X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-generate;h=943da311577e1c64e25691f8bd95d96c2dea52d7;hb=521c785c598eb9981c6c0f81a3c3b680e1f0300d;hp=91d95a7a18aac59d3e6b5e6b9249123de03d38d4;hpb=32c616b7a9236fd172ee33c99d3006a49c0d4a10;p=mirror%2Fuserdir-ldap.git diff --git a/ud-generate b/ud-generate index 91d95a7..943da31 100755 --- a/ud-generate +++ b/ud-generate @@ -39,6 +39,10 @@ except ImportError: global Allowed global CurrentHost +if os.getuid() == 0: + sys.stderr.write("You should probably not run ud-generate as root.\n") + sys.exit(1) + PasswdAttrs = None DebianUsers = None DisabledUsers = [] @@ -54,6 +58,7 @@ BSMTPCheck = re.compile(".*mx 0 (master)\.debian\.org\..*",re.DOTALL) PurposeHostField = re.compile(r".*\[\[([\*\-]?[a-z0-9.\-]*)(?:\|.*)?\]\]") IsV6Addr = re.compile("^[a-fA-F0-9:]+$") IsDebianHost = re.compile(ConfModule.dns_hostmatch) +isSSHFP = re.compile("^\s*IN\s+SSHFP") DNSZone = ".debian.net" Keyrings = ConfModule.sync_keyrings.split(":") @@ -780,6 +785,7 @@ def GenDNS(File): # Fetch all the users global PasswdAttrs + RRs = {} # Write out the zone file entry for each user for x in PasswdAttrs: @@ -805,11 +811,13 @@ def GenDNS(File): F.write("; Has BSMTP\n") # Write some identification information - if Split[2].lower() == "a": - Line = "%s IN TXT \"%s\"\n"%(Split[0], EmailAddress(x)) - for y in x[1]["keyFingerPrint"]: - Line = Line + "%s IN TXT \"PGP %s\"\n"%(Split[0], FormatPGPKey(y)) - F.write(Line) + if not RRs.has_key(Host): + if Split[2].lower() in ["a", "aaaa"]: + Line = "%s IN TXT \"%s\"\n"%(Split[0], EmailAddress(x)) + for y in x[1]["keyFingerPrint"]: + Line = Line + "%s IN TXT \"PGP %s\"\n"%(Split[0], FormatPGPKey(y)) + F.write(Line) + RRs[Host] = 1 else: Line = "; Err %s"%(str(Split)) F.write(Line) @@ -893,6 +901,29 @@ def GenZoneRecords(File): F.write(Line + "\n") + # this would write sshfp lines for services on machines + # but we can't yet, since some are cnames and we'll make + # an invalid zonefile + # + # for i in x[1].get("purpose", []): + # m = PurposeHostField.match(i) + # if m: + # m = m.group(1) + # # we ignore [[*..]] entries + # if m.startswith('*'): + # continue + # if m.startswith('-'): + # m = m[1:] + # if m: + # if not m.endswith(HostDomain): + # continue + # if not m.endswith('.'): + # m = m + "." + # for Line in DNSInfo: + # if isSSHFP.match(Line): + # Line = "%s\t%s" % (m, Line) + # F.write(Line + "\n") + # Oops, something unspeakable happened. except: Die(File, F, None) @@ -1045,9 +1076,14 @@ def GenKeyrings(OutDir): # Connect to the ldap server l = connectLDAP() -F = open(PassDir + "/pass-" + pwd.getpwuid(os.getuid())[0], "r") -Pass = F.readline().strip().split(" ") -F.close() +# for testing purposes it's sometimes useful to pass username/password +# via the environment +if 'UD_CREDENTIALS' in os.environ: + Pass = os.environ['UD_CREDENTIALS'].split() +else: + F = open(PassDir + "/pass-" + pwd.getpwuid(os.getuid())[0], "r") + Pass = F.readline().strip().split(" ") + F.close() l.simple_bind_s("uid=" + Pass[0] + "," + BaseDn, Pass[1]) # Fetch all the groups @@ -1092,6 +1128,10 @@ if HostAttrs == None: HostAttrs.sort(lambda x, y: cmp((GetAttr(x, "hostname")).lower(), (GetAttr(y, "hostname")).lower())) +# override globaldir for testing +if 'UD_GENERATEDIR' in os.environ: + GenerateDir = os.environ['UD_GENERATEDIR'] + # Generate global things GlobalDir = GenerateDir + "/" GenDisabledAccounts(GlobalDir + "disabled-accounts")