[Da-tools-commits] ./debian/userdir-ldap r463: Export all accounts into sudo-passwd, even if they do not have a sudo password
Peter Palfrader
peter at palfrader.org
Tue Sep 16 12:29:56 UTC 2008
------------------------------------------------------------
revno: 463
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Tue 2008-09-16 14:29:56 +0200
message:
Export all accounts into sudo-passwd, even if they do not have a sudo password
set. Set their password to '*' then.
modified:
debian/changelog
ud-generate
-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog 2008-09-15 17:27:38 +0000
+++ b/debian/changelog 2008-09-16 12:29:56 +0000
@@ -1,3 +1,10 @@
+userdir-ldap (0.3.42) unstable; urgency=low
+
+ * Export all accounts into sudo-passwd, even if they
+ do not have a sudo password set. Set their password to '*' then.
+
+ -- Peter Palfrader <weasel at debian.org> Tue, 16 Sep 2008 14:29:32 +0200
+
userdir-ldap (0.3.41) unstable; urgency=low
* ud-generate: lower casing the sudopasswd ldap entry prior to parsing
=== modified file 'ud-generate'
--- a/ud-generate 2008-09-15 17:27:38 +0000
+++ b/ud-generate 2008-09-16 12:29:56 +0000
@@ -216,34 +216,31 @@
raise "No Users";
for x in PasswdAttrs:
+ Pass = '*'
if x[1].has_key("uidNumber") == 0 or IsInGroup(x) == 0:
continue;
- if not x[1].has_key('sudoPassword'):
- continue
-
- Pass = None
- for entry in x[1]['sudoPassword']:
- Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry)
- if Match == None:
- continue
- uuid = Match.group(1)
- status = Match.group(2)
- hosts = Match.group(3)
- cryptedpass = Match.group(4)
-
- if status != 'confirmed:'+make_sudopasswd_hmac('password-is-confirmed', uuid, hosts, cryptedpass):
- continue
- for_all = hosts == "*"
- for_this_host = CurrentHost in hosts.split(',')
- if not (for_all or for_this_host):
- continue
- Pass = cryptedpass
- if for_this_host: # this makes sure we take a per-host entry over the for-all entry
- break
- if not Pass:
- continue
- if len(Pass) > 50:
- continue
+
+ if x[1].has_key('sudoPassword'):
+ for entry in x[1]['sudoPassword']:
+ Match = re.compile('^('+UUID_FORMAT+') (confirmed:[0-9a-f]{40}|unconfirmed) ([a-z0-9.,*]+) ([^ ]+)$').match(entry)
+ if Match == None:
+ continue
+ uuid = Match.group(1)
+ status = Match.group(2)
+ hosts = Match.group(3)
+ cryptedpass = Match.group(4)
+
+ if status != 'confirmed:'+make_sudopasswd_hmac('password-is-confirmed', uuid, hosts, cryptedpass):
+ continue
+ for_all = hosts == "*"
+ for_this_host = CurrentHost in hosts.split(',')
+ if not (for_all or for_this_host):
+ continue
+ Pass = cryptedpass
+ if for_this_host: # this makes sure we take a per-host entry over the for-all entry
+ break
+ if len(Pass) > 50:
+ Pass = '*'
Line = "%s:%s" % (GetAttr(x,"uid"), Pass)
Line = Sanitize(Line) + "\n";
More information about the Da-tools-commits
mailing list