X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=blobdiff_plain;f=ud-generate;h=27c1565fb3c3ab2ad954013bbd0d1e84b4a40faf;hp=d1773ff2337d1530132d26c80d2c201d5acba0f6;hb=55004c1aa2b0c0e1dde3014f9b2535904e57adc4;hpb=9faf24404f56567aba452ea8263d6194bc594002 diff --git a/ud-generate b/ud-generate index d1773ff..27c1565 100755 --- a/ud-generate +++ b/ud-generate @@ -7,13 +7,25 @@ from userdir_ldap import *; PasswdAttrs = None; GroupIDMap = {}; +Allowed = None; +CurrentHost = ""; # See if this user is in the group list -def IsInGroup(DnRecord,Allowed): +def IsInGroup(DnRecord): + global Allowed,CurrentHost; + if Allowed == None: + return 1; + # See if the primary group is in the list if Allowed.has_key(GetAttr(DnRecord,"gidnumber")) != 0: return 1; + # Check the host based ACL + if DnRecord[1].has_key("allowedhosts") != 0: + for I in DnRecord[1]["allowedhosts"]: + if CurrentHost == I: + return 1; + # See if there are supplementary groups if DnRecord[1].has_key("supplementarygid") == 0: return 0; @@ -43,7 +55,7 @@ def Done(File,F,Fdb): os.rename(File + ".tdb.tmp",File+".tdb"); # Generate the password list -def GenPasswd(l,File,HomePrefix,Allowed): +def GenPasswd(l,File,HomePrefix): F = None; Fdb = None; try: @@ -57,7 +69,7 @@ def GenPasswd(l,File,HomePrefix,Allowed): I = 0; for x in PasswdAttrs: - if x[1].has_key("uidnumber") == 0 or IsInGroup(x,Allowed) == 0: + if x[1].has_key("uidnumber") == 0 or IsInGroup(x) == 0: continue; Line = "%s:x:%s:%s:%s:%s%s:%s\n" % (GetAttr(x,"uid"),\ @@ -77,7 +89,7 @@ def GenPasswd(l,File,HomePrefix,Allowed): Done(File,F,Fdb); # Generate the shadow list -def GenShadow(l,File,Allowed): +def GenShadow(l,File): F = None; Fdb = None; try: @@ -93,7 +105,7 @@ def GenShadow(l,File,Allowed): I = 0; for x in PasswdAttrs: - if x[1].has_key("uidnumber") == 0 or IsInGroup(x,Allowed) == 0: + if x[1].has_key("uidnumber") == 0 or IsInGroup(x) == 0: continue; Pass = GetAttr(x,"userpassword"); @@ -118,7 +130,7 @@ def GenShadow(l,File,Allowed): Done(File,F,Fdb); # Generate the group list -def GenGroup(l,File,Allowed): +def GenGroup(l,File): F = None; Fdb = None; try: @@ -137,7 +149,7 @@ def GenGroup(l,File,Allowed): # Sort them into a list of groups having a set of users for x in PasswdAttrs: - if x[1].has_key("uidnumber") == 0 or IsInGroup(x,Allowed) == 0: + if x[1].has_key("uidnumber") == 0 or IsInGroup(x) == 0: continue; if x[1].has_key("supplementarygid") == 0: continue; @@ -170,7 +182,7 @@ def GenGroup(l,File,Allowed): Done(File,F,Fdb); # Generate the email forwarding list -def GenForward(l,File,Allowed): +def GenForward(l,File): F = None; Fdb = None; try: @@ -186,7 +198,7 @@ def GenForward(l,File,Allowed): # Write out the email address for each user for x in PasswdAttrs: - if x[1].has_key("emailforward") == 0 or IsInGroup(x,Allowed) == 0: + if x[1].has_key("emailforward") == 0 or IsInGroup(x) == 0: continue; Line = "%s: %s\n" % (GetAttr(x,"uid"),GetAttr(x,"emailforward")); F.write(Line); @@ -248,7 +260,8 @@ PasswdAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=*",\ ["uid","uidnumber","gidnumber","supplementarygid",\ "gecos","loginshell","userpassword","shadowlastchange",\ "shadowmin","shadowmax","shadowwarning","shadowinactive", - "shadowexpire","emailforward","latitude","longitude"]); + "shadowexpire","emailforward","latitude","longitude",\ + "allowedhosts"]); # Open the control file if len(sys.argv) == 1: @@ -277,9 +290,13 @@ while(1): if GroupIDMap.has_key(I): GroupList[str(GroupIDMap[I])] = None; - GenPasswd(l,OutDir+"passwd",Split[1],GroupList); - GenGroup(l,OutDir+"group",GroupList); - GenShadow(l,OutDir+"shadow",GroupList); - GenForward(l,OutDir+"forward-alias",GroupList); + global Allowed,CurrentHost; + Allowed = GroupList; + CurrentHost = Split[0]; + + GenPasswd(l,OutDir+"passwd",Split[1]); + GenGroup(l,OutDir+"group"); + GenShadow(l,OutDir+"shadow"); + GenForward(l,OutDir+"forward-alias"); GenMarkers(l,OutDir+"markers");