def get_ldap_value(entry, value):
ret = entry.get(value)
- if not ret:
+ if not ret or ret[0] == "" or ret[0] == "-":
return ""
else:
# FIXME: what about > 0 ?
- return ret[0]
+ return ret[0] + " "
+
+def get_ldap_name(entry):
+ name = get_ldap_value(entry, "cn")
+ name += get_ldap_value(entry, "mn")
+ name += get_ldap_value(entry, "sn")
+ return name.rstrip()
+
+def escape_string(str):
+ return str.replace("'", "\\'")
def main():
global Cnf, projectB
l.simple_bind_s("","")
Attrs = l.search_s(LDAPDn, ldap.SCOPE_ONELEVEL,
"(&(keyfingerprint=*)(gidnumber=%s))" % (Cnf["Import-Users-From-Passwd::ValidGID"]),
- ["uid", "keyfingerprint"])
+ ["uid", "keyfingerprint", "cn", "mn", "sn"])
projectB.query("BEGIN WORK")
# Sync LDAP with DB
db_fin_uid = {}
+ db_uid_name = {}
ldap_fin_uid_id = {}
q = projectB.query("""
SELECT f.fingerprint, f.id, u.uid FROM fingerprint f, uid u WHERE f.uid = u.id
(fingerprint, fingerprint_id, uid) = i
db_fin_uid[fingerprint] = (uid, fingerprint_id)
+ q = projectB.query("SELECT id, name FROM uid")
+ for i in q.getresult():
+ (uid, name) = i
+ db_uid_name[uid] = name
+
for i in Attrs:
entry = i[1]
fingerprints = entry["keyFingerPrint"]
uid = entry["uid"][0]
+ name = get_ldap_name(entry)
uid_id = daklib.database.get_or_set_uid_id(uid)
+
+ if not db_uid_name.has_key(uid_id) or db_uid_name[uid_id] != name:
+ q = projectB.query("UPDATE uid SET name = '%s' WHERE id = %d" % (escape_string(name), uid_id))
+ print "Assigning name of %s as %s" % (uid, name)
+
for fingerprint in fingerprints:
ldap_fin_uid_id[fingerprint] = (uid, uid_id)
if db_fin_uid.has_key(fingerprint):
if not existing_uid:
q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id))
print "Assigning %s to 0x%s." % (uid, fingerprint)
+ elif existing_uid == uid:
+ pass
+ elif existing_uid[:3] == "dm:":
+ q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id))
+ print "Promoting DM %s to DD %s with keyid 0x%s." % (existing_uid, uid, fingerprint)
else:
- if existing_uid != uid:
- daklib.utils.fubar("%s has %s in LDAP, but projectB says it should be %s." % (uid, fingerprint, existing_uid))
+ daklib.utils.warn("%s has %s in LDAP, but projectB says it should be %s." % (uid, fingerprint, existing_uid))
# Try to update people who sign with non-primary key
q = projectB.query("SELECT fingerprint, id FROM fingerprint WHERE uid is null")
for i in q.getresult():
(fingerprint, fingerprint_id) = i
- cmd = "gpg --no-default-keyring --keyring=%s --keyring=%s --fingerprint %s" \
- % (Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"],
- fingerprint)
+ cmd = "gpg --no-default-keyring %s --fingerprint %s" \
+ % (daklib.utils.gpg_keyring_args(), fingerprint)
(result, output) = commands.getstatusoutput(cmd)
if result == 0:
m = re_gpg_fingerprint.search(output)
primary_key = m.group(1)
primary_key = primary_key.replace(" ","")
if not ldap_fin_uid_id.has_key(primary_key):
- daklib.utils.fubar("0x%s (from 0x%s): no UID found in LDAP" % (primary_key, fingerprint))
- (uid, uid_id) = ldap_fin_uid_id[primary_key]
- q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id))
- print "Assigning %s to 0x%s." % (uid, fingerprint)
+ daklib.utils.warn("0x%s (from 0x%s): no UID found in LDAP" % (primary_key, fingerprint))
+ else:
+ (uid, uid_id) = ldap_fin_uid_id[primary_key]
+ q = projectB.query("UPDATE fingerprint SET uid = %s WHERE id = %s" % (uid_id, fingerprint_id))
+ print "Assigning %s to 0x%s." % (uid, fingerprint)
else:
extra_keyrings = ""
for keyring in Cnf.ValueList("Import-LDAP-Fingerprints::ExtraKeyrings"):
extra_keyrings += " --keyring=%s" % (keyring)
- cmd = "gpg --keyring=%s --keyring=%s %s --list-key %s" \
- % (Cnf["Dinstall::PGPKeyring"], Cnf["Dinstall::GPGKeyring"],
- extra_keyrings, fingerprint)
+ cmd = "gpg %s %s --list-key %s" \
+ % (daklib.utils.gpg_keyring_args(), extra_keyrings, fingerprint)
(result, output) = commands.getstatusoutput(cmd)
if result != 0:
cmd = "gpg --keyserver=%s --allow-non-selfsigned-uid --recv-key %s" % (Cnf["Import-LDAP-Fingerprints::KeyServer"], fingerprint)
guess_uid = "???"
name = " ".join(output.split('\n')[0].split()[3:])
print "0x%s -> %s -> %s" % (fingerprint, name, guess_uid)
+
# FIXME: make me optionally non-interactive
# FIXME: default to the guessed ID
uid = None
uid = None
else:
entry = Attrs[0][1]
- name = " ".join([get_ldap_value(entry, "cn"),
- get_ldap_value(entry, "mn"),
- get_ldap_value(entry, "sn")])
+ name = get_ldap_name(entry)
prompt = "Map to %s - %s (y/N) ? " % (uid, name.replace(" "," "))
yn = daklib.utils.our_raw_input(prompt).lower()
if yn == "y":
projects / dak.git / blobdiff