X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-generate;h=629315fd70bf512502760d5f9aeaf5545e9e5333;hb=b22af6dffb85542441935a2c117105b38f0b53b5;hp=41350d07093a1f31818c1e3e85ae6c4da67531ee;hpb=3a9baa335455ffcfbe195b1e65de4104405d7fab;p=mirror%2Fuserdir-ldap.git

diff --git a/ud-generate b/ud-generate
index 41350d0..629315f 100755
--- a/ud-generate
+++ b/ud-generate
@@ -78,6 +78,9 @@ GitoliteSSHCommand = getattr(ConfModule, "gitolitesshcommand", None)
 GitoliteExportHosts = re.compile(getattr(ConfModule, "gitoliteexporthosts", "."))
 MX_remap = json.loads(ConfModule.MX_remap)
 
+rtc_realm = getattr(ConfModule, "rtc_realm", None)
+rtc_append = getattr(ConfModule, "rtc_append", None)
+
 def prettify(elem):
    """Return a pretty-printed XML string for the Element.
    """
@@ -161,9 +164,6 @@ def IsRetired(account):
 
    return False
 
-#def IsGidDebian(account):
-#   return account['gidNumber'] == 800
-
 # See if this user is in the group list
 def IsInGroup(account, allowed, current_host):
   # See if the primary group is in the list
@@ -307,7 +307,7 @@ def GenShadowSudo(accounts, File, untrusted, current_host):
          Pass = '*'
          if 'sudoPassword' in a:
             for entry in a['sudoPassword']:
-               Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry)
+               Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*-]+) ([^ ]+)$').match(entry)
                if Match == None:
                   continue
                uuid = Match.group(1)
@@ -439,7 +439,7 @@ def GenRtcPassword(accounts, File):
          if not 'rtcPassword' in a: continue
          if not a.pw_active(): continue
 
-         Line = "%s@debian.org:%s:rtc.debian.org:AUTHORIZED" % (a['uid'], str(a['rtcPassword']))
+         Line = "%s%s:%s:%s:AUTHORIZED" % (a['uid'], rtc_append, str(a['rtcPassword']), rtc_realm)
          Line = Sanitize(Line) + "\n"
          F.write("%s" % (Line))
 
@@ -886,17 +886,21 @@ def ExtractDNSInfo(x):
             Algorithm = 1
          if Split[0] == 'ssh-dss':
             Algorithm = 2
+         if Split[0] == 'ssh-ed25519':
+            Algorithm = 4
          if Algorithm == None:
             continue
          Fingerprint = hashlib.new('sha1', base64.decodestring(Split[1])).hexdigest()
          DNSInfo.append("%sIN\tSSHFP\t%u 1 %s" % (TTLprefix, Algorithm, Fingerprint))
+         Fingerprint = hashlib.new('sha256', base64.decodestring(Split[1])).hexdigest()
+         DNSInfo.append("%sIN\tSSHFP\t%u 2 %s" % (TTLprefix, Algorithm, Fingerprint))
 
    if 'architecture' in x[1]:
       Arch = GetAttr(x, "architecture")
       Mach = ""
       if x[1].has_key("machine"):
          Mach = " " + GetAttr(x, "machine")
-      DNSInfo.append("%sIN\tHINFO\t\"%s%s\" \"%s\"" % (TTLprefix, Arch, Mach, "Debian GNU/Linux"))
+      DNSInfo.append("%sIN\tHINFO\t\"%s%s\" \"%s\"" % (TTLprefix, Arch, Mach, "Debian"))
 
    if x[1].has_key("mXRecord"):
       for I in x[1]["mXRecord"]:
@@ -1191,7 +1195,6 @@ def generate_all(global_dir, ldap_conn):
    accounts_disabled = GenDisabledAccounts(accounts, global_dir + "disabled-accounts")
 
    accounts = filter(lambda x: not IsRetired(x), accounts)
-   #accounts_DDs = filter(lambda x: IsGidDebian(x), accounts)
 
    CheckForward(accounts)