# Copyright (c) 2003-2004 James Troup <troup@debian.org>
# Copyright (c) 2004-2005,7 Joey Schulze <joey@infodrom.org>
# Copyright (c) 2001-2007 Ryan Murray <rmurray@debian.org>
+# Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-import string, re, time, ldap, getopt, sys, os, pwd, posix, socket, base64, sha
+import string, re, time, ldap, getopt, sys, os, pwd, posix, socket, base64, sha, shutil
from userdir_ldap import *;
global Allowed;
EmailCheck = re.compile("^([^ <>@]+@[^ ,<>@]+)?$");
BSMTPCheck = re.compile(".*mx 0 (gluck)\.debian\.org\..*",re.DOTALL);
DNSZone = ".debian.net"
+Keyrings = [ "/org/keyring.debian.org/keyrings/debian-keyring.gpg",
+ "/org/keyring.debian.org/keyrings/debian-keyring.pgp" ]
def Sanitize(Str):
return Str.translate(string.maketrans("\n\r\t","$$$"))
Done(File,None,F);
# Generate the shadow list
-def GenSSHShadow(l,File):
- F = None;
- try:
- OldMask = os.umask(0077);
- F = open(File + ".tmp","w",0600);
- os.umask(OldMask);
-
+def GenSSHShadow(l,masterFileName):
# Fetch all the users
+ files = []
+ # Depending on config, we write out either a single file,
+ # multiple files, or both
+ if SingleSSHFile:
+ try:
+ OldMask = os.umask(0077);
+ masterFile = open(masterFileName + ".tmp","w",0600);
+ os.umask(OldMask);
+ except IOError:
+ Die(masterFileName,masterFile,None)
+ raise
+
global PasswdAttrs;
if PasswdAttrs == None:
raise "No Users";
if x[1].has_key("uidNumber") == 0 or \
x[1].has_key("sshRSAAuthKey") == 0:
continue;
- for I in x[1]["sshRSAAuthKey"]:
- User = GetAttr(x,"uid");
- Line = "%s: %s" %(User,I);
- Line = Sanitize(Line) + "\n";
- F.write(Line);
- # Oops, something unspeakable happened.
- except:
- Die(File,F,None);
- raise;
- Done(File,F,None);
+ User = GetAttr(x,"uid");
+ F = None;
+
+ try:
+ if MultipleSSHFiles:
+ OldMask = os.umask(0077);
+ File = masterFileName + "-" + User
+ F = open(File + ".tmp","w",0600);
+ os.umask(OldMask);
+
+ for I in x[1]["sshRSAAuthKey"]:
+ if MultipleSSHFiles:
+ MultipleLine = "%s" % I
+ MultipleLine = Sanitize(MultipleLine) + "\n"
+ F.write(MultipleLine)
+ if SingleSSHFile:
+ SingleLine = "%s: %s" % (User, I)
+ SingleLine = Sanitize(SingleLine) + "\n"
+ masterFile.write(SingleLine)
+
+ if MultipleSSHFiles:
+ Done(File,F,None);
+ files.append(os.path.basename(File))
+
+ # Oops, something unspeakable happened.
+ except IOError:
+ Die(File,F,None)
+ Die(masterFileName,masterFile,None)
+ raise;
+
+ if SingleSSHFile:
+ Done(masterFileName,masterFile,None)
+ files.append(os.path.basename(masterFileName))
+
+ return files
# Generate the group list
def GenGroup(l,File):
x[1].has_key("sshRSAHostKey") == 0:
continue;
Host = GetAttr(x,"hostname");
+ HostNames = [ Host ]
SHost = Host.find(".")
+ if SHost != None: HostNames += [Host[0:SHost]]
+
+ IPAdressesT = None
+ IPAdresses = []
+ # get IP adresses back as "proto adress" to distinguish between v4 and v6
+ try:
+ IPAdressesT = set([ (a[0],a[4][0]) for a in socket.getaddrinfo(Host, None)])
+ except:
+ if code[0] != -2: raise
+ for addr in IPAdressesT:
+ if addr[0] == socket.AF_INET: IPAdresses += [addr[1], "::ffff:"+addr[1]]
+ else: IPAdresses += [addr[1]]
+
for I in x[1]["sshRSAHostKey"]:
- if SHost == None:
- Line = "%s,%s %s" %(Host,socket.gethostbyname(Host),I);
- else:
- Line = "%s,%s,%s %s" %(Host,Host[0:SHost],socket.gethostbyname(Host),I);
+ Line = "%s,%s %s" %(",".join(HostNames + IPAdresses), I);
Line = Sanitize(Line) + "\n";
F.write(Line);
# Oops, something unspeakable happened.
raise;
Done(File,F,None);
+def GenKeyrings(l,OutDir):
+ for k in Keyrings:
+ shutil.copy(k, OutDir)
+
# Connect to the ldap server
l = ldap.open(LDAPServer);
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
# Generate global things
GlobalDir = GenerateDir+"/";
-GenSSHShadow(l,GlobalDir+"ssh-rsa-shadow");
+SSHFiles = GenSSHShadow(l,GlobalDir+"ssh-rsa-shadow");
GenAllForward(l,GlobalDir+"mail-forward.cdb");
GenMarkers(l,GlobalDir+"markers");
GenPrivate(l,GlobalDir+"debian-private");
GenMailList(l,GlobalDir+"mail-rbl","mailRBL");
GenMailList(l,GlobalDir+"mail-rhsbl","mailRHSBL");
GenMailList(l,GlobalDir+"mail-whitelist","mailWhitelist");
+GenKeyrings(l,GlobalDir);
# Compatibility.
GenForward(l,GlobalDir+"forward-alias");
-
+
while(1):
Line = F.readline();
if Line == "":
Allowed = None
CurrentHost = Split[0];
- DoLink(GlobalDir,OutDir,"ssh-rsa-shadow");
+ for file in SSHFiles:
+ DoLink(GlobalDir,OutDir,file);
DoLink(GlobalDir,OutDir,"debianhosts");
DoLink(GlobalDir,OutDir,"ssh_known_hosts");
DoLink(GlobalDir,OutDir,"disabled-accounts")
if ExtraList.has_key("[PRIVATE]"):
DoLink(GlobalDir,OutDir,"debian-private")
+
+ if ExtraList.has_key("[KEYRING]"):
+ for k in Keyrings:
+ DoLink(GlobalDir,OutDir,os.path.basename(k))
+ else:
+ for k in Keyrings:
+ try: posix.remove(OutDir+os.path.basename(k));
+ except: pass;