summaryrefslogtreecommitdiff
path: root/src/Propellor/Types/PrivData.hs
diff options
context:
space:
mode:
authorJoey Hess2014-12-14 15:24:10 -0400
committerJoey Hess2014-12-14 15:24:10 -0400
commit71723ca09f369ccf96462cef1e0200e1615677d1 (patch)
tree9519e6a0e1f2a2353df4ef836118bbf3bf96eef4 /src/Propellor/Types/PrivData.hs
parent2e2438ae66490a2a00972be16e95f0d9cda2f9ea (diff)
support for crypted passwords in privdata
* Added CryptPassword to PrivDataField, for password hashes as produced by crypt(3). * User.hasPassword and User.hasSomePassword will now use either a CryptPassword or a Password from privdata, depending on which is set.
Diffstat (limited to 'src/Propellor/Types/PrivData.hs')
-rw-r--r--src/Propellor/Types/PrivData.hs27
1 files changed, 27 insertions, 0 deletions
diff --git a/src/Propellor/Types/PrivData.hs b/src/Propellor/Types/PrivData.hs
index 80dad762..ab3e108a 100644
--- a/src/Propellor/Types/PrivData.hs
+++ b/src/Propellor/Types/PrivData.hs
@@ -11,10 +11,29 @@ data PrivDataField
| SshPrivKey SshKeyType UserName
| SshAuthorizedKeys UserName
| Password UserName
+ | CryptPassword UserName
| PrivFile FilePath
| GpgKey
deriving (Read, Show, Ord, Eq)
+-- | Explains how the user can generate a particular PrivDataField.
+howtoMkPrivDataField :: PrivDataField -> String
+howtoMkPrivDataField fld = case fld of
+ DockerAuthentication -> "/root/.dockercfg" `genbycmd` "docker login"
+ SshPubKey keytype _ -> forexample $
+ "sshkey.pub" `genbycmd` keygen keytype
+ SshPrivKey keytype _ -> forexample $
+ "sshkey" `genbycmd` keygen keytype
+ SshAuthorizedKeys _ -> forexample "~/.ssh/id_rsa.pub"
+ Password username -> "a password for " ++ username
+ CryptPassword _ -> "a crypt(3)ed password, which can be generated by, for example: perl -e 'print crypt(shift, q{$6$}.shift)' 'somepassword' 'somesalt'"
+ PrivFile f -> "file contents for " ++ f
+ GpgKey -> "Either a gpg public key, exported with gpg --export -a, or a gpg private key, exported with gpg --export-secret-key -a"
+ where
+ genbycmd f cmd = f ++ " generated by running `" ++ cmd ++ "`"
+ keygen keytype = "ssh-keygen -t " ++ sshKeyTypeParam keytype ++ " -f sshkey"
+ forexample s = "for example, " ++ s
+
-- | A context in which a PrivDataField is used.
--
-- Often this will be a domain name. For example,
@@ -63,3 +82,11 @@ type PrivData = String
data SshKeyType = SshRsa | SshDsa | SshEcdsa | SshEd25519
deriving (Read, Show, Ord, Eq)
+
+-- | Parameter that would be passed to ssh-keygen to generate key of this type
+sshKeyTypeParam :: SshKeyType -> String
+sshKeyTypeParam SshRsa = "RSA"
+sshKeyTypeParam SshDsa = "DSA"
+sshKeyTypeParam SshEcdsa = "ECDSA"
+sshKeyTypeParam SshEd25519 = "ED25519"
+