X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=ud-generate;h=004e64aa9ba89887a7f6d79f13e5469562139b83;hb=0fde94b6b3add31a1c17933cfda802bdabfe831e;hp=6116cd0dda796134c2b54b3bf735541e7e51994a;hpb=5ccf0b31849a9d7a2be2377c05cbe0b015606716;p=mirror%2Fuserdir-ldap.git diff --git a/ud-generate b/ud-generate index 6116cd0..004e64a 100755 --- a/ud-generate +++ b/ud-generate @@ -28,7 +28,7 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -import string, re, time, ldap, getopt, sys, os, pwd, posix, socket, base64, sha, shutil, errno, tarfile, grp +import string, re, time, ldap, getopt, sys, os, pwd, posix, socket, base64, hashlib, shutil, errno, tarfile, grp import lockfile from userdir_ldap import * from userdir_exceptions import * @@ -91,10 +91,10 @@ def safe_rmtree(dir): def get_lock(fn, wait=5*60, max_age=3600*6): try: - stat = os.stat(fn) - if stat[ST_MTIME] < time.time() - max_age: - sys.stderr.write("Removing stale lock %s"%(fn)) - os.unlink(fn) + stat = os.stat(fn + '.lock') + if stat.st_mtime < time.time() - max_age: + sys.stderr.write("Removing stale lock %s"%(fn + '.lock')) + os.unlink(fn + '.lock') except OSError, error: if error.errno == errno.ENOENT: pass @@ -374,6 +374,27 @@ def GenSSHShadow(global_dir, accounts): return userfiles +# Generate the webPassword list +def GenWebPassword(accounts, File): + F = None + try: + OldMask = os.umask(0077) + F = open(File, "w", 0600) + os.umask(OldMask) + + for a in accounts: + if not 'webPassword' in a: continue + if not a.pw_active(): continue + + Pass = str(a['webPassword']) + Line = "%s:%s" % (a['uid'], Pass) + Line = Sanitize(Line) + "\n" + F.write("%s" % (Line)) + + except: + Die(File, None, F) + raise + def GenSSHtarballs(global_dir, userlist, SSHFiles, grouprevmap, target): OldMask = os.umask(0077) tf = tarfile.open(name=os.path.join(global_dir, 'ssh-keys-%s.tar.gz' % CurrentHost), mode='w:gz') @@ -781,7 +802,7 @@ def ExtractDNSInfo(x): Algorithm = 2 if Algorithm == None: continue - Fingerprint = sha.new(base64.decodestring(Split[1])).hexdigest() + Fingerprint = hashlib.new('sha1', base64.decodestring(Split[1])).hexdigest() DNSInfo.append("%sIN\tSSHFP\t%u 1 %s" % (TTLprefix, Algorithm, Fingerprint)) if 'architecture' in x[1]: @@ -997,7 +1018,7 @@ def GenKeyrings(OutDir): def get_accounts(ldap_conn): # Fetch all the users - passwd_attrs = ldap_conn.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "(&(uid=*)(!(uidNumber=0)))",\ + passwd_attrs = ldap_conn.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "(&(uid=*)(!(uidNumber=0))(objectClass=shadowAccount))",\ ["uid", "uidNumber", "gidNumber", "supplementaryGid",\ "gecos", "loginShell", "userPassword", "shadowLastChange",\ "shadowMin", "shadowMax", "shadowWarning", "shadowInactive", @@ -1006,7 +1027,7 @@ def get_accounts(ldap_conn): "keyFingerPrint", "privateSub", "mailDisableMessage",\ "mailGreylisting", "mailCallout", "mailRBL", "mailRHSBL",\ "mailWhitelist", "sudoPassword", "objectClass", "accountStatus",\ - "mailContentInspectionAction"]) + "mailContentInspectionAction", "webPassword"]) if passwd_attrs is None: raise UDEmptyList, "No Users" @@ -1067,6 +1088,7 @@ def generate_all(global_dir, ldap_conn): GenMailList(accounts, global_dir + "mail-rbl", "mailRBL") GenMailList(accounts, global_dir + "mail-rhsbl", "mailRHSBL") GenMailList(accounts, global_dir + "mail-whitelist", "mailWhitelist") + GenWebPassword(accounts, global_dir + "web-passwords") GenKeyrings(global_dir) # Compatibility. @@ -1171,6 +1193,9 @@ def generate_host(host, global_dir, accounts, ssh_files): if 'PRIVATE' in ExtraList: DoLink(global_dir, OutDir, "debian-private") + if 'WEB-PASSWORDS' in ExtraList: + DoLink(global_dir, OutDir, "web-passwords") + if 'KEYRING' in ExtraList: for k in Keyrings: bn = os.path.basename(k) @@ -1193,6 +1218,40 @@ def generate_host(host, global_dir, accounts, ssh_files): l = make_ldap_conn() +mods = l.search_s('cn=log', + ldap.SCOPE_ONELEVEL, + '(&(&(!(reqMod=activity-from*))(!(reqMod=activity-pgp*)))(|(reqType=add)(reqType=delete)(reqType=modify)(reqType=modrdn)))', + ['reqEnd']) + +last = 0 + +# Sort the list by reqEnd +sorted_mods = sorted(mods, key=lambda mod: mod[1]['reqEnd'][0].split('.')[0]) +# Take the last element in the array +last = sorted_mods[-1][1]['reqEnd'][0].split('.')[0] + +# override globaldir for testing +if 'UD_GENERATEDIR' in os.environ: + GenerateDir = os.environ['UD_GENERATEDIR'] + +cache_last_mod = [0,0] + +try: + fd = open(os.path.join(GenerateDir, "last_update.trace"), "r") + cache_last_mod=fd.read().split() + fd.close() +except IOError, e: + if e.errno == errno.ENOENT: + pass + else: + raise e + +if cache_last_mod[0] >= last: + fd = open(os.path.join(GenerateDir, "last_update.trace"), "w") + fd.write("%s\n%s\n" % (last, int(time.time()))) + fd.close() + sys.exit(0) + # Fetch all the groups GroupIDMap = {} attrs = l.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "gid=*",\ @@ -1208,22 +1267,24 @@ for x in attrs: if x[1].has_key("subGroup") != 0: SubGroupMap.setdefault(x[1]["gid"][0], []).extend(x[1]["subGroup"]) -# override globaldir for testing -if 'UD_GENERATEDIR' in os.environ: - GenerateDir = os.environ['UD_GENERATEDIR'] - +lock = None try: - lock = get_lock( os.path.join(GenerateDir, 'ud-generate.lock') ) + lockf = os.path.join(GenerateDir, 'ud-generate.lock') + lock = get_lock( lockf ) if lock is None: - sys.stderr.write("Could not acquire lock %s.\n"%(fn)) + sys.stderr.write("Could not acquire lock %s.\n"%(lockf)) sys.exit(1) generate_all(GenerateDir, l) finally: - if not lock is None: + if lock is not None: lock.release() +fd = open(os.path.join(GenerateDir, "last_update.trace"), "w") +fd.write("%s\n%s\n" % (last, int(time.time()))) +fd.close() + # vim:set et: # vim:set ts=3: # vim:set shiftwidth=3: