[Da-tools-commits] ./debian/userdir-ldap r479: subgroup support, courtesy of luk

Peter Palfrader peter at palfrader.org
Sun Nov 23 20:13:40 UTC 2008 

------------------------------------------------------------
revno: 479
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Sun 2008-11-23 21:13:40 +0100
message:
  subgroup support, courtesy of luk
modified:
  debian/changelog
  ud-generate
  userdir-ldap.schema
-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog	2008-11-23 13:20:37 +0000
+++ b/debian/changelog	2008-11-23 20:13:40 +0000
@@ -2,8 +2,15 @@
 
   * Update template/welcome-message-800 to match the actual template used
     on db.debian.org.
+  * Add subgroup support:  A group can now have subgroups.  This means
+    that if a user is a member of a group he also becomes a member of
+    all its subgroups.  E.g. members of a wb-all group will automatically
+    be members of wb-i386, wb-arm, wb-mips, etc.  [Luk Claes]
+  * Extend that support so that subgroups work on a per host basis too,
+    so that for instance the debbugs group can be in group
+    maillog at rietz.debian.org.
 
- -- Peter Palfrader <weasel at debian.org>  Sun, 23 Nov 2008 14:20:10 +0100
+ -- Peter Palfrader <weasel at debian.org>  Sun, 23 Nov 2008 21:06:53 +0100
 
 userdir-ldap (0.3.50) unstable; urgency=low
 

=== modified file 'ud-generate'
--- a/ud-generate	2008-11-15 10:20:24 +0000
+++ b/ud-generate	2008-11-23 20:13:40 +0000
@@ -9,6 +9,7 @@
 #   Copyright (c) 2008 Peter Palfrader <peter at palfrader.org>
 #   Copyright (c) 2008 Andreas Barth <aba at not.so.argh.org>
 #   Copyright (c) 2008 Mark Hymers <mhy at debian.org>
+#   Copyright (c) 2008 Luk Claes <luk at debian.org>
 #
 #   This program is free software; you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
@@ -32,6 +33,7 @@
 
 PasswdAttrs = None;
 GroupIDMap = {};
+SubGroupMap = {};
 Allowed = None;
 CurrentHost = "";
 
@@ -355,6 +357,31 @@
    tf.close()
    os.rename(os.path.join(GlobalDir, 'ssh-keys-%s.tar.gz' % CurrentHost), target)
 
+# add a list of groups to existing groups,
+# including all subgroups thereof, recursively.
+# basically this proceduces the transitive hull of the groups in
+# addgroups.
+def addGroups(existingGroups, newGroups, uid):
+   for group in newGroups:
+      # if it's a <group>@host, split it and verify it's on the current host.
+      s = group.split('@', 1)
+      if len(s) == 2 and s[1] != CurrentHost:
+         continue;
+      group = s[0]
+
+      # let's see if we handled this group already
+      if group in existingGroups:
+        continue
+
+      if not GroupIDMap.has_key(group):
+         print "Group does not exist ",group,"but",uid,"is in it"
+         continue
+
+      existingGroups.append(group)
+
+      if SubGroupMap.has_key(group):
+         addGroups(existingGroups, SubGroupMap[group])
+
 # Generate the group list
 def GenGroup(l,File):
   grouprevmap = {}
@@ -374,20 +401,16 @@
 
    # Sort them into a list of groups having a set of users
    for x in PasswdAttrs:
+      uid = GetAttr(x,"uid")
       if x[1].has_key("uidNumber") == 0 or IsInGroup(x) == 0:
          continue;
       if x[1].has_key("supplementaryGid") == 0:
          continue;
 
-      for I in x[1]["supplementaryGid"]:
-         s = I.split('@', 1)
-         group = s[0]
-         if len(s) == 2 and s[1] != CurrentHost:
-            continue;
-         if GroupMap.has_key(group):
-            GroupMap[group].append(GetAttr(x,"uid"));
-         else:
-            print "Group does not exist ",group,"but",GetAttr(x,"uid"),"is in it";
+      supgroups=[]
+      addGroups(supgroups, x[1]["supplementaryGid"], uid)
+      for g in supgroups:
+         GroupMap[g].append(uid);
 
    # Output the group file.
    J = 0;
@@ -944,13 +967,15 @@
 # Fetch all the groups
 GroupIDMap = {};
 Attrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"gid=*",\
-                  ["gid","gidNumber"]);
+                  ["gid","gidNumber","subGroup"]);
 
-# Generate the GroupMap and GroupIDMap
+# Generate the SubGroupMap and GroupIDMap
 for x in Attrs:
    if x[1].has_key("gidNumber") == 0:
       continue;
    GroupIDMap[x[1]["gid"][0]] = int(x[1]["gidNumber"][0]);
+   if x[1].has_key("subGroup") != 0:
+      SubGroupMap.setdefault(x[1]["gid"][0], []).extend(x[1]["subGroup"]);
 
 # Fetch all the users
 PasswdAttrs = l.search_s(BaseDn,ldap.SCOPE_ONELEVEL,"uid=*",\

=== modified file 'userdir-ldap.schema'
--- a/userdir-ldap.schema	2008-09-13 22:18:38 +0000
+++ b/userdir-ldap.schema	2008-11-23 20:13:40 +0000
@@ -4,6 +4,7 @@
 #   - [PP] Now version controlled in db.d.o bzr repository - 2007-12-25
 #   - [HE] Add 'purpose', 'physicalHost' to debianServer - 2007-12-25
 #   - [zobel] Add 'VoIP' - 2008-05-10
+#   - [luk] Add 'subGroup' to group - 2008-11-22
 #
 # 0.7 [RM]
 #   - Add 'gender' and 'birthDate' to debianDeveloper
@@ -99,6 +100,7 @@
 #   .34 - physicalHost
 #   .35 - VoIP
 #   .36 - sudoPassword
+#   .37 - subGroup
 #
 # .3 - experimental LDAP objectClasses
 #   .1 - debianDeveloper
@@ -366,6 +368,13 @@
 	EQUALITY octetStringMatch
 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
 
+attributetype ( 1.3.6.1.4.1.9586.100.4.2.37
+	NAME 'subGroup'
+	DESC 'name of other group for which membership implied by memberschip to this group'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
 
 # Public object classes
 
@@ -381,7 +390,7 @@
 	SUP top STRUCTURAL
 	DESC 'attributes used for Debian groups'
 	MUST ( gid $ gidNumber )
-	MAY ( description ) )
+	MAY ( description $ subGroup ) )
 
 # Experimental attribute types

More information about the Da-tools-commits mailing list