Paul Wise [Tue, 14 Jun 2016 02:29:48 +0000 (10:29 +0800)]
Fix crash in ud-generate
Traceback (most recent call last):
File "/usr/bin/ud-generate", line 1498, in <module>
ud_generate()
File "/usr/bin/ud-generate", line 1481, in ud_generate
generate_all(generate_dir, l)
File "/usr/bin/ud-generate", line 1229, in generate_all
GenDNS(accounts, global_dir + "dns-zone")
File "/usr/bin/ud-generate", line 820, in GenDNS
if a.is_guest_account(): continue
File "/usr/lib/pymodules/python2.7/UDLdap.py", line 91, in is_guest_account
return 'guest' in self['supplementaryGid']
File "/usr/lib/pymodules/python2.7/UDLdap.py", line 48, in __getitem__
raise IndexError, "No such key: %s (dn: %s)"%(key, self.dn)
IndexError: No such key: supplementaryGid (dn: uid=debtags,ou=users,dc=debian,dc=org)
Paul Wise [Mon, 13 Jun 2016 00:27:44 +0000 (08:27 +0800)]
Look up the default group from the config instead of hardcoding it
Paul Wise [Mon, 13 Jun 2016 00:26:19 +0000 (08:26 +0800)]
Fix is_guest_account for the usergroups transition
Prevents guest accounts from using debian-private and debian.net
Paul Wise [Mon, 13 Jun 2016 00:41:11 +0000 (08:41 +0800)]
We just call the operating system Debian these days
Peter Palfrader [Fri, 5 Feb 2016 18:17:09 +0000 (19:17 +0100)]
ud-generate: get RTC domain/realm from config file
Paul Wise [Sat, 19 Dec 2015 18:05:00 +0000 (02:05 +0800)]
ries is long gone
Peter Palfrader [Thu, 19 Nov 2015 08:52:59 +0000 (09:52 +0100)]
ud-replicate: use persistent ssh connections
Peter Palfrader [Thu, 19 Nov 2015 08:23:34 +0000 (09:23 +0100)]
ud-replicate: only install/reload RTC files when they have changed.
Julien Cristau [Wed, 18 Nov 2015 15:02:33 +0000 (16:02 +0100)]
Pass BatchMode=yes option to ssh
Should help fail quickly in case of network issues. Remove the
PreferredAuthentications setting which becomes redundant.
Signed-off-by: Julien Cristau <jcristau@debian.org>
Peter Palfrader [Thu, 5 Nov 2015 09:22:21 +0000 (10:22 +0100)]
Add ud-guest-extend
Paul Wise [Sun, 1 Nov 2015 12:48:45 +0000 (20:48 +0800)]
Update ud-ldapshow and cleanup cruft around the usergroups changes
Peter Palfrader [Fri, 30 Oct 2015 07:56:52 +0000 (08:56 +0100)]
Drop paragraph about getting additional software installed
Peter Palfrader [Fri, 30 Oct 2015 07:56:35 +0000 (08:56 +0100)]
Make welcome-message and welcome-message-Debian CC (and where applicable reply-to) d-a@lists instead of d-a@d.o
Peter Palfrader [Thu, 29 Oct 2015 09:25:12 +0000 (10:25 +0100)]
ud-useradd: try to send the proper template
Peter Palfrader [Thu, 29 Oct 2015 09:24:38 +0000 (10:24 +0100)]
Make generic welcome-message more generic
Peter Palfrader [Wed, 28 Oct 2015 21:06:28 +0000 (22:06 +0100)]
fix quoting
Peter Palfrader [Wed, 28 Oct 2015 21:06:08 +0000 (22:06 +0100)]
also do rtc-passwords for prosody
Peter Palfrader [Wed, 28 Oct 2015 21:03:48 +0000 (22:03 +0100)]
Add ud-guest-upgrade
Peter Palfrader [Wed, 28 Oct 2015 20:32:25 +0000 (21:32 +0100)]
ud-useradd: now does usergroups by default
Peter Palfrader [Sat, 23 May 2015 08:44:23 +0000 (10:44 +0200)]
Report key fingerprint when adding ssh keys
Peter Palfrader [Sat, 23 May 2015 08:44:10 +0000 (10:44 +0200)]
Do not mail admin if users try to submit unsupported keys
Peter Palfrader [Sat, 23 May 2015 08:25:15 +0000 (10:25 +0200)]
syntax/typo fix
Peter Palfrader [Sat, 23 May 2015 08:20:46 +0000 (10:20 +0200)]
Changelog entry
Peter Palfrader [Sat, 23 May 2015 08:19:46 +0000 (10:19 +0200)]
Merge branch 'raphael'
* raphael:
Try to make key acceptance logic clearer
Bump the minimum key size to 2048
Authorize
ed25519 keys, which have a fixed size of 256 bits
Recognise ecdsa and
ed25519 ssh keys
Peter Palfrader [Sat, 23 May 2015 08:19:38 +0000 (10:19 +0200)]
Try to make key acceptance logic clearer
Raphael Geissert [Sun, 3 May 2015 19:07:27 +0000 (21:07 +0200)]
Bump the minimum key size to 2048
Signed-off-by: Peter Palfrader <peter@palfrader.org>
Raphael Geissert [Sun, 3 May 2015 18:57:10 +0000 (20:57 +0200)]
Authorize
ed25519 keys, which have a fixed size of 256 bits
Signed-off-by: Peter Palfrader <peter@palfrader.org>
Raphael Geissert [Sun, 3 May 2015 18:56:25 +0000 (20:56 +0200)]
Recognise ecdsa and
ed25519 ssh keys
Signed-off-by: Peter Palfrader <peter@palfrader.org>
Peter Palfrader [Fri, 17 Apr 2015 18:42:41 +0000 (20:42 +0200)]
remove dnsZoneEntry from restricted attributes to match config on db.d.o
Peter Palfrader [Fri, 17 Apr 2015 18:34:32 +0000 (20:34 +0200)]
userdir-ldap-slapd.conf.in: Rhonda points out dnsZoneEntry should not be world readable
Paul Wise [Mon, 29 Dec 2014 05:07:45 +0000 (13:07 +0800)]
Fix a grammatical issue.
Paul Wise [Mon, 29 Dec 2014 05:07:11 +0000 (13:07 +0800)]
Use the people.d.o alias instead of the machine name.
Using the alias is more future-proof.
Paul Wise [Sun, 28 Dec 2014 04:17:47 +0000 (12:17 +0800)]
Debian SSL certs are no longer signed by the Debian/SPI CAs.
Paul Wise [Sun, 28 Dec 2014 04:17:08 +0000 (12:17 +0800)]
Switch from http to https for all the links in welcome mails.
Julien Cristau [Thu, 25 Dec 2014 22:43:40 +0000 (23:43 +0100)]
people.d.o is now paradis
Signed-off-by: Julien Cristau <jcristau@debian.org>
Peter Palfrader [Sun, 7 Dec 2014 15:44:06 +0000 (16:44 +0100)]
New version number
Peter Palfrader [Sun, 7 Dec 2014 15:25:30 +0000 (16:25 +0100)]
release 0.3.86
Peter Palfrader [Sun, 7 Dec 2014 15:21:58 +0000 (16:21 +0100)]
ud-replicated: only restore TERM if it was set before. If it wasn't leave it at dumb.
Peter Palfrader [Sun, 7 Dec 2014 09:47:45 +0000 (10:47 +0100)]
ud-generate: support ssh-
ed25519 keys for SSHFP records
Peter Palfrader [Sat, 6 Dec 2014 09:25:53 +0000 (10:25 +0100)]
Start new version
Peter Palfrader [Sat, 6 Dec 2014 08:59:42 +0000 (09:59 +0100)]
New version number
Peter Palfrader [Fri, 5 Dec 2014 22:37:56 +0000 (23:37 +0100)]
Release
Peter Palfrader [Fri, 5 Dec 2014 22:37:43 +0000 (23:37 +0100)]
ud-replicated: Syntax? fix
Peter Palfrader [Fri, 5 Dec 2014 22:36:39 +0000 (23:36 +0100)]
ud-replicated: only use /var/run/log if it's a socket
Peter Palfrader [Sun, 21 Sep 2014 13:20:40 +0000 (15:20 +0200)]
ud-generate: sudopassword: allow dashes in hostnames
Peter Palfrader [Sun, 21 Sep 2014 12:51:19 +0000 (14:51 +0200)]
ud-mailage: allow dashes in hostnames.
Peter Palfrader [Fri, 19 Sep 2014 19:23:55 +0000 (21:23 +0200)]
changelog entry
Peter Palfrader [Fri, 19 Sep 2014 19:22:48 +0000 (21:22 +0200)]
ud-generate: update gitolite authkeys generation
- skip ssh keys with non-local allowed_hosts
- skip all keys with other restrictions
- make including keys for hosts optional (on by default)
- support overriding the command we restrict to
Peter Palfrader [Mon, 12 May 2014 20:21:19 +0000 (22:21 +0200)]
Fix schema that still references voipPassword instead of rtcPassword
Peter Palfrader [Mon, 12 May 2014 20:17:20 +0000 (22:17 +0200)]
.43 was already taken
Peter Palfrader [Mon, 12 May 2014 20:10:00 +0000 (22:10 +0200)]
Add rebootPolicy attribute to host
Stephen Gran [Thu, 27 Feb 2014 07:28:15 +0000 (07:28 +0000)]
and changelog
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Thu, 27 Feb 2014 07:19:00 +0000 (07:19 +0000)]
make notify the default
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Sun, 9 Feb 2014 20:14:38 +0000 (21:14 +0100)]
A changelog entry
Peter Palfrader [Sun, 9 Feb 2014 20:14:17 +0000 (21:14 +0100)]
Make SudoPasswd not be a global variable
Peter Palfrader [Sun, 9 Feb 2014 20:14:01 +0000 (21:14 +0100)]
Act on sudopassword confirms even if nothing else gets touched
Stephen Gran [Sun, 2 Feb 2014 09:27:12 +0000 (09:27 +0000)]
use json marshalling
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 1 Feb 2014 13:31:28 +0000 (13:31 +0000)]
Correct thinkos
Stephen Gran [Sat, 1 Feb 2014 13:31:08 +0000 (13:31 +0000)]
make this actually work
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 25 Jan 2014 14:40:40 +0000 (14:40 +0000)]
a little defensiveness
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 25 Jan 2014 14:35:43 +0000 (14:35 +0000)]
Change cron job to weekly
Stephen Gran [Fri, 24 Jan 2014 20:46:54 +0000 (20:46 +0000)]
this could never have worked
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Fri, 24 Jan 2014 20:46:30 +0000 (20:46 +0000)]
Add bATVToken to the list of attributes to retrieve
Signed-off-by: Stephen Gran <steve@lobefin.net>
Peter Palfrader [Mon, 20 Jan 2014 22:20:56 +0000 (23:20 +0100)]
sigcheck: Import userdir_ldap so CheckLDAP() can find connectLDAP()
Stephen Gran [Sun, 19 Jan 2014 20:05:34 +0000 (20:05 +0000)]
send json instead
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sun, 19 Jan 2014 20:02:28 +0000 (20:02 +0000)]
better debugging
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 18 Jan 2014 13:38:55 +0000 (13:38 +0000)]
update last run
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Sat, 18 Jan 2014 13:11:46 +0000 (13:11 +0000)]
KFreeBSD uses a different syslog socket just because
Stephen Gran [Sat, 18 Jan 2014 10:47:04 +0000 (10:47 +0000)]
Start new release
Stephen Gran [Sat, 18 Jan 2014 10:46:31 +0000 (10:46 +0000)]
Gratuitous version bump
Stephen Gran [Sat, 18 Jan 2014 10:16:46 +0000 (10:16 +0000)]
release this version
Signed-off-by: Stephen Gran <steve@lobefin.net>
Luca Filipozzi [Sat, 18 Jan 2014 02:53:27 +0000 (02:53 +0000)]
don't need group read on rtc-password files
Signed-off-by: Luca Filipozzi <lfilipoz@emyr.net>
Luca Filipozzi [Sat, 18 Jan 2014 01:19:56 +0000 (01:19 +0000)]
create two versions of rtc-passwords, one for radius and one for return
Signed-off-by: Luca Filipozzi <lfilipoz@emyr.net>
Luca Filipozzi [Sat, 18 Jan 2014 01:16:59 +0000 (01:16 +0000)]
Merge branch 'master' of ssh://draghi.debian.org/~/userdir-ldap
Stephen Gran [Fri, 17 Jan 2014 20:23:38 +0000 (20:23 +0000)]
this is a bit cleaner
Signed-off-by: Stephen Gran <steve@lobefin.net>
Luca Filipozzi [Fri, 17 Jan 2014 01:19:49 +0000 (01:19 +0000)]
modifying ud-replicate to support rtcPassword deployment
Luca Filipozzi [Thu, 16 Jan 2014 22:57:39 +0000 (22:57 +0000)]
voipPassword -> rtcPassword
Stephen Gran [Wed, 15 Jan 2014 17:08:09 +0000 (17:08 +0000)]
whitespace
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Wed, 15 Jan 2014 08:33:02 +0000 (08:33 +0000)]
ud-generate can send notifications over MQ
Signed-off-by: Stephen Gran <steve@lobefin.net>
Stephen Gran [Wed, 15 Jan 2014 08:13:45 +0000 (08:13 +0000)]
Merge branch 'master' of ssh://db.debian.org/git/userdir-ldap
Stephen Gran [Wed, 15 Jan 2014 08:13:31 +0000 (08:13 +0000)]
add ud-replicated
Signed-off-by: Stephen Gran <steve@lobefin.net>
Luca Filipozzi [Tue, 14 Jan 2014 01:23:21 +0000 (01:23 +0000)]
assume that voipPassword contains an HA1
Martin Zobel-Helas [Sun, 12 Jan 2014 11:14:56 +0000 (12:14 +0100)]
we need realm there
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 12 Jan 2014 11:11:33 +0000 (12:11 +0100)]
fix another typo
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 12 Jan 2014 11:06:33 +0000 (12:06 +0100)]
fix typo
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 12 Jan 2014 10:49:12 +0000 (11:49 +0100)]
fix code
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 12 Jan 2014 10:40:44 +0000 (11:40 +0100)]
modify voipPassword code to match https://github.com/resiprocate/resiprocate/blob/master/reTurn/reTurnServer.config#L147
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Fri, 10 Jan 2014 17:42:42 +0000 (18:42 +0100)]
renamed script
Peter Palfrader [Thu, 9 Jan 2014 09:55:38 +0000 (10:55 +0100)]
new dns fu
Martin Zobel-Helas [Sun, 29 Dec 2013 19:25:06 +0000 (20:25 +0100)]
clean up files another way
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 29 Dec 2013 18:56:16 +0000 (19:56 +0100)]
try this
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 29 Dec 2013 18:43:13 +0000 (19:43 +0100)]
Fdb instead of F
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 29 Dec 2013 18:41:11 +0000 (19:41 +0100)]
fix some errors
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sun, 29 Dec 2013 17:21:01 +0000 (18:21 +0100)]
also produce dbm files additionaly to cdb
We need to migrate from CDB to DBM, as there is no python-cdb in Debian
stable any more. Provide both file formats, so we can migrate from CDB
to DBM painlessly.
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Stephen Gran [Wed, 20 Nov 2013 19:22:33 +0000 (19:22 +0000)]
We've been removing this symlink for a decade
I think we're safe now.
Signed-off-by: Stephen Gran <steve@lobefin.net>
Tollef Fog Heen [Wed, 28 Aug 2013 16:02:00 +0000 (18:02 +0200)]
Changelog
Tollef Fog Heen [Wed, 28 Aug 2013 16:00:32 +0000 (18:00 +0200)]
Export host keys for gitolite too
Peter Palfrader [Fri, 2 Aug 2013 21:34:24 +0000 (23:34 +0200)]
and a changelog entry
Peter Palfrader [Fri, 2 Aug 2013 21:31:45 +0000 (23:31 +0200)]
Fix unix mtime triggers for ud-generate
Previously we only checked if a file had been modified since our last
run. That didn't catch changes that were only made visible for the next
run. I.e. a file was changed on some host, ud-generate runs finds no
need to re-generate and stores timestamp X to its statefile. We rsync
that file to us and on the next ud-geneate run it finds no files
modified since X.
Peter Palfrader [Thu, 18 Jul 2013 20:12:01 +0000 (22:12 +0200)]
And also for guests