X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-generate;h=c6484cbf4e596c8db394f52eac76631c371bec40;hb=4230d2fedab18607f5298c71a255078c21e59c38;hp=bc85714419cc5fbee327bf76920646552374c394;hpb=9126d4b7859fcd0865b4c0d0e6681bae1c838df4;p=mirror%2Fuserdir-ldap.git diff --git a/ud-generate b/ud-generate index bc85714..c6484cb 100755 --- a/ud-generate +++ b/ud-generate @@ -4,7 +4,7 @@ # Copyright (c) 2000-2001 Jason Gunthorpe # Copyright (c) 2003-2004 James Troup -# Copyright (c) 2004-2005 Joey Schulze +# Copyright (c) 2004-2005,7 Joey Schulze # Copyright (c) 2001-2007 Ryan Murray # # This program is free software; you can redistribute it and/or modify @@ -180,7 +180,8 @@ def GenSSHShadow(l,File): # If the account is locked, do not write it. # This is a partial stop-gap. The ssh also needs to change this # to ignore ~/.ssh/authorized* files. - if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1): + if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1) \ + or GetAttr(x,"userPassword").startswith("!"): continue; if x[1].has_key("uidNumber") == 0 or \ @@ -364,7 +365,8 @@ def GenPrivate(l,File): continue; # If the account is locked, do not write it - if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1): + if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1) \ + or GetAttr(x,"userPassword").startswith("!"): continue; # If the account has no PGP key, do not write it @@ -388,6 +390,39 @@ def GenPrivate(l,File): raise; Done(File,F,None); +# Generate a list of locked accounts +def GenDisabledAccounts(l,File): + F = None; + try: + F = open(File + ".tmp","w"); + + # Fetch all the users + global PasswdAttrs; + if PasswdAttrs == None: + raise "No Users"; + + I = 0; + for x in PasswdAttrs: + if x[1].has_key("uidNumber") == 0: + continue; + + Pass = GetAttr(x,"userPassword"); + Line = "" + # *LK* is the reference value for a locked account + # password starting with ! is also a locked account + if string.find(Pass,"*LK*") != -1 or Pass.startswith("!"): + # Format is : + Line = "%s:%s" % (GetAttr(x,"uid"), "Account is locked") + + if Line != "": + F.write(Sanitize(Line) + "\n") + + # Oops, something unspeakable happened. + except: + Die(File,F,None); + raise; + Done(File,F,None); + # Generate the list of local addresses that refuse all mail def GenMailDisable(l,File): F = None; @@ -404,7 +439,10 @@ def GenMailDisable(l,File): # If the account is locked, disable incoming mail if (string.find(GetAttr(x,"userPassword"),"*LK*") != -1): - Reason = "user account locked" + if GetAttr(x,"uid") == "luther": + continue + else: + Reason = "user account locked" else: if x[1].has_key("mailDisableMessage"): Reason = GetAttr(x,"mailDisableMessage") @@ -755,6 +793,7 @@ GenSSHShadow(l,GlobalDir+"ssh-rsa-shadow"); GenAllForward(l,GlobalDir+"mail-forward.cdb"); GenMarkers(l,GlobalDir+"markers"); GenPrivate(l,GlobalDir+"debian-private"); +GenDisabledAccounts(l,GlobalDir+"disabled-accounts"); GenSSHKnown(l,GlobalDir+"ssh_known_hosts"); GenHosts(l,GlobalDir+"debianhosts"); GenMailDisable(l,GlobalDir+"mail-disable"); @@ -798,20 +837,23 @@ while(1): Allowed = None CurrentHost = Split[0]; + DoLink(GlobalDir,OutDir,"ssh-rsa-shadow"); + DoLink(GlobalDir,OutDir,"debianhosts"); + DoLink(GlobalDir,OutDir,"ssh_known_hosts"); + DoLink(GlobalDir,OutDir,"disabled-accounts") + sys.stdout.flush(); GenPasswd(l,OutDir+"passwd",Split[1]); sys.stdout.flush(); GenGroup(l,OutDir+"group"); if ExtraList.has_key("[UNTRUSTED]"): continue; - GenShadow(l,OutDir+"shadow"); + if not ExtraList.has_key("[NOPASSWD]"): + GenShadow(l,OutDir+"shadow"); # Link in global things - DoLink(GlobalDir,OutDir,"ssh-rsa-shadow"); DoLink(GlobalDir,OutDir,"markers"); DoLink(GlobalDir,OutDir,"mail-forward.cdb"); - DoLink(GlobalDir,OutDir,"debianhosts"); - DoLink(GlobalDir,OutDir,"ssh_known_hosts"); DoLink(GlobalDir,OutDir,"mail-disable"); DoLink(GlobalDir,OutDir,"mail-greylist"); DoLink(GlobalDir,OutDir,"mail-callout");