Stephen Gran [Sat, 9 May 2009 15:34:01 +0000 (16:34 +0100)]
Some general code cleanup
Stephen Gran [Sat, 9 May 2009 15:00:06 +0000 (16:00 +0100)]
Some cleanup in IsRetired()
Stephen Gran [Sat, 9 May 2009 13:38:48 +0000 (14:38 +0100)]
Does this matter? I'll predeclare DebianUsers just in case
Stephen Gran [Sat, 9 May 2009 13:33:53 +0000 (14:33 +0100)]
More loop logic cleanup - we only handle mail for gid Debian, so we
create a new list of users with that gid, and only look at that list
for Mail purposes.
Stephen Gran [Sat, 9 May 2009 13:10:37 +0000 (14:10 +0100)]
More of "We don't use the LDAP object in these functions, so I don't see why we're passing it in. I'm going to try removing it and see what breaks."
Stephen Gran [Sat, 9 May 2009 13:00:27 +0000 (14:00 +0100)]
We don't use the LDAP object in these functions, so I don't see why we're passing it in. I'm going to try removing it and see what breaks.
Stephen Gran [Sat, 9 May 2009 12:56:29 +0000 (13:56 +0100)]
Some reordering of file generation so that we can do fewer redundant checks
Stephen Gran [Sat, 9 May 2009 12:30:10 +0000 (13:30 +0100)]
return of the whitespace nazi
Stephen Gran [Sat, 9 May 2009 12:11:11 +0000 (13:11 +0100)]
Do the checks for mail forwarding once at the start
Stephen Gran [Sat, 9 May 2009 11:49:55 +0000 (12:49 +0100)]
Whitespace and semicolon cleanup only - no code changes
Stephen Gran [Sat, 9 May 2009 11:23:19 +0000 (12:23 +0100)]
Moving away from string exceptions
Stephen Gran [Sat, 9 May 2009 11:19:56 +0000 (12:19 +0100)]
Begin a cleanup of loop logic
Stephen Gran [Sat, 9 May 2009 00:24:19 +0000 (01:24 +0100)]
Stop exporting information about retired developers
Stephen Gran [Fri, 8 May 2009 23:40:59 +0000 (00:40 +0100)]
Stop exporting locked accounts
Peter Palfrader [Thu, 7 May 2009 21:41:58 +0000 (23:41 +0200)]
ud-replicate no longer uses localsyncon=*samosa*.
Peter Palfrader [Fri, 1 May 2009 15:10:56 +0000 (17:10 +0200)]
We would previously ignore purpose hosts for ssh known hosts purposes if the
service name would not start the purpose field. Fix this.
Peter Palfrader [Sun, 5 Apr 2009 23:41:05 +0000 (01:41 +0200)]
userdir-ldap.conf: remove from default keyrings:
- /home/jgg/keys/extrakeys.gpg
- /home/jgg/keys/guest-keys.gpg
Peter Palfrader [Sun, 5 Apr 2009 23:35:26 +0000 (01:35 +0200)]
ud-gpgimport: work on add_keyrings if no keyrings are given on the command line
Peter Palfrader [Sun, 5 Apr 2009 23:35:02 +0000 (01:35 +0200)]
userdir_gpg.py: add a ClearKeyrings()
Peter Palfrader [Sun, 5 Apr 2009 23:34:27 +0000 (01:34 +0200)]
userdir-ldap.conf: add keyring.pgp to default add_keyrings
Peter Palfrader [Mon, 23 Mar 2009 11:39:49 +0000 (12:39 +0100)]
Print gpg's exit status when it fails
Peter Palfrader [Fri, 20 Mar 2009 15:35:30 +0000 (16:35 +0100)]
ud-generate: do not die when building ssh_known_hosts just because a host is
not (yet) in DNS.
Stephen Gran [Sat, 28 Feb 2009 12:42:59 +0000 (12:42 +0000)]
Gratuitous version increment
Stephen Gran [Sat, 28 Feb 2009 12:10:51 +0000 (12:10 +0000)]
Actually install the new exceptions module
Stephen Gran [Sat, 28 Feb 2009 11:11:52 +0000 (11:11 +0000)]
* Stop using string exceptions in ud-mailgate. We should probably stop
using them everywhere, but this one is causing bounces, so we'll deal with
it first.
* Create an exception generator to make it easy to create new types of
exceptions.
Peter Palfrader [Wed, 7 Jan 2009 16:13:22 +0000 (17:13 +0100)]
0.3.59
Peter Palfrader [Wed, 7 Jan 2009 16:13:06 +0000 (17:13 +0100)]
More tweaks on welcome-message-800
Peter Palfrader [Wed, 7 Jan 2009 16:04:22 +0000 (17:04 +0100)]
Apply patch to welcome-message-800 provided by Sandro Tosi:
- some machines/services have been renamed
- point to http://wiki.debian.org/MigrateToDDAccount
Peter Palfrader [Wed, 7 Jan 2009 16:03:09 +0000 (17:03 +0100)]
Remove a lie from welcome-message-60000 - not that it's the only one.
Peter Palfrader [Sat, 3 Jan 2009 14:35:30 +0000 (15:35 +0100)]
export dns zones to the zonefile for roleaccounts
Peter Palfrader [Sat, 3 Jan 2009 14:21:25 +0000 (15:21 +0100)]
Role accounts may have dnsZoneEntry attributes
Peter Palfrader [Fri, 19 Dec 2008 08:25:50 +0000 (09:25 +0100)]
ud-info: Fix regression from r493: When we log in as admin user and modify
another user we got shown that other user but all changes would be made against
our own record.
Peter Palfrader [Thu, 18 Dec 2008 09:04:19 +0000 (10:04 +0100)]
In ud-mailgate use an empty envelope from when sending error messages
Peter Palfrader [Wed, 17 Dec 2008 11:58:32 +0000 (12:58 +0100)]
There is a deadlock situation when ud-mailgate gets a mail claiming to be from
itself:
- ud-mailgate opens and locks the replay cache
- verification of the mail fails for whatever reason
- a reply is sent (to itself)
- exim tries to deliver the mail by directly calling ud-mailgate
- ud-mailgate tries to acquire the lock -> deadlock
Fix this by changing when we open the replay cache, and unlock it as soon as we
are done.
Joey Schulze [Sun, 14 Dec 2008 01:56:40 +0000 (02:56 +0100)]
Adjust boolean value detection code to use upper case letters in the
end. Enable it for all three boolean attributes. Widen tabular
display by one character so the description fits again. Finalise new
changelog entry.
Martin Zobel-Helas [Sun, 14 Dec 2008 01:51:10 +0000 (02:51 +0100)]
well, debianDevelopers also want to opt-out.... ;-)
Martin Zobel-Helas [Sun, 14 Dec 2008 01:25:24 +0000 (02:25 +0100)]
Add Joey and me to Uploaders:
Martin Zobel-Helas [Sun, 14 Dec 2008 01:25:00 +0000 (02:25 +0100)]
reformat debian/changelog
Martin Zobel-Helas [Sun, 14 Dec 2008 01:12:28 +0000 (02:12 +0100)]
Patch by Thomas Viehmann: remove code copy of getpass
Martin Zobel-Helas [Sun, 14 Dec 2008 01:00:05 +0000 (02:00 +0100)]
Patch by Thomas Viehmann: Also add IPv6 to debianhosts
Martin Zobel-Helas [Sun, 14 Dec 2008 00:58:15 +0000 (01:58 +0100)]
Patch by Thomas Viehmann: Also add IPv6 to debianhosts
Joey Schulze [Sun, 14 Dec 2008 00:44:38 +0000 (01:44 +0100)]
Add support for this attribute in ud-info taking into account that
only boolean values are acceptable and document it
Martin Zobel-Helas [Sat, 13 Dec 2008 19:46:41 +0000 (20:46 +0100)]
opt out spam filtering
Peter Palfrader [Mon, 8 Dec 2008 10:40:26 +0000 (11:40 +0100)]
Do not call FinishConfirmSudopassword if we already decided to not commit this
change mail because of parse errors.
Peter Palfrader [Tue, 2 Dec 2008 22:43:51 +0000 (23:43 +0100)]
Fix formatting of PGP fingerprints - the double space was always one element
too early.
Peter Palfrader [Mon, 24 Nov 2008 10:25:18 +0000 (11:25 +0100)]
Properly show shadowlastchange and mail disabled message when locking an
account, but not disabling email. It was written to ldap correctly, but we
updated the data to display wrongly.
Peter Palfrader [Sun, 23 Nov 2008 21:09:15 +0000 (22:09 +0100)]
New version number
Peter Palfrader [Sun, 23 Nov 2008 21:08:45 +0000 (22:08 +0100)]
Also do the subgroups/transitive stuff dance when considering if a user is in a group for exporting them to a host in the first place
Peter Palfrader [Sun, 23 Nov 2008 21:08:03 +0000 (22:08 +0100)]
call addGroups with the proper number of arguments, when doing so recursively.
Peter Palfrader [Sun, 23 Nov 2008 21:07:23 +0000 (22:07 +0100)]
Fix group does not exist warning (layout/spacing issues)
Peter Palfrader [Sun, 23 Nov 2008 20:41:13 +0000 (21:41 +0100)]
Remove cruft comment
Peter Palfrader [Sun, 23 Nov 2008 20:23:20 +0000 (21:23 +0100)]
Add hostnames from the host purpose field to the ssh_known_hosts file (by tomv_w)
Peter Palfrader [Sun, 23 Nov 2008 20:13:40 +0000 (21:13 +0100)]
subgroup support, courtesy of luk
Peter Palfrader [Sun, 23 Nov 2008 13:20:37 +0000 (14:20 +0100)]
Update template/welcome-message-800 to match the actual template used on
db.debian.org.
Peter Palfrader [Sat, 15 Nov 2008 10:20:24 +0000 (11:20 +0100)]
ud-generate: Support $gid@$host supplementary group entries for users.
Peter Palfrader [Fri, 14 Nov 2008 22:15:31 +0000 (23:15 +0100)]
ud-replicate: Only link ssh-rsa-shadow to var/lib/misc/$host and etc/ssh if it exists. Else remove the symlink.
Peter Palfrader [Fri, 14 Nov 2008 22:05:23 +0000 (23:05 +0100)]
* ud-generate: Remove support for single ssh key shadow file.
* ud-generate: Make ssh key tarballs the default.
* ud-generate: Move ssh tarball generation into its own function. Currently it's part of the main loop.
Peter Palfrader [Fri, 14 Nov 2008 19:41:43 +0000 (20:41 +0100)]
Fix a typo on ud-mailgate
Peter Palfrader [Fri, 14 Nov 2008 19:34:55 +0000 (20:34 +0100)]
Change the hmac that protect sudopassword entries to also hash the purpose
("sudo") and the owning user's uid into the mac.
Peter Palfrader [Sun, 26 Oct 2008 21:32:16 +0000 (22:32 +0100)]
ud-replicate: Sync only ssh_known_hosts into chroots, not ssh*.
ud-replicate: Clean up better, correcting some mistakes done by earlier versions.
Peter Palfrader [Sun, 26 Oct 2008 21:31:35 +0000 (22:31 +0100)]
ud-replicate: Use --delete-after with Previously we didn't delete stuff ever
Peter Palfrader [Thu, 23 Oct 2008 18:25:21 +0000 (20:25 +0200)]
ud-generate: Declare [UNTRSUTED] flag as obsolete.
ud-generate: Add [NOMARKERS] flag to not push markers (gps coordinates) to host.
Peter Palfrader [Fri, 3 Oct 2008 11:25:43 +0000 (13:25 +0200)]
ud-generate: do not export sudopassword to untrusted or nopasswd hosts, unless the password is explicitly added for this host and not just for '*'
Peter Palfrader [Fri, 3 Oct 2008 11:20:29 +0000 (13:20 +0200)]
add vim settings
Peter Palfrader [Fri, 3 Oct 2008 11:20:20 +0000 (13:20 +0200)]
Whitespace changes only
Peter Palfrader [Fri, 26 Sep 2008 12:21:52 +0000 (14:21 +0200)]
Do not support del requests for sshDSAAuthKey - there is no such attribute
Peter Palfrader [Tue, 16 Sep 2008 13:07:36 +0000 (15:07 +0200)]
FQHNs sometimes, well always, include dots.
Peter Palfrader [Tue, 16 Sep 2008 12:31:44 +0000 (14:31 +0200)]
Say what pam.d/sudo should look like
Peter Palfrader [Tue, 16 Sep 2008 12:29:56 +0000 (14:29 +0200)]
Export all accounts into sudo-passwd, even if they do not have a sudo password
set. Set their password to '*' then.
Peter Palfrader [Mon, 15 Sep 2008 17:27:38 +0000 (19:27 +0200)]
lower casing the sudopasswd ldap entry prior to parsing and verifying it was a bad idea
Peter Palfrader [Sun, 14 Sep 2008 23:12:41 +0000 (01:12 +0200)]
Reading the hmac key only once is too troublesome
Peter Palfrader [Sun, 14 Sep 2008 22:40:37 +0000 (00:40 +0200)]
Lowercasing hashed sudo passwords in ud-mailgate not considered smart
Peter Palfrader [Sun, 14 Sep 2008 22:18:51 +0000 (00:18 +0200)]
Also the hmac stuff
Peter Palfrader [Sun, 14 Sep 2008 22:17:00 +0000 (00:17 +0200)]
Using the right variable name will also help
Peter Palfrader [Sun, 14 Sep 2008 22:15:46 +0000 (00:15 +0200)]
and os
Peter Palfrader [Sun, 14 Sep 2008 22:14:34 +0000 (00:14 +0200)]
And import pwd in userdir_ldap
Peter Palfrader [Sun, 14 Sep 2008 22:12:11 +0000 (00:12 +0200)]
Fix order of some calls so stuff works again
Peter Palfrader [Sun, 14 Sep 2008 21:45:53 +0000 (23:45 +0200)]
0.3.37
Peter Palfrader [Sun, 14 Sep 2008 19:57:21 +0000 (21:57 +0200)]
Update changelog
Peter Palfrader [Sun, 14 Sep 2008 19:20:14 +0000 (21:20 +0200)]
Store a mac with confirmed sudo passwords, so that they cannot be modified by editing ldap directly
Peter Palfrader [Sat, 13 Sep 2008 22:37:36 +0000 (00:37 +0200)]
*password needs to be writeable by self, because the web interface uses the user's own credentials to update stuff - which is a good thing, really
Peter Palfrader [Sat, 13 Sep 2008 22:18:38 +0000 (00:18 +0200)]
Do not limit sudoPassword entries in size - the hostlist could be larger
Peter Palfrader [Sat, 13 Sep 2008 18:16:16 +0000 (20:16 +0200)]
ud-generate: generate a sudo passwd file
Peter Palfrader [Sat, 13 Sep 2008 17:15:24 +0000 (19:15 +0200)]
Fix various bugs in sudopassword confirmation code
Peter Palfrader [Sat, 13 Sep 2008 17:08:12 +0000 (19:08 +0200)]
Fix hexdigest() call
Peter Palfrader [Sat, 13 Sep 2008 17:06:49 +0000 (19:06 +0200)]
remove code that I did not test yet
Peter Palfrader [Sat, 13 Sep 2008 17:05:44 +0000 (19:05 +0200)]
And strip the key/password
Peter Palfrader [Sat, 13 Sep 2008 17:01:02 +0000 (19:01 +0200)]
Fix various bugs I introduced into ud-mailgate
Peter Palfrader [Sat, 13 Sep 2008 16:33:19 +0000 (18:33 +0200)]
ud-mailgate: Implement confirmation of sudoPassword field
Peter Palfrader [Sat, 13 Sep 2008 14:37:21 +0000 (16:37 +0200)]
Add sudoPassword to schema
Peter Palfrader [Sat, 13 Sep 2008 14:37:13 +0000 (16:37 +0200)]
Do not allow self to write password and keys - they need to be changed via the mail gateway or the web interface
Peter Palfrader [Sat, 13 Sep 2008 14:35:17 +0000 (16:35 +0200)]
ud-mailgate: Do not commit any changes if one of the requests is invalid or could not be parsed or caused an error or anything.
Peter Palfrader [Sat, 19 Jul 2008 19:36:54 +0000 (21:36 +0200)]
Aha. Error is not some magic variable or exception, it's a normal string that
needs defining when we use it.
Peter Palfrader [Sat, 19 Jul 2008 14:20:56 +0000 (16:20 +0200)]
Check if a key has encryption capabilities and fail saying so when trying to
encrypt stuff (like passwords) to users. All this does is give nicer error
messages, it previously failed with just "gpg failed".
Peter Palfrader [Tue, 8 Jul 2008 12:33:13 +0000 (14:33 +0200)]
0.3.34
Peter Palfrader [Tue, 8 Jul 2008 12:33:06 +0000 (14:33 +0200)]
Check that the primary key is not expired, even if we get a GOODSIG status from
gnupg. Based on patch by Jeremy T. Bouse
Peter Palfrader [Tue, 8 Jul 2008 12:18:45 +0000 (14:18 +0200)]
Document changes accidentially commited two commits ago:
userdir_gpg.py:
- do not use SIGEXPIRED, it's deprecated
- use EXPKEYSIG to tell if a signature is made by an expired key.
Peter Palfrader [Tue, 8 Jul 2008 08:34:53 +0000 (10:34 +0200)]
ud-info: Change the "retired" status to "inactive". inactive covers memorial, removed, expelled more clearly.
Peter Palfrader [Tue, 8 Jul 2008 07:44:46 +0000 (09:44 +0200)]
ud-info: fix changing of DD status/DD status comment - we were missing prompt information so we got a backtrace.
ud-info: Warn when we don't have a prompt string for attributes on startup.
Peter Palfrader [Mon, 23 Jun 2008 20:59:32 +0000 (22:59 +0200)]
0.3.33