Try to make key acceptance logic clearer
[mirror/userdir-ldap.git] / ud-generate
index 41350d0..b438ece 100755 (executable)
@@ -307,7 +307,7 @@ def GenShadowSudo(accounts, File, untrusted, current_host):
          Pass = '*'
          if 'sudoPassword' in a:
             for entry in a['sudoPassword']:
-               Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry)
+               Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*-]+) ([^ ]+)$').match(entry)
                if Match == None:
                   continue
                uuid = Match.group(1)
@@ -886,10 +886,14 @@ def ExtractDNSInfo(x):
             Algorithm = 1
          if Split[0] == 'ssh-dss':
             Algorithm = 2
+         if Split[0] == 'ssh-ed25519':
+            Algorithm = 4
          if Algorithm == None:
             continue
          Fingerprint = hashlib.new('sha1', base64.decodestring(Split[1])).hexdigest()
          DNSInfo.append("%sIN\tSSHFP\t%u 1 %s" % (TTLprefix, Algorithm, Fingerprint))
+         Fingerprint = hashlib.new('sha256', base64.decodestring(Split[1])).hexdigest()
+         DNSInfo.append("%sIN\tSSHFP\t%u 2 %s" % (TTLprefix, Algorithm, Fingerprint))
 
    if 'architecture' in x[1]:
       Arch = GetAttr(x, "architecture")