From: Martin Zobel-Helas <zobel@debian.org>
Date: Wed, 13 Jun 2012 22:10:50 +0000 (+0200)
Subject: Merge branch 'master' of git+ssh://db.debian.org/git/userdir-ldap
X-Git-Tag: userdir-ldap-0.3.85~61
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=60e335bcb88d3995e4cc7217829b1bad233f7c8c;hp=e680910762c39b29f9fd2e4bbb42cdf0ec994af5

Merge branch 'master' of git+ssh://db.debian.org/git/userdir-ldap

* 'master' of git+ssh://db.debian.org/git/userdir-ldap:
  fix
  userdir-ldap-slapd.conf.in: explicitly list readable attributes.  End with 'by * none'.
  ud-generate: Also rebuild if one of our keyrings has changed, even if ldap has not.
  ud-lock: support supplying a status to set instead of 'retiring'
---

diff --git a/debian/changelog b/debian/changelog
index a0e969c..d62afbb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -53,6 +53,9 @@ userdir-ldap (0.3.80) UNRELEASED; urgency=low
   * ud-lock: support supplying a status to set instead of 'retiring'.
   * ud-generate: Also rebuild if one of our keyrings has changed, even if
     ldap has not.
+  * userdir-ldap-slapd.conf.in: explicitly list readable attributes.
+    End with 'by * none'.
+
 
   [ Stephen Gran ]
   * Fix deprecation warnings for sha module by using hashlib module instead
@@ -62,15 +65,15 @@ userdir-ldap (0.3.80) UNRELEASED; urgency=low
 
   [ Martin Zobel-Helas ]
   * ud-generate: generate webPasswords
+  * ud-generate: generate voipPasswords
   * ud-replicate: set correct permissions for web-passwords
+  * ud-replicate: set correct permissions for voip-passwords
   * add freecdb to depends
   * userdir-ldap.schema
     - add webPasswords
     - add mailPreserveSuffixSeperator
+    - add voipPasswords
 
-  [ Peter Palfrader ]
-  * userdir-ldap-slapd.conf.in: explicitly list readable attributes.
-    End with 'by * none'.
 
  -- Peter Palfrader <weasel@debian.org>  Mon, 14 May 2012 18:45:07 +0200
 
diff --git a/ud-generate b/ud-generate
index 0f6b5ae..21d8baa 100755
--- a/ud-generate
+++ b/ud-generate
@@ -32,6 +32,9 @@ import string, re, time, ldap, optparse, sys, os, pwd, posix, socket, base64, ha
 from userdir_ldap import *
 from userdir_exceptions import *
 import UDLdap
+from xml.etree.ElementTree import Element, SubElement, Comment
+from xml.etree import ElementTree
+from xml.dom import minidom
 try:
    from cStringIO import StringIO
 except ImportError:
@@ -69,6 +72,12 @@ DNSZone = ".debian.net"
 Keyrings = ConfModule.sync_keyrings.split(":")
 GitoliteSSHRestrictions = getattr(ConfModule, "gitolitesshrestrictions", None)
 
+def prettify(elem):
+   """Return a pretty-printed XML string for the Element.
+   """
+   rough_string = ElementTree.tostring(elem, 'utf-8')
+   reparsed = minidom.parseString(rough_string)
+   return reparsed.toprettyxml(indent="  ")
 
 def safe_makedirs(dir):
    try:
@@ -390,6 +399,39 @@ def GenWebPassword(accounts, File):
       Die(File, None, F)
       raise
 
+# Generate the voipPassword list
+def GenVoipPassword(accounts, File):
+   F = None
+   try:
+      OldMask = os.umask(0077)
+      F = open(File, "w", 0600)
+      os.umask(OldMask)
+
+      root = Element('domain')
+      root.attrib['name'] = "$${sip_profile}"
+
+      for a in accounts:
+         if not 'voipPassword' in a: continue
+         if not a.pw_active(): continue
+
+         Pass = str(a['voipPassword'])
+         user = Element('user')
+         user.attrib['id'] = "%s" % (a['uid'])
+         root.append(user)
+         params = Element('params')
+         user.append(params)
+         param = Element('param')
+         params.append(param)
+         param.attrib['name'] = "a1-hash"
+         param.attrib['value'] = "%s" % (Pass)
+
+      F.write("%s" % (prettify(root)))
+
+
+   except:
+      Die(File, None, F)
+      raise
+
 def GenSSHtarballs(global_dir, userlist, ssh_userkeys, grouprevmap, target, current_host):
    OldMask = os.umask(0077)
    tf = tarfile.open(name=os.path.join(global_dir, 'ssh-keys-%s.tar.gz' % current_host), mode='w:gz')
@@ -1021,7 +1063,7 @@ def get_accounts(ldap_conn):
                     "keyFingerPrint", "privateSub", "mailDisableMessage",\
                     "mailGreylisting", "mailCallout", "mailRBL", "mailRHSBL",\
                     "mailWhitelist", "sudoPassword", "objectClass", "accountStatus",\
-                    "mailContentInspectionAction", "webPassword"])
+                    "mailContentInspectionAction", "webPassword", "voipPassword"])
 
    if passwd_attrs is None:
       raise UDEmptyList, "No Users"
@@ -1107,6 +1149,7 @@ def generate_all(global_dir, ldap_conn):
    GenMailList(accounts, global_dir + "mail-rhsbl", "mailRHSBL")
    GenMailList(accounts, global_dir + "mail-whitelist", "mailWhitelist")
    GenWebPassword(accounts, global_dir + "web-passwords")
+   GenVoipPassword(accounts, global_dir + "voip-passwords")
    GenKeyrings(global_dir)
 
    # Compatibility.
@@ -1214,6 +1257,9 @@ def generate_host(host, global_dir, accounts, ssh_userkeys):
    if 'WEB-PASSWORDS' in ExtraList:
       DoLink(global_dir, OutDir, "web-passwords")
 
+   if 'VOIP-PASSWORDS' in ExtraList:
+      DoLink(global_dir, OutDir, "voip-passwords")
+
    if 'KEYRING' in ExtraList:
       for k in Keyrings:
          bn = os.path.basename(k)
diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in
index 30438b4..66ac323 100644
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -48,7 +48,7 @@ access to filter="(!(supplementaryGid=adm))" attrs=keyFingerPrint
 	by * break
 
 # allow users write access to an explicit subset of their fields
-access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions,facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,privateSub,latitude,longitude,VoIP,userPassword,sudoPassword,webPassword,bATVToken
+access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions,facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,privateSub,latitude,longitude,VoIP,userPassword,sudoPassword,webPassword,voipPassword,bATVToken
 	by self write
 	by * break
 
@@ -58,7 +58,7 @@ access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,bi
 ##
 
 # allow authn/z by anyone
-access to attrs=userPassword,sudoPassword,webPassword,bATVToken
+access to attrs=userPassword,sudoPassword,webPassword,voipPassword,bATVToken
 	by * compare
 
 # readable only by self
diff --git a/userdir-ldap.schema b/userdir-ldap.schema
index 73c8640..b45f6c7 100644
--- a/userdir-ldap.schema
+++ b/userdir-ldap.schema
@@ -109,6 +109,7 @@
 #   .41 - sshdistAuthKeysHost
 #   .42 - dnsTTL
 #   .43 - webPassword
+#   .44 - voipPassword
 #
 # .3 - experimental LDAP objectClasses
 #   .1 - debianDeveloper
@@ -407,6 +408,12 @@ attributetype ( 1.3.6.1.4.1.9586.100.4.2.43
 	EQUALITY octetStringMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
 
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.44
+	NAME 'voipPassword'
+	DESC 'password for voip.debian.org'
+	EQUALITY octetStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
 # Experimental attribute types
 
 # There are existing schemas for doing DNS in LDAP; would one of
@@ -536,7 +543,7 @@ objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
 	DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
 	SUP top AUXILIARY
 	MUST ( cn $ uid $ uidNumber $ gidNumber )
-	MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword $ webPassword ) )
+	MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword $ webPassword $ voipPassword ) )
 
 objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
 	NAME 'debianGroup'