functions.
* ud-generate: Add -f option to build even if cache is current.
* ud-generate: Move main code into a ud_generate()
+ * ud-generate: speed improvements:
+ - cut down on calls to IsInGroup by doing it once in generate_host()
+ and not having the individual generators run it.
+ o side effect: Up until now we exported empty groups to a host, if
+ that group had a user with that group as their primary group - even
+ if that particular user was not exported to this this. No we no
+ longer export empty groups.
[ Stephen Gran ]
* Fix deprecation warnings for sha module by using hashlib module instead
* ud-replicate: set correct permissions for web-passwords
* add freecdb to depends
- -- Peter Palfrader <weasel@debian.org> Mon, 12 Mar 2012 12:06:20 +0100
+ -- Peter Palfrader <weasel@debian.org> Mon, 12 Mar 2012 13:06:08 +0100
userdir-ldap (0.3.79) unstable; urgency=low
#
GroupIDMap = {}
SubGroupMap = {}
-Allowed = None
CurrentHost = ""
# return account['gidNumber'] == 800
# See if this user is in the group list
-def IsInGroup(account):
- if Allowed is None:
- return True
-
+def IsInGroup(account, allowed):
# See if the primary group is in the list
- if str(account['gidNumber']) in Allowed: return True
+ if str(account['gidNumber']) in allowed: return True
# Check the host based ACL
if account.is_allowed_by_hostacl(CurrentHost): return True
supgroups=[]
addGroups(supgroups, account['supplementaryGid'], account['uid'])
for g in supgroups:
- if Allowed.has_key(g):
+ if allowed.has_key(g):
return True
return False
userlist = {}
i = 0
for a in accounts:
- if not IsInGroup(a): continue
-
# Do not let people try to buffer overflow some busted passwd parser.
if len(a['gecos']) > 100 or len(a['loginShell']) > 50: continue
i = 0
for a in accounts:
- Pass = '*'
- if not IsInGroup(a): continue
-
# If the account is locked, mark it as such in shadow
# See Debian Bug #308229 for why we set it to 1 instead of 0
if not a.pw_active(): ShadowExpire = '1'
for a in accounts:
Pass = '*'
- if not IsInGroup(a): continue
-
if 'sudoPassword' in a:
for entry in a['sudoPassword']:
Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry)
# Sort them into a list of groups having a set of users
for a in accounts:
GroupHasPrimaryMembers[ a['gidNumber'] ] = True
- if not IsInGroup(a): continue
if not 'supplementaryGid' in a: continue
supgroups=[]
for a in accounts:
if not 'emailForward' in a: continue
-
delete = False
- if not IsInGroup(a): delete = True
# Do not allow people to try to buffer overflow busted parsers
- elif len(a['emailForward']) > 200: delete = True
+ if len(a['emailForward']) > 200: delete = True
# Check the forwarding address
elif EmailCheck.match(a['emailForward']) is None: delete = True
for extra in host[1]['exportOptions']:
ExtraList[extra.upper()] = True
- global Allowed
- Allowed = GroupList
- if Allowed == {}:
- Allowed = None
+ if GroupList != {}:
+ accounts = filter(lambda x: IsInGroup(x, GroupList), accounts)
DoLink(global_dir, OutDir, "debianhosts")
DoLink(global_dir, OutDir, "ssh_known_hosts")
DoLink(global_dir, OutDir, "mail-rhsbl")
DoLink(global_dir, OutDir, "mail-whitelist")
DoLink(global_dir, OutDir, "all-accounts.json")
- GenCDB(filter(lambda x: IsInGroup(x), accounts), OutDir + "user-forward.cdb", 'emailForward')
- GenCDB(filter(lambda x: IsInGroup(x), accounts), OutDir + "batv-tokens.cdb", 'bATVToken')
- GenCDB(filter(lambda x: IsInGroup(x), accounts), OutDir + "default-mail-options.cdb", 'mailDefaultOptions')
+ GenCDB(accounts, OutDir + "user-forward.cdb", 'emailForward')
+ GenCDB(accounts, OutDir + "batv-tokens.cdb", 'bATVToken')
+ GenCDB(accounts, OutDir + "default-mail-options.cdb", 'mailDefaultOptions')
# Compatibility.
DoLink(global_dir, OutDir, "forward-alias")