X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-generate;h=a2b28f94d844957a512b85eea72626f905ce924c;hb=76b0b3995616eae1e623593077ee348d550cf742;hp=51437b24f32e5541e490643f034734f605932150;hpb=fef4b91434558cf0addd62ee738b1a7f5ac33bbc;p=mirror%2Fuserdir-ldap.git diff --git a/ud-generate b/ud-generate index 51437b2..a2b28f9 100755 --- a/ud-generate +++ b/ud-generate @@ -32,6 +32,9 @@ import string, re, time, ldap, optparse, sys, os, pwd, posix, socket, base64, ha from userdir_ldap import * from userdir_exceptions import * import UDLdap +from xml.etree.ElementTree import Element, SubElement, Comment +from xml.etree import ElementTree +from xml.dom import minidom try: from cStringIO import StringIO except ImportError: @@ -59,7 +62,7 @@ SubGroupMap = None UUID_FORMAT = '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}' -EmailCheck = re.compile("^([^ <>@]+@[^ ,<>@]+)?$") +EmailCheck = re.compile("^([^ <>@]+@[^ ,<>@]+)(,\s*([^ <>@]+@[^ ,<>@]+))*$") BSMTPCheck = re.compile(".*mx 0 (master)\.debian\.org\..*",re.DOTALL) PurposeHostField = re.compile(r".*\[\[([\*\-]?[a-z0-9.\-]*)(?:\|.*)?\]\]") IsV6Addr = re.compile("^[a-fA-F0-9:]+$") @@ -68,7 +71,14 @@ isSSHFP = re.compile("^\s*IN\s+SSHFP") DNSZone = ".debian.net" Keyrings = ConfModule.sync_keyrings.split(":") GitoliteSSHRestrictions = getattr(ConfModule, "gitolitesshrestrictions", None) +MX_remap = json.loads(ConfModule.MX_remap) +def prettify(elem): + """Return a pretty-printed XML string for the Element. + """ + rough_string = ElementTree.tostring(elem, 'utf-8') + reparsed = minidom.parseString(rough_string) + return reparsed.toprettyxml(indent=" ") def safe_makedirs(dir): try: @@ -163,7 +173,7 @@ def IsInGroup(account, allowed, current_host): supgroups=[] addGroups(supgroups, account['supplementaryGid'], account['uid'], current_host) for g in supgroups: - if allowed.has_key(g): + if g in allowed: return True return False @@ -390,6 +400,44 @@ def GenWebPassword(accounts, File): Die(File, None, F) raise +# Generate the voipPassword list +def GenVoipPassword(accounts, File): + F = None + try: + OldMask = os.umask(0077) + F = open(File, "w", 0600) + os.umask(OldMask) + + root = Element('include') + + for a in accounts: + if not 'voipPassword' in a: continue + if not a.pw_active(): continue + + Pass = str(a['voipPassword']) + user = Element('user') + user.attrib['id'] = "%s" % (a['uid']) + root.append(user) + params = Element('params') + user.append(params) + param = Element('param') + params.append(param) + param.attrib['name'] = "a1-hash" + param.attrib['value'] = "%s" % (Pass) + variables = Element('variables') + user.append(variables) + variable = Element('variable') + variable.attrib['name'] = "toll_allow" + variable.attrib['value'] = "domestic,international,local" + variables.append(variable) + + F.write("%s" % (prettify(root))) + + + except: + Die(File, None, F) + raise + def GenSSHtarballs(global_dir, userlist, ssh_userkeys, grouprevmap, target, current_host): OldMask = os.umask(0077) tf = tarfile.open(name=os.path.join(global_dir, 'ssh-keys-%s.tar.gz' % current_host), mode='w:gz') @@ -618,6 +666,7 @@ def GenPrivate(accounts, File): # Write out the position for each user for a in accounts: if not a.is_active_user(): continue + if a.is_guest_account(): continue if not 'privateSub' in a: continue try: Line = "%s"%(a['privateSub']) @@ -731,6 +780,7 @@ def GenDNS(accounts, File): for a in accounts: if not 'dnsZoneEntry' in a: continue if not a.is_active_user() and not isRoleAccount(a): continue + if a.is_guest_account(): continue try: F.write("; %s\n"%(a.email_address())) @@ -806,7 +856,11 @@ def ExtractDNSInfo(x): if x[1].has_key("mXRecord"): for I in x[1]["mXRecord"]: - DNSInfo.append("%sIN\tMX\t%s" % (TTLprefix, I)) + if I in MX_remap: + for e in MX_remap[I]: + DNSInfo.append("%sIN\tMX\t%s" % (TTLprefix, e)) + else: + DNSInfo.append("%sIN\tMX\t%s" % (TTLprefix, I)) return DNSInfo @@ -1021,7 +1075,7 @@ def get_accounts(ldap_conn): "keyFingerPrint", "privateSub", "mailDisableMessage",\ "mailGreylisting", "mailCallout", "mailRBL", "mailRHSBL",\ "mailWhitelist", "sudoPassword", "objectClass", "accountStatus",\ - "mailContentInspectionAction", "webPassword"]) + "mailContentInspectionAction", "webPassword", "voipPassword"]) if passwd_attrs is None: raise UDEmptyList, "No Users" @@ -1107,6 +1161,7 @@ def generate_all(global_dir, ldap_conn): GenMailList(accounts, global_dir + "mail-rhsbl", "mailRHSBL") GenMailList(accounts, global_dir + "mail-whitelist", "mailWhitelist") GenWebPassword(accounts, global_dir + "web-passwords") + GenVoipPassword(accounts, global_dir + "voip-passwords") GenKeyrings(global_dir) # Compatibility. @@ -1131,7 +1186,7 @@ def generate_all(global_dir, ldap_conn): continue generate_host(host, global_dir, accounts, ssh_userkeys) -def generate_host(host, global_dir, accounts, ssh_userkeys): +def generate_host(host, global_dir, all_accounts, ssh_userkeys): current_host = host[1]['hostname'][0] OutDir = global_dir + current_host + '/' if not os.path.isdir(OutDir): @@ -1154,7 +1209,7 @@ def generate_host(host, global_dir, accounts, ssh_userkeys): ExtraList[extra.upper()] = True if GroupList != {}: - accounts = filter(lambda x: IsInGroup(x, GroupList, current_host), accounts) + accounts = filter(lambda x: IsInGroup(x, GroupList, current_host), all_accounts) DoLink(global_dir, OutDir, "debianhosts") DoLink(global_dir, OutDir, "ssh_known_hosts") @@ -1210,10 +1265,19 @@ def generate_host(host, global_dir, accounts, ssh_userkeys): if 'GITOLITE' in ExtraList: DoLink(global_dir, OutDir, "ssh-gitolite") + if 'exportOptions' in host[1]: + for entry in host[1]['exportOptions']: + v = entry.split('=',1) + if v[0] != 'GITOLITE' or len(v) != 2: continue + gitolite_accounts = filter(lambda x: IsInGroup(x, [v[1]], current_host), all_accounts) + GenSSHGitolite(gitolite_accounts, OutDir + "ssh-gitolite-%s"%(v[1],)) if 'WEB-PASSWORDS' in ExtraList: DoLink(global_dir, OutDir, "web-passwords") + if 'VOIP-PASSWORDS' in ExtraList: + DoLink(global_dir, OutDir, "voip-passwords") + if 'KEYRING' in ExtraList: for k in Keyrings: bn = os.path.basename(k) @@ -1251,15 +1315,26 @@ def getLastLDAPChangeTime(l): return last +def getLastKeyringChangeTime(): + krmod = 0 + for k in Keyrings: + mt = os.path.getmtime(k) + if mt > krmod: + krmod = mt + + return krmod + def getLastBuildTime(gdir): - cache_last_mod = 0 + cache_last_ldap_mod = 0 + cache_last_unix_mod = 0 try: fd = open(os.path.join(gdir, "last_update.trace"), "r") cache_last_mod=fd.read().split() try: - cache_last_mod = cache_last_mod[0] - except IndexError: + cache_last_ldap_mod = cache_last_mod[0] + cache_last_unix_mod = int(cache_last_mod[1]) + except IndexError, ValueError: pass fd.close() except IOError, e: @@ -1268,15 +1343,14 @@ def getLastBuildTime(gdir): else: raise e - return cache_last_mod - + return (cache_last_ldap_mod, cache_last_unix_mod) def ud_generate(): parser = optparse.OptionParser() parser.add_option("-g", "--generatedir", dest="generatedir", metavar="DIR", help="Output directory.") parser.add_option("-f", "--force", dest="force", action="store_true", - help="Force generation, even if not update to LDAP has happened.") + help="Force generation, even if no update to LDAP has happened.") (options, args) = parser.parse_args() if len(args) > 0: @@ -1299,19 +1373,22 @@ def ud_generate(): l = make_ldap_conn() + time_started = int(time.time()) ldap_last_mod = getLastLDAPChangeTime(l) - cache_last_mod = getLastBuildTime(generate_dir) - need_update = ldap_last_mod > cache_last_mod + unix_last_mod = getLastKeyringChangeTime() + cache_last_ldap_mod, cache_last_unix_mod = getLastBuildTime(generate_dir) + + need_update = (ldap_last_mod > cache_last_ldap_mod) or (unix_last_mod > cache_last_unix_mod) if not options.force and not need_update: fd = open(os.path.join(generate_dir, "last_update.trace"), "w") - fd.write("%s\n%s\n" % (ldap_last_mod, int(time.time()))) + fd.write("%s\n%s\n" % (ldap_last_mod, time_started)) fd.close() sys.exit(0) tracefd = open(os.path.join(generate_dir, "last_update.trace"), "w") generate_all(generate_dir, l) - tracefd.write("%s\n%s\n" % (ldap_last_mod, int(time.time()))) + tracefd.write("%s\n%s\n" % (ldap_last_mod, time_started)) tracefd.close()