From d47103998dc451c5d18b48720a5b8d0f0bf2f581 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Mon, 5 Mar 2012 11:56:00 +0100 Subject: [PATCH] mess with uid number generation * Allow a set of users to be ignored for picking UIDs. * When picking uid/gid numbers try to pick the same number for both. --- debian/changelog | 4 +++- ud-useradd | 28 +++++++++++++++++++++------- userdir-ldap.conf | 3 +++ userdir_ldap.py | 6 ++++++ 4 files changed, 33 insertions(+), 8 deletions(-) diff --git a/debian/changelog b/debian/changelog index 901ef21..c522b7a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -16,12 +16,14 @@ userdir-ldap (0.3.XXX) UNRELEASED; urgency=low * userdir_ldap.py: read auth password from environment if set. * Introduce BaseBaseDN which is the real base dn. BaseDN itself has historically been used as the root of the user tree. + * Allow a set of users to be ignored for picking UIDs. + * When picking uid/gid numbers try to pick the same number for both. [ Stephen Gran ] * Fix deprecation warnings for sha module by using hashlib module instead * ud-fingerserv: update Net::LDAP import - -- Peter Palfrader Mon, 05 Mar 2012 11:27:32 +0100 + -- Peter Palfrader Mon, 05 Mar 2012 11:55:33 +0100 userdir-ldap (0.3.79) unstable; urgency=low diff --git a/ud-useradd b/ud-useradd index 003f28c..099ff89 100755 --- a/ud-useradd +++ b/ud-useradd @@ -35,24 +35,38 @@ HavePrivateList = getattr(ConfModule, "haveprivatelist", True) # Regrettably ldap doesn't have an integer attribute comparision function # so we can only cut the search down slightly +def ShouldIgnoreID(uid): + for i in IgnoreUsersForUIDNumberGen: + try: + if i.search(uid) is not None: + return True + except AttributeError: + if uid == i: + return True + + return False + # [JT] This is broken with Woody LDAP and the Schema; for now just # search through all UIDs. def GetFreeID(l): - Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL, - "uidNumber=*",["uidNumber", "gidNumber"]); + Attrs = l.search_s(BaseBaseDn,ldap.SCOPE_SUBTREE, + "uidNumber=*",["uidNumber", "gidNumber", "uid"]); HighestUID = 0; gids = []; + uids = []; for I in Attrs: ID = int(GetAttr(I,"uidNumber","0")); + uids.append(ID) gids.append(int(GetAttr(I, "gidNumber","0"))) - if ID > HighestUID: + uid = GetAttr(I, "uid", None) + if ID > HighestUID and not uid is None and not ShouldIgnoreID(uid): HighestUID = ID; - resGID = HighestUID + 1; - while resGID in gids: - resGID += 1 + resUID = HighestUID + 1; + while resUID in uids or resUID in gids: + resUID += 1 - return (HighestUID + 1, resGID); + return (resUID, resUID) # Main starts here AdminUser = pwd.getpwuid(os.getuid())[0]; diff --git a/userdir-ldap.conf b/userdir-ldap.conf index 5b66fd0..4efd923 100644 --- a/userdir-ldap.conf +++ b/userdir-ldap.conf @@ -14,6 +14,9 @@ basebasedn = "dc=debian,dc=org"; hostbasedn = "ou=hosts,dc=debian,dc=org"; adminuser = "admin"; +#import re +#ignoreusersforuidnumbergen = ['nobody', re.compile('\$$') ] + # Printable email addresses are shown as: 'cn mn sn ' emailappend = "debian.org"; diff --git a/userdir_ldap.py b/userdir_ldap.py index b0d06b5..b559199 100644 --- a/userdir_ldap.py +++ b/userdir_ldap.py @@ -57,6 +57,12 @@ try: except AttributeError: BaseBaseDn = BaseDn +try: + IgnoreUsersForUIDNumberGen = ConfModule.ignoreusersforuidnumbergen +except AttributeError: + IgnoreUsersForUIDNumberGen = ['nobody'] + + # Break up the keyring list userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":")) -- 2.20.1