isSSHFP = re.compile("^\s*IN\s+SSHFP")
DNSZone = ".debian.net"
Keyrings = ConfModule.sync_keyrings.split(":")
+GitoliteSSHRestrictions = getattr(ConfModule, "gitolitesshrestrictions", None)
+
def safe_makedirs(dir):
try:
raise
Done(File, F, None)
+# Generate the sudo passwd file
+def GenSSHGitolite(accounts, File):
+ F = None
+ try:
+ OldMask = os.umask(0022)
+ F = open(File + ".tmp", "w", 0600)
+ os.umask(OldMask)
+
+ if not GitoliteSSHRestrictions is None and GitoliteSSHRestrictions != "":
+ for a in accounts:
+ if not 'sshRSAAuthKey' in a: continue
+
+ User = a['uid']
+ prefix = GitoliteSSHRestrictions.replace('@@USER@@', User)
+ for I in a["sshRSAAuthKey"]:
+ if I.startswith('ssh-'):
+ line = "%s %s"%(prefix, I)
+ else:
+ line = "%s,%s"%(prefix, I)
+ line = Sanitize(line) + "\n"
+ F.write(line)
+
+ # Oops, something unspeakable happened.
+ except:
+ Die(File, F, None)
+ raise
+ Done(File, F, None)
+
# Generate the shadow list
def GenSSHShadow(global_dir, accounts):
# Fetch all the users
for z in a["dnsZoneEntry"]:
Split = z.lower().split()
if Split[1].lower() == 'in':
- for y in range(0, len(Split)):
- if Split[y] == "$":
- Split[y] = "\n\t"
Line = " ".join(Split) + "\n"
F.write(Line)
-
+
Host = Split[0] + DNSZone
if BSMTPCheck.match(Line) != None:
F.write("; Has BSMTP\n")
-
+
# Write some identification information
if not RRs.has_key(Host):
if Split[2].lower() in ["a", "aaaa"]:
else:
Line = "; Err %s"%(str(Split))
F.write(Line)
-
+
F.write("\n")
except Exception, e:
F.write("; Errors:\n")
GenMarkers(accounts, global_dir + "markers")
GenSSHKnown(host_attrs, global_dir + "ssh_known_hosts")
GenHosts(host_attrs, global_dir + "debianhosts")
+ GenSSHGitolite(accounts, global_dir + "ssh-gitolite")
GenDNS(accounts, global_dir + "dns-zone")
GenZoneRecords(host_attrs, global_dir + "dns-sshfp")
if 'PRIVATE' in ExtraList:
DoLink(global_dir, OutDir, "debian-private")
+ if 'GITOLITE' in ExtraList:
+ DoLink(global_dir, OutDir, "ssh-gitolite")
+
if 'WEB-PASSWORDS' in ExtraList:
DoLink(global_dir, OutDir, "web-passwords")
posix.remove(target)
except:
pass
+ DoLink(global_dir, OutDir, "last_update.trace")
-l = make_ldap_conn()
-mods = l.search_s('cn=log',
- ldap.SCOPE_ONELEVEL,
- '(&(&(!(reqMod=activity-from*))(!(reqMod=activity-pgp*)))(|(reqType=add)(reqType=delete)(reqType=modify)(reqType=modrdn)))',
- ['reqEnd'])
+def getLastLDAPChangeTime(l):
+ mods = l.search_s('cn=log',
+ ldap.SCOPE_ONELEVEL,
+ '(&(&(!(reqMod=activity-from*))(!(reqMod=activity-pgp*)))(|(reqType=add)(reqType=delete)(reqType=modify)(reqType=modrdn)))',
+ ['reqEnd'])
+
+ last = 0
+
+ # Sort the list by reqEnd
+ sorted_mods = sorted(mods, key=lambda mod: mod[1]['reqEnd'][0].split('.')[0])
+ # Take the last element in the array
+ last = sorted_mods[-1][1]['reqEnd'][0].split('.')[0]
-last = 0
+ return last
-# Sort the list by reqEnd
-sorted_mods = sorted(mods, key=lambda mod: mod[1]['reqEnd'][0].split('.')[0])
-# Take the last element in the array
-last = sorted_mods[-1][1]['reqEnd'][0].split('.')[0]
+def getLastBuildTime():
+ cache_last_mod = 0
+
+ try:
+ fd = open(os.path.join(GenerateDir, "last_update.trace"), "r")
+ cache_last_mod=fd.read().split()
+ try:
+ cache_last_mod = cache_last_mod[0]
+ except IndexError:
+ pass
+ fd.close()
+ except IOError, e:
+ if e.errno == errno.ENOENT:
+ pass
+ else:
+ raise e
+
+ return cache_last_mod
+
+
+
+l = make_ldap_conn()
# override globaldir for testing
if 'UD_GENERATEDIR' in os.environ:
GenerateDir = os.environ['UD_GENERATEDIR']
-cache_last_mod = [0,0]
-
-try:
- fd = open(os.path.join(GenerateDir, "last_update.trace"), "r")
- cache_last_mod=fd.read().split()
+ldap_last_mod = getLastLDAPChangeTime(l)
+cache_last_mod = getLastBuildTime()
+if cache_last_mod >= ldap_last_mod:
+ fd = open(os.path.join(GenerateDir, "last_update.trace"), "w")
+ fd.write("%s\n%s\n" % (ldap_last_mod, int(time.time())))
fd.close()
-except IOError, e:
- if e.errno == errno.ENOENT:
- pass
- else:
- raise e
-
-fd = open(os.path.join(GenerateDir, "last_update.trace"), "w")
-fd.write("%s\n%s\n" % (last, int(time.time())))
-fd.close()
-
-if cache_last_mod[0] >= last:
sys.exit(0)
# Fetch all the groups
sys.stderr.write("Could not acquire lock %s.\n"%(lockf))
sys.exit(1)
+ tracefd = open(os.path.join(GenerateDir, "last_update.trace"), "w")
generate_all(GenerateDir, l)
+ tracefd.write("%s\n%s\n" % (ldap_last_mod, int(time.time())))
+ tracefd.close()
finally:
if lock is not None:
lock.release()
+
# vim:set et:
# vim:set ts=3:
# vim:set shiftwidth=3: