Fix unix mtime triggers for ud-generate
[mirror/userdir-ldap.git] / ud-generate
index 0f6b5ae..85650c1 100755 (executable)
@@ -32,6 +32,9 @@ import string, re, time, ldap, optparse, sys, os, pwd, posix, socket, base64, ha
 from userdir_ldap import *
 from userdir_exceptions import *
 import UDLdap
+from xml.etree.ElementTree import Element, SubElement, Comment
+from xml.etree import ElementTree
+from xml.dom import minidom
 try:
    from cStringIO import StringIO
 except ImportError:
@@ -58,17 +61,24 @@ SubGroupMap = None
 
 
 UUID_FORMAT = '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'
+MAX_UD_AGE = 3600*24
 
-EmailCheck = re.compile("^([^ <>@]+@[^ ,<>@]+)?$")
+EmailCheck = re.compile("^([^ <>@]+@[^ ,<>@]+)(,\s*([^ <>@]+@[^ ,<>@]+))*$")
 BSMTPCheck = re.compile(".*mx 0 (master)\.debian\.org\..*",re.DOTALL)
 PurposeHostField = re.compile(r".*\[\[([\*\-]?[a-z0-9.\-]*)(?:\|.*)?\]\]")
-IsV6Addr = re.compile("^[a-fA-F0-9:]+$")
 IsDebianHost = re.compile(ConfModule.dns_hostmatch)
 isSSHFP = re.compile("^\s*IN\s+SSHFP")
 DNSZone = ".debian.net"
 Keyrings = ConfModule.sync_keyrings.split(":")
 GitoliteSSHRestrictions = getattr(ConfModule, "gitolitesshrestrictions", None)
+MX_remap = json.loads(ConfModule.MX_remap)
 
+def prettify(elem):
+   """Return a pretty-printed XML string for the Element.
+   """
+   rough_string = ElementTree.tostring(elem, 'utf-8')
+   reparsed = minidom.parseString(rough_string)
+   return reparsed.toprettyxml(indent="  ")
 
 def safe_makedirs(dir):
    try:
@@ -163,7 +173,7 @@ def IsInGroup(account, allowed, current_host):
   supgroups=[]
   addGroups(supgroups, account['supplementaryGid'], account['uid'], current_host)
   for g in supgroups:
-     if allowed.has_key(g):
+     if g in allowed:
         return True
   return False
 
@@ -390,6 +400,44 @@ def GenWebPassword(accounts, File):
       Die(File, None, F)
       raise
 
+# Generate the voipPassword list
+def GenVoipPassword(accounts, File):
+   F = None
+   try:
+      OldMask = os.umask(0077)
+      F = open(File, "w", 0600)
+      os.umask(OldMask)
+
+      root = Element('include')
+
+      for a in accounts:
+         if not 'voipPassword' in a: continue
+         if not a.pw_active(): continue
+
+         Pass = str(a['voipPassword'])
+         user = Element('user')
+         user.attrib['id'] = "%s" % (a['uid'])
+         root.append(user)
+         params = Element('params')
+         user.append(params)
+         param = Element('param')
+         params.append(param)
+         param.attrib['name'] = "a1-hash"
+         param.attrib['value'] = "%s" % (Pass)
+         variables = Element('variables')
+         user.append(variables)
+         variable = Element('variable')
+         variable.attrib['name'] = "toll_allow"
+         variable.attrib['value'] = "domestic,international,local"
+         variables.append(variable)
+
+      F.write("%s" % (prettify(root)))
+
+
+   except:
+      Die(File, None, F)
+      raise
+
 def GenSSHtarballs(global_dir, userlist, ssh_userkeys, grouprevmap, target, current_host):
    OldMask = os.umask(0077)
    tf = tarfile.open(name=os.path.join(global_dir, 'ssh-keys-%s.tar.gz' % current_host), mode='w:gz')
@@ -618,6 +666,7 @@ def GenPrivate(accounts, File):
       # Write out the position for each user
       for a in accounts:
          if not a.is_active_user(): continue
+         if a.is_guest_account(): continue
          if not 'privateSub' in a: continue
          try:
             Line = "%s"%(a['privateSub'])
@@ -731,6 +780,7 @@ def GenDNS(accounts, File):
       for a in accounts:
          if not 'dnsZoneEntry' in a: continue
          if not a.is_active_user() and not isRoleAccount(a): continue
+         if a.is_guest_account(): continue
 
          try:
             F.write("; %s\n"%(a.email_address()))
@@ -769,6 +819,13 @@ def GenDNS(accounts, File):
       raise
    Done(File, F, None)
 
+def is_ipv6_addr(i):
+   try:
+      socket.inet_pton(socket.AF_INET6, i)
+   except socket.error:
+      return False
+   return True
+
 def ExtractDNSInfo(x):
 
    TTLprefix="\t"
@@ -778,7 +835,7 @@ def ExtractDNSInfo(x):
    DNSInfo = []
    if x[1].has_key("ipHostNumber"):
       for I in x[1]["ipHostNumber"]:
-         if IsV6Addr.match(I) != None:
+         if is_ipv6_addr(I):
             DNSInfo.append("%sIN\tAAAA\t%s" % (TTLprefix, I))
          else:
             DNSInfo.append("%sIN\tA\t%s" % (TTLprefix, I))
@@ -806,7 +863,11 @@ def ExtractDNSInfo(x):
 
    if x[1].has_key("mXRecord"):
       for I in x[1]["mXRecord"]:
-         DNSInfo.append("%sIN\tMX\t%s" % (TTLprefix, I))
+         if I in MX_remap:
+            for e in MX_remap[I]:
+               DNSInfo.append("%sIN\tMX\t%s" % (TTLprefix, e))
+         else:
+            DNSInfo.append("%sIN\tMX\t%s" % (TTLprefix, I))
 
    return DNSInfo
 
@@ -906,7 +967,7 @@ def HostToIP(Host, mapped=True):
    if Host[1].has_key("ipHostNumber"):
       for addr in Host[1]["ipHostNumber"]:
          IPAdresses.append(addr)
-         if IsV6Addr.match(addr) is None and mapped == "True":
+         if not is_ipv6_addr(addr) and mapped == "True":
             IPAdresses.append("::ffff:"+addr)
 
    return IPAdresses
@@ -1021,7 +1082,7 @@ def get_accounts(ldap_conn):
                     "keyFingerPrint", "privateSub", "mailDisableMessage",\
                     "mailGreylisting", "mailCallout", "mailRBL", "mailRHSBL",\
                     "mailWhitelist", "sudoPassword", "objectClass", "accountStatus",\
-                    "mailContentInspectionAction", "webPassword"])
+                    "mailContentInspectionAction", "webPassword", "voipPassword"])
 
    if passwd_attrs is None:
       raise UDEmptyList, "No Users"
@@ -1107,6 +1168,7 @@ def generate_all(global_dir, ldap_conn):
    GenMailList(accounts, global_dir + "mail-rhsbl", "mailRHSBL")
    GenMailList(accounts, global_dir + "mail-whitelist", "mailWhitelist")
    GenWebPassword(accounts, global_dir + "web-passwords")
+   GenVoipPassword(accounts, global_dir + "voip-passwords")
    GenKeyrings(global_dir)
 
    # Compatibility.
@@ -1131,7 +1193,7 @@ def generate_all(global_dir, ldap_conn):
          continue
       generate_host(host, global_dir, accounts, ssh_userkeys)
 
-def generate_host(host, global_dir, accounts, ssh_userkeys):
+def generate_host(host, global_dir, all_accounts, ssh_userkeys):
    current_host = host[1]['hostname'][0]
    OutDir = global_dir + current_host + '/'
    if not os.path.isdir(OutDir):
@@ -1154,7 +1216,7 @@ def generate_host(host, global_dir, accounts, ssh_userkeys):
          ExtraList[extra.upper()] = True
 
    if GroupList != {}:
-      accounts = filter(lambda x: IsInGroup(x, GroupList, current_host), accounts)
+      accounts = filter(lambda x: IsInGroup(x, GroupList, current_host), all_accounts)
 
    DoLink(global_dir, OutDir, "debianhosts")
    DoLink(global_dir, OutDir, "ssh_known_hosts")
@@ -1210,10 +1272,19 @@ def generate_host(host, global_dir, accounts, ssh_userkeys):
 
    if 'GITOLITE' in ExtraList:
       DoLink(global_dir, OutDir, "ssh-gitolite")
+   if 'exportOptions' in host[1]:
+      for entry in host[1]['exportOptions']:
+         v = entry.split('=',1)
+         if v[0] != 'GITOLITE' or len(v) != 2: continue
+         gitolite_accounts = filter(lambda x: IsInGroup(x, [v[1]], current_host), all_accounts)
+         GenSSHGitolite(gitolite_accounts, OutDir + "ssh-gitolite-%s"%(v[1],))
 
    if 'WEB-PASSWORDS' in ExtraList:
       DoLink(global_dir, OutDir, "web-passwords")
 
+   if 'VOIP-PASSWORDS' in ExtraList:
+      DoLink(global_dir, OutDir, "voip-passwords")
+
    if 'KEYRING' in ExtraList:
       for k in Keyrings:
          bn = os.path.basename(k)
@@ -1258,11 +1329,12 @@ def getLastKeyringChangeTime():
       if mt > krmod:
          krmod = mt
 
-   return krmod
+   return int(krmod)
 
 def getLastBuildTime(gdir):
    cache_last_ldap_mod = 0
    cache_last_unix_mod = 0
+   cache_last_run = 0
 
    try:
       fd = open(os.path.join(gdir, "last_update.trace"), "r")
@@ -1270,6 +1342,7 @@ def getLastBuildTime(gdir):
       try:
          cache_last_ldap_mod = cache_last_mod[0]
          cache_last_unix_mod = int(cache_last_mod[1])
+         cache_last_run = int(cache_last_mod[2])
       except IndexError, ValueError:
          pass
       fd.close()
@@ -1279,14 +1352,14 @@ def getLastBuildTime(gdir):
       else:
          raise e
 
-   return (cache_last_ldap_mod, cache_last_unix_mod)
+   return (cache_last_ldap_mod, cache_last_unix_mod, cache_last_run)
 
 def ud_generate():
    parser = optparse.OptionParser()
    parser.add_option("-g", "--generatedir", dest="generatedir", metavar="DIR",
      help="Output directory.")
    parser.add_option("-f", "--force", dest="force", action="store_true",
-     help="Force generation, even if not update to LDAP has happened.")
+     help="Force generation, even if no update to LDAP has happened.")
 
    (options, args) = parser.parse_args()
    if len(args) > 0:
@@ -1312,19 +1385,19 @@ def ud_generate():
    time_started = int(time.time())
    ldap_last_mod = getLastLDAPChangeTime(l)
    unix_last_mod = getLastKeyringChangeTime()
-   cache_last_ldap_mod, cache_last_unix_mod = getLastBuildTime(generate_dir)
+   cache_last_ldap_mod, cache_last_unix_mod, last_run = getLastBuildTime(generate_dir)
 
-   need_update = (ldap_last_mod > cache_last_ldap_mod) or (unix_last_mod > cache_last_unix_mod)
+   need_update = (ldap_last_mod > cache_last_ldap_mod) or (unix_last_mod > cache_last_unix_mod) or (time_started - last_run > MAX_UD_AGE)
 
    if not options.force and not need_update:
       fd = open(os.path.join(generate_dir, "last_update.trace"), "w")
-      fd.write("%s\n%s\n" % (ldap_last_mod, time_started))
+      fd.write("%s\n%s\n%s\n" % (ldap_last_mod, unix_last_mod, last_run))
       fd.close()
       sys.exit(0)
 
    tracefd = open(os.path.join(generate_dir, "last_update.trace"), "w")
    generate_all(generate_dir, l)
-   tracefd.write("%s\n%s\n" % (ldap_last_mod, time_started))
+   tracefd.write("%s\n%s\n%s\n" % (ldap_last_mod, unix_last_mod, time_started))
    tracefd.close()