has historically been used as the root of the user tree.
* Allow a set of users to be ignored for picking UIDs.
* When picking uid/gid numbers try to pick the same number for both.
+ * Merge from torproject.org:
+ - Allow sshRSAAuthKey for role accounts.
+ - Support ssh key attributes for gitolite export.
+ - Add ssh-gitolite support.
[ Stephen Gran ]
* Fix deprecation warnings for sha module by using hashlib module instead
* ud-generate: generate webPasswords
* ud-replicate: set correct permissions for web-passwords
- -- Stephen Gran <sgran@debian.org> Sat, 10 Mar 2012 08:05:24 +0000
+ -- Peter Palfrader <weasel@debian.org> Sat, 10 Mar 2012 14:49:47 +0100
userdir-ldap (0.3.79) unstable; urgency=low
isSSHFP = re.compile("^\s*IN\s+SSHFP")
DNSZone = ".debian.net"
Keyrings = ConfModule.sync_keyrings.split(":")
+GitoliteSSHRestrictions = getattr(ConfModule, "gitolitesshrestrictions", None)
+
def safe_makedirs(dir):
try:
raise
Done(File, F, None)
+# Generate the sudo passwd file
+def GenSSHGitolite(accounts, File):
+ F = None
+ try:
+ OldMask = os.umask(0022)
+ F = open(File + ".tmp", "w", 0600)
+ os.umask(OldMask)
+
+ if not GitoliteSSHRestrictions is None and GitoliteSSHRestrictions != "":
+ for a in accounts:
+ if not 'sshRSAAuthKey' in a: continue
+
+ User = a['uid']
+ prefix = GitoliteSSHRestrictions.replace('@@USER@@', User)
+ for I in a["sshRSAAuthKey"]:
+ if I.startswith('ssh-'):
+ line = "%s %s"%(prefix, I)
+ else:
+ line = "%s,%s"%(prefix, I)
+ line = Sanitize(line) + "\n"
+ F.write(line)
+
+ # Oops, something unspeakable happened.
+ except:
+ Die(File, F, None)
+ raise
+ Done(File, F, None)
+
# Generate the shadow list
def GenSSHShadow(global_dir, accounts):
# Fetch all the users
GenMarkers(accounts, global_dir + "markers")
GenSSHKnown(host_attrs, global_dir + "ssh_known_hosts")
GenHosts(host_attrs, global_dir + "debianhosts")
+ GenSSHGitolite(accounts, global_dir + "ssh-gitolite")
GenDNS(accounts, global_dir + "dns-zone")
GenZoneRecords(host_attrs, global_dir + "dns-sshfp")
if 'PRIVATE' in ExtraList:
DoLink(global_dir, OutDir, "debian-private")
+ if 'GITOLITE' in ExtraList:
+ DoLink(global_dir, OutDir, "ssh-gitolite")
+
if 'WEB-PASSWORDS' in ExtraList:
DoLink(global_dir, OutDir, "web-passwords")
# Copyright (c) 1999-2001 Jason Gunthorpe <jgg@debian.org>
# Copyright (c) 2002-2003,2006 Ryan Murray <rmurray@debian.org>
# Copyright (c) 2004-2005 Joey Schulze <joey@infodrom.org>
-# Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
+# Copyright (c) 2008,2011 Peter Palfrader <peter@palfrader.org>
# Copyright (c) 2008 Stephen Gran <sgran@debian.org>
#
# This program is free software; you can redistribute it and/or modify
rm -f $tempfile2
}
-PATH=/sbin:/usr/sbin:/bin:/usr/bin
+PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin
export PATH
HOST=`hostname -f`
SYNCHOST=`ud-config synchost`;