diff options
| author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-01-03 13:40:24 -0600 |
|---|---|---|
| committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-01-03 13:40:24 -0600 |
| commit | 14406cc14a4d832fe83df5da27937051e41dd093 (patch) | |
| tree | 1fb429513bc5483251412af8251aa24517bcbb68 /schemas | |
| parent | 10326a34dd813b88c6c8816115e91977a93a1f10 (diff) | |
| download | bcfg2-14406cc14a4d832fe83df5da27937051e41dd093.tar.gz bcfg2-14406cc14a4d832fe83df5da27937051e41dd093.tar.bz2 bcfg2-14406cc14a4d832fe83df5da27937051e41dd093.zip | |
Cfg: Added feature to provide generation of SSH keys, authorized_keys file
Diffstat (limited to 'schemas')
| -rw-r--r-- | schemas/authorizedkeys.xsd | 105 | ||||
| -rw-r--r-- | schemas/privkey.xsd | 138 | ||||
| -rw-r--r-- | schemas/pubkey.xsd | 16 |
3 files changed, 259 insertions, 0 deletions
diff --git a/schemas/authorizedkeys.xsd b/schemas/authorizedkeys.xsd new file mode 100644 index 000000000..848f99bae --- /dev/null +++ b/schemas/authorizedkeys.xsd @@ -0,0 +1,105 @@ +<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xml:lang="en"> + <xsd:annotation> + <xsd:documentation> + Schema for :ref:`server-plugins-generators-cfg-sshkeys` + ``authorizedkeys.xml`` + </xsd:documentation> + </xsd:annotation> + + <xsd:complexType name="AuthorizedKeysGroupType"> + <xsd:annotation> + <xsd:documentation> + An **AuthorizedKeysGroupType** is a tag used to provide logic. + Child entries of an AuthorizedKeysGroupType tag only apply to + machines that match the condition specified -- either + membership in a group, or a matching client name. + :xml:attribute:`AuthorizedKeysGroupType:negate` can be set to + negate the sense of the match. + </xsd:documentation> + </xsd:annotation> + <xsd:choice minOccurs="1" maxOccurs="unbounded"> + <xsd:element name="Allow" type="AllowType"/> + <xsd:element name="Group" type="AuthorizedKeysGroupType"/> + <xsd:element name="Client" type="AuthorizedKeysGroupType"/> + </xsd:choice> + <xsd:attribute name='name' type='xsd:string'> + <xsd:annotation> + <xsd:documentation> + The name of the client or group to match on. Child entries + will only apply to this client or group (unless + :xml:attribute:`AuthorizedKeysGroupType:negate` is set). + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + <xsd:attribute name='negate' type='xsd:boolean'> + <xsd:annotation> + <xsd:documentation> + Negate the sense of the match, so that child entries only + apply to a client if it is not a member of the given group + or does not have the given name. + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + </xsd:complexType> + + <xsd:complexType name="AllowType" mixed="true"> + <xsd:annotation> + <xsd:documentation> + Allow access from a public key, given either as text content, + or described by the attributes. + </xsd:documentation> + </xsd:annotation> + <xsd:choice minOccurs="0" maxOccurs="unbounded"> + <xsd:element name="Params" type="AuthorizedKeysParamsType"/> + </xsd:choice> + <xsd:attribute name="from" type="xsd:string"> + <xsd:annotation> + <xsd:documentation> + The path of the public key to allow. + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + <xsd:attribute name="group" type="xsd:string"> + <xsd:annotation> + <xsd:documentation> + Use a public key specific to the given group, instead of the + public key specific to the appropriate category group of the + current client. + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + <xsd:attribute name="host" type="xsd:string"> + <xsd:annotation> + <xsd:documentation> + Use a public key specific to the given host. + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + </xsd:complexType> + + <xsd:complexType name="AuthorizedKeysParamsType"> + <xsd:annotation> + <xsd:documentation> + Specify parameters for public key authentication and + connection. See :manpage:`sshd(8)` for details on allowable + parameters. + </xsd:documentation> + </xsd:annotation> + <xsd:anyAttribute processContents="lax"/> + </xsd:complexType> + + <xsd:element name="AuthorizedKeys"> + <xsd:annotation> + <xsd:documentation> + Top-level tag for describing a generated SSH key pair. + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:choice minOccurs="1" maxOccurs="unbounded"> + <xsd:element name="Allow" type="AllowType"/> + <xsd:element name="Group" type="AuthorizedKeysGroupType"/> + <xsd:element name="Client" type="AuthorizedKeysGroupType"/> + </xsd:choice> + </xsd:complexType> + </xsd:element> +</xsd:schema> diff --git a/schemas/privkey.xsd b/schemas/privkey.xsd new file mode 100644 index 000000000..b8d9e317d --- /dev/null +++ b/schemas/privkey.xsd @@ -0,0 +1,138 @@ +<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xml:lang="en"> + <xsd:annotation> + <xsd:documentation> + Schema for :ref:`server-plugins-generators-cfg-sshkeys` ``privkey.xml`` + </xsd:documentation> + </xsd:annotation> + + <xsd:complexType name="PrivateKeyGroupType"> + <xsd:annotation> + <xsd:documentation> + An **PrivateKeyGroupType** is a tag used to provide logic. + Child entries of a PrivateKeyGroupType tag only apply to + machines that match the condition specified -- either + membership in a group, or a matching client name. + :xml:attribute:`PrivateKeyGroupType:negate` can be set to + negate the sense of the match. + </xsd:documentation> + </xsd:annotation> + <xsd:choice minOccurs="1" maxOccurs="unbounded"> + <xsd:element name="Passphrase" type="PassphraseType"/> + <xsd:element name="Params" type="PrivateKeyParamsType"/> + <xsd:element name="Group" type="PrivateKeyGroupType"/> + <xsd:element name="Client" type="PrivateKeyGroupType"/> + </xsd:choice> + <xsd:attribute name='name' type='xsd:string'> + <xsd:annotation> + <xsd:documentation> + The name of the client or group to match on. Child entries + will only apply to this client or group (unless + :xml:attribute:`PrivateKeyGroupType:negate` is set). + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + <xsd:attribute name='negate' type='xsd:boolean'> + <xsd:annotation> + <xsd:documentation> + Negate the sense of the match, so that child entries only + apply to a client if it is not a member of the given group + or does not have the given name. + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + </xsd:complexType> + + <xsd:simpleType name="PrivateKeyTypeEnum"> + <xsd:annotation> + <xsd:documentation> + Available private key formats + </xsd:documentation> + </xsd:annotation> + <xsd:restriction base="xsd:string"> + <xsd:enumeration value="rsa"/> + <xsd:enumeration value="dsa"/> + </xsd:restriction> + </xsd:simpleType> + + <xsd:complexType name="PassphraseType"> + <xsd:annotation> + <xsd:documentation> + Specify the private key passphrase. + </xsd:documentation> + </xsd:annotation> + <xsd:simpleContent> + <xsd:extension base="xsd:string"> + <xsd:attribute name="encrypted" type="xsd:string"> + <xsd:annotation> + <xsd:documentation> + The name of the passphrase to use to encrypt this + private key on the filesystem (in Bcfg2). + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + </xsd:extension> + </xsd:simpleContent> + </xsd:complexType> + + <xsd:complexType name="PrivateKeyParamsType"> + <xsd:annotation> + <xsd:documentation> + Specify parameters for creating the private key + </xsd:documentation> + </xsd:annotation> + <xsd:attribute name="bits" type="xsd:positiveInteger"> + <xsd:annotation> + <xsd:documentation> + Number of bits in the key. See :manpage:`ssh-keygen(1)` for + defaults. + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + <xsd:attribute name="type" type="PrivateKeyTypeEnum" default="rsa"> + <xsd:annotation> + <xsd:documentation> + Key type to create. + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + </xsd:complexType> + + <xsd:element name="PrivateKey"> + <xsd:annotation> + <xsd:documentation> + Top-level tag for describing a generated SSH key pair. + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:choice minOccurs="0" maxOccurs="unbounded"> + <xsd:element name="Passphrase" type="PassphraseType"/> + <xsd:element name="Params" type="PrivateKeyParamsType"/> + <xsd:element name="Group" type="PrivateKeyGroupType"/> + <xsd:element name="Client" type="PrivateKeyGroupType"/> + </xsd:choice> + <xsd:attribute name="perhost" type="xsd:boolean"> + <xsd:annotation> + <xsd:documentation> + Create keys on a per-host basis (rather than on a per-group + basis). + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + <xsd:attribute name="category" type="xsd:string"> + <xsd:annotation> + <xsd:documentation> + Create keys specific to the given category, instead of + specific to the category given in ``bcfg2.conf``. + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + <xsd:attribute name="priority" type="xsd:positiveInteger" default="50"> + <xsd:annotation> + <xsd:documentation> + Create group-specific keys with the given priority. + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + </xsd:complexType> + </xsd:element> +</xsd:schema> diff --git a/schemas/pubkey.xsd b/schemas/pubkey.xsd new file mode 100644 index 000000000..5671a818d --- /dev/null +++ b/schemas/pubkey.xsd @@ -0,0 +1,16 @@ +<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xml:lang="en"> + <xsd:annotation> + <xsd:documentation> + Schema for :ref:`server-plugins-generators-cfg-sshkeys` ``pubkey.xml`` + </xsd:documentation> + </xsd:annotation> + + <xsd:element name="PublicKey"> + <xsd:annotation> + <xsd:documentation> + Top-level tag for flagging a generated SSH public key. + </xsd:documentation> + </xsd:annotation> + <xsd:complexType/> + </xsd:element> +</xsd:schema> |