From 6a2f2352bea4668a63e2d03039bd615b7d70d3d1 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Mon, 16 Jun 2014 07:57:10 +0200 Subject: [PATCH] new type: __ssh_dot_ssh Signed-off-by: Nico Schottelius --- .../conf/type/__ssh_authorized_keys/man.text | 6 +-- .../conf/type/__ssh_authorized_keys/manifest | 8 +--- cdist/conf/type/__ssh_dot_ssh/explorer/group | 22 ++++++++++ cdist/conf/type/__ssh_dot_ssh/explorer/passwd | 24 ++++++++++ cdist/conf/type/__ssh_dot_ssh/man.text | 44 +++++++++++++++++++ cdist/conf/type/__ssh_dot_ssh/manifest | 44 +++++++++++++++++++ .../__ssh_dot_ssh/parameter/default/state | 1 + .../type/__ssh_dot_ssh/parameter/optional | 1 + 8 files changed, 141 insertions(+), 9 deletions(-) create mode 100755 cdist/conf/type/__ssh_dot_ssh/explorer/group create mode 100755 cdist/conf/type/__ssh_dot_ssh/explorer/passwd create mode 100644 cdist/conf/type/__ssh_dot_ssh/man.text create mode 100755 cdist/conf/type/__ssh_dot_ssh/manifest create mode 100644 cdist/conf/type/__ssh_dot_ssh/parameter/default/state create mode 100644 cdist/conf/type/__ssh_dot_ssh/parameter/optional diff --git a/cdist/conf/type/__ssh_authorized_keys/man.text b/cdist/conf/type/__ssh_authorized_keys/man.text index 9fd683fd..2e4202a7 100644 --- a/cdist/conf/type/__ssh_authorized_keys/man.text +++ b/cdist/conf/type/__ssh_authorized_keys/man.text @@ -12,9 +12,9 @@ DESCRIPTION ----------- Adds or removes ssh keys from a authorized_keys file. -This type also manages the directory containing the authorized_keys -file and sets strict ownership and permissions. You can disable this feature -with the --noparent boolean parameter. +This type uses the __ssh_dot_ssh type to the directory containing +the authorized_keys file. +You can disable this feature with the --noparent boolean parameter. The existence, ownership and permissions of the authorized_keys file itself are also managed. This can be disabled with the --nofile boolean parameter. It is diff --git a/cdist/conf/type/__ssh_authorized_keys/manifest b/cdist/conf/type/__ssh_authorized_keys/manifest index 1c9df208..5885ec77 100755 --- a/cdist/conf/type/__ssh_authorized_keys/manifest +++ b/cdist/conf/type/__ssh_authorized_keys/manifest @@ -40,12 +40,8 @@ if [ ! -f "$__object/parameter/noparent" -o ! -f "$__object/parameter/nofile" ]; fi if [ ! -f "$__object/parameter/noparent" ]; then - # Ensure that the directory in which the authorized_keys shall be exists and - # has the right permissions. - ssh_directory="${file%/*}" - __directory "$ssh_directory" --state present --parents \ - --owner "$owner" --group "$group" --mode 0700 - export require="__directory/$ssh_directory" + __ssh_dot_ssh "$owner" + export require="__ssh_dot_ssh/$owner" fi if [ ! -f "$__object/parameter/nofile" ]; then # Ensure that authorized_keys file exists and has the right permissions. diff --git a/cdist/conf/type/__ssh_dot_ssh/explorer/group b/cdist/conf/type/__ssh_dot_ssh/explorer/group new file mode 100755 index 00000000..cdea6fe7 --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/explorer/group @@ -0,0 +1,22 @@ +#!/bin/sh +# +# 2014 Steven Armstrong (steven-cdist at armstrong.cc) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +gid="$("$__type_explorer/passwd" | cut -d':' -f 4)" +getent group "$gid" || true diff --git a/cdist/conf/type/__ssh_dot_ssh/explorer/passwd b/cdist/conf/type/__ssh_dot_ssh/explorer/passwd new file mode 100755 index 00000000..3fbad06f --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/explorer/passwd @@ -0,0 +1,24 @@ +#!/bin/sh +# +# 2012 Steven Armstrong (steven-cdist at armstrong.cc) +# 2014 Nico Schottelius (nico-cdist at schottelius.org) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# + +owner="$__object_id" + +getent passwd "$owner" || true diff --git a/cdist/conf/type/__ssh_dot_ssh/man.text b/cdist/conf/type/__ssh_dot_ssh/man.text new file mode 100644 index 00000000..2cd2001c --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/man.text @@ -0,0 +1,44 @@ +cdist-type__ssh_dot_ssh(7) +========================== +Nico Schottelius + + +NAME +---- +cdist-type__ssh_dot_ssh - Manage .ssh directory + + +DESCRIPTION +----------- +Adds or removes .ssh directory to a user home. + +This type is being used by __ssh_authorized_keys. + +OPTIONAL PARAMETERS +------------------- +state:: + if the directory should be 'present' or 'absent', defaults to 'present'. + + +EXAMPLES +-------- + +-------------------------------------------------------------------------------- +# Ensure root has ~/.ssh with the right permissions +__ssh_dot_ssh root + +# Nico does not need ~/.ssh anymore +__ssh_dot_ssh nico --state absent +-------------------------------------------------------------------------------- + + +SEE ALSO +-------- +- cdist-type(7) +- cdist-type__ssh_authorized_keys(7) + + +COPYING +------- +Copyright \(C) 2014 Nico Schottelius. Free use of this software is +granted under the terms of the GNU General Public License version 3 (GPLv3). diff --git a/cdist/conf/type/__ssh_dot_ssh/manifest b/cdist/conf/type/__ssh_dot_ssh/manifest new file mode 100755 index 00000000..2145cf40 --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/manifest @@ -0,0 +1,44 @@ +#!/bin/sh +# +# 2012-2014 Steven Armstrong (steven-cdist at armstrong.cc) +# 2014 Nico Schottelius (nico-cdist at schottelius.org) +# +# This file is part of cdist. +# +# cdist is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cdist is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cdist. If not, see . +# +# Hacked in Kalamata, Greece +# + +owner="$__object_id" +state="$(cat "$__object/parameter/state") + +group="$(cut -d':' -f 1 "$__object/explorer/group")" +if [ -z "$group" ]; then + echo "Failed to get owners group from explorer." >&2 + exit 1 +fi + +home="$(cut -d':' -f 6 "$__object/explorer/passwd")" +if [ -z "$home" ]; then + echo "Failed to get home directory from explorer." >&2 + exit 1 +fi +ssh_directory="${home}/.ssh" + +# Ensure that the directory in which the authorized_keys shall be exists and +# has the right permissions. +__directory "$ssh_directory" \ + --state "$state" \ + --owner "$owner" --group "$group" --mode 0700 diff --git a/cdist/conf/type/__ssh_dot_ssh/parameter/default/state b/cdist/conf/type/__ssh_dot_ssh/parameter/default/state new file mode 100644 index 00000000..e7f6134f --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/parameter/default/state @@ -0,0 +1 @@ +present diff --git a/cdist/conf/type/__ssh_dot_ssh/parameter/optional b/cdist/conf/type/__ssh_dot_ssh/parameter/optional new file mode 100644 index 00000000..ff72b5c7 --- /dev/null +++ b/cdist/conf/type/__ssh_dot_ssh/parameter/optional @@ -0,0 +1 @@ +state