Peter Palfrader [Wed, 14 May 2008 15:56:01 +0000 (17:56 +0200)]
Fix generation of known_hosts file.
Peter Palfrader [Wed, 14 May 2008 15:48:00 +0000 (17:48 +0200)]
0.3.22
Peter Palfrader [Wed, 14 May 2008 15:47:17 +0000 (17:47 +0200)]
Merge: ud-mailgate no longer accepts ssh dss keys, keys with a size smaller than 1024.
Additionally it checks new keys against a blacklist of ssh key fingerprints. [joerg]
Peter Palfrader [Wed, 14 May 2008 15:37:21 +0000 (17:37 +0200)]
Add IPv6-Adresses (and IPv4 in v6 notation - ::ffff:192.0.2.1) to ssh_known_hosts. [aba]
Joerg Jaspert [Wed, 14 May 2008 15:34:01 +0000 (17:34 +0200)]
Add missing admin info template
Peter Palfrader [Wed, 14 May 2008 15:32:49 +0000 (17:32 +0200)]
Add VoIP fiels to the LDAP shema and teach ud-info and ud-mailgate about it. [zobel]
Peter Palfrader [Wed, 14 May 2008 15:29:25 +0000 (17:29 +0200)]
Merge: Add another todo item
Joerg Jaspert [Wed, 14 May 2008 14:56:04 +0000 (16:56 +0200)]
Merge sshkeys check with the alioth userdir-ldap-common
Joerg Jaspert [Wed, 14 May 2008 14:43:40 +0000 (16:43 +0200)]
Check ssh keys:
- reject all DSA keys, similar to RSA1 keys.
- reject and mail the admins for broken keys, ie keys
- of size below 1024 or
- known to be bad (fingerprintlist)
Peter Palfrader [Tue, 13 May 2008 20:09:02 +0000 (22:09 +0200)]
* ud-replicate: use the host key to sync stuff from the db server,
that is, call ssh with ii /etc/ssh/ssh_host_rsa_key.
* ud-replicate: Call ssh with -o PreferredAuthentications=publickey
so that it does not even try password authentication.
Joerg Jaspert [Mon, 12 May 2008 22:12:56 +0000 (00:12 +0200)]
First version of a check for ssh keys
Andreas Barth [Sat, 10 May 2008 21:52:42 +0000 (21:52 +0000)]
more sanitizing for IP adresses
Andreas Barth [Sat, 10 May 2008 21:49:42 +0000 (21:49 +0000)]
Add IPv6-Adresses (and IPv4 in both ways) into ssh_known_hosts
Martin Zobel-Helas [Sat, 10 May 2008 12:19:22 +0000 (14:19 +0200)]
add VoIP
Marc 'HE' Brockschmidt [Wed, 23 Apr 2008 21:11:12 +0000 (23:11 +0200)]
Add another todo item
Marc 'HE' Brockschmidt [Wed, 23 Apr 2008 21:08:10 +0000 (23:08 +0200)]
Merge Peter's debian.org-ud-ldap changes.
Peter Palfrader [Wed, 23 Apr 2008 20:33:56 +0000 (22:33 +0200)]
todo item
Peter Palfrader [Mon, 21 Apr 2008 22:18:09 +0000 (00:18 +0200)]
A few copyright notices
Peter Palfrader [Mon, 21 Apr 2008 22:08:29 +0000 (00:08 +0200)]
another todo item
Peter Palfrader [Mon, 21 Apr 2008 21:55:05 +0000 (23:55 +0200)]
add a TODO file
Peter Palfrader [Mon, 21 Apr 2008 11:31:04 +0000 (13:31 +0200)]
Teach ud-mailgate about ipv6 addresses (RT#193).
Sanitize DNS entries somewhat before inserting them into LDAP.
Peter Palfrader [Fri, 18 Apr 2008 12:34:05 +0000 (14:34 +0200)]
New [KEYRING] flag to indicate the debian keyring should be synced to this host.
Peter Palfrader [Thu, 17 Apr 2008 17:49:45 +0000 (19:49 +0200)]
Various ud-fingerserv fixes
Peter Palfrader [Wed, 16 Apr 2008 17:59:51 +0000 (19:59 +0200)]
Calling dh_installdeb before dh_pysupport was probably not the smartest move.
Reorder.
Peter Palfrader [Wed, 16 Apr 2008 14:20:53 +0000 (16:20 +0200)]
0.3.16
Peter Palfrader [Wed, 16 Apr 2008 14:20:46 +0000 (16:20 +0200)]
Use full hostname
Peter Palfrader [Wed, 16 Apr 2008 12:09:51 +0000 (14:09 +0200)]
Sleep for a random time, up to two minutes, in ud-replicate when not called
interactively. This is to prevent DoSing the db server when many clients come
at the same time.
Peter Palfrader [Wed, 16 Apr 2008 12:08:46 +0000 (14:08 +0200)]
Create /var/lib/misc/thishost as a symlink to the hostname in postinst
Mark Hymers [Thu, 10 Jan 2008 15:12:13 +0000 (15:12 +0000)]
merge from -debian branch
Peter Palfrader [Thu, 10 Jan 2008 15:07:10 +0000 (16:07 +0100)]
Merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 15:03:47 +0000 (16:03 +0100)]
Nop merge - stuff that was previously included by cherry picking
Peter Palfrader [Thu, 10 Jan 2008 15:03:07 +0000 (16:03 +0100)]
Merge packaging cleanup from alioth (including template dir install location fix)
Peter Palfrader [Thu, 10 Jan 2008 14:56:17 +0000 (15:56 +0100)]
Merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 14:55:31 +0000 (15:55 +0100)]
Merge changelog cleanup from alioth, and re-cleanup
Peter Palfrader [Thu, 10 Jan 2008 14:53:52 +0000 (15:53 +0100)]
Merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 14:53:20 +0000 (15:53 +0100)]
Remerge merge or whatever
Peter Palfrader [Thu, 10 Jan 2008 14:47:02 +0000 (15:47 +0100)]
Merge from alioth
Copyright statement from people doing stuff on alioth, and pointer to the alioth repository and discussion list
Mark Hymers [Thu, 10 Jan 2008 14:45:48 +0000 (14:45 +0000)]
add ud-config to debian/install
Peter Palfrader [Thu, 10 Jan 2008 14:43:33 +0000 (15:43 +0100)]
Merge from alioth
But fix ud-replicate to use `$LOCALSYNCON' instead of `*$LOCALSYNCON*' in the case statement.
Peter Palfrader [Thu, 10 Jan 2008 14:35:18 +0000 (15:35 +0100)]
Merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 14:33:50 +0000 (15:33 +0100)]
A nop with something behind it.
Merge in r361 from alioth-common, the shiftUID patch, but also
cherry pick r377 which reverts it (because it's incomplete/broken).
This is necesary because bzr tracks what you merged so far and
would always want to pull in 361 if I just skipped it now.
Peter Palfrader [Thu, 10 Jan 2008 14:33:29 +0000 (15:33 +0100)]
Merge from alioth
Marc 'HE' Brockschmidt [Thu, 10 Jan 2008 14:17:11 +0000 (15:17 +0100)]
Back out UIDShift patch, which wasn't correct anyway and shouldn't be merged
to -common (yet)
Peter Palfrader [Thu, 10 Jan 2008 13:50:58 +0000 (14:50 +0100)]
Merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 13:50:25 +0000 (14:50 +0100)]
Merge from alioth
Replace deprecated string.$foo($bar, $ARGS) calls with $bar.$foo($ARGS).
Also cherry pick two fixes on the patch from later in that tree:
revno: 375
committer: Mark Hymers <mhy@debian.org>
branch nick: userdir-ldap-common
timestamp: Thu 2008-01-10 13:44:07 +0000
message:
Don't convert strings to integers, just check that they could be converted.
Noticed by Peter (again)
--
revno: 376
committer: Mark Hymers <mhy@debian.org>
branch nick: userdir-ldap-common
timestamp: Thu 2008-01-10 13:48:43 +0000
message:
and some more old CheckNumber fixes
Mark Hymers [Thu, 10 Jan 2008 13:48:43 +0000 (13:48 +0000)]
and some more old CheckNumber fixes
Mark Hymers [Thu, 10 Jan 2008 13:44:07 +0000 (13:44 +0000)]
Don't convert strings to integers, just check that they could be converted.
Noticed by Peter (again)
Peter Palfrader [Thu, 10 Jan 2008 13:13:31 +0000 (14:13 +0100)]
merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 13:10:58 +0000 (14:10 +0100)]
Merge from alioth
merge r356 from alioth's userdir-ldap-common, and cherry pick that fix onto that:
committer: Mark Hymers <mhy@debian.org>
branch nick: userdir-ldap-common
timestamp: Thu 2008-01-10 12:58:39 +0000
message:
Fix mistake in ud-userimport add logic spotted by Peter Palfrader.
Mark Hymers [Thu, 10 Jan 2008 12:58:39 +0000 (12:58 +0000)]
Fix mistake in ud-userimport add logic spotted by Peter Palfrader.
Peter Palfrader [Thu, 10 Jan 2008 09:05:11 +0000 (10:05 +0100)]
Merge from alioth: note about more modern slapd configs
Stephen Gran [Mon, 7 Jan 2008 02:03:12 +0000 (02:03 +0000)]
we should really run make in doc before we touch build
Stephen Gran [Mon, 7 Jan 2008 01:51:34 +0000 (01:51 +0000)]
* Packaging cleanup
* Use standard debhelper tools
* Create all files we ship instead of echoing them into creation at build
time
* Typo fix in copyright
* Update Standards-Version to 3.7.3 (no changes)
* Build manpages at build time (add Build-Depend on yodl)
* Install built manpages
Joerg Jaspert [Fri, 28 Dec 2007 15:47:01 +0000 (16:47 +0100)]
Missed to write the changelog entry...
Joerg Jaspert [Fri, 28 Dec 2007 15:44:16 +0000 (16:44 +0100)]
Use the same "trick" dak uses to send utf8 enabled mails to people who need
utf8 for their names - simply add utf8 headers to all mails.
Works great for dak, so why shouldnt it work here? :)
Marc 'HE' Brockschmidt [Fri, 28 Dec 2007 15:33:16 +0000 (16:33 +0100)]
Reorder changelog a bit to attribute changes correctly in one consistent style
Joerg Jaspert [Fri, 28 Dec 2007 15:30:07 +0000 (16:30 +0100)]
s/debain/debian/ and add the changelog entry i forgot earlier
Joerg Jaspert [Fri, 28 Dec 2007 15:25:16 +0000 (16:25 +0100)]
Merged from debian branch
Joerg Jaspert [Fri, 28 Dec 2007 15:09:39 +0000 (16:09 +0100)]
Add a little pointer to our repository, also mention that for changes we do the copyright
is ours. Now, to make it easy I just pointed to "da-tools project members, -discuss list",
instead of listing every committer. License, of course, same as for "upstream".
Joerg Jaspert [Fri, 28 Dec 2007 15:08:49 +0000 (16:08 +0100)]
Files have copyright statements until 2007 (from Ryan), note that in debian/copyright
Also note that it is now maintained using bzr, not CVS
Joerg Jaspert [Fri, 28 Dec 2007 15:05:40 +0000 (16:05 +0100)]
uncommitted 2 changes from me. BAD HACK
Marc 'HE' Brockschmidt [Thu, 27 Dec 2007 16:17:13 +0000 (17:17 +0100)]
Make the host ud-replicate syncs from configurable in userdir-ldap.conf,
instead of hardcoding it into the script. Also introduce a variable
containing a shell glob on which no remote sync is needed, so that
the db host doesn't need to have a key in the authorized_keys file
for the sshdist user
Mark Hymers [Thu, 27 Dec 2007 12:50:55 +0000 (12:50 +0000)]
add simple ud-config script for use in shell scripts
Mark Hymers [Thu, 27 Dec 2007 12:50:36 +0000 (12:50 +0000)]
merge
Marc 'HE' Brockschmidt [Thu, 27 Dec 2007 08:39:32 +0000 (09:39 +0100)]
Sync with -common tree again
Mark Hymers [Wed, 26 Dec 2007 22:47:26 +0000 (22:47 +0000)]
merge from upstream
Marc 'HE' Brockschmidt [Wed, 26 Dec 2007 22:44:21 +0000 (23:44 +0100)]
Add 1000 to UIDs and GIDs if the ud-generate.conf contains '[UIDSHIFT]' as
extra flag. This is useful if you want to preserve local accounts without
ID conflicts.
Marc 'HE' Brockschmidt [Wed, 26 Dec 2007 22:41:38 +0000 (23:41 +0100)]
Merge passwordless export fix
Marc 'HE' Brockschmidt [Wed, 26 Dec 2007 22:38:22 +0000 (23:38 +0100)]
Mark that no passwords are exported also in the generated passwd file, not
only in the shadow file (by using a "*" as password (meaning "no password),
instead of "x" (meaning "do I look like a passwd from the nineties? Look
into /etc/shadow!")).
Mark Hymers [Wed, 26 Dec 2007 20:55:32 +0000 (20:55 +0000)]
* ud-arbimport: os.exit -> sys.exit
Mark Hymers [Wed, 26 Dec 2007 20:49:42 +0000 (20:49 +0000)]
* Remove use of deprecated functions from the string module
Mark Hymers [Wed, 26 Dec 2007 18:01:19 +0000 (18:01 +0000)]
* ud-useradd: Avoid a TypeError exception when constructing the template
filename
Mark Hymers [Wed, 26 Dec 2007 17:57:58 +0000 (17:57 +0000)]
* ud-userimport, ud-groupadd, ud-roleadd, ud-useradd, userdir_ldap.py:
Update ud-userimport to use the same objectClasses as
ud-{user,group,role}add and abstract them out into userdir_ldap.py
Mark Hymers [Wed, 26 Dec 2007 16:23:13 +0000 (16:23 +0000)]
add note about more modern slapd configs
Peter Palfrader [Wed, 26 Dec 2007 15:46:31 +0000 (16:46 +0100)]
Make the shadow expiry changelog entry more specific
Add a tag to debian/changelog saying that the "Set shadow expiry to 1
for locked accounts" was to ud-generate.
Peter Palfrader [Wed, 26 Dec 2007 15:45:04 +0000 (16:45 +0100)]
update doc/slapd-config.txt
labeledURL was removed from the schema but not the slapd.conf example. Doing
that now. Patch from mhy.
Mark Hymers [Wed, 26 Dec 2007 14:26:27 +0000 (14:26 +0000)]
labeledURL was removed from the schema but not the slapd.conf example
Peter Palfrader [Wed, 26 Dec 2007 08:44:42 +0000 (09:44 +0100)]
Set shadow expiry for locked accounts
Explicity set shadow expiry to 1 for locked accounts. Patch from mhy.
Mark Hymers [Wed, 26 Dec 2007 00:37:11 +0000 (00:37 +0000)]
Merge shadow branch
Mark Hymers [Wed, 26 Dec 2007 00:36:13 +0000 (00:36 +0000)]
Set shadow expiry for locked accounts
Peter Palfrader [Tue, 25 Dec 2007 22:35:18 +0000 (23:35 +0100)]
Fix ud-useradd.
Resolve issue introduced with the usergroup patch (cruft from another, removed
patch).
Marc 'HE' Brockschmidt [Tue, 25 Dec 2007 22:33:52 +0000 (23:33 +0100)]
Fix error due to cruft from the RoleAccount patch
Peter Palfrader [Tue, 25 Dec 2007 19:35:12 +0000 (20:35 +0100)]
Add myself to uploaders
Peter Palfrader [Tue, 25 Dec 2007 19:32:28 +0000 (20:32 +0100)]
Empty merge
Peter Palfrader [Tue, 25 Dec 2007 19:30:50 +0000 (20:30 +0100)]
ud-host: cleanup
Replace local copy HBaseDn of the centrally configured HostBaseDn
Peter Palfrader [Tue, 25 Dec 2007 19:25:33 +0000 (20:25 +0100)]
Add 'purpose', 'physicalHost' to debianServer
Patch from HE: Add a purpose and a physicalHost attribute to the
debianServer objectClass. Purpose is used to store the task of
the machine, like buildd, or porterbox or similar. phyiscalHost
is for setups with virtualisation, where one host runs on top of
another one. This information can then also be used by nagios and
friends.
Peter Palfrader [Tue, 25 Dec 2007 19:18:46 +0000 (20:18 +0100)]
ud-useradd: support usergroups
Patch from HE* that implements per-user groups for ud-useradd. If run
without -n the behaviour is as before. With -n (for no-automatic-IDs)
the user gets the chance to change the assigned numeric UID. The user
is also prompted for a GID. By default the default group for users is
still used but ud-useradd suggests a free group ID for the user group.
If the user group ID is chosen a group is automatically created.
(* based on work by aba and joerg)
Peter Palfrader [Tue, 25 Dec 2007 19:01:26 +0000 (20:01 +0100)]
Update debian/changelog for ud-fingerserv daemonize.
Add an entry in debia/changelog for sgran's patch that implements
daemonizing for ud-fingerserv.
Peter Palfrader [Tue, 25 Dec 2007 18:39:37 +0000 (19:39 +0100)]
ud-fingerserv: correctly daemonize
Also fork() a second time after running setsid().
Peter Palfrader [Tue, 25 Dec 2007 18:37:37 +0000 (19:37 +0100)]
ud-fingerserv: implement daemonizing
ud-fingerserv now daemonizes into the background when not run in
inetd-mode (-i) or explicitly told to not detach using the -f flag.
Patch from Stephen Gran.
Marc 'HE' Brockschmidt [Tue, 25 Dec 2007 17:32:43 +0000 (18:32 +0100)]
Really apply HE's changes.
Stephen Gran [Tue, 25 Dec 2007 15:11:05 +0000 (15:11 +0000)]
When not in inetd mode, detach from controlling terminal and daemonize
properly. This involves adding a -l (logfile) option to the command line
arguments, so that output will be captured somewhere.
Also add a -f (foreground) option, to preserve the previous default behavior.
Stephen Gran [Tue, 25 Dec 2007 15:09:51 +0000 (15:09 +0000)]
Make finger server daemonize when not in inetd mode.
Also add a foreground switch so that previous defalt behavior is preserved.
Marc 'HE' Brockschmidt [Tue, 25 Dec 2007 15:05:58 +0000 (16:05 +0100)]
Replace local copy HBaseDn of the centrally configured HostBaseDn by the
latter everywhere we use it.
Marc 'HE' Brockschmidt [Tue, 25 Dec 2007 14:37:29 +0000 (15:37 +0100)]
LDAP schema changes and fitting changes to ud-host:
* Add "purpose" (multi-value field, should contain stuff like "buildd",
"porter", ...)
* Add "physicalHost" (used for virtual system, containing the FQDN of
the physical host system)
Marc 'HE' Brockschmidt [Tue, 25 Dec 2007 14:32:07 +0000 (15:32 +0100)]
Merge usergroups patch in
Marc 'HE' Brockschmidt [Tue, 25 Dec 2007 13:06:39 +0000 (14:06 +0100)]
Allow for usergroups (ie one group per user). Leave default behaviour as it is.
Also introduce a "-n" switch (for "no automatic ids") which turns on prompting
for UID/GID. Default is now to use the DefaultGID and the first free UID.
Peter Palfrader [Tue, 25 Dec 2007 12:09:22 +0000 (13:09 +0100)]
ud-roleadd: fix role account creation.
ud-roleadd tried to put the new ldap entry - among other objectClasses - into
inetOrgPerson, which caused it to be rejected by openldap.
Peter Palfrader [Tue, 25 Dec 2007 10:36:47 +0000 (11:36 +0100)]
Build depend on python-support >= 0.3.
Change the build dependency on python-support to be versioned >= 0.3,
as suggested by lintian.
Peter Palfrader [Tue, 25 Dec 2007 10:30:46 +0000 (11:30 +0100)]
Change Build-Depends-Indep to Build-Depends.