def work(self, context, ldapEntry, modified):
# Skip unmodified entries
if (not modified):
return
# Otherwise create the home directory
(home, uid, gid) = homeutils.getLDAPAttributes(ldapEntry, context.home, context.minuid, context.mingid)
homeutils.makeHomeDir(home, uid, gid, context.skeldir, context.postcreate)
def work(self, context, ldapEntry, modified):
# Skip unmodified entries
if (not modified):
return
# Get all needed LDAP attributes, and verify we have what we need
attributes = ldapEntry.attributes
if (not attributes.has_key('sshPublicKey')):
raise plugin.SplatPluginError, "Required attribute sshPublicKey not found for dn %s." % ldapEntry.dn
keys = attributes.get("sshPublicKey")
(home, uid, gid) = homeutils.getLDAPAttributes(ldapEntry, context.home, context.minuid, context.mingid)
# Make sure the home directory exists, and make it if config says to
if (not os.path.isdir(home)):
if (context.makehome == True):
homeutils.makeHomeDir(home, uid, gid, context.skeldir, context.postcreate)
else:
# If we weren't told to make homedir, log a warning and quit
logger.warning("SSH keys not being written because home directory %s does not exist. To have this home directory created automatically by this plugin, set the makehome option to true in your splat configuration file, or use the homeDirectory plugin." % home)
return
sshdir = "%s/.ssh" % home
tmpfilename = "%s/.ssh/authorized_keys.tmp" % home
filename = "%s/.ssh/authorized_keys" % home
# Make sure the modifyTimestamp entry exists before looking at it
if (ldapEntry.attributes.has_key('modifyTimestamp')):
# stat() the key, check if it is outdated
try:
keyTime = os.stat(filename)[stat.ST_MTIME]
# If the entry is older than the key, skip it.
# This will occur when someone has been added to a group that
# we filter on, but this entry hasn't been changed since the
# key was written. Also will happen on first iteration by
# daemon, because modifed will always be true then.
if (ldapEntry.getModTime() < keyTime):
logger.debug("Skipping %s, up-to-date" % filename)
return
except OSError:
# File doesn't exist, or some other error.
# Ignore the exception, it'll be caught again
# and reported below.
pass
logger.info("Writing key to %s" % filename)
# Fork and setuid to write the files
pipe = os.pipe()
outf = os.fdopen(pipe[1], 'w')
inf = os.fdopen(pipe[0], 'r')
pid = os.fork()
if (pid == 0):
# Drop privs
try:
os.setgid(gid)
os.setuid(uid)
except OSError, e:
print str(e)
outf.write(str(e) + '\n')
outf.close()
os._exit(SSH_ERR_PRIVSEP)
# Adopt a strict umask
os.umask(077)
# Create .ssh directory if it does not already exist
if (not os.path.isdir(sshdir)):
try:
os.mkdir(sshdir)
except OSError, e:
outf.write(str(e) + '\n')
outf.close()
os._exit(SSH_ERR_WRITE)
