From fe12f1a9d872cd6570ff1744b60629e8c26601f8 Mon Sep 17 00:00:00 2001
From: Martin Zobel-Helas <zobel@debian.org>
Date: Thu, 14 Jun 2012 00:10:32 +0200
Subject: [PATCH] add voipPassword Signed-off-by: Martin Zobel-Helas
 <zobel@debian.org>

---
 ud-generate                | 24 +++++++++++++++++++++++-
 userdir-ldap-slapd.conf.in |  4 ++--
 userdir-ldap.schema        |  9 ++++++++-
 3 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/ud-generate b/ud-generate
index 51437b2..9bad07a 100755
--- a/ud-generate
+++ b/ud-generate
@@ -390,6 +390,27 @@ def GenWebPassword(accounts, File):
       Die(File, None, F)
       raise
 
+# Generate the voipPassword list
+def GenVoipPassword(accounts, File):
+   F = None
+   try:
+      OldMask = os.umask(0077)
+      F = open(File, "w", 0600)
+      os.umask(OldMask)
+
+      for a in accounts:
+         if not 'voipPassword' in a: continue
+         if not a.pw_active(): continue
+
+         Pass = str(a['voipPassword'])
+         Line = "<user id=\"%s\">\n <params>\n  <param name=\"password\" value=\"%s\"/>\n <params />\n</user>" % (a['uid'], Pass)
+         Line = Sanitize(Line) + "\n"
+         F.write("%s" % (Line))
+
+   except:
+      Die(File, None, F)
+      raise
+
 def GenSSHtarballs(global_dir, userlist, ssh_userkeys, grouprevmap, target, current_host):
    OldMask = os.umask(0077)
    tf = tarfile.open(name=os.path.join(global_dir, 'ssh-keys-%s.tar.gz' % current_host), mode='w:gz')
@@ -1021,7 +1042,7 @@ def get_accounts(ldap_conn):
                     "keyFingerPrint", "privateSub", "mailDisableMessage",\
                     "mailGreylisting", "mailCallout", "mailRBL", "mailRHSBL",\
                     "mailWhitelist", "sudoPassword", "objectClass", "accountStatus",\
-                    "mailContentInspectionAction", "webPassword"])
+                    "mailContentInspectionAction", "webPassword", "voipPassword"])
 
    if passwd_attrs is None:
       raise UDEmptyList, "No Users"
@@ -1107,6 +1128,7 @@ def generate_all(global_dir, ldap_conn):
    GenMailList(accounts, global_dir + "mail-rhsbl", "mailRHSBL")
    GenMailList(accounts, global_dir + "mail-whitelist", "mailWhitelist")
    GenWebPassword(accounts, global_dir + "web-passwords")
+   GenVoipPassword(accounts, global_dir + "voip-passwords")
    GenKeyrings(global_dir)
 
    # Compatibility.
diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in
index 12a50be..dfd094e 100644
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -48,7 +48,7 @@ access to filter="(!(supplementaryGid=adm))" attrs=keyFingerPrint
 	by * break
 
 # allow users write access to an explicit subset of their fields
-access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions,facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,privateSub,latitude,longitude,VoIP,userPassword,sudoPassword,webPassword,bATVToken
+access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions,facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCode,loginShell,onVacation,privateSub,latitude,longitude,VoIP,userPassword,sudoPassword,webPassword,voipPassword,bATVToken
 	by self write
 	by * break
 
@@ -58,7 +58,7 @@ access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,bi
 ##
 
 # allow authn/z by anyone
-access to attrs=userPassword,sudoPassword,webPassword,bATVToken
+access to attrs=userPassword,sudoPassword,webPassword,voipPassword,bATVToken
 	by * compare
 
 # readable only by self
diff --git a/userdir-ldap.schema b/userdir-ldap.schema
index 73c8640..b45f6c7 100644
--- a/userdir-ldap.schema
+++ b/userdir-ldap.schema
@@ -109,6 +109,7 @@
 #   .41 - sshdistAuthKeysHost
 #   .42 - dnsTTL
 #   .43 - webPassword
+#   .44 - voipPassword
 #
 # .3 - experimental LDAP objectClasses
 #   .1 - debianDeveloper
@@ -407,6 +408,12 @@ attributetype ( 1.3.6.1.4.1.9586.100.4.2.43
 	EQUALITY octetStringMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
 
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.44
+	NAME 'voipPassword'
+	DESC 'password for voip.debian.org'
+	EQUALITY octetStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
 # Experimental attribute types
 
 # There are existing schemas for doing DNS in LDAP; would one of
@@ -536,7 +543,7 @@ objectclass ( 1.3.6.1.4.1.9586.100.4.1.1
 	DESC 'Abstraction of an account with POSIX attributes and UTF8 support'
 	SUP top AUXILIARY
 	MUST ( cn $ uid $ uidNumber $ gidNumber )
-	MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword $ webPassword ) )
+	MAY ( userPassword $ loginShell $ gecos $ homeDirectory $ description $ mailDisableMessage $ sudoPassword $ webPassword $ voipPassword ) )
 
 objectclass ( 1.3.6.1.4.1.9586.100.4.1.2
 	NAME 'debianGroup'
-- 
2.20.1