[Da-tools-commits] ./debian/userdir-ldap r400: ud-generate: Add support for generation of authorized_keys file on the db host

Peter Palfrader peter at palfrader.org
Sat May 17 09:27:06 UTC 2008 

------------------------------------------------------------
revno: 400
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Sat 2008-05-17 11:27:06 +0200
message:
  ud-generate: Add support for generation of authorized_keys file on the db host
  for the sshdist user.  This is now possible since ud-replicate clients use
  their ssh host key to authenticate to the db server.  The code now supports
  this but the feature is still disabled. [aba]
modified:
  debian/changelog
  ud-generate
    ------------------------------------------------------------
    revno: 349.2.42
    committer: Andreas Barth <aba at not.so.argh.org>
    branch nick: userdir-ldap-common
    timestamp: Fri 2008-05-16 17:40:19 +0000
    message:
      Add (disabled) generation of authorized_keys
    modified:
      debian/changelog
      ud-generate
-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog	2008-05-17 09:22:00 +0000
+++ b/debian/changelog	2008-05-17 09:27:06 +0000
@@ -3,8 +3,13 @@
   * ud-mailgate: better regex for ssh1 keys, which we reject. [joerg, weasel]
   * ud-replicate: Also support the imposter dchroot-dsa from the debian
     archive. [aba, weasel]
+  * ud-generate: Add support for generation of authorized_keys file on
+    the db host for the sshdist user.  This is now possible since
+    ud-replicate clients use their ssh host key to authenticate to the
+    db server.  The code now supports this but the feature is still
+    disabled. [aba]
 
- -- Peter Palfrader <weasel at debian.org>  Sat, 17 May 2008 11:20:06 +0200
+ -- Peter Palfrader <weasel at debian.org>  Sat, 17 May 2008 11:25:49 +0200
 
 userdir-ldap (0.3.23) unstable; urgency=low
 

=== modified file 'ud-generate'
--- a/ud-generate	2008-05-14 15:56:01 +0000
+++ b/ud-generate	2008-05-16 17:40:19 +0000
@@ -702,7 +702,7 @@
   Done(File,F,None);
 
 # Generate the ssh known hosts file
-def GenSSHKnown(l,File):
+def GenSSHKnown(l,File,mode=None):
   F = None;
   try:
    OldMask = os.umask(0022);
@@ -734,7 +734,11 @@
 	 else: IPAdresses += [addr[1]]
 
       for I in x[1]["sshRSAHostKey"]:
-         Line = "%s %s" %(",".join(HostNames + IPAdresses), I);
+         if mode and mode == 'authorized_keys':
+            #Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="%s" %s' % (Host, ",".join(HNames + IPAdresses), I)
+            Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding %s' % (Host,I)
+         else:
+            Line = "%s %s" %(",".join(HostNames + IPAdresses), I);
          Line = Sanitize(Line) + "\n";
          F.write(Line);
   # Oops, something unspeakable happened.
@@ -823,6 +827,7 @@
 GenPrivate(l,GlobalDir+"debian-private");
 GenDisabledAccounts(l,GlobalDir+"disabled-accounts");
 GenSSHKnown(l,GlobalDir+"ssh_known_hosts");
+#GenSSHKnown(l,GlobalDir+"authorized_keys", 'authorized_keys');
 GenHosts(l,GlobalDir+"debianhosts");
 GenMailDisable(l,GlobalDir+"mail-disable");
 GenMailBool(l,GlobalDir+"mail-greylist","mailGreylisting");

More information about the Da-tools-commits mailing list