def work(self, context, ldapEntry, modified): # Get all needed LDAP attributes, and verify we have what we need attributes = ldapEntry.attributes if (not attributes.has_key('pendingPurge')): raise plugin.SplatPluginError, "Required attribute pendingPurge not found for dn %s." % ldapEntry.dn if (not attributes.has_key('uid')): raise plugin.SplatPluginError, "Required attribute uid not found for dn %s." % ldapEntry.dn pendingPurge = attributes.get('pendingPurge')[0] username = attributes.get('uid')[0] (home, uidNumber, gidNumber) = homeutils.getLDAPAttributes(ldapEntry, context.home, context.minuid, context.mingid) # Get current time (in GMT). now = int(time.strftime('%Y%m%d%H%M%S', time.gmtime(time.time()))) # Do nothing if pendingPurge is still in the future. if (now < int(pendingPurge.rstrip('Z'))): return # If archiveHomeDir and not already archived or purged, archive homedir. archiveFile = os.path.join(context.archiveDest, os.path.basename(home) + '.tar.gz') if (context.archiveHomeDir and (not os.path.isfile(archiveFile)) and os.path.isdir(home)): self._archiveHomeDir(home, archiveFile) # If purgeHomeDir and not already purged, purge homedir. if (context.purgeHomeDir and os.path.isdir(home)): self._purgeHomeDir(home, uidNumber, gidNumber) # Purge archive if it is old enough, and we are supposed to purge them. if (context.purgeHomeArchive and os.path.isfile(archiveFile)): # Number of seconds since archiveFile was last modified. archiveModifiedAge = int(time.time()) - os.path.getmtime(archiveFile) if ((archiveModifiedAge / 86400) > context.purgeArchiveWait): self._purgeHomeArchive(archiveFile)
def work(self, context, ldapEntry, modified): # Skip unmodified entries if (not modified): return # Otherwise create the home directory (home, uid, gid) = homeutils.getLDAPAttributes(ldapEntry, context.home, context.minuid, context.mingid) homeutils.makeHomeDir(home, uid, gid, context.skeldir, context.postcreate)
def work(self, context, ldapEntry, modified): # Skip unmodified entries if (not modified): return # Get LDAP attributes, and make sure we have all the ones we need attributes = ldapEntry.attributes if (not attributes.has_key('mailForwardingAddress')): raise plugin.SplatPluginError, "Required attribute mailForwardingAddress not found for dn %s." % ldapEntry.dn addresses = attributes.get("mailForwardingAddress") (home, uid, gid) = homeutils.getLDAPAttributes(ldapEntry, context.home, context.minuid, context.mingid) # If config says to create the home directory and it doesn't exist, do so. if (not os.path.isdir(home)): if (context.makehome == True): homeutils.makeHomeDirectory(home, uid, gid, context.skeldir, context.postcreate) else: # If we weren't told to make homedir, log a warning and quit logger.warning( ".forward file not being written because home directory %s does not exist. To have this home directory created automatically by this plugin, set the makehome option to true in your splat configuration file, or use the homeDirectory plugin." % home) return tmpfilename = "%s/.forward.tmp" % home filename = "%s/.forward" % home # Make sure the modifyTimestamp entry exists before looking at it if (ldapEntry.attributes.has_key('modifyTimestamp')): # stat() the file, check if it is outdated try: fileTime = os.stat(filename)[stat.ST_MTIME] # If the entry is older than the file, skip it # This will occur when someone has been added to a group that # we filter on, but this entry hasn't been changed since the # key was written. Also will happen on first iteration by # daemon, because modifed will always be true then. if (ldapEntry.getModTime() < fileTime): logger.debug("Skipping %s, up-to-date" % filename) return except OSError: # File doesn't exist, or some other error. # Ignore the exception, it'll be caught again # and reported below. pass logger.info("Writing mail address to %s" % filename) # Fork and setuid to write the files pipe = os.pipe() outf = os.fdopen(pipe[1], 'w') inf = os.fdopen(pipe[0], 'r') pid = os.fork() if (pid == 0): # Drop privs try: os.setgid(gid) os.setuid(uid) except OSError, e: print str(e) outf.write(str(e) + '\n') outf.close() os._exit(HELPER_ERR_PRIVSEP) # Adopt a strict umask os.umask(077) try: f = open(tmpfilename, "w+") for address in addresses: contents = "%s\n" % address f.write(contents) f.close() except IOError, e: outf.write(str(e) + '\n') outf.close() os._exit(HELPER_ERR_WRITE)
def work(self, context, ldapEntry, modified): # Skip unmodified entries if (not modified): return # Get all needed LDAP attributes, and verify we have what we need attributes = ldapEntry.attributes if (not attributes.has_key('sshPublicKey')): raise plugin.SplatPluginError, "Required attribute sshPublicKey not found for dn %s." % ldapEntry.dn keys = attributes.get("sshPublicKey") (home, uid, gid) = homeutils.getLDAPAttributes(ldapEntry, context.home, context.minuid, context.mingid) # Make sure the home directory exists, and make it if config says to if (not os.path.isdir(home)): if (context.makehome == True): homeutils.makeHomeDir(home, uid, gid, context.skeldir, context.postcreate) else: # If we weren't told to make homedir, log a warning and quit logger.warning("SSH keys not being written because home directory %s does not exist. To have this home directory created automatically by this plugin, set the makehome option to true in your splat configuration file, or use the homeDirectory plugin." % home) return sshdir = "%s/.ssh" % home tmpfilename = "%s/.ssh/authorized_keys.tmp" % home filename = "%s/.ssh/authorized_keys" % home # Make sure the modifyTimestamp entry exists before looking at it if (ldapEntry.attributes.has_key('modifyTimestamp')): # stat() the key, check if it is outdated try: keyTime = os.stat(filename)[stat.ST_MTIME] # If the entry is older than the key, skip it. # This will occur when someone has been added to a group that # we filter on, but this entry hasn't been changed since the # key was written. Also will happen on first iteration by # daemon, because modifed will always be true then. if (ldapEntry.getModTime() < keyTime): logger.debug("Skipping %s, up-to-date" % filename) return except OSError: # File doesn't exist, or some other error. # Ignore the exception, it'll be caught again # and reported below. pass logger.info("Writing key to %s" % filename) # Fork and setuid to write the files pipe = os.pipe() outf = os.fdopen(pipe[1], 'w') inf = os.fdopen(pipe[0], 'r') pid = os.fork() if (pid == 0): # Drop privs try: os.setgid(gid) os.setuid(uid) except OSError, e: print str(e) outf.write(str(e) + '\n') outf.close() os._exit(SSH_ERR_PRIVSEP) # Adopt a strict umask os.umask(077) # Create .ssh directory if it does not already exist if (not os.path.isdir(sshdir)): try: os.mkdir(sshdir) except OSError, e: outf.write(str(e) + '\n') outf.close() os._exit(SSH_ERR_WRITE)