-userdir-ldap (0.3.XX) unstable; urgency=low
+userdir-ldap (0.3.44) unstable; urgency=low
* ud-mailgate: Do not support del requests for sshDSAAuthKey - there is no
such attribute.
+ * ud-generate: do not export sudopassword to untrusted or nopasswd hosts,
+ unless the password is explicitly added for this host and not just for '*'.
- -- Peter Palfrader <weasel@debian.org> Fri, 26 Sep 2008 14:21:26 +0200
+ -- Peter Palfrader <weasel@debian.org> Fri, 03 Oct 2008 13:23:22 +0200
userdir-ldap (0.3.43) unstable; urgency=low
Done(File,None,F);
# Generate the sudo passwd file
-def GenShadowSudo(l,File):
+def GenShadowSudo(l,File, untrusted):
F = None;
try:
OldMask = os.umask(0077);
for_this_host = CurrentHost in hosts.split(',')
if not (for_all or for_this_host):
continue
+ # ignore * passwords for untrusted hosts, but copy host specific passwords
+ if for_all and untrusted:
+ continue
Pass = cryptedpass
if for_this_host: # this makes sure we take a per-host entry over the for-all entry
break
userlist = GenPasswd(l,OutDir+"passwd",Split[1], "x");
sys.stdout.flush();
grouprevmap = GenGroup(l,OutDir+"group");
- GenShadowSudo(l, OutDir+"sudo-passwd")
+ GenShadowSudo(l, OutDir+"sudo-passwd", ExtraList.has_key("[UNTRUSTED]") or ExtraList.has_key("[NOPASSWD]"))
# Now we know who we're allowing on the machine, export
# the relevant ssh keys