"):
+ Reason = GetAttr(x,"mailDisableMessage")
else:
- if x[1].has_key("mailDisableMessage"):
- Reason = GetAttr(x,"mailDisableMessage")
- else:
- continue
+ continue
# Must be in the Debian group (yuk, hard coded for now)
if GetAttr(x,"gidNumber") != "800":
userlist = GenPasswd(l,OutDir+"passwd",Split[1], "x");
sys.stdout.flush();
grouprevmap = GenGroup(l,OutDir+"group");
- if ExtraList.has_key("[UNTRUSTED]"):
- continue;
- if not ExtraList.has_key("[NOPASSWD]"):
- GenShadow(l,OutDir+"shadow");
# Now we know who we're allowing on the machine, export
# the relevant ssh keys
if MultipleSSHFiles:
+ OldMask = os.umask(0077);
tf = tarfile.open(name=os.path.join(GlobalDir, 'ssh-keys-%s.tar.gz' % CurrentHost), mode='w:gz')
+ os.umask(OldMask);
for f in userlist.keys():
if f not in SSHFiles:
continue
# In these cases, look it up in the normal way so we
# deal with cases where, for instance, users are in group
# users as their primary group.
- grname = grp.getgrgid(int(userlist[f]))[0]
+ grname = grp.getgrgid(userlist[f])[0]
except Exception, e:
pass
if grname is None:
- print "User %s is supposed to have their key exported to host %s but their primary group (gid: %s) isn't in LDAP" % (f, CurrentHost, userlist[f])
+ print "User %s is supposed to have their key exported to host %s but their primary group (gid: %d) isn't in LDAP" % (f, CurrentHost, userlist[f])
continue
to = tf.gettarinfo(os.path.join(GlobalDir, 'userkeys', f), f)
# to give a shit^W^W^Wcare about the UIDoffset stuff.
to.uname = f
to.gname = grname
- to.mode = 0600
+ to.mode = 0400
tf.addfile(to, file(os.path.join(GlobalDir, 'userkeys', f)))
tf.close()
os.rename(os.path.join(GlobalDir, 'ssh-keys-%s.tar.gz' % CurrentHost),
os.path.join(OutDir, 'ssh-keys.tar.gz'))
+ if ExtraList.has_key("[UNTRUSTED]"):
+ continue;
+ if not ExtraList.has_key("[NOPASSWD]"):
+ GenShadow(l,OutDir+"shadow");
+
# Link in global things
DoLink(GlobalDir,OutDir,"markers");
DoLink(GlobalDir,OutDir,"mail-forward.cdb");