#
GroupIDMap = {}
SubGroupMap = {}
-Allowed = None
CurrentHost = ""
# return account['gidNumber'] == 800
# See if this user is in the group list
-def IsInGroup(account):
- if Allowed is None:
- return True
-
+def IsInGroup(account, allowed):
# See if the primary group is in the list
- if str(account['gidNumber']) in Allowed: return True
+ if str(account['gidNumber']) in allowed: return True
# Check the host based ACL
if account.is_allowed_by_hostacl(CurrentHost): return True
supgroups=[]
addGroups(supgroups, account['supplementaryGid'], account['uid'])
for g in supgroups:
- if Allowed.has_key(g):
+ if allowed.has_key(g):
return True
return False
userlist = {}
i = 0
for a in accounts:
- if not IsInGroup(a): continue
-
# Do not let people try to buffer overflow some busted passwd parser.
if len(a['gecos']) > 100 or len(a['loginShell']) > 50: continue
i = 0
for a in accounts:
- Pass = '*'
- if not IsInGroup(a): continue
-
# If the account is locked, mark it as such in shadow
# See Debian Bug #308229 for why we set it to 1 instead of 0
if not a.pw_active(): ShadowExpire = '1'
for a in accounts:
Pass = '*'
- if not IsInGroup(a): continue
-
if 'sudoPassword' in a:
for entry in a['sudoPassword']:
Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry)
# Sort them into a list of groups having a set of users
for a in accounts:
GroupHasPrimaryMembers[ a['gidNumber'] ] = True
- if not IsInGroup(a): continue
if not 'supplementaryGid' in a: continue
supgroups=[]
for a in accounts:
if not 'emailForward' in a: continue
-
delete = False
- if not IsInGroup(a): delete = True
# Do not allow people to try to buffer overflow busted parsers
- elif len(a['emailForward']) > 200: delete = True
+ if len(a['emailForward']) > 200: delete = True
# Check the forwarding address
elif EmailCheck.match(a['emailForward']) is None: delete = True
for extra in host[1]['exportOptions']:
ExtraList[extra.upper()] = True
- global Allowed
- Allowed = GroupList
- if Allowed == {}:
- Allowed = None
+ if GroupList != {}:
+ accounts = filter(lambda x: IsInGroup(x, GroupList), accounts)
DoLink(global_dir, OutDir, "debianhosts")
DoLink(global_dir, OutDir, "ssh_known_hosts")
DoLink(global_dir, OutDir, "mail-rhsbl")
DoLink(global_dir, OutDir, "mail-whitelist")
DoLink(global_dir, OutDir, "all-accounts.json")
- GenCDB(filter(lambda x: IsInGroup(x), accounts), OutDir + "user-forward.cdb", 'emailForward')
- GenCDB(filter(lambda x: IsInGroup(x), accounts), OutDir + "batv-tokens.cdb", 'bATVToken')
- GenCDB(filter(lambda x: IsInGroup(x), accounts), OutDir + "default-mail-options.cdb", 'mailDefaultOptions')
+ GenCDB(accounts, OutDir + "user-forward.cdb", 'emailForward')
+ GenCDB(accounts, OutDir + "batv-tokens.cdb", 'bATVToken')
+ GenCDB(accounts, OutDir + "default-mail-options.cdb", 'mailDefaultOptions')
# Compatibility.
DoLink(global_dir, OutDir, "forward-alias")