DNSZone = ".debian.net"
def Sanitize(Str):
- return string.translate(Str,string.maketrans("\n\r\t","$$$"));
+ return Str.translate(string.maketrans("\n\r\t","$$$"))
def DoLink(From,To,File):
try: posix.remove(To+File);
os.rename(File + ".tdb.tmp",File+".tdb");
# Generate the password list
-def GenPasswd(l,File,HomePrefix):
+def GenPasswd(l,File,HomePrefix,PwdMarker,UidShift):
F = None;
try:
F = open(File + ".tdb.tmp","w");
if len(GetAttr(x,"gecos")) > 100 or len(GetAttr(x,"loginShell")) > 50:
continue;
- Line = "%s:x:%s:%s:%s:%s%s:%s" % (GetAttr(x,"uid"),\
+ Line = "%s:%s:%s:%s:%s:%s%s:%s" % (GetAttr(x,"uid"),\
+ PwdMarker,\
GetAttr(x,"uidNumber"),GetAttr(x,"gidNumber"),\
GetAttr(x,"gecos"),HomePrefix,GetAttr(x,"uid"),\
GetAttr(x,"loginShell"));
Line = Sanitize(Line) + "\n";
F.write("0%u %s" % (I,Line));
F.write(".%s %s" % (GetAttr(x,"uid"),Line));
- F.write("=%s %s" % (GetAttr(x,"uidNumber"),Line));
+ F.write("=%s %s" % ((int(GetAttr(x,"uidNumber"))+UidShift),Line));
I = I + 1;
# Oops, something unspeakable happened.
# If the account is locked, mark it as such in shadow
# See Debian Bug #308229 for why we set it to 1 instead of 0
- if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1) \
+ if (GetAttr(x,"userPassword").find("*LK*") != -1) \
or GetAttr(x,"userPassword").startswith("!"):
ShadowExpire = '1'
else:
# If the account is locked, do not write it.
# This is a partial stop-gap. The ssh also needs to change this
# to ignore ~/.ssh/authorized* files.
- if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1) \
+ if (GetAttr(x,"userPassword").find("*LK*") != -1) \
or GetAttr(x,"userPassword").startswith("!"):
continue;
Done(File,F,None);
# Generate the group list
-def GenGroup(l,File):
+def GenGroup(l,File,UidShift):
F = None;
try:
F = open(File + ".tdb.tmp","w");
for x in GroupMap.keys():
if GroupIDMap.has_key(x) == 0:
continue;
- Line = "%s:x:%u:" % (x,GroupIDMap[x]);
+ NewGid = int(GroupIDMap[x]);
+ if NewGid >= 500:
+ NewGid = NewGid + UidShift
+ Line = "%s:x:%u:" % (x,NewGid)
Comma = '';
for I in GroupMap[x]:
Line = Line + ("%s%s" % (Comma,I));
Line = Sanitize(Line) + "\n";
F.write("0%u %s" % (J,Line));
F.write(".%s %s" % (x,Line));
- F.write("=%u %s" % (GroupIDMap[x],Line));
+ F.write("=%u %s" % (NewGid,Line));
J = J + 1;
# Oops, something unspeakable happened.
continue;
# If the account is locked, do not write it
- if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1) \
+ if (GetAttr(x,"userPassword").find("*LK*") != -1) \
or GetAttr(x,"userPassword").startswith("!"):
continue;
Line = ""
# *LK* is the reference value for a locked account
# password starting with ! is also a locked account
- if string.find(Pass,"*LK*") != -1 or Pass.startswith("!"):
+ if Pass.find("*LK*") != -1 or Pass.startswith("!"):
# Format is <login>:<reason>
Line = "%s:%s" % (GetAttr(x,"uid"), "Account is locked")
Reason = None
# If the account is locked, disable incoming mail
- if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1):
+ if (GetAttr(x,"userPassword").find("*LK*") != -1):
if GetAttr(x,"uid") == "luther":
continue
else:
try:
F.write("; %s\n"%(EmailAddress(x)));
for z in x[1]["dnsZoneEntry"]:
- Split = string.split(string.lower(z));
- if string.lower(Split[1]) == 'in':
+ Split = z.lower().split()
+ if Split[1].lower() == 'in':
for y in range(0,len(Split)):
if Split[y] == "$":
Split[y] = "\n\t";
- Line = string.join(Split," ") + "\n";
+ Line = " ".join(Split) + "\n";
F.write(Line);
Host = Split[0] + DNSZone;
F.write("; Has BSMTP\n");
# Write some identification information
- if string.lower(Split[2]) == "a":
+ if Split[2].lower() == "a":
Line = "%s IN TXT \"%s\"\n"%(Split[0],EmailAddress(x));
for y in x[1]["keyFingerPrint"]:
Line = Line + "%s IN TXT \"PGP %s\"\n"%(Split[0],FormatPGPKey(y));
Host = GetAttr(x,"hostname");
Algorithm = None
for I in x[1]["sshRSAHostKey"]:
- Split = string.split(I)
+ Split = I.split()
if Split[0] == 'ssh-rsa':
Algorithm = 1
if Split[0] == 'ssh-dss':
continue;
try:
for z in x[1]["dnsZoneEntry"]:
- Split = string.split(string.lower(z));
- if string.lower(Split[1]) == 'in':
+ Split = z.lower().split()
+ if Split[1].lower() == 'in':
for y in range(0,len(Split)):
if Split[y] == "$":
Split[y] = "\n\t";
- Line = string.join(Split," ") + "\n";
+ Line = " ".join(Split) + "\n";
Host = Split[0] + DNSZone;
if BSMTPCheck.match(Line) != None:
x[1].has_key("sshRSAHostKey") == 0:
continue;
Host = GetAttr(x,"hostname");
- SHost = string.find(Host,".");
+ SHost = Host.find(".")
for I in x[1]["sshRSAHostKey"]:
if SHost == None:
Line = "%s,%s %s" %(Host,socket.gethostbyname(Host),I);
# Connect to the ldap server
l = ldap.open(LDAPServer);
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
-Pass = string.split(string.strip(F.readline())," ");
+Pass = F.readline().strip().split(" ")
F.close();
l.simple_bind_s("uid="+Pass[0]+","+BaseDn,Pass[1]);
Line = F.readline();
if Line == "":
break;
- Line = string.strip(Line);
+ Line = Line.strip()
if Line == "":
continue;
if Line[0] == '#':
continue;
- Split = string.split(Line," ");
+ Split = Line.split(" ")
OutDir = GenerateDir + '/' + Split[0] + '/';
try: os.mkdir(OutDir);
except: pass;
DoLink(GlobalDir,OutDir,"disabled-accounts")
sys.stdout.flush();
- GenPasswd(l,OutDir+"passwd",Split[1]);
+ UidShift = 0
+ if ExtraList.has_key("[UIDSHIFT]"): UidShift=1000
+ if ExtraList.has_key("[NOPASSWD]"):
+ GenPasswd(l,OutDir+"passwd",Split[1], "*", UidShift);
+ else:
+ GenPasswd(l,OutDir+"passwd",Split[1], "x", UidShift);
sys.stdout.flush();
- GenGroup(l,OutDir+"group");
+ GenGroup(l,OutDir+"group", UidShift);
if ExtraList.has_key("[UNTRUSTED]"):
continue;
if not ExtraList.has_key("[NOPASSWD]"):