aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--linaro_ldap.py7
-rwxr-xr-xssh_keys.py65
2 files changed, 67 insertions, 5 deletions
diff --git a/linaro_ldap.py b/linaro_ldap.py
index f6544f2..2ea5b63 100644
--- a/linaro_ldap.py
+++ b/linaro_ldap.py
@@ -5,11 +5,6 @@ import tempfile
import ldap
-# To provide alternative ldap bind credentials, override the LDAP_CONF
-# environment variable when calling your script that makes use of the this
-# library
-LDAP_CONF = os.environ.get('LDAP_CONF', '/etc/ldap.conf')
-
@contextlib.contextmanager
def ldap_client(config):
@@ -24,6 +19,8 @@ def ldap_client(config):
def build_config():
config = {}
+ LDAP_CONF = __file__.rsplit(".", 1)[0] + ".conf"
+
with open(LDAP_CONF) as f:
for line in f:
if line.startswith('binddn'):
diff --git a/ssh_keys.py b/ssh_keys.py
new file mode 100755
index 0000000..07f0995
--- /dev/null
+++ b/ssh_keys.py
@@ -0,0 +1,65 @@
+#!/usr/bin/python2
+import json
+import os
+import subprocess
+import sys
+import tarfile
+import urllib2
+import pwd
+
+import linaro_ldap
+
+
+def web_sync(url):
+ if not os.path.exists('./tmp'):
+ os.mkdir('./tmp')
+ tf = urllib2.urlopen(url)
+ with tarfile.open(fileobj=tf, mode="r|gz") as tf:
+ tf.extractall(path='./tmp')
+
+ for p in os.listdir('./tmp'):
+ os.rename('./tmp/' + p, p)
+
+
+def ldap_sync():
+ fname = 'ssh_keys.json'
+ with open(fname + '.tmp', 'w') as f:
+ json.dump(linaro_ldap.get_users_and_keys(), f)
+ os.rename(f.name, fname)
+ subprocess.check_output(['/usr/sbin/nss_updatedb', 'ldap'])
+ with tarfile.open('ldap-files.tgz.tmp', 'w:gz') as tf:
+ tf.add('group.db')
+ tf.add('passwd.db')
+ tf.add('ssh_keys.json')
+ os.rename('ldap-files.tgz.tmp', 'ldap-files.tgz')
+
+
+def keys(user):
+ u = pwd.getpwnam(user)
+ if u.pw_uid < 10000: # local user
+ with open(os.path.join(u.pw_dir, '.ssh/authorized_keys')) as f:
+ try:
+ print f.read().strip('\n')
+ except:
+ return
+
+ with open('ssh_keys.json') as f:
+ data = json.load(f)
+ keys = data.get(user)
+ if keys:
+ for key in keys:
+ print(key[1])
+
+
+if __name__ == '__main__':
+ if len(sys.argv) not in (2, 3):
+ sys.exit('Usage: %s --sync [URL]|<user>' % sys.argv[0])
+
+ os.chdir('/var/lib/misc')
+ if sys.argv[1] == '--sync':
+ if len(sys.argv) == 3:
+ web_sync(sys.argv[2])
+ else:
+ ldap_sync()
+ else:
+ keys(sys.argv[1])