diff options
Diffstat (limited to 'schemas/authorizedkeys.xsd')
| -rw-r--r-- | schemas/authorizedkeys.xsd | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/schemas/authorizedkeys.xsd b/schemas/authorizedkeys.xsd new file mode 100644 index 000000000..848f99bae --- /dev/null +++ b/schemas/authorizedkeys.xsd @@ -0,0 +1,105 @@ +<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xml:lang="en"> + <xsd:annotation> + <xsd:documentation> + Schema for :ref:`server-plugins-generators-cfg-sshkeys` + ``authorizedkeys.xml`` + </xsd:documentation> + </xsd:annotation> + + <xsd:complexType name="AuthorizedKeysGroupType"> + <xsd:annotation> + <xsd:documentation> + An **AuthorizedKeysGroupType** is a tag used to provide logic. + Child entries of an AuthorizedKeysGroupType tag only apply to + machines that match the condition specified -- either + membership in a group, or a matching client name. + :xml:attribute:`AuthorizedKeysGroupType:negate` can be set to + negate the sense of the match. + </xsd:documentation> + </xsd:annotation> + <xsd:choice minOccurs="1" maxOccurs="unbounded"> + <xsd:element name="Allow" type="AllowType"/> + <xsd:element name="Group" type="AuthorizedKeysGroupType"/> + <xsd:element name="Client" type="AuthorizedKeysGroupType"/> + </xsd:choice> + <xsd:attribute name='name' type='xsd:string'> + <xsd:annotation> + <xsd:documentation> + The name of the client or group to match on. Child entries + will only apply to this client or group (unless + :xml:attribute:`AuthorizedKeysGroupType:negate` is set). + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + <xsd:attribute name='negate' type='xsd:boolean'> + <xsd:annotation> + <xsd:documentation> + Negate the sense of the match, so that child entries only + apply to a client if it is not a member of the given group + or does not have the given name. + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + </xsd:complexType> + + <xsd:complexType name="AllowType" mixed="true"> + <xsd:annotation> + <xsd:documentation> + Allow access from a public key, given either as text content, + or described by the attributes. + </xsd:documentation> + </xsd:annotation> + <xsd:choice minOccurs="0" maxOccurs="unbounded"> + <xsd:element name="Params" type="AuthorizedKeysParamsType"/> + </xsd:choice> + <xsd:attribute name="from" type="xsd:string"> + <xsd:annotation> + <xsd:documentation> + The path of the public key to allow. + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + <xsd:attribute name="group" type="xsd:string"> + <xsd:annotation> + <xsd:documentation> + Use a public key specific to the given group, instead of the + public key specific to the appropriate category group of the + current client. + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + <xsd:attribute name="host" type="xsd:string"> + <xsd:annotation> + <xsd:documentation> + Use a public key specific to the given host. + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + </xsd:complexType> + + <xsd:complexType name="AuthorizedKeysParamsType"> + <xsd:annotation> + <xsd:documentation> + Specify parameters for public key authentication and + connection. See :manpage:`sshd(8)` for details on allowable + parameters. + </xsd:documentation> + </xsd:annotation> + <xsd:anyAttribute processContents="lax"/> + </xsd:complexType> + + <xsd:element name="AuthorizedKeys"> + <xsd:annotation> + <xsd:documentation> + Top-level tag for describing a generated SSH key pair. + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:choice minOccurs="1" maxOccurs="unbounded"> + <xsd:element name="Allow" type="AllowType"/> + <xsd:element name="Group" type="AuthorizedKeysGroupType"/> + <xsd:element name="Client" type="AuthorizedKeysGroupType"/> + </xsd:choice> + </xsd:complexType> + </xsd:element> +</xsd:schema> |