Cfg: Added feature to provide generation of SSH keys, authorized_keys file

1 files changed, 105 insertions, 0 deletions

diff --git a/schemas/authorizedkeys.xsd b/schemas/authorizedkeys.xsd
new file mode 100644
index 000000000..848f99bae
--- /dev/null
+++ b/schemas/authorizedkeys.xsd
@@ -0,0 +1,105 @@
+<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xml:lang="en">
+  <xsd:annotation>
+    <xsd:documentation>
+      Schema for :ref:`server-plugins-generators-cfg-sshkeys`
+      ``authorizedkeys.xml``
+    </xsd:documentation>
+  </xsd:annotation>
+
+  <xsd:complexType name="AuthorizedKeysGroupType">
+    <xsd:annotation>
+      <xsd:documentation>
+        An **AuthorizedKeysGroupType** is a tag used to provide logic.
+        Child entries of an AuthorizedKeysGroupType tag only apply to
+        machines that match the condition specified -- either
+        membership in a group, or a matching client name.
+        :xml:attribute:`AuthorizedKeysGroupType:negate` can be set to
+        negate the sense of the match.
+      </xsd:documentation>
+    </xsd:annotation>
+    <xsd:choice minOccurs="1" maxOccurs="unbounded">
+      <xsd:element name="Allow" type="AllowType"/>
+      <xsd:element name="Group" type="AuthorizedKeysGroupType"/>
+      <xsd:element name="Client" type="AuthorizedKeysGroupType"/>
+    </xsd:choice>
+    <xsd:attribute name='name' type='xsd:string'>
+      <xsd:annotation>
+        <xsd:documentation>
+          The name of the client or group to match on.  Child entries
+          will only apply to this client or group (unless
+          :xml:attribute:`AuthorizedKeysGroupType:negate` is set).
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+    <xsd:attribute name='negate' type='xsd:boolean'>
+      <xsd:annotation>
+        <xsd:documentation>
+          Negate the sense of the match, so that child entries only
+          apply to a client if it is not a member of the given group
+          or does not have the given name.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+  </xsd:complexType>
+
+  <xsd:complexType name="AllowType" mixed="true">
+    <xsd:annotation>
+      <xsd:documentation>
+        Allow access from a public key, given either as text content,
+        or described by the attributes.
+      </xsd:documentation>
+    </xsd:annotation>
+    <xsd:choice minOccurs="0" maxOccurs="unbounded">
+      <xsd:element name="Params" type="AuthorizedKeysParamsType"/>
+    </xsd:choice>
+    <xsd:attribute name="from" type="xsd:string">
+      <xsd:annotation>
+        <xsd:documentation>
+          The path of the public key to allow.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+    <xsd:attribute name="group" type="xsd:string">
+      <xsd:annotation>
+        <xsd:documentation>
+          Use a public key specific to the given group, instead of the
+          public key specific to the appropriate category group of the
+          current client.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+    <xsd:attribute name="host" type="xsd:string">
+      <xsd:annotation>
+        <xsd:documentation>
+          Use a public key specific to the given host.
+        </xsd:documentation>
+      </xsd:annotation>
+    </xsd:attribute>
+  </xsd:complexType>
+
+  <xsd:complexType name="AuthorizedKeysParamsType">
+    <xsd:annotation>
+      <xsd:documentation>
+        Specify parameters for public key authentication and
+        connection.  See :manpage:`sshd(8)` for details on allowable
+        parameters.
+      </xsd:documentation>
+    </xsd:annotation>
+    <xsd:anyAttribute processContents="lax"/>
+  </xsd:complexType>
+
+  <xsd:element name="AuthorizedKeys">
+    <xsd:annotation>
+      <xsd:documentation>
+        Top-level tag for describing a generated SSH key pair.
+      </xsd:documentation>
+    </xsd:annotation>
+    <xsd:complexType>
+      <xsd:choice minOccurs="1" maxOccurs="unbounded">
+        <xsd:element name="Allow" type="AllowType"/>
+        <xsd:element name="Group" type="AuthorizedKeysGroupType"/>
+        <xsd:element name="Client" type="AuthorizedKeysGroupType"/>
+      </xsd:choice>
+    </xsd:complexType>
+  </xsd:element>
+</xsd:schema>