X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-generate;h=9dcf0a350cb436541dcc3dffe812220b09afc8d4;hb=587a54ab542cce47d8594d17a615913479177dda;hp=125a20e9ca263eeba18c0f3d5adda66b7d6b4c2c;hpb=877570fc9e292e0c9df0bd5581f4bd9e14f2d6f9;p=mirror%2Fuserdir-ldap.git

diff --git a/ud-generate b/ud-generate
index 125a20e..9dcf0a3 100755
--- a/ud-generate
+++ b/ud-generate
@@ -437,6 +437,7 @@ def GenRtcPassword(accounts, File):
       os.umask(OldMask)
 
       for a in accounts:
+         if a.is_guest_account(): continue
          if not 'rtcPassword' in a: continue
          if not a.pw_active(): continue
 
@@ -448,6 +449,28 @@ def GenRtcPassword(accounts, File):
       Die(File, None, F)
       raise
 
+# Generate the TOTP auth file
+def GenTOTPSeed(accounts, File):
+   F = None
+   try:
+      OldMask = os.umask(0077)
+      F = open(File, "w", 0600)
+      os.umask(OldMask)
+
+      F.write("# Option User Prefix Seed\n")
+      for a in accounts:
+         if a.is_guest_account(): continue
+         if not 'totpSeed' in a: continue
+         if not a.pw_active(): continue
+
+         Line = "HOTP/T30/6 %s - %s" % (a['uid'], a['totpSeed'])
+         Line = Sanitize(Line) + "\n"
+         F.write("%s" % (Line))
+   except:
+      Die(File, None, F)
+      raise
+
+
 def GenSSHtarballs(global_dir, userlist, ssh_userkeys, grouprevmap, target, current_host):
    OldMask = os.umask(0077)
    tf = tarfile.open(name=os.path.join(global_dir, 'ssh-keys-%s.tar.gz' % current_host), mode='w:gz')
@@ -1125,7 +1148,7 @@ def get_accounts(ldap_conn):
                     "mailGreylisting", "mailCallout", "mailRBL", "mailRHSBL",\
                     "mailWhitelist", "sudoPassword", "objectClass", "accountStatus",\
                     "mailContentInspectionAction", "webPassword", "rtcPassword",\
-                    "bATVToken"])
+                    "bATVToken", "totpSeed"])
 
    if passwd_attrs is None:
       raise UDEmptyList, "No Users"
@@ -1213,6 +1236,7 @@ def generate_all(global_dir, ldap_conn):
    GenMailList(accounts, global_dir + "mail-whitelist", "mailWhitelist")
    GenWebPassword(accounts, global_dir + "web-passwords")
    GenRtcPassword(accounts, global_dir + "rtc-passwords")
+   GenTOTPSeed(accounts, global_dir + "users.oath")
    GenKeyrings(global_dir)
 
    # Compatibility.
@@ -1225,7 +1249,6 @@ def generate_all(global_dir, ldap_conn):
    GenMarkers(accounts, global_dir + "markers")
    GenSSHKnown(host_attrs, global_dir + "ssh_known_hosts")
    GenHosts(host_attrs, global_dir + "debianhosts")
-   GenSSHGitolite(accounts, host_attrs, global_dir + "ssh-gitolite")
 
    GenDNS(accounts, global_dir + "dns-zone")
    GenZoneRecords(host_attrs, global_dir + "dns-sshfp")
@@ -1320,7 +1343,7 @@ def generate_host(host, global_dir, all_accounts, all_hosts, ssh_userkeys):
       DoLink(global_dir, OutDir, "debian-private")
 
    if 'GITOLITE' in ExtraList:
-      DoLink(global_dir, OutDir, "ssh-gitolite")
+      GenSSHGitolite(all_accounts, all_hosts, OutDir + "ssh-gitolite", current_host=current_host)
    if 'exportOptions' in host[1]:
       for entry in host[1]['exportOptions']:
          v = entry.split('=',1)
@@ -1344,6 +1367,9 @@ def generate_host(host, global_dir, all_accounts, all_hosts, ssh_userkeys):
    if 'RTC-PASSWORDS' in ExtraList:
       DoLink(global_dir, OutDir, "rtc-passwords")
 
+   if 'TOTP' in ExtraList:
+      DoLink(global_dir, OutDir, "users.oath")
+
    if 'KEYRING' in ExtraList:
       for k in Keyrings:
          bn = os.path.basename(k)