isSSHFP = re.compile("^\s*IN\s+SSHFP")
DNSZone = ".debian.net"
Keyrings = ConfModule.sync_keyrings.split(":")
+GitoliteSSHRestrictions = getattr(ConfModule, "gitolitesshrestrictions", None)
+
def safe_makedirs(dir):
try:
def get_lock(fn, wait=5*60, max_age=3600*6):
try:
- stat = os.stat(fn)
- if stat[ST_MTIME] < time.time() - max_age:
- sys.stderr.write("Removing stale lock %s"%(fn))
- os.unlink(fn)
+ stat = os.stat(fn + '.lock')
+ if stat.st_mtime < time.time() - max_age:
+ sys.stderr.write("Removing stale lock %s"%(fn + '.lock'))
+ os.unlink(fn + '.lock')
except OSError, error:
if error.errno == errno.ENOENT:
pass
raise
Done(File, F, None)
+# Generate the sudo passwd file
+def GenSSHGitolite(accounts, File):
+ F = None
+ try:
+ OldMask = os.umask(0022)
+ F = open(File + ".tmp", "w", 0600)
+ os.umask(OldMask)
+
+ if not GitoliteSSHRestrictions is None and GitoliteSSHRestrictions != "":
+ for a in accounts:
+ if not 'sshRSAAuthKey' in a: continue
+
+ User = a['uid']
+ prefix = GitoliteSSHRestrictions.replace('@@USER@@', User)
+ for I in a["sshRSAAuthKey"]:
+ if I.startswith('ssh-'):
+ line = "%s %s"%(prefix, I)
+ else:
+ line = "%s,%s"%(prefix, I)
+ line = Sanitize(line) + "\n"
+ F.write(line)
+
+ # Oops, something unspeakable happened.
+ except:
+ Die(File, F, None)
+ raise
+ Done(File, F, None)
+
# Generate the shadow list
def GenSSHShadow(global_dir, accounts):
# Fetch all the users
return userfiles
+# Generate the webPassword list
+def GenWebPassword(accounts, File):
+ F = None
+ try:
+ OldMask = os.umask(0077)
+ F = open(File, "w", 0600)
+ os.umask(OldMask)
+
+ for a in accounts:
+ if not 'webPassword' in a: continue
+ if not a.pw_active(): continue
+
+ Pass = str(a['webPassword'])
+ Line = "%s:%s" % (a['uid'], Pass)
+ Line = Sanitize(Line) + "\n"
+ F.write("%s" % (Line))
+
+ except:
+ Die(File, None, F)
+ raise
+
def GenSSHtarballs(global_dir, userlist, SSHFiles, grouprevmap, target):
OldMask = os.umask(0077)
tf = tarfile.open(name=os.path.join(global_dir, 'ssh-keys-%s.tar.gz' % CurrentHost), mode='w:gz')
"keyFingerPrint", "privateSub", "mailDisableMessage",\
"mailGreylisting", "mailCallout", "mailRBL", "mailRHSBL",\
"mailWhitelist", "sudoPassword", "objectClass", "accountStatus",\
- "mailContentInspectionAction"])
+ "mailContentInspectionAction", "webPassword"])
if passwd_attrs is None:
raise UDEmptyList, "No Users"
GenMailList(accounts, global_dir + "mail-rbl", "mailRBL")
GenMailList(accounts, global_dir + "mail-rhsbl", "mailRHSBL")
GenMailList(accounts, global_dir + "mail-whitelist", "mailWhitelist")
+ GenWebPassword(accounts, global_dir + "web-passwords")
GenKeyrings(global_dir)
# Compatibility.
GenMarkers(accounts, global_dir + "markers")
GenSSHKnown(host_attrs, global_dir + "ssh_known_hosts")
GenHosts(host_attrs, global_dir + "debianhosts")
+ GenSSHGitolite(accounts, global_dir + "ssh-gitolite")
GenDNS(accounts, global_dir + "dns-zone")
GenZoneRecords(host_attrs, global_dir + "dns-sshfp")
if 'PRIVATE' in ExtraList:
DoLink(global_dir, OutDir, "debian-private")
+ if 'GITOLITE' in ExtraList:
+ DoLink(global_dir, OutDir, "ssh-gitolite")
+
+ if 'WEB-PASSWORDS' in ExtraList:
+ DoLink(global_dir, OutDir, "web-passwords")
+
if 'KEYRING' in ExtraList:
for k in Keyrings:
bn = os.path.basename(k)
posix.remove(target)
except:
pass
+ DoLink(global_dir, OutDir, "last_update.trace")
l = make_ldap_conn()
try:
fd = open(os.path.join(GenerateDir, "last_update.trace"), "r")
- cache_last_mod=fd.read().strip()
+ cache_last_mod=fd.read().split()
+ try:
+ cache_last_mod = cache_last_mod[0]
+ except IndexError:
+ pass
fd.close()
except IOError, e:
if e.errno == errno.ENOENT:
pass
else:
raise e
+
if cache_last_mod >= last:
+ fd = open(os.path.join(GenerateDir, "last_update.trace"), "w")
+ fd.write("%s\n%s\n" % (last, int(time.time())))
+ fd.close()
sys.exit(0)
-fd = open(os.path.join(GenerateDir, "last_update.trace"), "w")
-fd.write(last)
-fd.close()
-
# Fetch all the groups
GroupIDMap = {}
attrs = l.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "gid=*",\
sys.stderr.write("Could not acquire lock %s.\n"%(lockf))
sys.exit(1)
+ tracefd = open(os.path.join(GenerateDir, "last_update.trace"), "w")
generate_all(GenerateDir, l)
+ tracefd.write("%s\n%s\n" % (last, int(time.time())))
+ tracefd.close()
finally:
if lock is not None:
lock.release()
+
# vim:set et:
# vim:set ts=3:
# vim:set shiftwidth=3: