projects
/
mirror
/
userdir-ldap.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
cb3be8f
)
Export host keys for gitolite too
author
Tollef Fog Heen
<tfheen@err.no>
Wed, 28 Aug 2013 16:00:32 +0000
(18:00 +0200)
committer
Tollef Fog Heen
<tfheen@err.no>
Wed, 28 Aug 2013 16:00:32 +0000
(18:00 +0200)
ud-generate
patch
|
blob
|
history
diff --git
a/ud-generate
b/ud-generate
index
85650c1
..
5b64a84
100755
(executable)
--- a/
ud-generate
+++ b/
ud-generate
@@
-71,6
+71,7
@@
isSSHFP = re.compile("^\s*IN\s+SSHFP")
DNSZone = ".debian.net"
Keyrings = ConfModule.sync_keyrings.split(":")
GitoliteSSHRestrictions = getattr(ConfModule, "gitolitesshrestrictions", None)
DNSZone = ".debian.net"
Keyrings = ConfModule.sync_keyrings.split(":")
GitoliteSSHRestrictions = getattr(ConfModule, "gitolitesshrestrictions", None)
+GitoliteExportHosts = re.compile(getattr(ConfModule, "gitoliteexporthosts", "."))
MX_remap = json.loads(ConfModule.MX_remap)
def prettify(elem):
MX_remap = json.loads(ConfModule.MX_remap)
def prettify(elem):
@@
-336,7
+337,7
@@
def GenShadowSudo(accounts, File, untrusted, current_host):
Done(File, F, None)
# Generate the sudo passwd file
Done(File, F, None)
# Generate the sudo passwd file
-def GenSSHGitolite(accounts, File):
+def GenSSHGitolite(accounts,
hosts,
File):
F = None
try:
OldMask = os.umask(0022)
F = None
try:
OldMask = os.umask(0022)
@@
-357,6
+358,15
@@
def GenSSHGitolite(accounts, File):
line = Sanitize(line) + "\n"
F.write(line)
line = Sanitize(line) + "\n"
F.write(line)
+ for dn, attrs in hosts:
+ if not 'sshRSAHostKey' in attrs: continue
+ hostname = "host-" + attrs['hostname'][0]
+ prefix = GitoliteSSHRestrictions.replace('@@USER@@', hostname)
+ for I in attrs["sshRSAHostKey"]:
+ line = "%s %s"%(prefix, I)
+ line = Sanitize(line) + "\n"
+ F.write(line)
+
# Oops, something unspeakable happened.
except:
Die(File, F, None)
# Oops, something unspeakable happened.
except:
Die(File, F, None)
@@
-1181,7
+1191,7
@@
def generate_all(global_dir, ldap_conn):
GenMarkers(accounts, global_dir + "markers")
GenSSHKnown(host_attrs, global_dir + "ssh_known_hosts")
GenHosts(host_attrs, global_dir + "debianhosts")
GenMarkers(accounts, global_dir + "markers")
GenSSHKnown(host_attrs, global_dir + "ssh_known_hosts")
GenHosts(host_attrs, global_dir + "debianhosts")
- GenSSHGitolite(accounts, global_dir + "ssh-gitolite")
+ GenSSHGitolite(accounts,
host_attrs,
global_dir + "ssh-gitolite")
GenDNS(accounts, global_dir + "dns-zone")
GenZoneRecords(host_attrs, global_dir + "dns-sshfp")
GenDNS(accounts, global_dir + "dns-zone")
GenZoneRecords(host_attrs, global_dir + "dns-sshfp")
@@
-1191,9
+1201,9
@@
def generate_all(global_dir, ldap_conn):
for host in host_attrs:
if not "hostname" in host[1]:
continue
for host in host_attrs:
if not "hostname" in host[1]:
continue
- generate_host(host, global_dir, accounts, ssh_userkeys)
+ generate_host(host, global_dir, accounts,
host_attrs,
ssh_userkeys)
-def generate_host(host, global_dir, all_accounts, ssh_userkeys):
+def generate_host(host, global_dir, all_accounts,
all_hosts,
ssh_userkeys):
current_host = host[1]['hostname'][0]
OutDir = global_dir + current_host + '/'
if not os.path.isdir(OutDir):
current_host = host[1]['hostname'][0]
OutDir = global_dir + current_host + '/'
if not os.path.isdir(OutDir):
@@
-1277,7
+1287,8
@@
def generate_host(host, global_dir, all_accounts, ssh_userkeys):
v = entry.split('=',1)
if v[0] != 'GITOLITE' or len(v) != 2: continue
gitolite_accounts = filter(lambda x: IsInGroup(x, [v[1]], current_host), all_accounts)
v = entry.split('=',1)
if v[0] != 'GITOLITE' or len(v) != 2: continue
gitolite_accounts = filter(lambda x: IsInGroup(x, [v[1]], current_host), all_accounts)
- GenSSHGitolite(gitolite_accounts, OutDir + "ssh-gitolite-%s"%(v[1],))
+ gitolite_hosts = filter(lambda x: GitoliteExportHosts.match(x[1]["hostname"][0]), all_hosts)
+ GenSSHGitolite(gitolite_accounts, gitolite_hosts, OutDir + "ssh-gitolite-%s"%(v[1],))
if 'WEB-PASSWORDS' in ExtraList:
DoLink(global_dir, OutDir, "web-passwords")
if 'WEB-PASSWORDS' in ExtraList:
DoLink(global_dir, OutDir, "web-passwords")