X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-generate;h=55d05cf8ef5cf769747966696faf5d27490ce9a7;hb=0681e6e93d9d21b85a67c4a4b81a9bd3dde848a5;hp=d55f10b6b140b007a146d0cb48077993336ec0a2;hpb=d3d5dd5a3fc470f834f5f021cf86ebfede644fcf;p=mirror%2Fuserdir-ldap.git diff --git a/ud-generate b/ud-generate index d55f10b..55d05cf 100755 --- a/ud-generate +++ b/ud-generate @@ -88,7 +88,7 @@ def Done(File,F,Fdb): os.rename(File + ".tdb.tmp",File+".tdb"); # Generate the password list -def GenPasswd(l,File,HomePrefix): +def GenPasswd(l,File,HomePrefix,PwdMarker): F = None; try: F = open(File + ".tdb.tmp","w"); @@ -107,7 +107,8 @@ def GenPasswd(l,File,HomePrefix): if len(GetAttr(x,"gecos")) > 100 or len(GetAttr(x,"loginShell")) > 50: continue; - Line = "%s:x:%s:%s:%s:%s%s:%s" % (GetAttr(x,"uid"),\ + Line = "%s:%s:%s:%s:%s:%s%s:%s" % (GetAttr(x,"uid"),\ + PwdMarker,\ GetAttr(x,"uidNumber"),GetAttr(x,"gidNumber"),\ GetAttr(x,"gecos"),HomePrefix,GetAttr(x,"uid"),\ GetAttr(x,"loginShell")); @@ -147,11 +148,20 @@ def GenShadow(l,File): Pass = '*'; else: Pass = Pass[7:]; + + # If the account is locked, mark it as such in shadow + # See Debian Bug #308229 for why we set it to 1 instead of 0 + if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1) \ + or GetAttr(x,"userPassword").startswith("!"): + ShadowExpire = '1' + else: + ShadowExpire = GetAttr(x,"shadowexpire") + Line = "%s:%s:%s:%s:%s:%s:%s:%s:" % (GetAttr(x,"uid"),\ Pass,GetAttr(x,"shadowLastChange"),\ GetAttr(x,"shadowMin"),GetAttr(x,"shadowMax"),\ GetAttr(x,"shadowWarning"),GetAttr(x,"shadowinactive"),\ - GetAttr(x,"shadowexpire")); + ShadowExpire); Line = Sanitize(Line) + "\n"; F.write("0%u %s" % (I,Line)); F.write(".%s %s" % (GetAttr(x,"uid"),Line)); @@ -390,6 +400,39 @@ def GenPrivate(l,File): raise; Done(File,F,None); +# Generate a list of locked accounts +def GenDisabledAccounts(l,File): + F = None; + try: + F = open(File + ".tmp","w"); + + # Fetch all the users + global PasswdAttrs; + if PasswdAttrs == None: + raise "No Users"; + + I = 0; + for x in PasswdAttrs: + if x[1].has_key("uidNumber") == 0: + continue; + + Pass = GetAttr(x,"userPassword"); + Line = "" + # *LK* is the reference value for a locked account + # password starting with ! is also a locked account + if string.find(Pass,"*LK*") != -1 or Pass.startswith("!"): + # Format is : + Line = "%s:%s" % (GetAttr(x,"uid"), "Account is locked") + + if Line != "": + F.write(Sanitize(Line) + "\n") + + # Oops, something unspeakable happened. + except: + Die(File,F,None); + raise; + Done(File,F,None); + # Generate the list of local addresses that refuse all mail def GenMailDisable(l,File): F = None; @@ -760,6 +803,7 @@ GenSSHShadow(l,GlobalDir+"ssh-rsa-shadow"); GenAllForward(l,GlobalDir+"mail-forward.cdb"); GenMarkers(l,GlobalDir+"markers"); GenPrivate(l,GlobalDir+"debian-private"); +GenDisabledAccounts(l,GlobalDir+"disabled-accounts"); GenSSHKnown(l,GlobalDir+"ssh_known_hosts"); GenHosts(l,GlobalDir+"debianhosts"); GenMailDisable(l,GlobalDir+"mail-disable"); @@ -806,9 +850,13 @@ while(1): DoLink(GlobalDir,OutDir,"ssh-rsa-shadow"); DoLink(GlobalDir,OutDir,"debianhosts"); DoLink(GlobalDir,OutDir,"ssh_known_hosts"); + DoLink(GlobalDir,OutDir,"disabled-accounts") sys.stdout.flush(); - GenPasswd(l,OutDir+"passwd",Split[1]); + if ExtraList.has_key("[NOPASSWD]"): + GenPasswd(l,OutDir+"passwd",Split[1], "*"); + else: + GenPasswd(l,OutDir+"passwd",Split[1], "x"); sys.stdout.flush(); GenGroup(l,OutDir+"group"); if ExtraList.has_key("[UNTRUSTED]"):