[Da-tools-commits] ./debian/userdir-ldap r480: Add hostnames from the host purpose field to the ssh_known_hosts file (by tomv_w)

Peter Palfrader peter at palfrader.org
Sun Nov 23 20:23:20 UTC 2008 

------------------------------------------------------------
revno: 480
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Sun 2008-11-23 21:23:20 +0100
message:
  Add hostnames from the host purpose field to the ssh_known_hosts file (by tomv_w)
modified:
  debian/changelog
  ud-generate
  userdir-ldap.conf
  userdir_ldap.py
-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog	2008-11-23 20:13:40 +0000
+++ b/debian/changelog	2008-11-23 20:23:20 +0000
@@ -1,4 +1,4 @@
-userdir-ldap (0.3.XX) unstable; urgency=low
+userdir-ldap (0.3.51) unstable; urgency=low
 
   * Update template/welcome-message-800 to match the actual template used
     on db.debian.org.
@@ -9,8 +9,10 @@
   * Extend that support so that subgroups work on a per host basis too,
     so that for instance the debbugs group can be in group
     maillog at rietz.debian.org.
+  * Add hostnames from the host purpose field to the ssh_known_hosts
+    file [Thomas Viehmann].
 
- -- Peter Palfrader <weasel at debian.org>  Sun, 23 Nov 2008 21:06:53 +0100
+ -- Peter Palfrader <weasel at debian.org>  Sun, 23 Nov 2008 21:22:58 +0100
 
 userdir-ldap (0.3.50) unstable; urgency=low
 

=== modified file 'ud-generate'
--- a/ud-generate	2008-11-23 20:13:40 +0000
+++ b/ud-generate	2008-11-23 20:23:20 +0000
@@ -10,6 +10,7 @@
 #   Copyright (c) 2008 Andreas Barth <aba at not.so.argh.org>
 #   Copyright (c) 2008 Mark Hymers <mhy at debian.org>
 #   Copyright (c) 2008 Luk Claes <luk at debian.org>
+#   Copyright (c) 2008 Thomas Viehmann <tv at beamnet.de>
 #
 #   This program is free software; you can redistribute it and/or modify
 #   it under the terms of the GNU General Public License as published by
@@ -41,6 +42,7 @@
 
 EmailCheck = re.compile("^([^ <>@]+@[^ ,<>@]+)?$");
 BSMTPCheck = re.compile(".*mx 0 (gluck)\.debian\.org\..*",re.DOTALL);
+PurposeHostField = re.compile(r"\[\[([\*\-]?[a-z0-9.\-]*)(?:\|.*)?\]\]")
 DNSZone = ".debian.net"
 Keyrings = ConfModule.sync_keyrings.split(":")
 
@@ -905,8 +907,31 @@
          continue;
       Host = GetAttr(x,"hostname");
       HostNames = [ Host ]
-      SHost = Host.find(".")
-      if SHost != None: HostNames += [Host[0:SHost]]
+      if Host.endswith(HostDomain):
+         HostNames.append(Host[:-(len(HostDomain)+1)])
+
+      #<weasel> [[]] makes http links
+      #<weasel> but integrating it somehow into the purpose line might be a good idea
+      #<weasel> maybe [[*fooobar]] things would be a link but not added to the ssh key list,
+      #         and [[-..]] or something would be just an ssh entry but no link
+      # in the purpose field [[host|some other text]] (where some other text is optional)
+      # makes a hyperlink on the web thing. we now also add these hosts to the ssh known_hosts
+      # file.  But so that we don't have to add everything we link we can add an asterisk
+      # and say [[*... to ignore it.  In order to be able to add stuff to ssh without
+      # http linking it we also support [[-hostname]] entries.
+      for i in x[1].get("purpose",[]):
+         m = PurposeHostField.match(i)
+         if m:
+            m = m.group(1)
+            # we ignore [[*..]] entries
+            if m.startswith('*'):
+               continue;
+            if m.startswith('-'):
+               m = m[1:]
+            if m:
+               HostNames.append(m)
+               if m.endswith(HostDomain):
+                  HostNames.append(m[:-(len(HostDomain)+1)])
 
       for I in x[1]["sshRSAHostKey"]:
          if mode and mode == 'authorized_keys':
@@ -989,7 +1014,7 @@
                  "mailWhitelist", "sudoPassword"]);
 # Fetch all the hosts
 HostAttrs    = l.search_s(HostBaseDn,ldap.SCOPE_ONELEVEL,"sshRSAHostKey=*",\
-                ["hostname","sshRSAHostKey"]);
+                ["hostname","sshRSAHostKey","purpose"]);
 
 # Open the control file
 if len(sys.argv) == 1:

=== modified file 'userdir-ldap.conf'
--- a/userdir-ldap.conf	2008-11-14 22:05:23 +0000
+++ b/userdir-ldap.conf	2008-11-23 20:23:20 +0000
@@ -16,6 +16,9 @@
 # Printable email addresses are shown as: 'cn mn sn <uid at emailappend>'
 emailappend = "debian.org";
 
+# Domain for hosts, defaults to emailappend if not present
+#hostdomain = "debian.org"
+
 # For the mail interface
 maildomain = "db.debian.org";
 replyto = "admin@" + maildomain;

=== modified file 'userdir_ldap.py'
--- a/userdir_ldap.py	2008-11-14 22:05:23 +0000
+++ b/userdir_ldap.py	2008-11-23 20:23:20 +0000
@@ -43,6 +43,7 @@
 PassDir = ConfModule.passdir;
 Ech_ErrorLog = ConfModule.ech_errorlog;
 Ech_MainLog = ConfModule.ech_mainlog;
+HostDomain = getattr(ConfModule, "hostdomain", EmailAppend)
 
 try:
    UseSSL = ConfModule.usessl;

More information about the Da-tools-commits mailing list