X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-generate;h=78caa4a47a23c72b4615ca12f9efe12da65dda98;hb=993dd940e425a9f71247c52dee6be888e8d2ce8e;hp=d6996334d6fc0f6b0bcebda42078ac1e2b431e4a;hpb=aefc0a50e8e2603a95f31721712111bda4a56864;p=mirror%2Fuserdir-ldap.git diff --git a/ud-generate b/ud-generate index d699633..78caa4a 100755 --- a/ud-generate +++ b/ud-generate @@ -70,6 +70,8 @@ IsDebianHost = re.compile(ConfModule.dns_hostmatch) isSSHFP = re.compile("^\s*IN\s+SSHFP") DNSZone = ".debian.net" Keyrings = ConfModule.sync_keyrings.split(":") +GitoliteSSHRestrictions = getattr(ConfModule, "gitolitesshrestrictions", None) + def safe_makedirs(dir): try: @@ -338,6 +340,34 @@ def GenShadowSudo(accounts, File, untrusted): raise Done(File, F, None) +# Generate the sudo passwd file +def GenSSHGitolite(accounts, File): + F = None + try: + OldMask = os.umask(0022) + F = open(File + ".tmp", "w", 0600) + os.umask(OldMask) + + if not GitoliteSSHRestrictions is None and GitoliteSSHRestrictions != "": + for a in accounts: + if not 'sshRSAAuthKey' in a: continue + + User = a['uid'] + prefix = GitoliteSSHRestrictions.replace('@@USER@@', User) + for I in a["sshRSAAuthKey"]: + if I.startswith('ssh-'): + line = "%s %s"%(prefix, I) + else: + line = "%s,%s"%(prefix, I) + line = Sanitize(line) + "\n" + F.write(line) + + # Oops, something unspeakable happened. + except: + Die(File, F, None) + raise + Done(File, F, None) + # Generate the shadow list def GenSSHShadow(global_dir, accounts): # Fetch all the users @@ -742,16 +772,13 @@ def GenDNS(accounts, File): for z in a["dnsZoneEntry"]: Split = z.lower().split() if Split[1].lower() == 'in': - for y in range(0, len(Split)): - if Split[y] == "$": - Split[y] = "\n\t" Line = " ".join(Split) + "\n" F.write(Line) - + Host = Split[0] + DNSZone if BSMTPCheck.match(Line) != None: F.write("; Has BSMTP\n") - + # Write some identification information if not RRs.has_key(Host): if Split[2].lower() in ["a", "aaaa"]: @@ -763,7 +790,7 @@ def GenDNS(accounts, File): else: Line = "; Err %s"%(str(Split)) F.write(Line) - + F.write("\n") except Exception, e: F.write("; Errors:\n") @@ -1101,6 +1128,7 @@ def generate_all(global_dir, ldap_conn): GenMarkers(accounts, global_dir + "markers") GenSSHKnown(host_attrs, global_dir + "ssh_known_hosts") GenHosts(host_attrs, global_dir + "debianhosts") + GenSSHGitolite(accounts, global_dir + "ssh-gitolite") GenDNS(accounts, global_dir + "dns-zone") GenZoneRecords(host_attrs, global_dir + "dns-sshfp") @@ -1193,6 +1221,9 @@ def generate_host(host, global_dir, accounts, ssh_files): if 'PRIVATE' in ExtraList: DoLink(global_dir, OutDir, "debian-private") + if 'GITOLITE' in ExtraList: + DoLink(global_dir, OutDir, "ssh-gitolite") + if 'WEB-PASSWORDS' in ExtraList: DoLink(global_dir, OutDir, "web-passwords") @@ -1215,42 +1246,57 @@ def generate_host(host, global_dir, accounts, ssh_files): posix.remove(target) except: pass + DoLink(global_dir, OutDir, "last_update.trace") -l = make_ldap_conn() -mods = l.search_s('cn=log', - ldap.SCOPE_ONELEVEL, - '(&(&(!(reqMod=activity-from*))(!(reqMod=activity-pgp*)))(|(reqType=add)(reqType=delete)(reqType=modify)(reqType=modrdn)))', - ['reqEnd']) +def getLastLDAPChangeTime(l): + mods = l.search_s('cn=log', + ldap.SCOPE_ONELEVEL, + '(&(&(!(reqMod=activity-from*))(!(reqMod=activity-pgp*)))(|(reqType=add)(reqType=delete)(reqType=modify)(reqType=modrdn)))', + ['reqEnd']) + + last = 0 + + # Sort the list by reqEnd + sorted_mods = sorted(mods, key=lambda mod: mod[1]['reqEnd'][0].split('.')[0]) + # Take the last element in the array + last = sorted_mods[-1][1]['reqEnd'][0].split('.')[0] -last = 0 + return last -# Sort the list by reqEnd -sorted_mods = sorted(mods, key=lambda mod: mod[1]['reqEnd'][0].split('.')[0]) -# Take the last element in the array -last = sorted_mods[-1][1]['reqEnd'][0].split('.')[0] +def getLastBuildTime(): + cache_last_mod = 0 + + try: + fd = open(os.path.join(GenerateDir, "last_update.trace"), "r") + cache_last_mod=fd.read().split() + try: + cache_last_mod = cache_last_mod[0] + except IndexError: + pass + fd.close() + except IOError, e: + if e.errno == errno.ENOENT: + pass + else: + raise e + + return cache_last_mod + + + +l = make_ldap_conn() # override globaldir for testing if 'UD_GENERATEDIR' in os.environ: GenerateDir = os.environ['UD_GENERATEDIR'] -cache_last_mod = [0,0] - -try: - fd = open(os.path.join(GenerateDir, "last_update.trace"), "r") - cache_last_mod=fd.read().split() +ldap_last_mod = getLastLDAPChangeTime(l) +cache_last_mod = getLastBuildTime() +if cache_last_mod >= ldap_last_mod: + fd = open(os.path.join(GenerateDir, "last_update.trace"), "w") + fd.write("%s\n%s\n" % (ldap_last_mod, int(time.time()))) fd.close() -except IOError, e: - if e.errno == errno.ENOENT: - pass - else: - raise e - -fd = open(os.path.join(GenerateDir, "last_update.trace"), "w") -fd.write("%s\n%s\n" % (last, int(time.time()))) -fd.close() - -if cache_last_mod[0] >= last: sys.exit(0) # Fetch all the groups @@ -1276,12 +1322,16 @@ try: sys.stderr.write("Could not acquire lock %s.\n"%(lockf)) sys.exit(1) + tracefd = open(os.path.join(GenerateDir, "last_update.trace"), "w") generate_all(GenerateDir, l) + tracefd.write("%s\n%s\n" % (ldap_last_mod, int(time.time()))) + tracefd.close() finally: if lock is not None: lock.release() + # vim:set et: # vim:set ts=3: # vim:set shiftwidth=3: