From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 17 May 2008 09:27:06 +0000 (+0200)
Subject: ud-generate: Add support for generation of authorized_keys file on the db host
X-Git-Tag: userdir-ldap-0.3.24~8
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fuserdir-ldap.git;a=commitdiff_plain;h=71eb737f7a183b0c9af6a43dda7785e1b061ef99;hp=611e526f755299a0ad88c163f5abf1e7106a1f70

ud-generate: Add support for generation of authorized_keys file on the db host
for the sshdist user.  This is now possible since ud-replicate clients use
their ssh host key to authenticate to the db server.  The code now supports
this but the feature is still disabled. [aba]
---

diff --git a/debian/changelog b/debian/changelog
index 8c2ebfe..9473aa5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,8 +3,13 @@ userdir-ldap (0.3.XX) Xnstable; urgency=low
   * ud-mailgate: better regex for ssh1 keys, which we reject. [joerg, weasel]
   * ud-replicate: Also support the imposter dchroot-dsa from the debian
     archive. [aba, weasel]
+  * ud-generate: Add support for generation of authorized_keys file on
+    the db host for the sshdist user.  This is now possible since
+    ud-replicate clients use their ssh host key to authenticate to the
+    db server.  The code now supports this but the feature is still
+    disabled. [aba]
 
- -- Peter Palfrader <weasel@debian.org>  Sat, 17 May 2008 11:20:06 +0200
+ -- Peter Palfrader <weasel@debian.org>  Sat, 17 May 2008 11:25:49 +0200
 
 userdir-ldap (0.3.23) unstable; urgency=low
 
diff --git a/ud-generate b/ud-generate
index f3ffc4c..ec618d8 100755
--- a/ud-generate
+++ b/ud-generate
@@ -702,7 +702,7 @@ def GenBSMTP(l,File,HomePrefix):
   Done(File,F,None);
 
 # Generate the ssh known hosts file
-def GenSSHKnown(l,File):
+def GenSSHKnown(l,File,mode=None):
   F = None;
   try:
    OldMask = os.umask(0022);
@@ -734,7 +734,11 @@ def GenSSHKnown(l,File):
 	 else: IPAdresses += [addr[1]]
 
       for I in x[1]["sshRSAHostKey"]:
-         Line = "%s %s" %(",".join(HostNames + IPAdresses), I);
+         if mode and mode == 'authorized_keys':
+            #Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="%s" %s' % (Host, ",".join(HNames + IPAdresses), I)
+            Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding %s' % (Host,I)
+         else:
+            Line = "%s %s" %(",".join(HostNames + IPAdresses), I);
          Line = Sanitize(Line) + "\n";
          F.write(Line);
   # Oops, something unspeakable happened.
@@ -823,6 +827,7 @@ GenMarkers(l,GlobalDir+"markers");
 GenPrivate(l,GlobalDir+"debian-private");
 GenDisabledAccounts(l,GlobalDir+"disabled-accounts");
 GenSSHKnown(l,GlobalDir+"ssh_known_hosts");
+#GenSSHKnown(l,GlobalDir+"authorized_keys", 'authorized_keys');
 GenHosts(l,GlobalDir+"debianhosts");
 GenMailDisable(l,GlobalDir+"mail-disable");
 GenMailBool(l,GlobalDir+"mail-greylist","mailGreylisting");