X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-generate;h=7931ff6d55d3f3ceb1b25f0ae9212a1e93620dd6;hb=e5e831be77686bd3a4e86d5eb20506f6fea8c854;hp=d3da30961a0658e9082c46336ccdfdda8ea409ea;hpb=4da58c2caaf11463d5dd477308f619fffda9acd9;p=mirror%2Fuserdir-ldap.git diff --git a/ud-generate b/ud-generate index d3da309..7931ff6 100755 --- a/ud-generate +++ b/ud-generate @@ -70,6 +70,8 @@ IsDebianHost = re.compile(ConfModule.dns_hostmatch) isSSHFP = re.compile("^\s*IN\s+SSHFP") DNSZone = ".debian.net" Keyrings = ConfModule.sync_keyrings.split(":") +GitoliteSSHRestrictions = getattr(ConfModule, "gitolitesshrestrictions", None) + def safe_makedirs(dir): try: @@ -91,10 +93,10 @@ def safe_rmtree(dir): def get_lock(fn, wait=5*60, max_age=3600*6): try: - stat = os.stat(fn) - if stat[ST_MTIME] < time.time() - max_age: - sys.stderr.write("Removing stale lock %s"%(fn)) - os.unlink(fn) + stat = os.stat(fn + '.lock') + if stat.st_mtime < time.time() - max_age: + sys.stderr.write("Removing stale lock %s"%(fn + '.lock')) + os.unlink(fn + '.lock') except OSError, error: if error.errno == errno.ENOENT: pass @@ -338,6 +340,34 @@ def GenShadowSudo(accounts, File, untrusted): raise Done(File, F, None) +# Generate the sudo passwd file +def GenSSHGitolite(accounts, File): + F = None + try: + OldMask = os.umask(0022) + F = open(File + ".tmp", "w", 0600) + os.umask(OldMask) + + if not GitoliteSSHRestrictions is None and GitoliteSSHRestrictions != "": + for a in accounts: + if not 'sshRSAAuthKey' in a: continue + + User = a['uid'] + prefix = GitoliteSSHRestrictions.replace('@@USER@@', User) + for I in a["sshRSAAuthKey"]: + if I.startswith('ssh-'): + line = "%s %s"%(prefix, I) + else: + line = "%s,%s"%(prefix, I) + line = Sanitize(line) + "\n" + F.write(line) + + # Oops, something unspeakable happened. + except: + Die(File, F, None) + raise + Done(File, F, None) + # Generate the shadow list def GenSSHShadow(global_dir, accounts): # Fetch all the users @@ -374,6 +404,27 @@ def GenSSHShadow(global_dir, accounts): return userfiles +# Generate the webPassword list +def GenWebPassword(accounts, File): + F = None + try: + OldMask = os.umask(0077) + F = open(File, "w", 0600) + os.umask(OldMask) + + for a in accounts: + if not 'webPassword' in a: continue + if not a.pw_active(): continue + + Pass = str(a['webPassword']) + Line = "%s:%s" % (a['uid'], Pass) + Line = Sanitize(Line) + "\n" + F.write("%s" % (Line)) + + except: + Die(File, None, F) + raise + def GenSSHtarballs(global_dir, userlist, SSHFiles, grouprevmap, target): OldMask = os.umask(0077) tf = tarfile.open(name=os.path.join(global_dir, 'ssh-keys-%s.tar.gz' % CurrentHost), mode='w:gz') @@ -1006,7 +1057,7 @@ def get_accounts(ldap_conn): "keyFingerPrint", "privateSub", "mailDisableMessage",\ "mailGreylisting", "mailCallout", "mailRBL", "mailRHSBL",\ "mailWhitelist", "sudoPassword", "objectClass", "accountStatus",\ - "mailContentInspectionAction"]) + "mailContentInspectionAction", "webPassword"]) if passwd_attrs is None: raise UDEmptyList, "No Users" @@ -1067,6 +1118,7 @@ def generate_all(global_dir, ldap_conn): GenMailList(accounts, global_dir + "mail-rbl", "mailRBL") GenMailList(accounts, global_dir + "mail-rhsbl", "mailRHSBL") GenMailList(accounts, global_dir + "mail-whitelist", "mailWhitelist") + GenWebPassword(accounts, global_dir + "web-passwords") GenKeyrings(global_dir) # Compatibility. @@ -1079,6 +1131,7 @@ def generate_all(global_dir, ldap_conn): GenMarkers(accounts, global_dir + "markers") GenSSHKnown(host_attrs, global_dir + "ssh_known_hosts") GenHosts(host_attrs, global_dir + "debianhosts") + GenSSHGitolite(accounts, global_dir + "ssh-gitolite") GenDNS(accounts, global_dir + "dns-zone") GenZoneRecords(host_attrs, global_dir + "dns-sshfp") @@ -1171,6 +1224,12 @@ def generate_host(host, global_dir, accounts, ssh_files): if 'PRIVATE' in ExtraList: DoLink(global_dir, OutDir, "debian-private") + if 'GITOLITE' in ExtraList: + DoLink(global_dir, OutDir, "ssh-gitolite") + + if 'WEB-PASSWORDS' in ExtraList: + DoLink(global_dir, OutDir, "web-passwords") + if 'KEYRING' in ExtraList: for k in Keyrings: bn = os.path.basename(k) @@ -1190,6 +1249,7 @@ def generate_host(host, global_dir, accounts, ssh_files): posix.remove(target) except: pass + DoLink(global_dir, OutDir, "last_update.trace") l = make_ldap_conn() @@ -1213,20 +1273,24 @@ cache_last_mod = 0 try: fd = open(os.path.join(GenerateDir, "last_update.trace"), "r") - cache_last_mod=fd.read().strip() + cache_last_mod=fd.read().split() + try: + cache_last_mod = cache_last_mod[0] + except IndexError: + pass fd.close() except IOError, e: if e.errno == errno.ENOENT: pass else: raise e + if cache_last_mod >= last: + fd = open(os.path.join(GenerateDir, "last_update.trace"), "w") + fd.write("%s\n%s\n" % (last, int(time.time()))) + fd.close() sys.exit(0) -fd = open(os.path.join(GenerateDir, "last_update.trace"), "w") -fd.write(last) -fd.close() - # Fetch all the groups GroupIDMap = {} attrs = l.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "gid=*",\ @@ -1250,12 +1314,16 @@ try: sys.stderr.write("Could not acquire lock %s.\n"%(lockf)) sys.exit(1) + tracefd = open(os.path.join(GenerateDir, "last_update.trace"), "w") generate_all(GenerateDir, l) + tracefd.write("%s\n%s\n" % (last, int(time.time()))) + tracefd.close() finally: if lock is not None: lock.release() + # vim:set et: # vim:set ts=3: # vim:set shiftwidth=3: