From 71723ca09f369ccf96462cef1e0200e1615677d1 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 14 Dec 2014 15:24:10 -0400 Subject: support for crypted passwords in privdata * Added CryptPassword to PrivDataField, for password hashes as produced by crypt(3). * User.hasPassword and User.hasSomePassword will now use either a CryptPassword or a Password from privdata, depending on which is set. --- src/Propellor/Types/PrivData.hs | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'src/Propellor/Types') diff --git a/src/Propellor/Types/PrivData.hs b/src/Propellor/Types/PrivData.hs index 80dad762..ab3e108a 100644 --- a/src/Propellor/Types/PrivData.hs +++ b/src/Propellor/Types/PrivData.hs @@ -11,10 +11,29 @@ data PrivDataField | SshPrivKey SshKeyType UserName | SshAuthorizedKeys UserName | Password UserName + | CryptPassword UserName | PrivFile FilePath | GpgKey deriving (Read, Show, Ord, Eq) +-- | Explains how the user can generate a particular PrivDataField. +howtoMkPrivDataField :: PrivDataField -> String +howtoMkPrivDataField fld = case fld of + DockerAuthentication -> "/root/.dockercfg" `genbycmd` "docker login" + SshPubKey keytype _ -> forexample $ + "sshkey.pub" `genbycmd` keygen keytype + SshPrivKey keytype _ -> forexample $ + "sshkey" `genbycmd` keygen keytype + SshAuthorizedKeys _ -> forexample "~/.ssh/id_rsa.pub" + Password username -> "a password for " ++ username + CryptPassword _ -> "a crypt(3)ed password, which can be generated by, for example: perl -e 'print crypt(shift, q{$6$}.shift)' 'somepassword' 'somesalt'" + PrivFile f -> "file contents for " ++ f + GpgKey -> "Either a gpg public key, exported with gpg --export -a, or a gpg private key, exported with gpg --export-secret-key -a" + where + genbycmd f cmd = f ++ " generated by running `" ++ cmd ++ "`" + keygen keytype = "ssh-keygen -t " ++ sshKeyTypeParam keytype ++ " -f sshkey" + forexample s = "for example, " ++ s + -- | A context in which a PrivDataField is used. -- -- Often this will be a domain name. For example, @@ -63,3 +82,11 @@ type PrivData = String data SshKeyType = SshRsa | SshDsa | SshEcdsa | SshEd25519 deriving (Read, Show, Ord, Eq) + +-- | Parameter that would be passed to ssh-keygen to generate key of this type +sshKeyTypeParam :: SshKeyType -> String +sshKeyTypeParam SshRsa = "RSA" +sshKeyTypeParam SshDsa = "DSA" +sshKeyTypeParam SshEcdsa = "ECDSA" +sshKeyTypeParam SshEd25519 = "ED25519" + -- cgit v1.2.3