Peter Palfrader [Sat, 17 May 2008 13:41:13 +0000 (15:41 +0200)]
And clean up the bugs I introduced while mucking with sgran's shell
Peter Palfrader [Sat, 17 May 2008 13:29:42 +0000 (15:29 +0200)]
Fix string vs. int issue in userlist introduced by multiple-ssh patch
Peter Palfrader [Sat, 17 May 2008 09:41:11 +0000 (11:41 +0200)]
Fix wording in the changelog
Peter Palfrader [Sat, 17 May 2008 09:40:33 +0000 (11:40 +0200)]
Fuzz with the shell in ud-replicate's sshkeys part
Peter Palfrader [Sat, 17 May 2008 09:39:20 +0000 (11:39 +0200)]
ud-replicate, ud-generate: Instead of one big ssh-rsa-shadow file ud-generate
now produces per-user authorized_keys files and tars them up. On the receiving
end ud-replicate takes the tar and syncs it to userkeys/. The goal here is to
no longer require a patched sshd. Setting AuthorizedKeysFile2 to
/var/lib/misc/userkeys/%u is sufficient. For homedir creation we can use
pam_mkhomedir. [mhy, sgran]
Peter Palfrader [Sat, 17 May 2008 09:30:38 +0000 (11:30 +0200)]
merge from alioth: aba: add myself to copyright holders
Peter Palfrader [Sat, 17 May 2008 09:30:01 +0000 (11:30 +0200)]
ud-generate: Add performance optimization by resolving IP adresses for hosts
only once and caching the result. [aba]
Peter Palfrader [Sat, 17 May 2008 09:27:06 +0000 (11:27 +0200)]
ud-generate: Add support for generation of authorized_keys file on the db host
for the sshdist user. This is now possible since ud-replicate clients use
their ssh host key to authenticate to the db server. The code now supports
this but the feature is still disabled. [aba]
Peter Palfrader [Sat, 17 May 2008 09:22:00 +0000 (11:22 +0200)]
ud-replicate: Also support the imposter dchroot-dsa from the debian archive [aba]
Peter Palfrader [Sat, 17 May 2008 09:18:45 +0000 (11:18 +0200)]
better check for ssh1 keys (which we do not accept). Merged from alioth but slightly improved regex
Joerg Jaspert [Fri, 16 May 2008 21:00:43 +0000 (23:00 +0200)]
Merge sshkeys branch from Stephen and Mark
Joerg Jaspert [Fri, 16 May 2008 18:56:53 +0000 (20:56 +0200)]
Merge from -common branch
Andreas Barth [Fri, 16 May 2008 18:03:40 +0000 (18:03 +0000)]
add myself to copyright holders
Andreas Barth [Fri, 16 May 2008 17:58:28 +0000 (17:58 +0000)]
Add performance optimization by caching IP adresses in ud-generate as a precondition for automatically adding aliases
Andreas Barth [Fri, 16 May 2008 17:40:19 +0000 (17:40 +0000)]
Add (disabled) generation of authorized_keys
Andreas Barth [Fri, 16 May 2008 17:34:58 +0000 (17:34 +0000)]
Add compatibility to dchroot-dsa to ud-replicate
Joerg Jaspert [Thu, 15 May 2008 21:35:13 +0000 (23:35 +0200)]
Modify the SSH1 key check so it matches all RSA1 keys, not only those of size 1024
Joerg Jaspert [Wed, 14 May 2008 23:02:17 +0000 (01:02 +0200)]
Merge from Debian
Stephen Gran [Wed, 14 May 2008 22:03:56 +0000 (23:03 +0100)]
remove debugging output
Stephen Gran [Wed, 14 May 2008 22:00:45 +0000 (23:00 +0100)]
add copyright update
Mark Hymers [Wed, 14 May 2008 21:56:59 +0000 (22:56 +0100)]
make fallbacks and group resolution more sane
Stephen Gran [Wed, 14 May 2008 21:27:10 +0000 (22:27 +0100)]
ahem, we need to actually look in the host subdir
Mark Hymers [Wed, 14 May 2008 21:10:08 +0000 (22:10 +0100)]
weasel gets upset if there isn't a changelog
Mark Hymers [Wed, 14 May 2008 21:08:53 +0000 (22:08 +0100)]
merge Steve's ud-replicate work
Mark Hymers [Wed, 14 May 2008 21:05:26 +0000 (22:05 +0100)]
export individual (and only the required) ssh keys
Stephen Gran [Wed, 14 May 2008 20:52:22 +0000 (21:52 +0100)]
ud-generate: handle individual ssh keys
Mark Hymers [Wed, 14 May 2008 19:37:13 +0000 (20:37 +0100)]
merge from debian branch
Mark Hymers [Wed, 14 May 2008 18:55:18 +0000 (19:55 +0100)]
reimport initial multiple ssh keys code which bzr kindly threw away after merging on my old branch
Peter Palfrader [Wed, 14 May 2008 15:56:01 +0000 (17:56 +0200)]
Fix generation of known_hosts file.
Peter Palfrader [Wed, 14 May 2008 15:48:00 +0000 (17:48 +0200)]
0.3.22
Peter Palfrader [Wed, 14 May 2008 15:47:17 +0000 (17:47 +0200)]
Merge: ud-mailgate no longer accepts ssh dss keys, keys with a size smaller than 1024.
Additionally it checks new keys against a blacklist of ssh key fingerprints. [joerg]
Peter Palfrader [Wed, 14 May 2008 15:37:21 +0000 (17:37 +0200)]
Add IPv6-Adresses (and IPv4 in v6 notation - ::ffff:192.0.2.1) to ssh_known_hosts. [aba]
Joerg Jaspert [Wed, 14 May 2008 15:34:01 +0000 (17:34 +0200)]
Add missing admin info template
Peter Palfrader [Wed, 14 May 2008 15:32:49 +0000 (17:32 +0200)]
Add VoIP fiels to the LDAP shema and teach ud-info and ud-mailgate about it. [zobel]
Peter Palfrader [Wed, 14 May 2008 15:29:25 +0000 (17:29 +0200)]
Merge: Add another todo item
Joerg Jaspert [Wed, 14 May 2008 14:56:04 +0000 (16:56 +0200)]
Merge sshkeys check with the alioth userdir-ldap-common
Joerg Jaspert [Wed, 14 May 2008 14:43:40 +0000 (16:43 +0200)]
Check ssh keys:
- reject all DSA keys, similar to RSA1 keys.
- reject and mail the admins for broken keys, ie keys
- of size below 1024 or
- known to be bad (fingerprintlist)
Peter Palfrader [Tue, 13 May 2008 20:09:02 +0000 (22:09 +0200)]
* ud-replicate: use the host key to sync stuff from the db server,
that is, call ssh with ii /etc/ssh/ssh_host_rsa_key.
* ud-replicate: Call ssh with -o PreferredAuthentications=publickey
so that it does not even try password authentication.
Joerg Jaspert [Mon, 12 May 2008 22:12:56 +0000 (00:12 +0200)]
First version of a check for ssh keys
Andreas Barth [Sat, 10 May 2008 21:52:42 +0000 (21:52 +0000)]
more sanitizing for IP adresses
Andreas Barth [Sat, 10 May 2008 21:49:42 +0000 (21:49 +0000)]
Add IPv6-Adresses (and IPv4 in both ways) into ssh_known_hosts
Martin Zobel-Helas [Sat, 10 May 2008 12:19:22 +0000 (14:19 +0200)]
add VoIP
Marc 'HE' Brockschmidt [Wed, 23 Apr 2008 21:11:12 +0000 (23:11 +0200)]
Add another todo item
Marc 'HE' Brockschmidt [Wed, 23 Apr 2008 21:08:10 +0000 (23:08 +0200)]
Merge Peter's debian.org-ud-ldap changes.
Peter Palfrader [Wed, 23 Apr 2008 20:33:56 +0000 (22:33 +0200)]
todo item
Peter Palfrader [Mon, 21 Apr 2008 22:18:09 +0000 (00:18 +0200)]
A few copyright notices
Peter Palfrader [Mon, 21 Apr 2008 22:08:29 +0000 (00:08 +0200)]
another todo item
Peter Palfrader [Mon, 21 Apr 2008 21:55:05 +0000 (23:55 +0200)]
add a TODO file
Peter Palfrader [Mon, 21 Apr 2008 11:31:04 +0000 (13:31 +0200)]
Teach ud-mailgate about ipv6 addresses (RT#193).
Sanitize DNS entries somewhat before inserting them into LDAP.
Peter Palfrader [Fri, 18 Apr 2008 12:34:05 +0000 (14:34 +0200)]
New [KEYRING] flag to indicate the debian keyring should be synced to this host.
Peter Palfrader [Thu, 17 Apr 2008 17:49:45 +0000 (19:49 +0200)]
Various ud-fingerserv fixes
Peter Palfrader [Wed, 16 Apr 2008 17:59:51 +0000 (19:59 +0200)]
Calling dh_installdeb before dh_pysupport was probably not the smartest move.
Reorder.
Peter Palfrader [Wed, 16 Apr 2008 14:20:53 +0000 (16:20 +0200)]
0.3.16
Peter Palfrader [Wed, 16 Apr 2008 14:20:46 +0000 (16:20 +0200)]
Use full hostname
Peter Palfrader [Wed, 16 Apr 2008 12:09:51 +0000 (14:09 +0200)]
Sleep for a random time, up to two minutes, in ud-replicate when not called
interactively. This is to prevent DoSing the db server when many clients come
at the same time.
Peter Palfrader [Wed, 16 Apr 2008 12:08:46 +0000 (14:08 +0200)]
Create /var/lib/misc/thishost as a symlink to the hostname in postinst
Mark Hymers [Thu, 10 Jan 2008 15:12:13 +0000 (15:12 +0000)]
merge from -debian branch
Peter Palfrader [Thu, 10 Jan 2008 15:07:10 +0000 (16:07 +0100)]
Merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 15:03:47 +0000 (16:03 +0100)]
Nop merge - stuff that was previously included by cherry picking
Peter Palfrader [Thu, 10 Jan 2008 15:03:07 +0000 (16:03 +0100)]
Merge packaging cleanup from alioth (including template dir install location fix)
Peter Palfrader [Thu, 10 Jan 2008 14:56:17 +0000 (15:56 +0100)]
Merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 14:55:31 +0000 (15:55 +0100)]
Merge changelog cleanup from alioth, and re-cleanup
Peter Palfrader [Thu, 10 Jan 2008 14:53:52 +0000 (15:53 +0100)]
Merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 14:53:20 +0000 (15:53 +0100)]
Remerge merge or whatever
Peter Palfrader [Thu, 10 Jan 2008 14:47:02 +0000 (15:47 +0100)]
Merge from alioth
Copyright statement from people doing stuff on alioth, and pointer to the alioth repository and discussion list
Mark Hymers [Thu, 10 Jan 2008 14:45:48 +0000 (14:45 +0000)]
add ud-config to debian/install
Peter Palfrader [Thu, 10 Jan 2008 14:43:33 +0000 (15:43 +0100)]
Merge from alioth
But fix ud-replicate to use `$LOCALSYNCON' instead of `*$LOCALSYNCON*' in the case statement.
Peter Palfrader [Thu, 10 Jan 2008 14:35:18 +0000 (15:35 +0100)]
Merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 14:33:50 +0000 (15:33 +0100)]
A nop with something behind it.
Merge in r361 from alioth-common, the shiftUID patch, but also
cherry pick r377 which reverts it (because it's incomplete/broken).
This is necesary because bzr tracks what you merged so far and
would always want to pull in 361 if I just skipped it now.
Peter Palfrader [Thu, 10 Jan 2008 14:33:29 +0000 (15:33 +0100)]
Merge from alioth
Marc 'HE' Brockschmidt [Thu, 10 Jan 2008 14:17:11 +0000 (15:17 +0100)]
Back out UIDShift patch, which wasn't correct anyway and shouldn't be merged
to -common (yet)
Peter Palfrader [Thu, 10 Jan 2008 13:50:58 +0000 (14:50 +0100)]
Merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 13:50:25 +0000 (14:50 +0100)]
Merge from alioth
Replace deprecated string.$foo($bar, $ARGS) calls with $bar.$foo($ARGS).
Also cherry pick two fixes on the patch from later in that tree:
revno: 375
committer: Mark Hymers <mhy@debian.org>
branch nick: userdir-ldap-common
timestamp: Thu 2008-01-10 13:44:07 +0000
message:
Don't convert strings to integers, just check that they could be converted.
Noticed by Peter (again)
--
revno: 376
committer: Mark Hymers <mhy@debian.org>
branch nick: userdir-ldap-common
timestamp: Thu 2008-01-10 13:48:43 +0000
message:
and some more old CheckNumber fixes
Mark Hymers [Thu, 10 Jan 2008 13:48:43 +0000 (13:48 +0000)]
and some more old CheckNumber fixes
Mark Hymers [Thu, 10 Jan 2008 13:44:07 +0000 (13:44 +0000)]
Don't convert strings to integers, just check that they could be converted.
Noticed by Peter (again)
Peter Palfrader [Thu, 10 Jan 2008 13:13:31 +0000 (14:13 +0100)]
merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 13:10:58 +0000 (14:10 +0100)]
Merge from alioth
merge r356 from alioth's userdir-ldap-common, and cherry pick that fix onto that:
committer: Mark Hymers <mhy@debian.org>
branch nick: userdir-ldap-common
timestamp: Thu 2008-01-10 12:58:39 +0000
message:
Fix mistake in ud-userimport add logic spotted by Peter Palfrader.
Mark Hymers [Thu, 10 Jan 2008 12:58:39 +0000 (12:58 +0000)]
Fix mistake in ud-userimport add logic spotted by Peter Palfrader.
Peter Palfrader [Thu, 10 Jan 2008 09:05:11 +0000 (10:05 +0100)]
Merge from alioth: note about more modern slapd configs
Stephen Gran [Mon, 7 Jan 2008 02:03:12 +0000 (02:03 +0000)]
we should really run make in doc before we touch build
Stephen Gran [Mon, 7 Jan 2008 01:51:34 +0000 (01:51 +0000)]
* Packaging cleanup
* Use standard debhelper tools
* Create all files we ship instead of echoing them into creation at build
time
* Typo fix in copyright
* Update Standards-Version to 3.7.3 (no changes)
* Build manpages at build time (add Build-Depend on yodl)
* Install built manpages
Joerg Jaspert [Fri, 28 Dec 2007 15:47:01 +0000 (16:47 +0100)]
Missed to write the changelog entry...
Joerg Jaspert [Fri, 28 Dec 2007 15:44:16 +0000 (16:44 +0100)]
Use the same "trick" dak uses to send utf8 enabled mails to people who need
utf8 for their names - simply add utf8 headers to all mails.
Works great for dak, so why shouldnt it work here? :)
Marc 'HE' Brockschmidt [Fri, 28 Dec 2007 15:33:16 +0000 (16:33 +0100)]
Reorder changelog a bit to attribute changes correctly in one consistent style
Joerg Jaspert [Fri, 28 Dec 2007 15:30:07 +0000 (16:30 +0100)]
s/debain/debian/ and add the changelog entry i forgot earlier
Joerg Jaspert [Fri, 28 Dec 2007 15:25:16 +0000 (16:25 +0100)]
Merged from debian branch
Joerg Jaspert [Fri, 28 Dec 2007 15:09:39 +0000 (16:09 +0100)]
Add a little pointer to our repository, also mention that for changes we do the copyright
is ours. Now, to make it easy I just pointed to "da-tools project members, -discuss list",
instead of listing every committer. License, of course, same as for "upstream".
Joerg Jaspert [Fri, 28 Dec 2007 15:08:49 +0000 (16:08 +0100)]
Files have copyright statements until 2007 (from Ryan), note that in debian/copyright
Also note that it is now maintained using bzr, not CVS
Joerg Jaspert [Fri, 28 Dec 2007 15:05:40 +0000 (16:05 +0100)]
uncommitted 2 changes from me. BAD HACK
Marc 'HE' Brockschmidt [Thu, 27 Dec 2007 16:17:13 +0000 (17:17 +0100)]
Make the host ud-replicate syncs from configurable in userdir-ldap.conf,
instead of hardcoding it into the script. Also introduce a variable
containing a shell glob on which no remote sync is needed, so that
the db host doesn't need to have a key in the authorized_keys file
for the sshdist user
Mark Hymers [Thu, 27 Dec 2007 12:50:55 +0000 (12:50 +0000)]
add simple ud-config script for use in shell scripts
Mark Hymers [Thu, 27 Dec 2007 12:50:36 +0000 (12:50 +0000)]
merge
Marc 'HE' Brockschmidt [Thu, 27 Dec 2007 08:39:32 +0000 (09:39 +0100)]
Sync with -common tree again
Mark Hymers [Wed, 26 Dec 2007 22:47:26 +0000 (22:47 +0000)]
merge from upstream
Marc 'HE' Brockschmidt [Wed, 26 Dec 2007 22:44:21 +0000 (23:44 +0100)]
Add 1000 to UIDs and GIDs if the ud-generate.conf contains '[UIDSHIFT]' as
extra flag. This is useful if you want to preserve local accounts without
ID conflicts.
Marc 'HE' Brockschmidt [Wed, 26 Dec 2007 22:41:38 +0000 (23:41 +0100)]
Merge passwordless export fix
Marc 'HE' Brockschmidt [Wed, 26 Dec 2007 22:38:22 +0000 (23:38 +0100)]
Mark that no passwords are exported also in the generated passwd file, not
only in the shadow file (by using a "*" as password (meaning "no password),
instead of "x" (meaning "do I look like a passwd from the nineties? Look
into /etc/shadow!")).
Mark Hymers [Wed, 26 Dec 2007 20:55:32 +0000 (20:55 +0000)]
* ud-arbimport: os.exit -> sys.exit
Mark Hymers [Wed, 26 Dec 2007 20:49:42 +0000 (20:49 +0000)]
* Remove use of deprecated functions from the string module
Mark Hymers [Wed, 26 Dec 2007 18:01:19 +0000 (18:01 +0000)]
* ud-useradd: Avoid a TypeError exception when constructing the template
filename