We autogenerate the authorized_keys files for sshdist on db-master. It
limits the hosts' ssh key to coming from their respective addresses.
Now we can add additional source addresses to accept for this since not
all hosts appear to come from their published address (or have a
published address for that matter).
template (it can be different when we read it from input using -n).
* Tweak templates/welcome-message-60000.
* ud-generate: don't blow up when a host does not have IP-addresses.
template (it can be different when we read it from input using -n).
* Tweak templates/welcome-message-60000.
* ud-generate: don't blow up when a host does not have IP-addresses.
+ * We autogenerate the authorized_keys files for sshdist on db-master.
+ It limits the hosts' ssh key to coming from their respective addresses.
+ Now we can add additional source addresses to accept for this since
+ not all hosts appear to come from their published address (or have
+ a published address for that matter).
- -- Peter Palfrader <weasel@debian.org> Tue, 22 Sep 2009 21:32:39 +0200
+ -- Peter Palfrader <weasel@debian.org> Tue, 22 Sep 2009 21:51:31 +0200
userdir-ldap (0.3.71) unstable; urgency=low
userdir-ldap (0.3.71) unstable; urgency=low
for I in x[1]["sshRSAHostKey"]:
if mode and mode == 'authorized_keys':
for I in x[1]["sshRSAHostKey"]:
if mode and mode == 'authorized_keys':
- Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="%s" %s' % (Host, ",".join(HostToIP(x)), I)
+ hosts = HostToIP(x)
+ if 'sshdistAuthKeysHost' in x[1]:
+ hosts += x[1]['sshdistAuthKeysHost']
+ Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="%s" %s' % (Host, ",".join(hosts), I)
#Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding %s' % (Host,I)
else:
Line = "%s %s" %(",".join(HostNames + HostToIP(x, False)), I)
#Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding %s' % (Host,I)
else:
Line = "%s %s" %(",".join(HostNames + HostToIP(x, False)), I)
"exportOptions": ["Export-Opts", 18],
"ipHostNumber": ["IP Address", 19],
"mXRecord": ["MXRecord", 20],
"exportOptions": ["Export-Opts", 18],
"ipHostNumber": ["IP Address", 19],
"mXRecord": ["MXRecord", 20],
+ "sshdistAuthKeysHost": ["extra authkeys ip", 21],
}
AttrPrompt = {"description": ["Purpose of the machine"],
}
AttrPrompt = {"description": ["Purpose of the machine"],
"exportOptions": ["additional export options"],
"ipHostNumber": ["IP Addresses(es) of the machine"],
"mXRecord": ["Mail Exchanger for this machine"],
"exportOptions": ["additional export options"],
"ipHostNumber": ["IP Addresses(es) of the machine"],
"mXRecord": ["Mail Exchanger for this machine"],
+ "sshdistAuthKeysHost": ["additional hosts for sshdist's authkeys file"],
};
# Create a map of IDs to desc,value,attr
};
# Create a map of IDs to desc,value,attr
# Change a single attribute
def ChangeAttr(Attrs,Attr):
# Change a single attribute
def ChangeAttr(Attrs,Attr):
- if (Attr in ["sponsor", "sshRSAHostKey", "purpose", "allowedGroups", "exportOptions", "ipHostNumber", "mXRecord"]):
+ if (Attr in ["sponsor", "sshRSAHostKey", "purpose", "allowedGroups", "exportOptions", "ipHostNumber", "mXRecord", "sshdistAuthKeysHost"]):
return MultiChangeAttr(Attrs,Attr);
print "Old value: '%s'" % (GetAttr(Attrs,Attr,""));
return MultiChangeAttr(Attrs,Attr);
print "Old value: '%s'" % (GetAttr(Attrs,Attr,""));
# .38 - mailContentInspectionAction
# .39 - allowedGroups
# .40 - exportOptions
# .38 - mailContentInspectionAction
# .39 - allowedGroups
# .40 - exportOptions
+# .41 - sshdistAuthKeysHost
#
# .3 - experimental LDAP objectClasses
# .1 - debianDeveloper
#
# .3 - experimental LDAP objectClasses
# .1 - debianDeveloper
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.41
+ NAME ( 'sshdistAuthKeysHost' )
+ SUP ipHostNumber )
+
MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
distribution $ l $ machine $ memory $ sponsor $
sponsor-admin $ status $ physicalHost $ ipHostNumber $
MAY ( c $ access $ admin $ architecture $ bandwidth $ description $ disk $
distribution $ l $ machine $ memory $ sponsor $
sponsor-admin $ status $ physicalHost $ ipHostNumber $
- sshRSAHostKey $ purpose $ allowedGroups $ exportOptions $ MXRecord
+ sshRSAHostKey $ purpose $ allowedGroups $ exportOptions $ MXRecord $
+ sshdistAuthKeysHost
) )
objectclass ( 1.3.6.1.4.1.9586.100.4.3.3
) )
objectclass ( 1.3.6.1.4.1.9586.100.4.3.3