X-Git-Url: https://git.decadent.org.uk/gitweb/?a=blobdiff_plain;f=dak%2Fimport_ldap_fingerprints.py;h=cdffbd0a6894adc3437197e22fa3f2d22dfbccaf;hb=b612f3da207fa0d75a5d3b204ac8f02bb244231a;hp=4fa6d6653a3e86b550ba2922081c71c3e3590295;hpb=704108dfd7a9afe38cdb18463b71bd4739dda9ce;p=dak.git

diff --git a/dak/import_ldap_fingerprints.py b/dak/import_ldap_fingerprints.py
index 4fa6d665..cdffbd0a 100755
--- a/dak/import_ldap_fingerprints.py
+++ b/dak/import_ldap_fingerprints.py
@@ -1,8 +1,7 @@
 #!/usr/bin/env python
 
-# Sync fingerprint and uid tables with a debian.org LDAP DB
+""" Sync fingerprint and uid tables with a debian.org LDAP DB """
 # Copyright (C) 2003, 2004, 2006  James Troup <james@nocrew.org>
-# $Id: emilie,v 1.3 2004-11-27 13:25:35 troup Exp $
 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -47,20 +46,19 @@
 
 import commands, ldap, pg, re, sys
 import apt_pkg
-import db_access, utils
+from daklib import database
+from daklib import utils
+from daklib.regexes import re_gpg_fingerprint, re_debian_address
 
 ################################################################################
 
 Cnf = None
 projectB = None
 
-re_gpg_fingerprint = re.compile(r"^\s+Key fingerprint = (.*)$", re.MULTILINE)
-re_debian_address = re.compile(r"^.*<(.*)@debian\.org>$", re.MULTILINE)
-
 ################################################################################
 
 def usage(exit_code=0):
-    print """Usage: emilie
+    print """Usage: dak import-ldap-fingerprints
 Syncs fingerprint and uid tables with a debian.org LDAP DB
 
   -h, --help                show this help and exit."""
@@ -70,37 +68,46 @@ Syncs fingerprint and uid tables with a debian.org LDAP DB
 
 def get_ldap_value(entry, value):
     ret = entry.get(value)
-    if not ret:
+    if not ret or ret[0] == "" or ret[0] == "-":
         return ""
     else:
         # FIXME: what about > 0 ?
-        return ret[0]
+        return ret[0] + " "
+
+def get_ldap_name(entry):
+    name = get_ldap_value(entry, "cn")
+    name += get_ldap_value(entry, "mn")
+    name += get_ldap_value(entry, "sn")
+    return name.rstrip()
+
+def escape_string(str):
+    return str.replace("'", "\\'")
 
 def main():
     global Cnf, projectB
 
     Cnf = utils.get_conf()
-    Arguments = [('h',"help","Emilie::Options::Help")]
+    Arguments = [('h',"help","Import-LDAP-Fingerprints::Options::Help")]
     for i in [ "help" ]:
-	if not Cnf.has_key("Emilie::Options::%s" % (i)):
-	    Cnf["Emilie::Options::%s" % (i)] = ""
+        if not Cnf.has_key("Import-LDAP-Fingerprints::Options::%s" % (i)):
+            Cnf["Import-LDAP-Fingerprints::Options::%s" % (i)] = ""
 
     apt_pkg.ParseCommandLine(Cnf, Arguments, sys.argv)
 
-    Options = Cnf.SubTree("Emilie::Options")
+    Options = Cnf.SubTree("Import-LDAP-Fingerprints::Options")
     if Options["Help"]:
-	usage()
+        usage()
 
     projectB = pg.connect(Cnf["DB::Name"], Cnf["DB::Host"], int(Cnf["DB::Port"]))
-    db_access.init(Cnf, projectB)
+    database.init(Cnf, projectB)
 
-    LDAPDn = Cnf["Emilie::LDAPDn"]
-    LDAPServer = Cnf["Emilie::LDAPServer"]
+    LDAPDn = Cnf["Import-LDAP-Fingerprints::LDAPDn"]
+    LDAPServer = Cnf["Import-LDAP-Fingerprints::LDAPServer"]
     l = ldap.open(LDAPServer)
     l.simple_bind_s("","")
     Attrs = l.search_s(LDAPDn, ldap.SCOPE_ONELEVEL,
-                       "(&(keyfingerprint=*)(gidnumber=%s))" % (Cnf["Julia::ValidGID"]),
-                       ["uid", "keyfingerprint"])
+                       "(&(keyfingerprint=*)(gidnumber=%s))" % (Cnf["Import-Users-From-Passwd::ValidGID"]),
+                       ["uid", "keyfingerprint", "cn", "mn", "sn"])
 
 
     projectB.query("BEGIN WORK")
@@ -108,6 +115,7 @@ def main():
 
     # Sync LDAP with DB
     db_fin_uid = {}
+    db_uid_name = {}
     ldap_fin_uid_id = {}
     q = projectB.query("""
 SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id
@@ -116,11 +124,22 @@ SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id
         (fingerprint, fingerprint_id, uid) = i
         db_fin_uid[fingerprint] = (uid, fingerprint_id)
 
+    q = projectB.query("SELECT id, name FROM uid")
+    for i in q.getresult():
+        (uid, name) = i
+        db_uid_name[uid] = name
+
     for i in Attrs:
         entry = i[1]
         fingerprints = entry["keyFingerPrint"]
         uid = entry["uid"][0]
-        uid_id = db_access.get_or_set_uid_id(uid)
+        name = get_ldap_name(entry)
+        uid_id = database.get_or_set_uid_id(uid)
+
+        if not db_uid_name.has_key(uid_id) or db_uid_name[uid_id] != name:
+            q = projectB.query("UPDATE uid SET name = '%s' WHERE id = %d" % (escape_string(name), uid_id))
+            print "Assigning name of %s as %s" % (uid, name)
+
         for fingerprint in fingerprints:
             ldap_fin_uid_id[fingerprint] = (uid, uid_id)
             if db_fin_uid.has_key(fingerprint):
@@ -128,17 +147,20 @@ SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id
                 if not existing_uid:
                     q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id))
                     print "Assigning %s to 0x%s." % (uid, fingerprint)
+                elif existing_uid == uid:
+                    pass
+                elif '@' not in existing_uid:
+                    q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id))
+                    print "Promoting DM %s to DD %s with keyid 0x%s." % (existing_uid, uid, fingerprint)
                 else:
-                    if existing_uid != uid:
-                        utils.fubar("%s has %s in LDAP, but projectB says it should be %s." % (uid, fingerprint, existing_uid))
+                    utils.warn("%s has %s in LDAP, but projectB says it should be %s." % (uid, fingerprint, existing_uid))
 
     # Try to update people who sign with non-primary key
     q = projectB.query("SELECT fingerprint, id FROM fingerprint WHERE uid is null")
     for i in q.getresult():
         (fingerprint, fingerprint_id) = i
-        cmd = "gpg --no-default-keyring --keyring=%s --keyring=%s --fingerprint %s" \
-              % (Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"],
-                 fingerprint)
+        cmd = "gpg --no-default-keyring %s --fingerprint %s" \
+              % (utils.gpg_keyring_args(), fingerprint)
         (result, output) = commands.getstatusoutput(cmd)
         if result == 0:
             m = re_gpg_fingerprint.search(output)
@@ -148,20 +170,20 @@ SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id
             primary_key = m.group(1)
             primary_key = primary_key.replace(" ","")
             if not ldap_fin_uid_id.has_key(primary_key):
-                utils.fubar("0x%s (from 0x%s): no UID found in LDAP" % (primary_key, fingerprint))
-            (uid, uid_id) = ldap_fin_uid_id[primary_key]
-            q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id))
-            print "Assigning %s to 0x%s." % (uid, fingerprint)
+                utils.warn("0x%s (from 0x%s): no UID found in LDAP" % (primary_key, fingerprint))
+            else:
+                (uid, uid_id) = ldap_fin_uid_id[primary_key]
+                q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id))
+                print "Assigning %s to 0x%s." % (uid, fingerprint)
         else:
             extra_keyrings = ""
-            for keyring in Cnf.ValueList("Emilie::ExtraKeyrings"):
+            for keyring in Cnf.ValueList("Import-LDAP-Fingerprints::ExtraKeyrings"):
                 extra_keyrings += " --keyring=%s" % (keyring)
-            cmd = "gpg --keyring=%s --keyring=%s %s --list-key %s" \
-                  % (Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"],
-                     extra_keyrings, fingerprint)
+            cmd = "gpg %s %s --list-key %s" \
+                  % (utils.gpg_keyring_args(), extra_keyrings, fingerprint)
             (result, output) = commands.getstatusoutput(cmd)
             if result != 0:
-                cmd = "gpg --keyserver=%s --allow-non-selfsigned-uid --recv-key %s" % (Cnf["Emilie::KeyServer"], fingerprint)
+                cmd = "gpg --keyserver=%s --allow-non-selfsigned-uid --recv-key %s" % (Cnf["Import-LDAP-Fingerprints::KeyServer"], fingerprint)
                 (result, output) = commands.getstatusoutput(cmd)
                 if result != 0:
                     print "0x%s: NOT found on keyserver." % (fingerprint)
@@ -185,6 +207,7 @@ SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id
                 guess_uid = "???"
             name = " ".join(output.split('\n')[0].split()[3:])
             print "0x%s -> %s -> %s" % (fingerprint, name, guess_uid)
+
             # FIXME: make me optionally non-interactive
             # FIXME: default to the guessed ID
             uid = None
@@ -196,13 +219,11 @@ SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id
                     uid = None
                 else:
                     entry = Attrs[0][1]
-                    name = " ".join([get_ldap_value(entry, "cn"),
-                                     get_ldap_value(entry, "mn"),
-                                     get_ldap_value(entry, "sn")])
+                    name = get_ldap_name(entry)
                     prompt = "Map to %s - %s (y/N) ? " % (uid, name.replace("  "," "))
                     yn = utils.our_raw_input(prompt).lower()
                     if yn == "y":
-                        uid_id = db_access.get_or_set_uid_id(uid)
+                        uid_id = database.get_or_set_uid_id(uid)
                         projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id))
                         print "Assigning %s to 0x%s." % (uid, fingerprint)
                     else: