X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fimport_ldap_fingerprints.py;h=4cc8aa01c8cd7f4f2e784460bc3b8d983a5cfba4;hb=2b4d5bf75e28a6b5fa5afbd58defdf661c893033;hp=4541c33157785195061072cd5e2c38be41b9d45e;hpb=e2ae71066cbb134753d7bfceb16e87d0b76dfd6e;p=dak.git diff --git a/dak/import_ldap_fingerprints.py b/dak/import_ldap_fingerprints.py index 4541c331..4cc8aa01 100755 --- a/dak/import_ldap_fingerprints.py +++ b/dak/import_ldap_fingerprints.py @@ -46,8 +46,8 @@ import commands, ldap, pg, re, sys import apt_pkg -import daklib.database -import daklib.utils +from daklib import database +from daklib import utils ################################################################################ @@ -70,29 +70,38 @@ Syncs fingerprint and uid tables with a debian.org LDAP DB def get_ldap_value(entry, value): ret = entry.get(value) - if not ret: + if not ret or ret[0] == "" or ret[0] == "-": return "" else: # FIXME: what about > 0 ? - return ret[0] + return ret[0] + " " + +def get_ldap_name(entry): + name = get_ldap_value(entry, "cn") + name += get_ldap_value(entry, "mn") + name += get_ldap_value(entry, "sn") + return name.rstrip() + +def escape_string(str): + return str.replace("'", "\\'") def main(): global Cnf, projectB - Cnf = daklib.utils.get_conf() + Cnf = utils.get_conf() Arguments = [('h',"help","Import-LDAP-Fingerprints::Options::Help")] for i in [ "help" ]: - if not Cnf.has_key("Import-LDAP-Fingerprints::Options::%s" % (i)): - Cnf["Import-LDAP-Fingerprints::Options::%s" % (i)] = "" + if not Cnf.has_key("Import-LDAP-Fingerprints::Options::%s" % (i)): + Cnf["Import-LDAP-Fingerprints::Options::%s" % (i)] = "" apt_pkg.ParseCommandLine(Cnf, Arguments, sys.argv) Options = Cnf.SubTree("Import-LDAP-Fingerprints::Options") if Options["Help"]: - usage() + usage() projectB = pg.connect(Cnf["DB::Name"], Cnf["DB::Host"], int(Cnf["DB::Port"])) - daklib.database.init(Cnf, projectB) + database.init(Cnf, projectB) LDAPDn = Cnf["Import-LDAP-Fingerprints::LDAPDn"] LDAPServer = Cnf["Import-LDAP-Fingerprints::LDAPServer"] @@ -100,7 +109,7 @@ def main(): l.simple_bind_s("","") Attrs = l.search_s(LDAPDn, ldap.SCOPE_ONELEVEL, "(&(keyfingerprint=*)(gidnumber=%s))" % (Cnf["Import-Users-From-Passwd::ValidGID"]), - ["uid", "keyfingerprint"]) + ["uid", "keyfingerprint", "cn", "mn", "sn"]) projectB.query("BEGIN WORK") @@ -108,6 +117,7 @@ def main(): # Sync LDAP with DB db_fin_uid = {} + db_uid_name = {} ldap_fin_uid_id = {} q = projectB.query(""" SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id @@ -116,11 +126,22 @@ SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id (fingerprint, fingerprint_id, uid) = i db_fin_uid[fingerprint] = (uid, fingerprint_id) + q = projectB.query("SELECT id, name FROM uid") + for i in q.getresult(): + (uid, name) = i + db_uid_name[uid] = name + for i in Attrs: entry = i[1] fingerprints = entry["keyFingerPrint"] uid = entry["uid"][0] - uid_id = daklib.database.get_or_set_uid_id(uid) + name = get_ldap_name(entry) + uid_id = database.get_or_set_uid_id(uid) + + if not db_uid_name.has_key(uid_id) or db_uid_name[uid_id] != name: + q = projectB.query("UPDATE uid SET name = '%s' WHERE id = %d" % (escape_string(name), uid_id)) + print "Assigning name of %s as %s" % (uid, name) + for fingerprint in fingerprints: ldap_fin_uid_id[fingerprint] = (uid, uid_id) if db_fin_uid.has_key(fingerprint): @@ -128,37 +149,40 @@ SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id if not existing_uid: q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id)) print "Assigning %s to 0x%s." % (uid, fingerprint) + elif existing_uid == uid: + pass + elif '@' not in existing_ui: + q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id)) + print "Promoting DM %s to DD %s with keyid 0x%s." % (existing_uid, uid, fingerprint) else: - if existing_uid != uid: - daklib.utils.fubar("%s has %s in LDAP, but projectB says it should be %s." % (uid, fingerprint, existing_uid)) + utils.warn("%s has %s in LDAP, but projectB says it should be %s." % (uid, fingerprint, existing_uid)) # Try to update people who sign with non-primary key q = projectB.query("SELECT fingerprint, id FROM fingerprint WHERE uid is null") for i in q.getresult(): (fingerprint, fingerprint_id) = i - cmd = "gpg --no-default-keyring --keyring=%s --keyring=%s --fingerprint %s" \ - % (Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"], - fingerprint) + cmd = "gpg --no-default-keyring %s --fingerprint %s" \ + % (utils.gpg_keyring_args(), fingerprint) (result, output) = commands.getstatusoutput(cmd) if result == 0: m = re_gpg_fingerprint.search(output) if not m: print output - daklib.utils.fubar("0x%s: No fingerprint found in gpg output but it returned 0?\n%s" % (fingerprint, daklib.utils.prefix_multi_line_string(output, " [GPG output:] "))) + utils.fubar("0x%s: No fingerprint found in gpg output but it returned 0?\n%s" % (fingerprint, utils.prefix_multi_line_string(output, " [GPG output:] "))) primary_key = m.group(1) primary_key = primary_key.replace(" ","") if not ldap_fin_uid_id.has_key(primary_key): - daklib.utils.fubar("0x%s (from 0x%s): no UID found in LDAP" % (primary_key, fingerprint)) - (uid, uid_id) = ldap_fin_uid_id[primary_key] - q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id)) - print "Assigning %s to 0x%s." % (uid, fingerprint) + utils.warn("0x%s (from 0x%s): no UID found in LDAP" % (primary_key, fingerprint)) + else: + (uid, uid_id) = ldap_fin_uid_id[primary_key] + q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id)) + print "Assigning %s to 0x%s." % (uid, fingerprint) else: extra_keyrings = "" for keyring in Cnf.ValueList("Import-LDAP-Fingerprints::ExtraKeyrings"): extra_keyrings += " --keyring=%s" % (keyring) - cmd = "gpg --keyring=%s --keyring=%s %s --list-key %s" \ - % (Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"], - extra_keyrings, fingerprint) + cmd = "gpg %s %s --list-key %s" \ + % (utils.gpg_keyring_args(), extra_keyrings, fingerprint) (result, output) = commands.getstatusoutput(cmd) if result != 0: cmd = "gpg --keyserver=%s --allow-non-selfsigned-uid --recv-key %s" % (Cnf["Import-LDAP-Fingerprints::KeyServer"], fingerprint) @@ -185,24 +209,23 @@ SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id guess_uid = "???" name = " ".join(output.split('\n')[0].split()[3:]) print "0x%s -> %s -> %s" % (fingerprint, name, guess_uid) + # FIXME: make me optionally non-interactive # FIXME: default to the guessed ID uid = None while not uid: - uid = daklib.utils.our_raw_input("Map to which UID ? ") + uid = utils.our_raw_input("Map to which UID ? ") Attrs = l.search_s(LDAPDn,ldap.SCOPE_ONELEVEL,"(uid=%s)" % (uid), ["cn","mn","sn"]) if not Attrs: print "That UID doesn't exist in LDAP!" uid = None else: entry = Attrs[0][1] - name = " ".join([get_ldap_value(entry, "cn"), - get_ldap_value(entry, "mn"), - get_ldap_value(entry, "sn")]) + name = get_ldap_name(entry) prompt = "Map to %s - %s (y/N) ? " % (uid, name.replace(" "," ")) - yn = daklib.utils.our_raw_input(prompt).lower() + yn = utils.our_raw_input(prompt).lower() if yn == "y": - uid_id = daklib.database.get_or_set_uid_id(uid) + uid_id = database.get_or_set_uid_id(uid) projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id)) print "Assigning %s to 0x%s." % (uid, fingerprint) else: