From: Peter Palfrader Date: Fri, 23 May 2008 08:00:32 +0000 (+0200) Subject: merge from alioth: X-Git-Tag: userdir-ldap-0.3.31~3 X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=3104028493422257dbb8583d6f3e61f87c2bdb08;hp=-c merge from alioth: Make ud-useradd also not use hardcoded path Use sync_keyrings from config instead of hardcoded list --- 3104028493422257dbb8583d6f3e61f87c2bdb08 diff --combined debian/changelog index b717ecb,ac00d77..2c3b48f --- a/debian/changelog +++ b/debian/changelog @@@ -1,48 -1,15 +1,58 @@@ -userdir-ldap (0.3.25+common1) unstable; urgency=low - - [ Martin Zobel-Helas ] - * Fix userdir-ldap.schema (objectClass now contains MAY: VoIP) ++userdir-ldap (0.3.XX) Xnstable; urgency=low + + [ Joerg Jaspert ] + * Use sync_keyrings from config file in ud-generate instead of a + hardcoded list + * Use add_keyrings from config file in ud-useradd instead of a + hardcoded list + - -- Joerg Jaspert Sun, 18 May 2008 13:32:01 +0200 ++ -- Peter Palfrader Fri, 23 May 2008 09:59:15 +0200 ++ +userdir-ldap (0.3.30) unstable; urgency=low + + * When we touch usePassword in ud-info or ud-mailgate we now also + update shadowLastChange. + * When we lock accounts, set shadowExpire to 1. shadowExpire + is "days since Jan 1, 1970 that account is disabled". + * Properly capitalize shadowInactive and shadowExpire attributes in + ud-info and ud-generate. + * Add copyright statements to ud-info from bzr log. + + -- Peter Palfrader Thu, 22 May 2008 22:39:10 +0200 + +userdir-ldap (0.3.29) unstable; urgency=low + + * ud-info: Add an option "L" to lock accounts in the interactive + interface. Locking an account sets a user's password to "{crypt}*LK*" + and sets a mailDisableMessage of "account locked". + + -- Peter Palfrader Thu, 22 May 2008 21:49:19 +0200 + +userdir-ldap (0.3.28) unstable; urgency=low + + * ud-generate: Do not disable mail just because the account is locked. + + -- Peter Palfrader Thu, 22 May 2008 21:38:56 +0200 + +userdir-ldap (0.3.27) unstable; urgency=low + + * Export ssh-keys.tar.gz to [UNTRUSTED] hosts. Since we already export + ssh-rsa-shadow this is probably the right thing. + * Make keys in the ssh-keys tarball mode 0400 instead of mode 0600. + + -- Peter Palfrader Mon, 19 May 2008 08:55:28 +0200 + +userdir-ldap (0.3.26) unstable; urgency=low + + * ud-replicate: sgran pointed out that if all we care about ignoring is + EEXIST then we should use mkdir -p instead of [ -d userkeys ] || mkdir + userkeys. + * ud-mailgate: a bug in DoSSH caused all changes to fail that came after + DoSSH in HandleChange. Now DoSSH properly returns without raising an + exception if the line to handle is not an ssh public key. + * Fix userdir-ldap.schema (objectClass now contains MAY: VoIP). [zobel] + + -- Peter Palfrader Sun, 18 May 2008 14:27:50 +0200 userdir-ldap (0.3.25) unstable; urgency=low diff --combined ud-generate index 5e5aecf,10a124d..17e54b3 --- a/ud-generate +++ b/ud-generate @@@ -38,8 -38,7 +38,7 @@@ CurrentHost = "" EmailCheck = re.compile("^([^ <>@]+@[^ ,<>@]+)?$"); BSMTPCheck = re.compile(".*mx 0 (gluck)\.debian\.org\..*",re.DOTALL); DNSZone = ".debian.net" - Keyrings = [ "/org/keyring.debian.org/keyrings/debian-keyring.gpg", - "/org/keyring.debian.org/keyrings/debian-keyring.pgp" ] + Keyrings = ConfModule.sync_keyrings.split(":") def safe_makedirs(dir): try: @@@ -183,12 -182,12 +182,12 @@@ def GenShadow(l,File) or GetAttr(x,"userPassword").startswith("!"): ShadowExpire = '1' else: - ShadowExpire = GetAttr(x,"shadowexpire") + ShadowExpire = GetAttr(x,"shadowExpire") Line = "%s:%s:%s:%s:%s:%s:%s:%s:" % (GetAttr(x,"uid"),\ Pass,GetAttr(x,"shadowLastChange"),\ GetAttr(x,"shadowMin"),GetAttr(x,"shadowMax"),\ - GetAttr(x,"shadowWarning"),GetAttr(x,"shadowinactive"),\ + GetAttr(x,"shadowWarning"),GetAttr(x,"shadowInactive"),\ ShadowExpire); Line = Sanitize(Line) + "\n"; F.write("0%u %s" % (I,Line)); @@@ -516,11 -515,18 +515,11 @@@ def GenMailDisable(l,File) for x in PasswdAttrs: Reason = None - - # If the account is locked, disable incoming mail - if (GetAttr(x,"userPassword").find("*LK*") != -1): - if GetAttr(x,"uid") == "luther": - continue - else: - Reason = "user account locked" + + if x[1].has_key("mailDisableMessage"): + Reason = GetAttr(x,"mailDisableMessage") else: - if x[1].has_key("mailDisableMessage"): - Reason = GetAttr(x,"mailDisableMessage") - else: - continue + continue # Must be in the Debian group (yuk, hard coded for now) if GetAttr(x,"gidNumber") != "800": @@@ -870,8 -876,8 +869,8 @@@ for x in Attrs PasswdAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=*",\ ["uid","uidNumber","gidNumber","supplementaryGid",\ "gecos","loginShell","userPassword","shadowLastChange",\ - "shadowMin","shadowMax","shadowWarning","shadowinactive", - "shadowexpire","emailForward","latitude","longitude",\ + "shadowMin","shadowMax","shadowWarning","shadowInactive", + "shadowExpire","emailForward","latitude","longitude",\ "allowedHost","sshRSAAuthKey","dnsZoneEntry","cn","sn",\ "keyFingerPrint","privateSub","mailDisableMessage",\ "mailGreylisting","mailCallout","mailRBL","mailRHSBL",\ @@@ -953,6 -959,10 +952,6 @@@ while(1) userlist = GenPasswd(l,OutDir+"passwd",Split[1], "x"); sys.stdout.flush(); grouprevmap = GenGroup(l,OutDir+"group"); - if ExtraList.has_key("[UNTRUSTED]"): - continue; - if not ExtraList.has_key("[NOPASSWD]"): - GenShadow(l,OutDir+"shadow"); # Now we know who we're allowing on the machine, export # the relevant ssh keys @@@ -997,18 -1007,13 +996,18 @@@ # to give a shit^W^W^Wcare about the UIDoffset stuff. to.uname = f to.gname = grname - to.mode = 0600 + to.mode = 0400 tf.addfile(to, file(os.path.join(GlobalDir, 'userkeys', f))) tf.close() os.rename(os.path.join(GlobalDir, 'ssh-keys-%s.tar.gz' % CurrentHost), os.path.join(OutDir, 'ssh-keys.tar.gz')) + if ExtraList.has_key("[UNTRUSTED]"): + continue; + if not ExtraList.has_key("[NOPASSWD]"): + GenShadow(l,OutDir+"shadow"); + # Link in global things DoLink(GlobalDir,OutDir,"markers"); DoLink(GlobalDir,OutDir,"mail-forward.cdb");