From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-sysadm/2010-November/000567.html | 212 ++++++++++++++++++++++++ 1 file changed, 212 insertions(+) create mode 100644 zarb-ml/mageia-sysadm/2010-November/000567.html (limited to 'zarb-ml/mageia-sysadm/2010-November/000567.html') diff --git a/zarb-ml/mageia-sysadm/2010-November/000567.html b/zarb-ml/mageia-sysadm/2010-November/000567.html new file mode 100644 index 000000000..32eff9794 --- /dev/null +++ b/zarb-ml/mageia-sysadm/2010-November/000567.html @@ -0,0 +1,212 @@ + + + + [Mageia-sysadm] [262] - import mandriva script to export ssh keys ( need some cleaning ) + + + + + + + + + +

[Mageia-sysadm] [262] - import mandriva script to export ssh keys ( need some cleaning )

+ root at mageia.org + root at mageia.org +
+ Wed Nov 17 15:17:29 CET 2010 +

+
+ +
Revision: 262
+Author:   misc
+Date:     2010-11-17 15:17:29 +0100 (Wed, 17 Nov 2010)
+Log Message:
+-----------
+- import mandriva script to export ssh keys ( need some cleaning )
+
+Modified Paths:
+--------------
+    puppet/modules/restrictshell/manifests/init.pp
+
+Added Paths:
+-----------
+    puppet/modules/restrictshell/templates/ldap-sshkey2file.py
+
+Modified: puppet/modules/restrictshell/manifests/init.pp
+===================================================================
+--- puppet/modules/restrictshell/manifests/init.pp	2010-11-17 02:45:43 UTC (rev 261)
++++ puppet/modules/restrictshell/manifests/init.pp	2010-11-17 14:17:29 UTC (rev 262)
+@@ -26,4 +26,21 @@
+     mode => 755,
+     content => template("restrictshell/membersh-conf.pl"),
+   }
++
++  package { 'python-ldap':
++    ensure => installed,
++  }
++
++  file { '/usr/local/bin/ldap-sshkey2file.py':
++    ensure => present,
++    owner => root,
++    group => root,
++    mode => 755,
++    content => template("restrictshell/ldap-sshkey2file.py"),
++    requires => Package['python-ldap']
++  } 
++
++
++
++
+ }
+
+Added: puppet/modules/restrictshell/templates/ldap-sshkey2file.py
+===================================================================
+--- puppet/modules/restrictshell/templates/ldap-sshkey2file.py	                        (rev 0)
++++ puppet/modules/restrictshell/templates/ldap-sshkey2file.py	2010-11-17 14:17:29 UTC (rev 262)
+@@ -0,0 +1,92 @@
++#!/usr/bin/python
++
++import sys
++import os
++import random
++
++try:
++    import ldap
++except ImportError, e:
++    print "Please install python-ldap before running this program"
++    sys.exit(1)
++
++basedn="dc=mandriva,dc=com"
++peopledn="ou=people,%s" % basedn
++uris=['ldap://kenobi.mandriva.com','ldap://svn.mandriva.com']
++random.shuffle(uris)
++uri = " ".join(uris)
++timeout=5
++binddn="uid=sshkeyreader,ou=System Accounts,%s" % basedn
++pwfile="/etc/sshkeyreader.pw"
++# filter out disabled accounts also
++# too bad uidNumber doesn't support >= filters
++filter="(&(objectClass=inetOrgPerson)(objectClass=ldapPublicKey)(objectClass=posixAccount)(sshPublicKey=*)(!(shadowExpire=*)))"
++keypathprefix="/var/lib/config/pubkeys"
++
++def usage():
++    print "%s" % sys.argv[0]
++    print
++    print "Will fetch all enabled user accounts under %s" % peopledn
++    print "with ssh keys in them and write each one to"
++    print "%s/<login>/authorized_keys" % keypathprefix
++    print
++    print "This script is intented to be run from cron as root"
++    print
++
++def get_pw(pwfile):
++    try:
++        f = open(pwfile, 'r')
++    except IOError, e:
++        print "Error while reading password file, aborting"
++        print e
++        sys.exit(1)
++    pw = f.readline().strip()
++    f.close()
++    return pw
++
++def write_keys(keys, user, uid, gid):
++    try:
++        os.makedirs("%s/%s" % (keypathprefix,user), 0700)
++    except:
++        pass
++    keyfile = "%s/%s/authorized_keys" % (keypathprefix,user)
++    f = open(keyfile, 'w')
++    for key in keys:
++        f.write(key.strip() + "\n")
++    f.close()
++    os.chmod(keyfile, 0600)
++    os.chown(keyfile, uid, gid)
++    os.chmod("%s/%s" % (keypathprefix,user), 0700)
++    os.chown("%s/%s" % (keypathprefix,user), uid, gid)
++
++if len(sys.argv) != 1:
++    usage()
++    sys.exit(1)
++
++bindpw = get_pw(pwfile)
++
++try:
++    ld = ldap.initialize(uri)
++    ld.set_option(ldap.OPT_NETWORK_TIMEOUT, timeout)
++    ld.start_tls_s()
++    ld.bind_s(binddn, bindpw)
++    res = ld.search_s(peopledn, ldap.SCOPE_ONELEVEL, filter, ['uid','sshPublicKey','uidNumber','gidNumber'])
++    try:
++        os.makedirs(keypathprefix, 0701)
++    except:
++        pass
++    for result in res:
++        dn, entry = result
++        # skip possible system users
++        if int(entry['uidNumber'][0]) < 500:
++            continue
++        write_keys(entry['sshPublicKey'], entry['uid'][0], int(entry['uidNumber'][0]), int(entry['gidNumber'][0]))
++    ld.unbind_s()
++except Exception, e:
++    print "Error"
++    raise
++
++sys.exit(0)
++
++
++# vim:ts=4:sw=4:et:ai:si
+
+
+Property changes on: puppet/modules/restrictshell/templates/ldap-sshkey2file.py
+___________________________________________________________________
+Added: svn:executable
+   + *
+-------------- next part --------------
+An HTML attachment was scrubbed...
+URL: </pipermail/mageia-sysadm/attachments/20101117/f94d7af2/attachment.html>
+
+ + + + + + + + + + + +
+

+ +
+More information about the Mageia-sysadm +mailing list
+ -- cgit v1.2.1