isSSHFP = re.compile("^\s*IN\s+SSHFP")
DNSZone = ".debian.net"
Keyrings = ConfModule.sync_keyrings.split(":")
+GitoliteSSHRestrictions = getattr(ConfModule, "gitolitesshrestrictions", None)
+
def safe_makedirs(dir):
try:
raise
Done(File, F, None)
+# Generate the sudo passwd file
+def GenSSHGitolite(accounts, File):
+ F = None
+ try:
+ OldMask = os.umask(0022)
+ F = open(File + ".tmp", "w", 0600)
+ os.umask(OldMask)
+
+ if not GitoliteSSHRestrictions is None and GitoliteSSHRestrictions != "":
+ for a in accounts:
+ if not 'sshRSAAuthKey' in a: continue
+
+ User = a['uid']
+ prefix = GitoliteSSHRestrictions.replace('@@USER@@', User)
+ for I in a["sshRSAAuthKey"]:
+ if I.startswith('ssh-'):
+ line = "%s %s"%(prefix, I)
+ else:
+ line = "%s,%s"%(prefix, I)
+ line = Sanitize(line) + "\n"
+ F.write(line)
+
+ # Oops, something unspeakable happened.
+ except:
+ Die(File, F, None)
+ raise
+ Done(File, F, None)
+
# Generate the shadow list
def GenSSHShadow(global_dir, accounts):
# Fetch all the users
return userfiles
+# Generate the webPassword list
+def GenWebPassword(accounts, File):
+ F = None
+ try:
+ OldMask = os.umask(0077)
+ F = open(File, "w", 0600)
+ os.umask(OldMask)
+
+ for a in accounts:
+ if not 'webPassword' in a: continue
+ if not a.pw_active(): continue
+
+ Pass = str(a['webPassword'])
+ Line = "%s:%s" % (a['uid'], Pass)
+ Line = Sanitize(Line) + "\n"
+ F.write("%s" % (Line))
+
+ except:
+ Die(File, None, F)
+ raise
+
def GenSSHtarballs(global_dir, userlist, SSHFiles, grouprevmap, target):
OldMask = os.umask(0077)
tf = tarfile.open(name=os.path.join(global_dir, 'ssh-keys-%s.tar.gz' % CurrentHost), mode='w:gz')
for z in a["dnsZoneEntry"]:
Split = z.lower().split()
if Split[1].lower() == 'in':
- for y in range(0, len(Split)):
- if Split[y] == "$":
- Split[y] = "\n\t"
Line = " ".join(Split) + "\n"
F.write(Line)
-
+
Host = Split[0] + DNSZone
if BSMTPCheck.match(Line) != None:
F.write("; Has BSMTP\n")
-
+
# Write some identification information
if not RRs.has_key(Host):
if Split[2].lower() in ["a", "aaaa"]:
else:
Line = "; Err %s"%(str(Split))
F.write(Line)
-
+
F.write("\n")
except Exception, e:
F.write("; Errors:\n")
"keyFingerPrint", "privateSub", "mailDisableMessage",\
"mailGreylisting", "mailCallout", "mailRBL", "mailRHSBL",\
"mailWhitelist", "sudoPassword", "objectClass", "accountStatus",\
- "mailContentInspectionAction"])
+ "mailContentInspectionAction", "webPassword"])
if passwd_attrs is None:
raise UDEmptyList, "No Users"
GenMailList(accounts, global_dir + "mail-rbl", "mailRBL")
GenMailList(accounts, global_dir + "mail-rhsbl", "mailRHSBL")
GenMailList(accounts, global_dir + "mail-whitelist", "mailWhitelist")
+ GenWebPassword(accounts, global_dir + "web-passwords")
GenKeyrings(global_dir)
# Compatibility.
GenMarkers(accounts, global_dir + "markers")
GenSSHKnown(host_attrs, global_dir + "ssh_known_hosts")
GenHosts(host_attrs, global_dir + "debianhosts")
+ GenSSHGitolite(accounts, global_dir + "ssh-gitolite")
GenDNS(accounts, global_dir + "dns-zone")
GenZoneRecords(host_attrs, global_dir + "dns-sshfp")
if 'PRIVATE' in ExtraList:
DoLink(global_dir, OutDir, "debian-private")
+ if 'GITOLITE' in ExtraList:
+ DoLink(global_dir, OutDir, "ssh-gitolite")
+
+ if 'WEB-PASSWORDS' in ExtraList:
+ DoLink(global_dir, OutDir, "web-passwords")
+
if 'KEYRING' in ExtraList:
for k in Keyrings:
bn = os.path.basename(k)
posix.remove(target)
except:
pass
+ DoLink(global_dir, OutDir, "last_update.trace")
-l = make_ldap_conn()
-mods = l.search_s('cn=log',
- ldap.SCOPE_ONELEVEL,
- '(&(&(!(reqMod=activity-from*))(!(reqMod=activity-pgp*)))(|(reqType=add)(reqType=delete)(reqType=modify)(reqType=modrdn)))',
- ['reqEnd'])
+def getLastLDAPChangeTime(l):
+ mods = l.search_s('cn=log',
+ ldap.SCOPE_ONELEVEL,
+ '(&(&(!(reqMod=activity-from*))(!(reqMod=activity-pgp*)))(|(reqType=add)(reqType=delete)(reqType=modify)(reqType=modrdn)))',
+ ['reqEnd'])
+
+ last = 0
+
+ # Sort the list by reqEnd
+ sorted_mods = sorted(mods, key=lambda mod: mod[1]['reqEnd'][0].split('.')[0])
+ # Take the last element in the array
+ last = sorted_mods[-1][1]['reqEnd'][0].split('.')[0]
-last = 0
+ return last
-# Sort the list by reqEnd
-sorted_mods = sorted(mods, key=lambda mod: mod[1]['reqEnd'][0].split('.')[0])
-# Take the last element in the array
-last = sorted_mods[-1][1]['reqEnd'][0].split('.')[0]
+def getLastBuildTime():
+ cache_last_mod = 0
+
+ try:
+ fd = open(os.path.join(GenerateDir, "last_update.trace"), "r")
+ cache_last_mod=fd.read().split()
+ try:
+ cache_last_mod = cache_last_mod[0]
+ except IndexError:
+ pass
+ fd.close()
+ except IOError, e:
+ if e.errno == errno.ENOENT:
+ pass
+ else:
+ raise e
+
+ return cache_last_mod
+
+
+
+l = make_ldap_conn()
# override globaldir for testing
if 'UD_GENERATEDIR' in os.environ:
GenerateDir = os.environ['UD_GENERATEDIR']
-cache_last_mod = 0
-
-try:
- fd = open(os.path.join(GenerateDir, "last_update.trace"), "r")
- cache_last_mod=fd.read().strip()
+ldap_last_mod = getLastLDAPChangeTime(l)
+cache_last_mod = getLastBuildTime()
+if cache_last_mod >= ldap_last_mod:
+ fd = open(os.path.join(GenerateDir, "last_update.trace"), "w")
+ fd.write("%s\n%s\n" % (ldap_last_mod, int(time.time())))
fd.close()
-except IOError, e:
- if e.errno == errno.ENOENT:
- pass
- else:
- raise e
-if cache_last_mod >= last:
sys.exit(0)
-fd = open(os.path.join(GenerateDir, "last_update.trace"), "w")
-fd.write(last)
-fd.close()
-
# Fetch all the groups
GroupIDMap = {}
attrs = l.search_s(BaseDn, ldap.SCOPE_ONELEVEL, "gid=*",\
sys.stderr.write("Could not acquire lock %s.\n"%(lockf))
sys.exit(1)
+ tracefd = open(os.path.join(GenerateDir, "last_update.trace"), "w")
generate_all(GenerateDir, l)
+ tracefd.write("%s\n%s\n" % (ldap_last_mod, int(time.time())))
+ tracefd.close()
finally:
if lock is not None:
lock.release()
+
# vim:set et:
# vim:set ts=3:
# vim:set shiftwidth=3: