[Da-tools-commits] ./da-tools/userdir-ldap-common r380: Merge Peter's debian.org-ud-ldap changes.
Marc 'HE' Brockschmidt
he at debian.org
Wed Apr 23 21:08:10 UTC 2008
------------------------------------------------------------
revno: 380
committer: Marc 'HE' Brockschmidt <he at debian.org>
branch nick: userdir-ldap-common
timestamp: Wed 2008-04-23 23:08:10 +0200
message:
Merge Peter's debian.org-ud-ldap changes.
added:
TODO
debian/postrm
modified:
debian/changelog
debian/postinst
debian/rules
ud-fingerserv
ud-generate
ud-mailgate
ud-replicate
ud-roleadd
------------------------------------------------------------
revno: 349.4.30
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Wed 2008-04-16 14:08:46 +0200
message:
Create /var/lib/misc/thishost as a symlink to the hostname in postinst
added:
debian/postrm
modified:
debian/changelog
debian/postinst
------------------------------------------------------------
revno: 349.4.31
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Wed 2008-04-16 14:09:51 +0200
message:
Sleep for a random time, up to two minutes, in ud-replicate when not called
interactively. This is to prevent DoSing the db server when many clients come
at the same time.
modified:
debian/changelog
ud-replicate
------------------------------------------------------------
revno: 349.4.32
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Wed 2008-04-16 16:20:46 +0200
message:
Use full hostname
modified:
debian/postinst
------------------------------------------------------------
revno: 349.4.33
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Wed 2008-04-16 16:20:53 +0200
message:
0.3.16
modified:
debian/changelog
------------------------------------------------------------
revno: 349.4.34
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Wed 2008-04-16 19:59:51 +0200
message:
Calling dh_installdeb before dh_pysupport was probably not the smartest move.
Reorder.
modified:
debian/changelog
debian/rules
------------------------------------------------------------
revno: 349.4.35
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Thu 2008-04-17 19:49:45 +0200
message:
Various ud-fingerserv fixes
modified:
debian/changelog
ud-fingerserv
------------------------------------------------------------
revno: 349.4.36
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Fri 2008-04-18 14:34:05 +0200
message:
New [KEYRING] flag to indicate the debian keyring should be synced to this host.
modified:
debian/changelog
ud-generate
------------------------------------------------------------
revno: 349.4.37
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Mon 2008-04-21 13:31:04 +0200
message:
Teach ud-mailgate about ipv6 addresses (RT#193).
Sanitize DNS entries somewhat before inserting them into LDAP.
modified:
debian/changelog
ud-mailgate
------------------------------------------------------------
revno: 349.4.38
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Mon 2008-04-21 23:55:05 +0200
message:
add a TODO file
added:
TODO
------------------------------------------------------------
revno: 349.4.39
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Tue 2008-04-22 00:08:29 +0200
message:
another todo item
modified:
TODO
------------------------------------------------------------
revno: 349.4.40
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Tue 2008-04-22 00:18:09 +0200
message:
A few copyright notices
modified:
ud-fingerserv
ud-generate
ud-mailgate
ud-replicate
ud-roleadd
------------------------------------------------------------
revno: 349.4.41
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Wed 2008-04-23 22:33:56 +0200
message:
todo item
modified:
TODO
-------------- next part --------------
=== added file 'TODO'
--- a/TODO 1970-01-01 00:00:00 +0000
+++ b/TODO 2008-04-23 20:33:56 +0000
@@ -0,0 +1,14 @@
+ - Not done
+ * Top priority
+ . Partially done
+ o Done
+ d Deferrable
+ D Deferred
+ X Abandoned
+
+- db.d.o/machines.cgi should group machines by purpose (RT#275)
+- some mails from the mail gateway should use an empty envelope sender (RT#593)
+- add aliasnames (db, buildd, ..) to ssh_known_hosts
+- get rid of openssh patch requirement
+- use --delete in ud-replicate's rsync?
+- fix ud-useradd emails with non-ascii in subject
=== modified file 'debian/changelog'
--- a/debian/changelog 2008-01-10 15:03:07 +0000
+++ b/debian/changelog 2008-04-21 11:31:04 +0000
@@ -1,4 +1,31 @@
-userdir-ldap (0.3.15+xxx) XXunstable; urgency=low
+userdir-ldap (0.3.20) unstable; urgency=low
+
+ * Teach ud-mailgate about ipv6 addresses (RT#193).
+ * Sanitize DNS entries somewhat before inserting them into LDAP.
+
+ -- Peter Palfrader <weasel at debian.org> Mon, 21 Apr 2008 13:29:36 +0200
+
+userdir-ldap (0.3.19) unstable; urgency=low
+
+ * New [KEYRING] flag to indicate the debian keyring should be synced
+ to this host.
+
+ -- Peter Palfrader <weasel at debian.org> Fri, 18 Apr 2008 14:33:50 +0200
+
+userdir-ldap (0.3.18) unstable; urgency=low
+
+ * Various ud-fingerserv fixes.
+
+ -- Peter Palfrader <weasel at debian.org> Thu, 17 Apr 2008 19:48:11 +0200
+
+userdir-ldap (0.3.17) unstable; urgency=low
+
+ * Calling dh_installdeb before dh_pysupport was probably not the smartest
+ move. Reorder.
+
+ -- Peter Palfrader <weasel at debian.org> Wed, 16 Apr 2008 19:59:42 +0200
+
+userdir-ldap (0.3.16) unstable; urgency=low
[ Peter Palfrader ]
* Ship userdir-ldap.schema with the package, add a note that it is
@@ -12,6 +39,10 @@
* ud-roleadd: Do not try to make role accounts of objectClass
inetOrgPerson, that doesn't work.
* Add myself to uploaders.
+ * Create /var/lib/misc/thishost as a symlink to the hostname in postinst.
+ * Sleep for a random time, up to two minutes, in ud-replicate when not
+ called interactively. This is to prevent DoSing the db server when
+ many clients come at the same time.
[ Mark Hymers ]
* ud-userimport, ud-groupadd, ud-roleadd, ud-useradd, userdir_ldap.py:
@@ -60,7 +91,7 @@
* Build manpages at build time (add Build-Depend on yodl)
* Install built manpages
- -- Stephen Gran <sgran at debian.org> Mon, 07 Jan 2008 01:50:15 +0000
+ -- Peter Palfrader <weasel at debian.org> Wed, 16 Apr 2008 14:10:12 +0200
userdir-ldap (0.3.15) unstable; urgency=low
=== modified file 'debian/postinst'
--- a/debian/postinst 2007-08-12 17:40:32 +0000
+++ b/debian/postinst 2008-04-16 14:20:46 +0000
@@ -4,5 +4,9 @@
if [ "$1" = "configure" ]
then
test ! -f /usr/local/bin/ud-replicate || rm -f /usr/local/bin/ud-replicate
+
+ if ! [ -e /var/lib/misc/thishost ]; then
+ ln -s "`hostname -f`" /var/lib/misc/thishost
+ fi
fi
exit 0
=== added file 'debian/postrm'
--- a/debian/postrm 1970-01-01 00:00:00 +0000
+++ b/debian/postrm 2008-04-16 12:08:46 +0000
@@ -0,0 +1,10 @@
+#! /bin/bash -e
+#
+#DEBHELPER#
+if [ "$1" = "purge" ]
+then
+ if [ -L /var/lib/misc/thishost ]; then
+ rm /var/lib/misc/thishost
+ fi
+fi
+exit 0
=== modified file 'debian/rules'
--- a/debian/rules 2008-01-07 02:03:12 +0000
+++ b/debian/rules 2008-04-16 17:59:51 +0000
@@ -27,8 +27,8 @@
dh_installman
dh_fixperms
dh_compress
+ dh_pysupport
dh_installdeb
- dh_pysupport
dh_gencontrol
dh_md5sums
dh_builddeb
=== modified file 'ud-fingerserv'
--- a/ud-fingerserv 2007-12-25 18:39:37 +0000
+++ b/ud-fingerserv 2008-04-21 22:18:09 +0000
@@ -3,6 +3,7 @@
# (c) 1999 Randolph Chung. Licensed under the GPL. <tausq at debian.org>
# (c) 2004 Martin Schulze. Licensed under the GPL. <joey at debian.org>
+# Copyright (c) 2008 Peter Palfrader <peter at palfrader.org>
use lib '/var/www/userdir-ldap/';
#use lib '/home/randolph/projects/userdir-ldap/web';
@@ -43,9 +44,9 @@
&help if (defined($opts{h}));
my $logfh;
-unless ($opt{i} || $opt{f}) {
- die "Need logfile unless running foreground\n" unless (defined($opt{l}));
- open ($logfh, $opt{l}) or die "Can't open logfile: $!\n";
+unless ($opts{i} || $opts{f}) {
+ die "Need logfile unless running foreground\n" unless (defined($opts{l}));
+ open ($logfh, $opts{l}) or die "Can't open logfile: $!\n";
} else {
$logfh = \*STDOUT;
}
@@ -76,7 +77,7 @@
Listen => SOMAXCONN,
Reuse => 1);
- mydie "Cannot listen on finger port" unless $server;
+ mydie("Cannot listen on finger port") unless $server;
&log("[Server listening for connections]");
my ($pid, $client, $hostinfo);
@@ -84,7 +85,7 @@
while ($client = $server->accept()) {
&log("Forking to handle client request") if (defined($opts{v}));
next if $pid = fork; # parent
- mydie "fork: $!" unless defined $pid;
+ mydie("fork: $!") unless defined $pid;
# child
$client->autoflush(1);
=== modified file 'ud-generate'
--- a/ud-generate 2008-01-10 15:03:47 +0000
+++ b/ud-generate 2008-04-21 22:18:09 +0000
@@ -6,6 +6,7 @@
# Copyright (c) 2003-2004 James Troup <troup at debian.org>
# Copyright (c) 2004-2005,7 Joey Schulze <joey at infodrom.org>
# Copyright (c) 2001-2007 Ryan Murray <rmurray at debian.org>
+# Copyright (c) 2008 Peter Palfrader <peter at palfrader.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -21,7 +22,7 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-import string, re, time, ldap, getopt, sys, os, pwd, posix, socket, base64, sha
+import string, re, time, ldap, getopt, sys, os, pwd, posix, socket, base64, sha, shutil
from userdir_ldap import *;
global Allowed;
@@ -35,6 +36,8 @@
EmailCheck = re.compile("^([^ <>@]+@[^ ,<>@]+)?$");
BSMTPCheck = re.compile(".*mx 0 (gluck)\.debian\.org\..*",re.DOTALL);
DNSZone = ".debian.net"
+Keyrings = [ "/org/keyring.debian.org/keyrings/debian-keyring.gpg",
+ "/org/keyring.debian.org/keyrings/debian-keyring.pgp" ]
def Sanitize(Str):
return Str.translate(string.maketrans("\n\r\t","$$$"))
@@ -759,6 +762,10 @@
raise;
Done(File,F,None);
+def GenKeyrings(l,OutDir):
+ for k in Keyrings:
+ shutil.copy(k, OutDir)
+
# Connect to the ldap server
l = ldap.open(LDAPServer);
F = open(PassDir+"/pass-"+pwd.getpwuid(os.getuid())[0],"r");
@@ -812,10 +819,11 @@
GenMailList(l,GlobalDir+"mail-rbl","mailRBL");
GenMailList(l,GlobalDir+"mail-rhsbl","mailRHSBL");
GenMailList(l,GlobalDir+"mail-whitelist","mailWhitelist");
+GenKeyrings(l,GlobalDir);
# Compatibility.
GenForward(l,GlobalDir+"forward-alias");
-
+
while(1):
Line = F.readline();
if Line == "":
@@ -886,3 +894,11 @@
if ExtraList.has_key("[PRIVATE]"):
DoLink(GlobalDir,OutDir,"debian-private")
+
+ if ExtraList.has_key("[KEYRING]"):
+ for k in Keyrings:
+ DoLink(GlobalDir,OutDir,os.path.basename(k))
+ else:
+ for k in Keyrings:
+ try: posix.remove(OutDir+os.path.basename(k));
+ except: pass;
=== modified file 'ud-mailgate'
--- a/ud-mailgate 2007-12-26 20:49:42 +0000
+++ b/ud-mailgate 2008-04-21 22:18:09 +0000
@@ -1,5 +1,9 @@
#!/usr/bin/env python
# -*- mode: python -*-
+
+# Prior copyright probably rmurray, troup, joey, jgg -- weasel 2008
+# Copyright (c) 2008 Peter Palfrader <peter at palfrader.org>
+
import userdir_gpg, userdir_ldap, sys, traceback, time, ldap, os;
import pwd
from userdir_gpg import *;
@@ -232,17 +236,28 @@
return "SSH Keys replaced with "+FormatSSHAuth(Str);
# Handle changing a dns entry
-# host in a 12.12.12.12
-# host in cname foo.bar. <- Trailing dot is required
+# host IN A 12.12.12.12
+# host IN AAAA 1234::5678
+# host IN CNAME foo.bar. <- Trailing dot is required
+# host IN MX foo.bar. <- Trailing dot is required
def DoDNS(Str,Attrs,DnRecord):
- cname = re.match("^[-\w]+\s+in\s+cname\s+[-\w.]+\.$",Str,re.IGNORECASE);
- if re.match('^[-\w]+\s+in\s+a\s+\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$',\
- Str,re.IGNORECASE) == None and cname == None and \
- re.match("^[-\w]+\s+in\s+mx\s+\d{1,3}\s+[-\w.]+\.$",Str,re.IGNORECASE) == None:
- return None;
+ cnamerecord = re.match("^[-\w]+\s+IN\s+CNAME\s+([-\w.]+\.)$",Str,re.IGNORECASE)
+ arecord = re.match('^[-\w]+\s+IN\s+A\s+(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$',Str,re.IGNORECASE)
+ mxrecord = re.match("^[-\w]+\s+IN\s+MX\s+(\d{1,3})\s+([-\w.]+\.)$",Str,re.IGNORECASE)
+ #aaaarecord = re.match('^[-\w]+\s+IN\s+AAAA\s+((?:[0-9a-f]{1,4})(?::[0-9a-f]{1,4})*(?::(?:(?::[0-9a-f]{1,4})*|:))?)$',Str,re.IGNORECASE)
+ aaaarecord = re.match('^[-\w]+\s+IN\s+AAAA\s+([A-F0-9:]{2,39})$',Str,re.IGNORECASE)
+
+ if cnamerecord == None and\
+ arecord == None and\
+ mxrecord == None and\
+ aaaarecord == None:
+ return None;
# Check if the name is already taken
- G = re.match('^([-\w+]+)\s',Str).groups();
+ G = re.match('^([-\w+]+)\s',Str)
+ if G == None:
+ raise Error, "Hostname not found although we already passed record syntax checks"
+ hostname = G.group(1)
# Check for collisions
global l;
@@ -250,7 +265,7 @@
# since we accept either. It'd probably be better to parse the
# incoming string in order to construct what we feed LDAP rather
# than just passing it through as is.]
- filter = "(|(dnsZoneEntry=%s *)(dnsZoneEntry=%s *))" % (G[0], G[0])
+ filter = "(|(dnsZoneEntry=%s *)(dnsZoneEntry=%s *))" % (hostname, hostname)
Rec = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,filter,["uid"]);
for x in Rec:
if GetAttr(x,"uid") != GetAttr(DnRecord,"uid"):
@@ -259,24 +274,59 @@
global SeenDNS;
global DNS;
- if cname:
- if DNS.has_key(G[0]):
- return "CNAME and other RR types not allowed: "+Str
- else:
- DNS[G[0]] = 2
- else:
- if DNS.has_key(G[0]) and DNS[G[0]] == 2:
- return "CNAME and other RR types not allowed: "+Str
- else:
- DNS[G[0]] = 1
-
+ if cnamerecord:
+ if DNS.has_key(hostname):
+ return "CNAME and other RR types not allowed: "+Str
+ else:
+ DNS[hostname] = 2
+ else:
+ if DNS.has_key(hostname) and DNS[hostname] == 2:
+ return "CNAME and other RR types not allowed: "+Str
+ else:
+ DNS[hostname] = 1
+
+ if cnamerecord != None:
+ sanitized = "%s IN CNAME %s" % (hostname, cnamerecord.group(1))
+ elif arecord != None:
+ ipaddress = arecord.group(1)
+ for quad in ipaddress.split('.'):
+ if not (int(quad) >=0 and int(quad) <= 255):
+ return "Invalid quad %s in IP address %s in line %s" %(quad, ipaddress, Str)
+ sanitized = "%s IN A %s"% (hostname, ipaddress)
+ elif mxrecord != None:
+ priority = mxrecord.group(1)
+ mx = mxrecord.group(2)
+ sanitized = "%s IN MX %s %s" % (hostname, priority, mx)
+ elif aaaarecord != None:
+ ipv6address = aaaarecord.group(1)
+ parts = ipv6address.split(':')
+ if len(parts) > 8:
+ return "Invalid IPv6 address (%s): too many parts"%(ipv6address)
+ if len(parts) <= 2:
+ return "Invalid IPv6 address (%s): too few parts"%(ipv6address)
+ if parts[0] == "":
+ parts.pop(0)
+ if parts[-1] == "":
+ parts.pop(-1)
+ seenEmptypart = False
+ for p in parts:
+ if len(p) > 4:
+ return "Invalid IPv6 address (%s): part %s is longer than 4 characters"%(ipv6address, p)
+ if p == "":
+ if seenEmptypart:
+ return "Invalid IPv6 address (%s): more than one :: (nothing in between colons) is not allowed"%(ipv6address)
+ seenEmptypart = True
+ sanitized = "%s IN AAAA %s" % (hostname, ipv6address)
+ else:
+ raise Error, "None of the types I recognize was it. I shouldn't be here. confused."
+
if SeenDNS:
- Attrs.append((ldap.MOD_ADD,"dnsZoneEntry",Str));
- return "DNS Entry added "+Str;
-
- Attrs.append((ldap.MOD_REPLACE,"dnsZoneEntry",Str));
+ Attrs.append((ldap.MOD_ADD,"dnsZoneEntry",sanitized));
+ return "DNS Entry added "+sanitized;
+
+ Attrs.append((ldap.MOD_REPLACE,"dnsZoneEntry",sanitized));
SeenDNS = 1;
- return "DNS Entry replaced with "+Str;
+ return "DNS Entry replaced with "+sanitized;
# Handle an RBL list (mailRBL, mailRHSBL, mailWhitelist)
def DoRBL(Str,Attrs):
=== modified file 'ud-replicate'
--- a/ud-replicate 2008-01-10 14:43:33 +0000
+++ b/ud-replicate 2008-04-21 22:18:09 +0000
@@ -1,8 +1,9 @@
-#! /bin/sh
+#! /bin/bash
# Copyright (c) 1999-2001 Jason Gunthorpe <jgg at debian.org>
# Copyright (c) 2002-2003,2006 Ryan Murray <rmurray at debian.org>
# Copyright (c) 2004-2005 Joey Schulze <joey at infodrom.org>
+# Copyright (c) 2008 Peter Palfrader <peter at palfrader.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -24,6 +25,7 @@
if [ -z "$TERM" -o "$TERM" = "dumb" ]
then
exec > /dev/null 2>&1
+ sleep $(( $RANDOM % 120 ))
else
verbose=-v
fi
=== modified file 'ud-roleadd'
--- a/ud-roleadd 2007-12-26 20:49:42 +0000
+++ b/ud-roleadd 2008-04-21 22:18:09 +0000
@@ -4,6 +4,7 @@
# Copyright (c) 1999-2000 Jason Gunthorpe <jgg at debian.org>
# Copyright (c) 2001-2003 James Troup <troup at debian.org>
# Copyright (c) 2004-2005 Joey Schulze <joey at infodrom.org>
+# Copyright (c) 2007 Peter Palfrader <peter at palfrader.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
More information about the Da-tools-commits
mailing list