def work(self, context, ldapEntry, modified): # Skip unmodified entries if (not modified): return # Otherwise create the home directory (home, uid, gid) = homeutils.getLDAPAttributes(ldapEntry, context.home, context.minuid, context.mingid) homeutils.makeHomeDir(home, uid, gid, context.skeldir, context.postcreate)
def work(self, context, ldapEntry, modified): # Skip unmodified entries if (not modified): return # Get all needed LDAP attributes, and verify we have what we need attributes = ldapEntry.attributes if (not attributes.has_key('sshPublicKey')): raise plugin.SplatPluginError, "Required attribute sshPublicKey not found for dn %s." % ldapEntry.dn keys = attributes.get("sshPublicKey") (home, uid, gid) = homeutils.getLDAPAttributes(ldapEntry, context.home, context.minuid, context.mingid) # Make sure the home directory exists, and make it if config says to if (not os.path.isdir(home)): if (context.makehome == True): homeutils.makeHomeDir(home, uid, gid, context.skeldir, context.postcreate) else: # If we weren't told to make homedir, log a warning and quit logger.warning("SSH keys not being written because home directory %s does not exist. To have this home directory created automatically by this plugin, set the makehome option to true in your splat configuration file, or use the homeDirectory plugin." % home) return sshdir = "%s/.ssh" % home tmpfilename = "%s/.ssh/authorized_keys.tmp" % home filename = "%s/.ssh/authorized_keys" % home # Make sure the modifyTimestamp entry exists before looking at it if (ldapEntry.attributes.has_key('modifyTimestamp')): # stat() the key, check if it is outdated try: keyTime = os.stat(filename)[stat.ST_MTIME] # If the entry is older than the key, skip it. # This will occur when someone has been added to a group that # we filter on, but this entry hasn't been changed since the # key was written. Also will happen on first iteration by # daemon, because modifed will always be true then. if (ldapEntry.getModTime() < keyTime): logger.debug("Skipping %s, up-to-date" % filename) return except OSError: # File doesn't exist, or some other error. # Ignore the exception, it'll be caught again # and reported below. pass logger.info("Writing key to %s" % filename) # Fork and setuid to write the files pipe = os.pipe() outf = os.fdopen(pipe[1], 'w') inf = os.fdopen(pipe[0], 'r') pid = os.fork() if (pid == 0): # Drop privs try: os.setgid(gid) os.setuid(uid) except OSError, e: print str(e) outf.write(str(e) + '\n') outf.close() os._exit(SSH_ERR_PRIVSEP) # Adopt a strict umask os.umask(077) # Create .ssh directory if it does not already exist if (not os.path.isdir(sshdir)): try: os.mkdir(sshdir) except OSError, e: outf.write(str(e) + '\n') outf.close() os._exit(SSH_ERR_WRITE)