From b13b3c5010f0b1d3bc0d57f2c182cfef7a0b5962 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 27 Sep 2015 23:24:54 +0000 Subject: Add basic Kerberos module. --- src/Propellor/Property/Kerberos.hs | 94 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 src/Propellor/Property/Kerberos.hs (limited to 'src/Propellor') diff --git a/src/Propellor/Property/Kerberos.hs b/src/Propellor/Property/Kerberos.hs new file mode 100644 index 00000000..74388423 --- /dev/null +++ b/src/Propellor/Property/Kerberos.hs @@ -0,0 +1,94 @@ +module Propellor.Property.Kerberos where + +import Data.String.Utils +import Utility.FileSystemEncoding +import Utility.Process + +import Propellor +import qualified Propellor.Property.Apt as Apt +import qualified Propellor.Property.File as File +import Propellor.Property.User + +type Realm = String +type Principal = String +type Kvno = Integer + +-- Standard paths in MIT Kerberos + +defaultKeyTab :: FilePath +defaultKeyTab = "/etc/krb5.keytab" + +kadmAclPath :: FilePath +kadmAclPath = "/etc/krb5kdc/kadm5.acl" + +kpropdAclPath :: FilePath +kpropdAclPath = "/etc/krb5kdc/kpropd.acl" + +kdcConfPath :: FilePath +kdcConfPath = "/etc/krb5kdc/kdc.conf" + +keyTabPath :: Maybe FilePath -> FilePath +keyTabPath = maybe defaultKeyTab id + +-- Create a principal from a primary, instance and realm +principal :: String -> Maybe String -> Maybe Realm -> Principal +principal p i r = p ++ maybe "" ("/"++) i ++ maybe "" ("@" ++) r + +installed :: Property NoInfo +installed = Apt.installed ["krb5-user"] + +kdcInstalled :: Property NoInfo +kdcInstalled = Apt.serviceInstalledRunning "krb5-kdc" + +adminServerInstalled :: Property NoInfo +adminServerInstalled = Apt.serviceInstalledRunning "krb5-admin-server" + +kpropServerInstalled :: Property HasInfo +kpropServerInstalled = propertyList "kprop server installed" $ props + & kdcInstalled + & Apt.installed ["openbsd-inetd"] + & "/etc/inetd.conf" `File.containsLines` + [ "krb5_prop\tstream\ttcp\tnowait\troot\t/usr/sbin/kpropd kpropd" + , "krb5_prop\tstream\ttcp6\tnowait\troot\t/usr/sbin/kpropd kpropd" + ] + +kpropAcls :: [String] -> Property NoInfo +kpropAcls ps = kpropdAclPath `File.hasContent` ps `describe` "kprop server ACLs" + +k5srvutil :: (Maybe FilePath) -> [String] -> IO String +k5srvutil kt cmd = readProcess "k5srvutil" (maybe [] (\x -> ["-f", x]) kt ++ cmd) + +-- Keytab management +keytabEntries :: Maybe FilePath -> IO [(Kvno, Principal)] +keytabEntries p = do + c <- k5srvutil p ["list"] + return $ map parseLine (drop 3 $ lines c) + where + parseLine l = (Prelude.read x, y) where (x, y) = splitAt 5 l + +checkKeyTabEntry' :: Maybe FilePath -> (Kvno, Principal) -> IO Bool +checkKeyTabEntry' path entry = do + entries <- keytabEntries path + return $ entry `elem` entries + +checkKeyTabEntry :: Maybe FilePath -> Principal -> IO Bool +checkKeyTabEntry path princ = do + entries <- keytabEntries path + return $ princ `elem` (map snd entries) + +-- k5login files +k5loginPath :: User -> IO FilePath +k5loginPath user = do + h <- homedir user + return $ h ".k5login" + +k5login :: User -> [Principal] -> Property NoInfo +k5login user@(User u) ps = property (u ++ " has k5login") $ do + f <- liftIO $ k5loginPath user + liftIO $ do + createDirectoryIfMissing True (takeDirectory f) + writeFile f (unlines ps) + ensureProperties + [ File.ownerGroup f user (userGroup user) + , File.ownerGroup (takeDirectory f) user (userGroup user) + ] -- cgit v1.2.3 From f494a7d03a0146ce53e27ac97c62c9f82343c4b1 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 29 Sep 2015 11:00:21 -0400 Subject: add Maintainer entries for contributed modules These show up in the haddock documentation on the sidebar. The author emails are not hyperlinked, so hopefully this is not a spam source. Keeping track of Maintainers of modules is becoming necessary because I don't use all these modules and am not the best person to maintain them, beyond simple changes to keep them building. I'll loop in the Maintainer if there's a bug etc on their module. --- src/Propellor/Property/Aiccu.hs | 2 ++ src/Propellor/Property/DebianMirror.hs | 2 ++ src/Propellor/Property/Firewall.hs | 8 ++++---- src/Propellor/Property/Kerberos.hs | 6 +++--- src/Propellor/Property/LightDM.hs | 2 ++ src/Propellor/Property/Logcheck.hs | 2 ++ src/Propellor/Property/Nginx.hs | 2 ++ src/Propellor/Property/Prosody.hs | 2 ++ src/Propellor/Property/Unbound.hs | 4 +++- 9 files changed, 22 insertions(+), 8 deletions(-) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/Aiccu.hs b/src/Propellor/Property/Aiccu.hs index c49805b0..a1b24472 100644 --- a/src/Propellor/Property/Aiccu.hs +++ b/src/Propellor/Property/Aiccu.hs @@ -1,3 +1,5 @@ +-- | Maintainer: Jelmer Vernooij + module Propellor.Property.Aiccu ( installed, restarted, diff --git a/src/Propellor/Property/DebianMirror.hs b/src/Propellor/Property/DebianMirror.hs index cd98b6ff..2e696b50 100644 --- a/src/Propellor/Property/DebianMirror.hs +++ b/src/Propellor/Property/DebianMirror.hs @@ -1,3 +1,5 @@ +-- | Maintainer: Félix Sipma + module Propellor.Property.DebianMirror ( DebianPriority(..) , showPriority diff --git a/src/Propellor/Property/Firewall.hs b/src/Propellor/Property/Firewall.hs index 6c95a022..a685a46f 100644 --- a/src/Propellor/Property/Firewall.hs +++ b/src/Propellor/Property/Firewall.hs @@ -1,7 +1,7 @@ --- |Properties for configuring firewall (iptables) rules --- --- Copyright 2014 Arnaud Bailly --- License: BSD-2-Clause +-- | Maintainer: Arnaud Bailly +-- +-- Properties for configuring firewall (iptables) rules + module Propellor.Property.Firewall ( rule, installed, diff --git a/src/Propellor/Property/Kerberos.hs b/src/Propellor/Property/Kerberos.hs index 74388423..5d07f4dc 100644 --- a/src/Propellor/Property/Kerberos.hs +++ b/src/Propellor/Property/Kerberos.hs @@ -1,7 +1,7 @@ +-- | Maintainer: Jelmer Vernooij + module Propellor.Property.Kerberos where -import Data.String.Utils -import Utility.FileSystemEncoding import Utility.Process import Propellor @@ -30,7 +30,7 @@ kdcConfPath = "/etc/krb5kdc/kdc.conf" keyTabPath :: Maybe FilePath -> FilePath keyTabPath = maybe defaultKeyTab id --- Create a principal from a primary, instance and realm +-- | Create a principal from a primary, instance and realm principal :: String -> Maybe String -> Maybe Realm -> Principal principal p i r = p ++ maybe "" ("/"++) i ++ maybe "" ("@" ++) r diff --git a/src/Propellor/Property/LightDM.hs b/src/Propellor/Property/LightDM.hs index b779ba4d..b010eb2f 100644 --- a/src/Propellor/Property/LightDM.hs +++ b/src/Propellor/Property/LightDM.hs @@ -1,5 +1,7 @@ {-# LANGUAGE FlexibleInstances #-} +-- | Maintainer: Sean Whitton + module Propellor.Property.LightDM where import Propellor diff --git a/src/Propellor/Property/Logcheck.hs b/src/Propellor/Property/Logcheck.hs index 83045dcc..8058b237 100644 --- a/src/Propellor/Property/Logcheck.hs +++ b/src/Propellor/Property/Logcheck.hs @@ -1,3 +1,5 @@ +-- | Maintainer: Jelmer Vernooij + module Propellor.Property.Logcheck ( ReportLevel (Workstation, Server, Paranoid), defaultPrefix, diff --git a/src/Propellor/Property/Nginx.hs b/src/Propellor/Property/Nginx.hs index 02ca202f..d69e6c73 100644 --- a/src/Propellor/Property/Nginx.hs +++ b/src/Propellor/Property/Nginx.hs @@ -1,3 +1,5 @@ +-- | Maintainer: Félix Sipma + module Propellor.Property.Nginx where import Propellor diff --git a/src/Propellor/Property/Prosody.hs b/src/Propellor/Property/Prosody.hs index 31b6a624..1129e28d 100644 --- a/src/Propellor/Property/Prosody.hs +++ b/src/Propellor/Property/Prosody.hs @@ -1,3 +1,5 @@ +-- | Maintainer: Félix Sipma + module Propellor.Property.Prosody where import Propellor diff --git a/src/Propellor/Property/Unbound.hs b/src/Propellor/Property/Unbound.hs index e44953f6..c0fb54f1 100644 --- a/src/Propellor/Property/Unbound.hs +++ b/src/Propellor/Property/Unbound.hs @@ -1,4 +1,6 @@ --- | Properties for the Unbound caching DNS server +-- | Maintainer: Félix Sipma +-- +-- Properties for the Unbound caching DNS server module Propellor.Property.Unbound ( installed -- cgit v1.2.3 From 2029d3524568bba7a99a35d24c0f75f2e77d5bfe Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 29 Sep 2015 11:08:00 -0400 Subject: exports for haddock --- src/Propellor/Property/Logcheck.hs | 1 + src/Propellor/Property/Unbound.hs | 8 ++++++++ 2 files changed, 9 insertions(+) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/Logcheck.hs b/src/Propellor/Property/Logcheck.hs index 8058b237..26f4e3a4 100644 --- a/src/Propellor/Property/Logcheck.hs +++ b/src/Propellor/Property/Logcheck.hs @@ -2,6 +2,7 @@ module Propellor.Property.Logcheck ( ReportLevel (Workstation, Server, Paranoid), + Service, defaultPrefix, ignoreFilePath, ignoreLines, diff --git a/src/Propellor/Property/Unbound.hs b/src/Propellor/Property/Unbound.hs index c0fb54f1..c3afeb84 100644 --- a/src/Propellor/Property/Unbound.hs +++ b/src/Propellor/Property/Unbound.hs @@ -6,6 +6,14 @@ module Propellor.Property.Unbound ( installed , restarted , reloaded + , UnboundSection + , UnboundZone + , UnboundHost + , UnboundSetting + , UnboundValue + , UnboundKey + , ConfSection + , ZoneType , cachingDnsServer ) where -- cgit v1.2.3 From f492bd21f74d70a1586749905a6c49d159f470bb Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Tue, 29 Sep 2015 18:54:41 -0400 Subject: propellor spin --- src/Propellor/Property/SiteSpecific/IABak.hs | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src/Propellor') diff --git a/src/Propellor/Property/SiteSpecific/IABak.hs b/src/Propellor/Property/SiteSpecific/IABak.hs index 68313f20..eaef2817 100644 --- a/src/Propellor/Property/SiteSpecific/IABak.hs +++ b/src/Propellor/Property/SiteSpecific/IABak.hs @@ -37,6 +37,10 @@ gitServer knownhosts = propertyList "iabak git server" $ props & Cron.niceJob "shardmaint" Cron.Daily (User "root") "/" "/usr/local/IA.BAK/shardmaint-fast; /usr/local/IA.BAK/shardmaint" & Apt.installed ["git-annex"] + & Apt.installed ["libmail-sendmail-perl"] + & Cron.niceJob "expireemailer" Cron.Daily (User "root") + "/usr/local/IA.BAK" + "./expireemailer" registrationServer :: [Host] -> Property HasInfo registrationServer knownhosts = propertyList "iabak registration server" $ props -- cgit v1.2.3