template (it can be different when we read it from input using -n).
* Tweak templates/welcome-message-60000.
* ud-generate: don't blow up when a host does not have IP-addresses.
+ * We autogenerate the authorized_keys files for sshdist on db-master.
+ It limits the hosts' ssh key to coming from their respective addresses.
+ Now we can add additional source addresses to accept for this since
+ not all hosts appear to come from their published address (or have
+ a published address for that matter).
- -- Peter Palfrader <weasel@debian.org> Tue, 22 Sep 2009 21:32:39 +0200
+ -- Peter Palfrader <weasel@debian.org> Tue, 22 Sep 2009 21:51:31 +0200
userdir-ldap (0.3.71) unstable; urgency=low
for I in x[1]["sshRSAHostKey"]:
if mode and mode == 'authorized_keys':
- Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="%s" %s' % (Host, ",".join(HostToIP(x)), I)
+ hosts = HostToIP(x)
+ if 'sshdistAuthKeysHost' in x[1]:
+ hosts += x[1]['sshdistAuthKeysHost']
+ Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="%s" %s' % (Host, ",".join(hosts), I)
#Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding %s' % (Host,I)
else:
Line = "%s %s" %(",".join(HostNames + HostToIP(x, False)), I)
"exportOptions": ["Export-Opts", 18],
"ipHostNumber": ["IP Address", 19],
"mXRecord": ["MXRecord", 20],
+ "sshdistAuthKeysHost": ["extra authkeys ip", 21],
}
AttrPrompt = {"description": ["Purpose of the machine"],
"exportOptions": ["additional export options"],
"ipHostNumber": ["IP Addresses(es) of the machine"],
"mXRecord": ["Mail Exchanger for this machine"],
+ "sshdistAuthKeysHost": ["additional hosts for sshdist's authkeys file"],
};
# Create a map of IDs to desc,value,attr
# Change a single attribute
def ChangeAttr(Attrs,Attr):
- if (Attr in ["sponsor", "sshRSAHostKey", "purpose", "allowedGroups", "exportOptions", "ipHostNumber", "mXRecord"]):
+ if (Attr in ["sponsor", "sshRSAHostKey", "purpose", "allowedGroups", "exportOptions", "ipHostNumber", "mXRecord", "sshdistAuthKeysHost"]):
return MultiChangeAttr(Attrs,Attr);
print "Old value: '%s'" % (GetAttr(Attrs,Attr,""));
# .38 - mailContentInspectionAction
# .39 - allowedGroups
# .40 - exportOptions
+# .41 - sshdistAuthKeysHost
#
# .3 - experimental LDAP objectClasses
# .1 - debianDeveloper
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.41
+ NAME ( 'sshdistAuthKeysHost' )
+ SUP ipHostNumber )
+
# Public object classes
MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
distribution $ l $ machine $ memory $ sponsor $
sponsor-admin $ status $ physicalHost $ ipHostNumber $
- sshRSAHostKey $ purpose $ allowedGroups $ exportOptions $ MXRecord
+ sshRSAHostKey $ purpose $ allowedGroups $ exportOptions $ MXRecord $
+ sshdistAuthKeysHost
) )
objectclass ( 1.3.6.1.4.1.9586.100.4.3.3