ud-generate: Move code into getLastBuildTime() and getLastLDAPChangeTime() functions.

[mirror/userdir-ldap.git] / ud-generate

diff --git a/ud-generate b/ud-generate
index d699633..78caa4a 100755 (executable)
--- a/ud-generate
+++ b/ud-generate
@@ -70,6 +70,8 @@ IsDebianHost = re.compile(ConfModule.dns_hostmatch)
 isSSHFP = re.compile("^\s*IN\s+SSHFP")
 DNSZone = ".debian.net"
 Keyrings = ConfModule.sync_keyrings.split(":")
+GitoliteSSHRestrictions = getattr(ConfModule, "gitolitesshrestrictions", None)
+
 
 def safe_makedirs(dir):
    try:
@@ -338,6 +340,34 @@ def GenShadowSudo(accounts, File, untrusted):
       raise
    Done(File, F, None)
 
+# Generate the sudo passwd file
+def GenSSHGitolite(accounts, File):
+   F = None
+   try:
+      OldMask = os.umask(0022)
+      F = open(File + ".tmp", "w", 0600)
+      os.umask(OldMask)
+
+      if not GitoliteSSHRestrictions is None and GitoliteSSHRestrictions != "":
+         for a in accounts:
+            if not 'sshRSAAuthKey' in a: continue
+
+            User = a['uid']
+            prefix = GitoliteSSHRestrictions.replace('@@USER@@', User)
+            for I in a["sshRSAAuthKey"]:
+               if I.startswith('ssh-'):
+                  line = "%s %s"%(prefix, I)
+               else:
+                  line = "%s,%s"%(prefix, I)
+               line = Sanitize(line) + "\n"
+               F.write(line)
+
+   # Oops, something unspeakable happened.
+   except:
+      Die(File, F, None)
+      raise
+   Done(File, F, None)
+
 # Generate the shadow list
 def GenSSHShadow(global_dir, accounts):
    # Fetch all the users
@@ -742,16 +772,13 @@ def GenDNS(accounts, File):
             for z in a["dnsZoneEntry"]:
                Split = z.lower().split()
                if Split[1].lower() == 'in':
-                  for y in range(0, len(Split)):
-                     if Split[y] == "$":
-                        Split[y] = "\n\t"
                   Line = " ".join(Split) + "\n"
                   F.write(Line)
-     
+
                   Host = Split[0] + DNSZone
                   if BSMTPCheck.match(Line) != None:
                      F.write("; Has BSMTP\n")
-     
+
                   # Write some identification information
                   if not RRs.has_key(Host):
                      if Split[2].lower() in ["a", "aaaa"]:
@@ -763,7 +790,7 @@ def GenDNS(accounts, File):
                else:
                   Line = "; Err %s"%(str(Split))
                   F.write(Line)
-     
+
             F.write("\n")
          except Exception, e:
             F.write("; Errors:\n")
@@ -1101,6 +1128,7 @@ def generate_all(global_dir, ldap_conn):
    GenMarkers(accounts, global_dir + "markers")
    GenSSHKnown(host_attrs, global_dir + "ssh_known_hosts")
    GenHosts(host_attrs, global_dir + "debianhosts")
+   GenSSHGitolite(accounts, global_dir + "ssh-gitolite")
 
    GenDNS(accounts, global_dir + "dns-zone")
    GenZoneRecords(host_attrs, global_dir + "dns-sshfp")
@@ -1193,6 +1221,9 @@ def generate_host(host, global_dir, accounts, ssh_files):
    if 'PRIVATE' in ExtraList:
       DoLink(global_dir, OutDir, "debian-private")
 
+   if 'GITOLITE' in ExtraList:
+      DoLink(global_dir, OutDir, "ssh-gitolite")
+
    if 'WEB-PASSWORDS' in ExtraList:
       DoLink(global_dir, OutDir, "web-passwords")
 
@@ -1215,42 +1246,57 @@ def generate_host(host, global_dir, accounts, ssh_files):
                posix.remove(target)
          except:
             pass
+   DoLink(global_dir, OutDir, "last_update.trace")
 
-l = make_ldap_conn()
 
-mods = l.search_s('cn=log',
-      ldap.SCOPE_ONELEVEL,
-      '(&(&(!(reqMod=activity-from*))(!(reqMod=activity-pgp*)))(|(reqType=add)(reqType=delete)(reqType=modify)(reqType=modrdn)))',
-      ['reqEnd'])
+def getLastLDAPChangeTime(l):
+   mods = l.search_s('cn=log',
+         ldap.SCOPE_ONELEVEL,
+         '(&(&(!(reqMod=activity-from*))(!(reqMod=activity-pgp*)))(|(reqType=add)(reqType=delete)(reqType=modify)(reqType=modrdn)))',
+         ['reqEnd'])
+
+   last = 0
+
+   # Sort the list by reqEnd
+   sorted_mods = sorted(mods, key=lambda mod: mod[1]['reqEnd'][0].split('.')[0])
+   # Take the last element in the array
+   last = sorted_mods[-1][1]['reqEnd'][0].split('.')[0]
 
-last = 0
+   return last
 
-# Sort the list by reqEnd
-sorted_mods = sorted(mods, key=lambda mod: mod[1]['reqEnd'][0].split('.')[0])
-# Take the last element in the array
-last = sorted_mods[-1][1]['reqEnd'][0].split('.')[0]
+def getLastBuildTime():
+   cache_last_mod = 0
+
+   try:
+      fd = open(os.path.join(GenerateDir, "last_update.trace"), "r")
+      cache_last_mod=fd.read().split()
+      try:
+         cache_last_mod = cache_last_mod[0]
+      except IndexError:
+         pass
+      fd.close()
+   except IOError, e:
+      if e.errno == errno.ENOENT:
+         pass
+      else:
+         raise e
+
+   return cache_last_mod
+
+
+
+l = make_ldap_conn()
 
 # override globaldir for testing
 if 'UD_GENERATEDIR' in os.environ:
    GenerateDir = os.environ['UD_GENERATEDIR']
 
-cache_last_mod = [0,0]
-
-try:
-   fd = open(os.path.join(GenerateDir, "last_update.trace"), "r")
-   cache_last_mod=fd.read().split()
+ldap_last_mod = getLastLDAPChangeTime(l)
+cache_last_mod = getLastBuildTime()
+if cache_last_mod >= ldap_last_mod:
+   fd = open(os.path.join(GenerateDir, "last_update.trace"), "w")
+   fd.write("%s\n%s\n" % (ldap_last_mod, int(time.time())))
    fd.close()
-except IOError, e:
-   if e.errno == errno.ENOENT:
-      pass
-   else:
-      raise e
-
-fd = open(os.path.join(GenerateDir, "last_update.trace"), "w")
-fd.write("%s\n%s\n" % (last, int(time.time())))
-fd.close()
-
-if cache_last_mod[0] >= last:
    sys.exit(0)
 
 # Fetch all the groups
@@ -1276,12 +1322,16 @@ try:
       sys.stderr.write("Could not acquire lock %s.\n"%(lockf))
       sys.exit(1)
 
+   tracefd = open(os.path.join(GenerateDir, "last_update.trace"), "w")
    generate_all(GenerateDir, l)
+   tracefd.write("%s\n%s\n" % (ldap_last_mod, int(time.time())))
+   tracefd.close()
 
 finally:
    if lock is not None:
       lock.release()
 
+
 # vim:set et:
 # vim:set ts=3:
 # vim:set shiftwidth=3: