[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] share/debian-edu-config/tools/clean-up-host-keytabs: Add script. Moving host...

Mike Gabriel gitlab at salsa.debian.org
Sat May 2 05:20:24 BST 2020 


Mike Gabriel pushed to branch master at Debian Edu / debian-edu-config


Commits:
1e976842 by Mike Gabriel at 2020-05-02T06:20:13+02:00
share/debian-edu-config/tools/clean-up-host-keytabs: Add script. Moving host keytabs cleanup code out of gosa-modify-host into a standalone script, but still calling it from there (for now). (Closes: #935080).

- - - - -


4 changed files:

- Makefile
- debian/changelog
- + share/debian-edu-config/tools/clean-up-host-keytabs
- share/debian-edu-config/tools/gosa-modify-host


Changes:

=====================================
Makefile
=====================================
@@ -283,6 +283,7 @@ install: install-testsuite
 		share/debian-edu-config/d-i/finish-install \
 		share/debian-edu-config/d-i/pre-pkgsel \
 		share/debian-edu-config/tools/passwd \
+		share/debian-edu-config/tools/clean-up-host-keytabs \
 		share/debian-edu-config/tools/configure-edu-gateway \
 		share/debian-edu-config/tools/create-debian-edu-certs \
 		share/debian-edu-config/tools/create-server-cert \


=====================================
debian/changelog
=====================================
@@ -1,3 +1,13 @@
+debian-edu-config (2.11.24) UNRELEASED; urgency=medium
+
+  * share/debian-edu-config/tools/clean-up-host-keytabs: Add script.
+    Move host keytabs cleanup code out of gosa-modify-host into a standalone
+    script, but still call it from there (for now). Major script improvement:
+    Reduce LDAP calls to a single ldapsearch query which greatly improves the
+    execution speed of the code. (Closes: #935080).
+
+ -- Mike Gabriel <sunweaver at debian.org>  Sat, 02 May 2020 06:14:16 +0200
+
 debian-edu-config (2.11.23) unstable; urgency=medium
 
   [ Wolfgang Schweer ]


=====================================
share/debian-edu-config/tools/clean-up-host-keytabs
=====================================
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+# Copyright (C) 2020 Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+# Copyright (C) 2020 Wolfgang Schweer <w.schweer at gmx.de>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the
+# Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# This script cleans up /etc/debian-edu/host-keytabs/. It looks into TJENER's
+# LDAP tree (objectClass=dhcpHost) and removes all keytab files (and host
+# principals) that don't have a dhcpHost object (anymore).
+#
+# Usage: <this-script>
+
+set -e
+
+declare -a hosts
+num_hosts=0
+while read KEY VALUE ; do
+	case "$KEY" in
+		dn:) let "num_hosts+=1" ;;
+		cn:) hosts[$(($num_hosts-1))]="$VALUE" ;;
+		"")
+		    :
+		;;
+	esac
+done < <(ldapsearch -xLLL "objectclass=dhcpHost")
+
+# add gateway host manually
+hosts[$num_hosts]=gateway
+
+# and also tjener...
+hosts[$num_hosts+1]=tjener
+
+printf -v hosts_str -- ',,%q' "${hosts[@]}"
+hosts_str=$(echo $hosts_str | tr 'A-Z' 'a-z')
+
+for i in $(basename -a /etc/debian-edu/host-keytabs/* | sed 's#.intern.keytab##') ; do
+	match_value=$(echo $i | tr 'A-Z' 'a-z')
+	if [[ ! "${hosts_str},," =~ ",,$match_value,," ]]; then
+		kadmin.local delprinc host/$i.intern at INTERN
+		kadmin.local delprinc nfs/$i.intern at INTERN
+		rm /etc/debian-edu/host-keytabs/$i.intern.keytab
+	fi
+done
+
+exit 0


=====================================
share/debian-edu-config/tools/gosa-modify-host
=====================================
@@ -16,15 +16,7 @@ logger -t gosa-modify-host -p notice Krb5 principals and keytab file for host \'
 # update services:
 /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs
 
-# cleanup from leftover host principals and keytab file:
-for i in $(basename -a /etc/debian-edu/host-keytabs/* | sed 's#.intern.keytab##') ; do
-    if slapcat | grep $i | grep -q dhcp ; then
-	    :
-	else
-		kadmin.local delprinc host/$i.intern at INTERN
-		kadmin.local delprinc nfs/$i.intern at INTERN
-		rm /etc/debian-edu/host-keytabs/$i.intern.keytab
-    fi
-done
+# clean-up Kerberos host keytabs
+/usr/share/debian-edu-config/tools/clean-up-host-keytabs
 
 exit 0



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/1e976842e7c03fd8d26d5fd9ee49cbd74fad6828

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/1e976842e7c03fd8d26d5fd9ee49cbd74fad6828
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20200502/b41997bf/attachment-0001.html>

More information about the debian-edu-commits mailing list