X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=ud-generate;h=f1ed0b06313f89aa670ead1a0ba147d15257b391;hb=80085a3c2d7e2f3243d62588022c1b93a85eb6f3;hp=d209700552e4f444c610eae8bcfe9015a8f24c37;hpb=9800f02fe77bb5025d71cc7c9fe29b425e681f28;p=mirror%2Fuserdir-ldap.git

diff --git a/ud-generate b/ud-generate
index d209700..f1ed0b0 100755
--- a/ud-generate
+++ b/ud-generate
@@ -9,6 +9,8 @@
 #   Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
 #   Copyright (c) 2008 Andreas Barth <aba@not.so.argh.org>
 #   Copyright (c) 2008 Mark Hymers <mhy@debian.org>
+#   Copyright (c) 2008 Luk Claes <luk@debian.org>
+#   Copyright (c) 2008 Thomas Viehmann <tv@beamnet.de>
 #
 #   This program is free software; you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
@@ -32,6 +34,7 @@ global CurrentHost;
 
 PasswdAttrs = None;
 GroupIDMap = {};
+SubGroupMap = {};
 Allowed = None;
 CurrentHost = "";
 
@@ -39,6 +42,7 @@ UUID_FORMAT = '[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}'
 
 EmailCheck = re.compile("^([^ <>@]+@[^ ,<>@]+)?$");
 BSMTPCheck = re.compile(".*mx 0 (gluck)\.debian\.org\..*",re.DOTALL);
+PurposeHostField = re.compile(r"\[\[([\*\-]?[a-z0-9.\-]*)(?:\|.*)?\]\]")
 DNSZone = ".debian.net"
 Keyrings = ConfModule.sync_keyrings.split(":")
 
@@ -87,9 +91,10 @@ def IsInGroup(DnRecord):
   if DnRecord[1].has_key("supplementaryGid") == 0:
      return 0;
 
-  # Check the supplementary groups
-  for I in DnRecord[1]["supplementaryGid"]:
-     if Allowed.has_key(I):
+  supgroups=[]
+  addGroups(supgroups, DnRecord[1]["supplementaryGid"], GetAttr(DnRecord,"uid"))
+  for g in supgroups:
+     if Allowed.has_key(g):
         return 1;
   return 0;
 
@@ -351,6 +356,31 @@ def GenSSHtarballs(userlist, SSHFiles, grouprevmap, target):
    tf.close()
    os.rename(os.path.join(GlobalDir, 'ssh-keys-%s.tar.gz' % CurrentHost), target)
 
+# add a list of groups to existing groups,
+# including all subgroups thereof, recursively.
+# basically this proceduces the transitive hull of the groups in
+# addgroups.
+def addGroups(existingGroups, newGroups, uid):
+   for group in newGroups:
+      # if it's a <group>@host, split it and verify it's on the current host.
+      s = group.split('@', 1)
+      if len(s) == 2 and s[1] != CurrentHost:
+         continue;
+      group = s[0]
+
+      # let's see if we handled this group already
+      if group in existingGroups:
+        continue
+
+      if not GroupIDMap.has_key(group):
+         print "Group", group, "does not exist but", uid, "is in it"
+         continue
+
+      existingGroups.append(group)
+
+      if SubGroupMap.has_key(group):
+         addGroups(existingGroups, SubGroupMap[group], uid)
+
 # Generate the group list
 def GenGroup(l,File):
   grouprevmap = {}
@@ -370,16 +400,16 @@ def GenGroup(l,File):
 
    # Sort them into a list of groups having a set of users
    for x in PasswdAttrs:
+      uid = GetAttr(x,"uid")
       if x[1].has_key("uidNumber") == 0 or IsInGroup(x) == 0:
          continue;
       if x[1].has_key("supplementaryGid") == 0:
          continue;
 
-      for I in x[1]["supplementaryGid"]:
-         if GroupMap.has_key(I):
-            GroupMap[I].append(GetAttr(x,"uid"));
-         else:
-            print "Group does not exist ",I,"but",GetAttr(x,"uid"),"is in it";
+      supgroups=[]
+      addGroups(supgroups, x[1]["supplementaryGid"], uid)
+      for g in supgroups:
+         GroupMap[g].append(uid);
 
    # Output the group file.
    J = 0;
@@ -874,8 +904,27 @@ def GenSSHKnown(l,File,mode=None):
          continue;
       Host = GetAttr(x,"hostname");
       HostNames = [ Host ]
-      SHost = Host.find(".")
-      if SHost != None: HostNames += [Host[0:SHost]]
+      if Host.endswith(HostDomain):
+         HostNames.append(Host[:-(len(HostDomain)+1)])
+
+      # in the purpose field [[host|some other text]] (where some other text is optional)
+      # makes a hyperlink on the web thing. we now also add these hosts to the ssh known_hosts
+      # file.  But so that we don't have to add everything we link we can add an asterisk
+      # and say [[*... to ignore it.  In order to be able to add stuff to ssh without
+      # http linking it we also support [[-hostname]] entries.
+      for i in x[1].get("purpose",[]):
+         m = PurposeHostField.match(i)
+         if m:
+            m = m.group(1)
+            # we ignore [[*..]] entries
+            if m.startswith('*'):
+               continue;
+            if m.startswith('-'):
+               m = m[1:]
+            if m:
+               HostNames.append(m)
+               if m.endswith(HostDomain):
+                  HostNames.append(m[:-(len(HostDomain)+1)])
 
       for I in x[1]["sshRSAHostKey"]:
          if mode and mode == 'authorized_keys':
@@ -936,13 +985,15 @@ l.simple_bind_s("uid="+Pass[0]+","+BaseDn,Pass[1]);
 # Fetch all the groups
 GroupIDMap = {};
 Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"gid=*",\
-                  ["gid","gidNumber"]);
+                  ["gid","gidNumber","subGroup"]);
 
-# Generate the GroupMap and GroupIDMap
+# Generate the SubGroupMap and GroupIDMap
 for x in Attrs:
    if x[1].has_key("gidNumber") == 0:
       continue;
    GroupIDMap[x[1]["gid"][0]] = int(x[1]["gidNumber"][0]);
+   if x[1].has_key("subGroup") != 0:
+      SubGroupMap.setdefault(x[1]["gid"][0], []).extend(x[1]["subGroup"]);
 
 # Fetch all the users
 PasswdAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=*",\
@@ -956,7 +1007,7 @@ PasswdAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=*",\
                  "mailWhitelist", "sudoPassword"]);
 # Fetch all the hosts
 HostAttrs    = l.search_s(HostBaseDn,ldap.SCOPE_ONELEVEL,"sshRSAHostKey=*",\
-                ["hostname","sshRSAHostKey"]);
+                ["hostname","sshRSAHostKey","purpose"]);
 
 # Open the control file
 if len(sys.argv) == 1: