def work(self, context, ldapEntry, modified):
# Get all needed LDAP attributes, and verify we have what we need
attributes = ldapEntry.attributes
if (not attributes.has_key('pendingPurge')):
raise plugin.SplatPluginError, "Required attribute pendingPurge not found for dn %s." % ldapEntry.dn
if (not attributes.has_key('uid')):
raise plugin.SplatPluginError, "Required attribute uid not found for dn %s." % ldapEntry.dn
pendingPurge = attributes.get('pendingPurge')[0]
username = attributes.get('uid')[0]
(home, uidNumber, gidNumber) = homeutils.getLDAPAttributes(ldapEntry, context.home, context.minuid, context.mingid)
# Get current time (in GMT).
now = int(time.strftime('%Y%m%d%H%M%S', time.gmtime(time.time())))
# Do nothing if pendingPurge is still in the future.
if (now < int(pendingPurge.rstrip('Z'))):
return
# If archiveHomeDir and not already archived or purged, archive homedir.
archiveFile = os.path.join(context.archiveDest, os.path.basename(home) + '.tar.gz')
if (context.archiveHomeDir and (not os.path.isfile(archiveFile)) and os.path.isdir(home)):
self._archiveHomeDir(home, archiveFile)
# If purgeHomeDir and not already purged, purge homedir.
if (context.purgeHomeDir and os.path.isdir(home)):
self._purgeHomeDir(home, uidNumber, gidNumber)
# Purge archive if it is old enough, and we are supposed to purge them.
if (context.purgeHomeArchive and os.path.isfile(archiveFile)):
# Number of seconds since archiveFile was last modified.
archiveModifiedAge = int(time.time()) - os.path.getmtime(archiveFile)
if ((archiveModifiedAge / 86400) > context.purgeArchiveWait):
self._purgeHomeArchive(archiveFile)
def work(self, context, ldapEntry, modified):
# Skip unmodified entries
if (not modified):
return
# Otherwise create the home directory
(home, uid, gid) = homeutils.getLDAPAttributes(ldapEntry, context.home, context.minuid, context.mingid)
homeutils.makeHomeDir(home, uid, gid, context.skeldir, context.postcreate)
def work(self, context, ldapEntry, modified):
# Skip unmodified entries
if (not modified):
return
# Get LDAP attributes, and make sure we have all the ones we need
attributes = ldapEntry.attributes
if (not attributes.has_key('mailForwardingAddress')):
raise plugin.SplatPluginError, "Required attribute mailForwardingAddress not found for dn %s." % ldapEntry.dn
addresses = attributes.get("mailForwardingAddress")
(home, uid, gid) = homeutils.getLDAPAttributes(ldapEntry, context.home,
context.minuid,
context.mingid)
# If config says to create the home directory and it doesn't exist, do so.
if (not os.path.isdir(home)):
if (context.makehome == True):
homeutils.makeHomeDirectory(home, uid, gid, context.skeldir,
context.postcreate)
else:
# If we weren't told to make homedir, log a warning and quit
logger.warning(
".forward file not being written because home directory %s does not exist. To have this home directory created automatically by this plugin, set the makehome option to true in your splat configuration file, or use the homeDirectory plugin."
% home)
return
tmpfilename = "%s/.forward.tmp" % home
filename = "%s/.forward" % home
# Make sure the modifyTimestamp entry exists before looking at it
if (ldapEntry.attributes.has_key('modifyTimestamp')):
# stat() the file, check if it is outdated
try:
fileTime = os.stat(filename)[stat.ST_MTIME]
# If the entry is older than the file, skip it
# This will occur when someone has been added to a group that
# we filter on, but this entry hasn't been changed since the
# key was written. Also will happen on first iteration by
# daemon, because modifed will always be true then.
if (ldapEntry.getModTime() < fileTime):
logger.debug("Skipping %s, up-to-date" % filename)
return
except OSError:
# File doesn't exist, or some other error.
# Ignore the exception, it'll be caught again
# and reported below.
pass
logger.info("Writing mail address to %s" % filename)
# Fork and setuid to write the files
pipe = os.pipe()
outf = os.fdopen(pipe[1], 'w')
inf = os.fdopen(pipe[0], 'r')
pid = os.fork()
if (pid == 0):
# Drop privs
try:
os.setgid(gid)
os.setuid(uid)
except OSError, e:
print str(e)
outf.write(str(e) + '\n')
outf.close()
os._exit(HELPER_ERR_PRIVSEP)
# Adopt a strict umask
os.umask(077)
try:
f = open(tmpfilename, "w+")
for address in addresses:
contents = "%s\n" % address
f.write(contents)
f.close()
except IOError, e:
outf.write(str(e) + '\n')
outf.close()
os._exit(HELPER_ERR_WRITE)
def work(self, context, ldapEntry, modified):
# Skip unmodified entries
if (not modified):
return
# Get all needed LDAP attributes, and verify we have what we need
attributes = ldapEntry.attributes
if (not attributes.has_key('sshPublicKey')):
raise plugin.SplatPluginError, "Required attribute sshPublicKey not found for dn %s." % ldapEntry.dn
keys = attributes.get("sshPublicKey")
(home, uid, gid) = homeutils.getLDAPAttributes(ldapEntry, context.home, context.minuid, context.mingid)
# Make sure the home directory exists, and make it if config says to
if (not os.path.isdir(home)):
if (context.makehome == True):
homeutils.makeHomeDir(home, uid, gid, context.skeldir, context.postcreate)
else:
# If we weren't told to make homedir, log a warning and quit
logger.warning("SSH keys not being written because home directory %s does not exist. To have this home directory created automatically by this plugin, set the makehome option to true in your splat configuration file, or use the homeDirectory plugin." % home)
return
sshdir = "%s/.ssh" % home
tmpfilename = "%s/.ssh/authorized_keys.tmp" % home
filename = "%s/.ssh/authorized_keys" % home
# Make sure the modifyTimestamp entry exists before looking at it
if (ldapEntry.attributes.has_key('modifyTimestamp')):
# stat() the key, check if it is outdated
try:
keyTime = os.stat(filename)[stat.ST_MTIME]
# If the entry is older than the key, skip it.
# This will occur when someone has been added to a group that
# we filter on, but this entry hasn't been changed since the
# key was written. Also will happen on first iteration by
# daemon, because modifed will always be true then.
if (ldapEntry.getModTime() < keyTime):
logger.debug("Skipping %s, up-to-date" % filename)
return
except OSError:
# File doesn't exist, or some other error.
# Ignore the exception, it'll be caught again
# and reported below.
pass
logger.info("Writing key to %s" % filename)
# Fork and setuid to write the files
pipe = os.pipe()
outf = os.fdopen(pipe[1], 'w')
inf = os.fdopen(pipe[0], 'r')
pid = os.fork()
if (pid == 0):
# Drop privs
try:
os.setgid(gid)
os.setuid(uid)
except OSError, e:
print str(e)
outf.write(str(e) + '\n')
outf.close()
os._exit(SSH_ERR_PRIVSEP)
# Adopt a strict umask
os.umask(077)
# Create .ssh directory if it does not already exist
if (not os.path.isdir(sshdir)):
try:
os.mkdir(sshdir)
except OSError, e:
outf.write(str(e) + '\n')
outf.close()
os._exit(SSH_ERR_WRITE)
