global CurrentHost
PasswdAttrs = None
+DebianUsers = None
DisabledUsers = []
-RetiredUsers = []
GroupIDMap = {}
SubGroupMap = {}
Allowed = None
# We'll give them a few extra days over what we said
age = 6 * 31 * 24 * 60 * 60
try:
- if (time.time() - time.mktime(time.strptime(line[1], "%Y-%m-%d"))) > age:
- return True
+ return (time.time() - time.mktime(time.strptime(line[1], "%Y-%m-%d"))) > age
except IndexError:
return False
+ except ValueError:
+ return False
return False
+def IsGidDebian(x):
+ try:
+ return int(GetAttr(x, "gidNumber", 0)) == 800
+ except ValueError:
+ return False
+
# See if this user is in the group list
def IsInGroup(DnRecord):
if Allowed == None:
os.rename(File + ".tdb.tmp", File + ".tdb")
# Generate the password list
-def GenPasswd(l, File, HomePrefix, PwdMarker):
+def GenPasswd(File, HomePrefix, PwdMarker):
F = None
try:
F = open(File + ".tdb.tmp", "w")
return userlist
# Generate the shadow list
-def GenShadow(l, File):
+def GenShadow(File):
F = None
try:
OldMask = os.umask(0077)
Done(File, None, F)
# Generate the sudo passwd file
-def GenShadowSudo(l, File, untrusted):
+def GenShadowSudo(File, untrusted):
F = None
try:
OldMask = os.umask(0077)
Done(File, F, None)
# Generate the shadow list
-def GenSSHShadow(l):
+def GenSSHShadow():
# Fetch all the users
- singlefile = None
userfiles = []
global PasswdAttrs
for x in PasswdAttrs:
- if x in DisabledUsers:
- continue
-
if x[1].has_key("uidNumber") == 0 or \
x[1].has_key("sshRSAAuthKey") == 0:
continue
addGroups(existingGroups, SubGroupMap[group], uid)
# Generate the group list
-def GenGroup(l, File):
+def GenGroup(File):
grouprevmap = {}
F = None
try:
return grouprevmap
def CheckForward():
- global PasswdAttrs
- for x in PasswdAttrs:
+ global DebianUsers
+ for x in DebianUsers:
if x[1].has_key("emailForward") == 0:
continue
x[1].pop("emailForward")
# Generate the email forwarding list
-def GenForward(l, File):
+def GenForward(File):
F = None
try:
OldMask = os.umask(0022)
os.umask(OldMask)
# Fetch all the users
- global PasswdAttrs
+ global DebianUsers
# Write out the email address for each user
- for x in PasswdAttrs:
+ for x in DebianUsers:
if x[1].has_key("emailForward") == 0:
continue
raise
Done(File, F, None)
-def GenAllForward(l, File):
+def GenAllForward(File):
Fdb = None
try:
OldMask = os.umask(0022)
os.umask(OldMask)
# Fetch all the users
- global PasswdAttrs
+ global DebianUsers
# Write out the email address for each user
- for x in PasswdAttrs:
+ for x in DebianUsers:
if x[1].has_key("emailForward") == 0:
continue
raise "cdbmake gave an error"
# Generate the anon XEarth marker file
-def GenMarkers(l, File):
+def GenMarkers(File):
F = None
try:
F = open(File + ".tmp", "w")
# Fetch all the users
- global PasswdAttrs
+ global DebianUsers
# Write out the position for each user
- for x in PasswdAttrs:
+ for x in DebianUsers:
if x[1].has_key("latitude") == 0 or x[1].has_key("longitude") == 0:
continue
try:
Done(File, F, None)
# Generate the debian-private subscription list
-def GenPrivate(l, File):
+def GenPrivate(File):
F = None
try:
F = open(File + ".tmp", "w")
# Fetch all the users
- global PasswdAttrs
+ global DebianUsers
# Write out the position for each user
- for x in PasswdAttrs:
+ for x in DebianUsers:
if x[1].has_key("privateSub") == 0:
continue
if x[1].has_key("keyFingerPrint") == 0:
continue
- # Must be in the Debian group (yuk, hard coded for now)
- if GetAttr(x, "gidNumber") != "800":
- continue
-
try:
Line = "%s"%(GetAttr(x, "privateSub"))
Line = Sanitize(Line) + "\n"
Done(File, F, None)
# Generate a list of locked accounts
-def GenDisabledAccounts(l, File):
+def GenDisabledAccounts(File):
F = None
try:
F = open(File + ".tmp", "w")
Done(File, F, None)
# Generate the list of local addresses that refuse all mail
-def GenMailDisable(l, File):
+def GenMailDisable(File):
F = None
try:
F = open(File + ".tmp", "w")
# Fetch all the users
- global PasswdAttrs
+ global DebianUsers
- for x in PasswdAttrs:
+ for x in DebianUsers:
Reason = None
if x[1].has_key("mailDisableMessage"):
else:
continue
- # Must be in the Debian group (yuk, hard coded for now)
- if GetAttr(x, "gidNumber") != "800":
- continue
-
try:
Line = "%s: %s"%(GetAttr(x, "uid"), Reason)
Line = Sanitize(Line) + "\n"
Done(File, F, None)
# Generate a list of uids that should have boolean affects applied
-def GenMailBool(l, File, Key):
+def GenMailBool(File, Key):
F = None
try:
F = open(File + ".tmp", "w")
# Fetch all the users
- global PasswdAttrs
+ global DebianUsers
- for x in PasswdAttrs:
+ for x in DebianUsers:
Reason = None
if x[1].has_key(Key) == 0:
continue
- # Must be in the Debian group (yuk, hard coded for now)
- if GetAttr(x, "gidNumber") != "800":
- continue
-
if GetAttr(x, Key) != "TRUE":
continue
Done(File, F, None)
# Generate a list of hosts for RBL or whitelist purposes.
-def GenMailList(l, File, Key):
+def GenMailList(File, Key):
F = None
try:
F = open(File + ".tmp", "w")
# Fetch all the users
- global PasswdAttrs
+ global DebianUsers
- for x in PasswdAttrs:
+ for x in DebianUsers:
Reason = None
if x[1].has_key(Key) == 0:
continue
- # Must be in the Debian group (yuk, hard coded for now)
- if GetAttr(x, "gidNumber") != "800":
- continue
-
try:
found = 0
Line = None
return False
# Generate the DNS Zone file
-def GenDNS(l, File, HomePrefix):
+def GenDNS(File, HomePrefix):
F = None
try:
F = open(File + ".tmp", "w")
Done(File, F, None)
# Generate the DNS SSHFP records
-def GenSSHFP(l, File, HomePrefix):
+def GenSSHFP(File, HomePrefix):
F = None
try:
F = open(File + ".tmp", "w")
Done(File, F, None)
# Generate the BSMTP file
-def GenBSMTP(l, File, HomePrefix):
+def GenBSMTP(File, HomePrefix):
F = None
try:
F = open(File + ".tmp", "w")
# Fetch all the users
- global PasswdAttrs
+ global DebianUsers
# Write out the zone file entry for each user
- for x in PasswdAttrs:
+ for x in DebianUsers:
if x[1].has_key("dnsZoneEntry") == 0:
continue
return HostToIPCache[Host]
# Generate the ssh known hosts file
-def GenSSHKnown(l, File, mode=None):
+def GenSSHKnown(File, mode=None):
F = None
try:
OldMask = os.umask(0022)
raise
Done(File, F, None)
-def GenKeyrings(l, OutDir):
+def GenKeyrings(OutDir):
for k in Keyrings:
shutil.copy(k, OutDir)
# Generate global things
GlobalDir = GenerateDir + "/"
-GenMailDisable(l, GlobalDir + "mail-disable")
+GenDisabledAccounts(GlobalDir + "disabled-accounts")
-for x in PasswdAttrs:
- if IsRetired(x):
- RetiredUsers.append(x)
-
-PasswdAttrs = filter(lambda x: not x in RetiredUsers, PasswdAttrs)
+PasswdAttrs = filter(not IsRetired, PasswdAttrs)
+DebianUsers = filter(IsGidDebian, PasswdAttrs)
CheckForward()
-SSHFiles = GenSSHShadow(l)
-GenAllForward(l, GlobalDir + "mail-forward.cdb")
-GenMarkers(l, GlobalDir + "markers")
-GenPrivate(l, GlobalDir + "debian-private")
-GenDisabledAccounts(l, GlobalDir + "disabled-accounts")
-GenSSHKnown(l, GlobalDir + "ssh_known_hosts")
+GenMailDisable(GlobalDir + "mail-disable")
+GenAllForward(GlobalDir + "mail-forward.cdb")
+GenPrivate(GlobalDir + "debian-private")
#GenSSHKnown(l,GlobalDir+"authorized_keys", 'authorized_keys')
-GenHosts(l, GlobalDir + "debianhosts")
-GenMailBool(l, GlobalDir + "mail-greylist", "mailGreylisting")
-GenMailBool(l, GlobalDir + "mail-callout", "mailCallout")
-GenMailList(l, GlobalDir + "mail-rbl", "mailRBL")
-GenMailList(l, GlobalDir + "mail-rhsbl", "mailRHSBL")
-GenMailList(l, GlobalDir + "mail-whitelist", "mailWhitelist")
-GenKeyrings(l, GlobalDir)
+GenMailBool(GlobalDir + "mail-greylist", "mailGreylisting")
+GenMailBool(GlobalDir + "mail-callout", "mailCallout")
+GenMailList(GlobalDir + "mail-rbl", "mailRBL")
+GenMailList(GlobalDir + "mail-rhsbl", "mailRHSBL")
+GenMailList(GlobalDir + "mail-whitelist", "mailWhitelist")
+GenKeyrings(GlobalDir)
# Compatibility.
-GenForward(l, GlobalDir + "forward-alias")
+GenForward(GlobalDir + "forward-alias")
PasswdAttrs = filter(lambda x: not x in DisabledUsers, PasswdAttrs)
+SSHFiles = GenSSHShadow()
+GenMarkers(GlobalDir + "markers")
+GenSSHKnown(GlobalDir + "ssh_known_hosts")
+GenHosts(l, GlobalDir + "debianhosts")
+
while(1):
Line = F.readline()
if Line == "":
sys.stdout.flush()
if ExtraList.has_key("[NOPASSWD]"):
- userlist = GenPasswd(l, OutDir + "passwd", Split[1], "*")
+ userlist = GenPasswd(OutDir + "passwd", Split[1], "*")
else:
- userlist = GenPasswd(l, OutDir + "passwd", Split[1], "x")
+ userlist = GenPasswd(OutDir + "passwd", Split[1], "x")
sys.stdout.flush()
- grouprevmap = GenGroup(l, OutDir + "group")
- GenShadowSudo(l, OutDir + "sudo-passwd", ExtraList.has_key("[UNTRUSTED]") or ExtraList.has_key("[NOPASSWD]"))
+ grouprevmap = GenGroup(OutDir + "group")
+ GenShadowSudo(OutDir + "sudo-passwd", ExtraList.has_key("[UNTRUSTED]") or ExtraList.has_key("[NOPASSWD]"))
# Now we know who we're allowing on the machine, export
# the relevant ssh keys
print "[UNTRUSTED] tag is obsolete and may be removed in the future."
continue
if not ExtraList.has_key("[NOPASSWD]"):
- GenShadow(l, OutDir + "shadow")
+ GenShadow(OutDir + "shadow")
# Link in global things
if not ExtraList.has_key("[NOMARKERS]"):
DoLink(GlobalDir, OutDir, "forward-alias")
if ExtraList.has_key("[DNS]"):
- GenDNS(l, OutDir + "dns-zone", Split[1])
- GenSSHFP(l, OutDir + "dns-sshfp", Split[1])
+ GenDNS(OutDir + "dns-zone", Split[1])
+ GenSSHFP(OutDir + "dns-sshfp", Split[1])
if ExtraList.has_key("[BSMTP]"):
- GenBSMTP(l, OutDir + "bsmtp", Split[1])
+ GenBSMTP(OutDir + "bsmtp", Split[1])
if ExtraList.has_key("[PRIVATE]"):
DoLink(GlobalDir, OutDir, "debian-private")