Peter Palfrader [Thu, 22 May 2008 19:39:18 +0000 (21:39 +0200)]
Do not disable mail just because the account is locked.
Peter Palfrader [Mon, 19 May 2008 06:56:21 +0000 (08:56 +0200)]
* Export ssh-keys.tar.gz to [UNTRUSTED] hosts. Since we already export
ssh-rsa-shadow this is probably the right thing.
* Make keys in the ssh-keys tarball mode 0400 instead of mode 0600.
Peter Palfrader [Sun, 18 May 2008 12:28:28 +0000 (14:28 +0200)]
Merge from zobel: Fix userdir-ldap.schema (objectClass now contains MAY: VoIP)
Peter Palfrader [Sun, 18 May 2008 12:26:33 +0000 (14:26 +0200)]
ud-mailgate: a bug in DoSSH caused all changes to fail that came after DoSSH in
HandleChange. Now DoSSH properly returns without raising an exception if the
line to handle is not an ssh public key.
Peter Palfrader [Sun, 18 May 2008 11:41:10 +0000 (13:41 +0200)]
ud-replicate: sgran pointed out that if all we care about ignoring is EEXIST
then we should use mkdir -p instead of [ -d userkeys ] || mkdir userkeys.
Martin Zobel-Helas [Sun, 18 May 2008 11:05:54 +0000 (13:05 +0200)]
* fix userdir-ldap.schema, now contains MAY: VoIP
* Add changelog-entry
Joerg Jaspert [Sun, 18 May 2008 10:49:46 +0000 (12:49 +0200)]
Merge from Debian
Peter Palfrader [Sat, 17 May 2008 14:15:26 +0000 (16:15 +0200)]
Make ssh-keys.tar.gz readable only by the user.
Peter Palfrader [Sat, 17 May 2008 13:41:24 +0000 (15:41 +0200)]
0.3.24
Peter Palfrader [Sat, 17 May 2008 13:41:13 +0000 (15:41 +0200)]
And clean up the bugs I introduced while mucking with sgran's shell
Peter Palfrader [Sat, 17 May 2008 13:29:42 +0000 (15:29 +0200)]
Fix string vs. int issue in userlist introduced by multiple-ssh patch
Peter Palfrader [Sat, 17 May 2008 09:41:11 +0000 (11:41 +0200)]
Fix wording in the changelog
Peter Palfrader [Sat, 17 May 2008 09:40:33 +0000 (11:40 +0200)]
Fuzz with the shell in ud-replicate's sshkeys part
Peter Palfrader [Sat, 17 May 2008 09:39:20 +0000 (11:39 +0200)]
ud-replicate, ud-generate: Instead of one big ssh-rsa-shadow file ud-generate
now produces per-user authorized_keys files and tars them up. On the receiving
end ud-replicate takes the tar and syncs it to userkeys/. The goal here is to
no longer require a patched sshd. Setting AuthorizedKeysFile2 to
/var/lib/misc/userkeys/%u is sufficient. For homedir creation we can use
pam_mkhomedir. [mhy, sgran]
Peter Palfrader [Sat, 17 May 2008 09:30:38 +0000 (11:30 +0200)]
merge from alioth: aba: add myself to copyright holders
Peter Palfrader [Sat, 17 May 2008 09:30:01 +0000 (11:30 +0200)]
ud-generate: Add performance optimization by resolving IP adresses for hosts
only once and caching the result. [aba]
Peter Palfrader [Sat, 17 May 2008 09:27:06 +0000 (11:27 +0200)]
ud-generate: Add support for generation of authorized_keys file on the db host
for the sshdist user. This is now possible since ud-replicate clients use
their ssh host key to authenticate to the db server. The code now supports
this but the feature is still disabled. [aba]
Peter Palfrader [Sat, 17 May 2008 09:22:00 +0000 (11:22 +0200)]
ud-replicate: Also support the imposter dchroot-dsa from the debian archive [aba]
Peter Palfrader [Sat, 17 May 2008 09:18:45 +0000 (11:18 +0200)]
better check for ssh1 keys (which we do not accept). Merged from alioth but slightly improved regex
Joerg Jaspert [Fri, 16 May 2008 21:00:43 +0000 (23:00 +0200)]
Merge sshkeys branch from Stephen and Mark
Joerg Jaspert [Fri, 16 May 2008 18:56:53 +0000 (20:56 +0200)]
Merge from -common branch
Andreas Barth [Fri, 16 May 2008 18:03:40 +0000 (18:03 +0000)]
add myself to copyright holders
Andreas Barth [Fri, 16 May 2008 17:58:28 +0000 (17:58 +0000)]
Add performance optimization by caching IP adresses in ud-generate as a precondition for automatically adding aliases
Andreas Barth [Fri, 16 May 2008 17:40:19 +0000 (17:40 +0000)]
Add (disabled) generation of authorized_keys
Andreas Barth [Fri, 16 May 2008 17:34:58 +0000 (17:34 +0000)]
Add compatibility to dchroot-dsa to ud-replicate
Joerg Jaspert [Thu, 15 May 2008 21:35:13 +0000 (23:35 +0200)]
Modify the SSH1 key check so it matches all RSA1 keys, not only those of size 1024
Joerg Jaspert [Wed, 14 May 2008 23:02:17 +0000 (01:02 +0200)]
Merge from Debian
Stephen Gran [Wed, 14 May 2008 22:03:56 +0000 (23:03 +0100)]
remove debugging output
Stephen Gran [Wed, 14 May 2008 22:00:45 +0000 (23:00 +0100)]
add copyright update
Mark Hymers [Wed, 14 May 2008 21:56:59 +0000 (22:56 +0100)]
make fallbacks and group resolution more sane
Stephen Gran [Wed, 14 May 2008 21:27:10 +0000 (22:27 +0100)]
ahem, we need to actually look in the host subdir
Mark Hymers [Wed, 14 May 2008 21:10:08 +0000 (22:10 +0100)]
weasel gets upset if there isn't a changelog
Mark Hymers [Wed, 14 May 2008 21:08:53 +0000 (22:08 +0100)]
merge Steve's ud-replicate work
Mark Hymers [Wed, 14 May 2008 21:05:26 +0000 (22:05 +0100)]
export individual (and only the required) ssh keys
Stephen Gran [Wed, 14 May 2008 20:52:22 +0000 (21:52 +0100)]
ud-generate: handle individual ssh keys
Mark Hymers [Wed, 14 May 2008 19:37:13 +0000 (20:37 +0100)]
merge from debian branch
Mark Hymers [Wed, 14 May 2008 18:55:18 +0000 (19:55 +0100)]
reimport initial multiple ssh keys code which bzr kindly threw away after merging on my old branch
Peter Palfrader [Wed, 14 May 2008 15:56:01 +0000 (17:56 +0200)]
Fix generation of known_hosts file.
Peter Palfrader [Wed, 14 May 2008 15:48:00 +0000 (17:48 +0200)]
0.3.22
Peter Palfrader [Wed, 14 May 2008 15:47:17 +0000 (17:47 +0200)]
Merge: ud-mailgate no longer accepts ssh dss keys, keys with a size smaller than 1024.
Additionally it checks new keys against a blacklist of ssh key fingerprints. [joerg]
Peter Palfrader [Wed, 14 May 2008 15:37:21 +0000 (17:37 +0200)]
Add IPv6-Adresses (and IPv4 in v6 notation - ::ffff:192.0.2.1) to ssh_known_hosts. [aba]
Joerg Jaspert [Wed, 14 May 2008 15:34:01 +0000 (17:34 +0200)]
Add missing admin info template
Peter Palfrader [Wed, 14 May 2008 15:32:49 +0000 (17:32 +0200)]
Add VoIP fiels to the LDAP shema and teach ud-info and ud-mailgate about it. [zobel]
Peter Palfrader [Wed, 14 May 2008 15:29:25 +0000 (17:29 +0200)]
Merge: Add another todo item
Joerg Jaspert [Wed, 14 May 2008 14:56:04 +0000 (16:56 +0200)]
Merge sshkeys check with the alioth userdir-ldap-common
Joerg Jaspert [Wed, 14 May 2008 14:43:40 +0000 (16:43 +0200)]
Check ssh keys:
- reject all DSA keys, similar to RSA1 keys.
- reject and mail the admins for broken keys, ie keys
- of size below 1024 or
- known to be bad (fingerprintlist)
Peter Palfrader [Tue, 13 May 2008 20:09:02 +0000 (22:09 +0200)]
* ud-replicate: use the host key to sync stuff from the db server,
that is, call ssh with ii /etc/ssh/ssh_host_rsa_key.
* ud-replicate: Call ssh with -o PreferredAuthentications=publickey
so that it does not even try password authentication.
Joerg Jaspert [Mon, 12 May 2008 22:12:56 +0000 (00:12 +0200)]
First version of a check for ssh keys
Andreas Barth [Sat, 10 May 2008 21:52:42 +0000 (21:52 +0000)]
more sanitizing for IP adresses
Andreas Barth [Sat, 10 May 2008 21:49:42 +0000 (21:49 +0000)]
Add IPv6-Adresses (and IPv4 in both ways) into ssh_known_hosts
Martin Zobel-Helas [Sat, 10 May 2008 12:19:22 +0000 (14:19 +0200)]
add VoIP
Marc 'HE' Brockschmidt [Wed, 23 Apr 2008 21:11:12 +0000 (23:11 +0200)]
Add another todo item
Marc 'HE' Brockschmidt [Wed, 23 Apr 2008 21:08:10 +0000 (23:08 +0200)]
Merge Peter's debian.org-ud-ldap changes.
Peter Palfrader [Wed, 23 Apr 2008 20:33:56 +0000 (22:33 +0200)]
todo item
Peter Palfrader [Mon, 21 Apr 2008 22:18:09 +0000 (00:18 +0200)]
A few copyright notices
Peter Palfrader [Mon, 21 Apr 2008 22:08:29 +0000 (00:08 +0200)]
another todo item
Peter Palfrader [Mon, 21 Apr 2008 21:55:05 +0000 (23:55 +0200)]
add a TODO file
Peter Palfrader [Mon, 21 Apr 2008 11:31:04 +0000 (13:31 +0200)]
Teach ud-mailgate about ipv6 addresses (RT#193).
Sanitize DNS entries somewhat before inserting them into LDAP.
Peter Palfrader [Fri, 18 Apr 2008 12:34:05 +0000 (14:34 +0200)]
New [KEYRING] flag to indicate the debian keyring should be synced to this host.
Peter Palfrader [Thu, 17 Apr 2008 17:49:45 +0000 (19:49 +0200)]
Various ud-fingerserv fixes
Peter Palfrader [Wed, 16 Apr 2008 17:59:51 +0000 (19:59 +0200)]
Calling dh_installdeb before dh_pysupport was probably not the smartest move.
Reorder.
Peter Palfrader [Wed, 16 Apr 2008 14:20:53 +0000 (16:20 +0200)]
0.3.16
Peter Palfrader [Wed, 16 Apr 2008 14:20:46 +0000 (16:20 +0200)]
Use full hostname
Peter Palfrader [Wed, 16 Apr 2008 12:09:51 +0000 (14:09 +0200)]
Sleep for a random time, up to two minutes, in ud-replicate when not called
interactively. This is to prevent DoSing the db server when many clients come
at the same time.
Peter Palfrader [Wed, 16 Apr 2008 12:08:46 +0000 (14:08 +0200)]
Create /var/lib/misc/thishost as a symlink to the hostname in postinst
Mark Hymers [Thu, 10 Jan 2008 15:12:13 +0000 (15:12 +0000)]
merge from -debian branch
Peter Palfrader [Thu, 10 Jan 2008 15:07:10 +0000 (16:07 +0100)]
Merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 15:03:47 +0000 (16:03 +0100)]
Nop merge - stuff that was previously included by cherry picking
Peter Palfrader [Thu, 10 Jan 2008 15:03:07 +0000 (16:03 +0100)]
Merge packaging cleanup from alioth (including template dir install location fix)
Peter Palfrader [Thu, 10 Jan 2008 14:56:17 +0000 (15:56 +0100)]
Merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 14:55:31 +0000 (15:55 +0100)]
Merge changelog cleanup from alioth, and re-cleanup
Peter Palfrader [Thu, 10 Jan 2008 14:53:52 +0000 (15:53 +0100)]
Merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 14:53:20 +0000 (15:53 +0100)]
Remerge merge or whatever
Peter Palfrader [Thu, 10 Jan 2008 14:47:02 +0000 (15:47 +0100)]
Merge from alioth
Copyright statement from people doing stuff on alioth, and pointer to the alioth repository and discussion list
Mark Hymers [Thu, 10 Jan 2008 14:45:48 +0000 (14:45 +0000)]
add ud-config to debian/install
Peter Palfrader [Thu, 10 Jan 2008 14:43:33 +0000 (15:43 +0100)]
Merge from alioth
But fix ud-replicate to use `$LOCALSYNCON' instead of `*$LOCALSYNCON*' in the case statement.
Peter Palfrader [Thu, 10 Jan 2008 14:35:18 +0000 (15:35 +0100)]
Merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 14:33:50 +0000 (15:33 +0100)]
A nop with something behind it.
Merge in r361 from alioth-common, the shiftUID patch, but also
cherry pick r377 which reverts it (because it's incomplete/broken).
This is necesary because bzr tracks what you merged so far and
would always want to pull in 361 if I just skipped it now.
Peter Palfrader [Thu, 10 Jan 2008 14:33:29 +0000 (15:33 +0100)]
Merge from alioth
Marc 'HE' Brockschmidt [Thu, 10 Jan 2008 14:17:11 +0000 (15:17 +0100)]
Back out UIDShift patch, which wasn't correct anyway and shouldn't be merged
to -common (yet)
Peter Palfrader [Thu, 10 Jan 2008 13:50:58 +0000 (14:50 +0100)]
Merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 13:50:25 +0000 (14:50 +0100)]
Merge from alioth
Replace deprecated string.$foo($bar, $ARGS) calls with $bar.$foo($ARGS).
Also cherry pick two fixes on the patch from later in that tree:
revno: 375
committer: Mark Hymers <mhy@debian.org>
branch nick: userdir-ldap-common
timestamp: Thu 2008-01-10 13:44:07 +0000
message:
Don't convert strings to integers, just check that they could be converted.
Noticed by Peter (again)
--
revno: 376
committer: Mark Hymers <mhy@debian.org>
branch nick: userdir-ldap-common
timestamp: Thu 2008-01-10 13:48:43 +0000
message:
and some more old CheckNumber fixes
Mark Hymers [Thu, 10 Jan 2008 13:48:43 +0000 (13:48 +0000)]
and some more old CheckNumber fixes
Mark Hymers [Thu, 10 Jan 2008 13:44:07 +0000 (13:44 +0000)]
Don't convert strings to integers, just check that they could be converted.
Noticed by Peter (again)
Peter Palfrader [Thu, 10 Jan 2008 13:13:31 +0000 (14:13 +0100)]
merge from alioth
Peter Palfrader [Thu, 10 Jan 2008 13:10:58 +0000 (14:10 +0100)]
Merge from alioth
merge r356 from alioth's userdir-ldap-common, and cherry pick that fix onto that:
committer: Mark Hymers <mhy@debian.org>
branch nick: userdir-ldap-common
timestamp: Thu 2008-01-10 12:58:39 +0000
message:
Fix mistake in ud-userimport add logic spotted by Peter Palfrader.
Mark Hymers [Thu, 10 Jan 2008 12:58:39 +0000 (12:58 +0000)]
Fix mistake in ud-userimport add logic spotted by Peter Palfrader.
Peter Palfrader [Thu, 10 Jan 2008 09:05:11 +0000 (10:05 +0100)]
Merge from alioth: note about more modern slapd configs
Stephen Gran [Mon, 7 Jan 2008 02:03:12 +0000 (02:03 +0000)]
we should really run make in doc before we touch build
Stephen Gran [Mon, 7 Jan 2008 01:51:34 +0000 (01:51 +0000)]
* Packaging cleanup
* Use standard debhelper tools
* Create all files we ship instead of echoing them into creation at build
time
* Typo fix in copyright
* Update Standards-Version to 3.7.3 (no changes)
* Build manpages at build time (add Build-Depend on yodl)
* Install built manpages
Joerg Jaspert [Fri, 28 Dec 2007 15:47:01 +0000 (16:47 +0100)]
Missed to write the changelog entry...
Joerg Jaspert [Fri, 28 Dec 2007 15:44:16 +0000 (16:44 +0100)]
Use the same "trick" dak uses to send utf8 enabled mails to people who need
utf8 for their names - simply add utf8 headers to all mails.
Works great for dak, so why shouldnt it work here? :)
Marc 'HE' Brockschmidt [Fri, 28 Dec 2007 15:33:16 +0000 (16:33 +0100)]
Reorder changelog a bit to attribute changes correctly in one consistent style
Joerg Jaspert [Fri, 28 Dec 2007 15:30:07 +0000 (16:30 +0100)]
s/debain/debian/ and add the changelog entry i forgot earlier
Joerg Jaspert [Fri, 28 Dec 2007 15:25:16 +0000 (16:25 +0100)]
Merged from debian branch
Joerg Jaspert [Fri, 28 Dec 2007 15:09:39 +0000 (16:09 +0100)]
Add a little pointer to our repository, also mention that for changes we do the copyright
is ours. Now, to make it easy I just pointed to "da-tools project members, -discuss list",
instead of listing every committer. License, of course, same as for "upstream".
Joerg Jaspert [Fri, 28 Dec 2007 15:08:49 +0000 (16:08 +0100)]
Files have copyright statements until 2007 (from Ryan), note that in debian/copyright
Also note that it is now maintained using bzr, not CVS
Joerg Jaspert [Fri, 28 Dec 2007 15:05:40 +0000 (16:05 +0100)]
uncommitted 2 changes from me. BAD HACK
Marc 'HE' Brockschmidt [Thu, 27 Dec 2007 16:17:13 +0000 (17:17 +0100)]
Make the host ud-replicate syncs from configurable in userdir-ldap.conf,
instead of hardcoding it into the script. Also introduce a variable
containing a shell glob on which no remote sync is needed, so that
the db host doesn't need to have a key in the authorized_keys file
for the sshdist user
Mark Hymers [Thu, 27 Dec 2007 12:50:55 +0000 (12:50 +0000)]
add simple ud-config script for use in shell scripts
projects / mirror / userdir-ldap.git / log