solokit 0.0.2 → 0.0.3

data/cookbooks/upstream/ruby-shadow/files/default/shadow-1.4.1/README.euc

@@ -0,0 +1,80 @@
+Shadow Password module
+
+Copyright (C) 1998-1999 Takaaki Tateishi <ttate@jaist.ac.jp>
+Modified at: <1999/8/19 06:48:01 by ttate>
+License: Free for any use with your own risk!
+
+
+1. ����
+
+linux�ˤ�����shadow password�ե�����򰷤�����
+�Υ⥸�塼�롣
+
+
+2. ���󥹥ȡ���
+
+ruby extconf.rb
+make
+make install
+
+* ����
+  shadow-1.3�Ǥ�ruby-1.3�⤷���Ϥ���ʹߤΥС������
+  ��ɬ�פǤ���
+
+3. Shadow::Passwd�⥸�塼��Υ᥽�å�ã
+
+getspent
+getspnam(name)
+setspent
+endspent
+fgetspent(file)
+sgetspent(str)
+putspent(entry,file)
+lckpwdf,lock
+ulckpwdf,unlock
+lock?
+
+4. Structure
+
+Shadow::Passwd::Entry (Struct::PasswdEntry)
+       sp_namp - pointer to null-terminated user name.
+       sp_pwdp - pointer to null-terminated password.
+       sp_lstchg  -  days  since  Jan  1,  1970 password was last
+                     changed.
+       sp_min - days before which password may not be changed.
+       sp_max - days after which password must be changed.
+       sp_warn - days before password is to expire that  user  is
+       warned of pending password expiration.
+       sp_inact  -  days  after  password expires that account is
+                    considered inactive and disabled.
+       sp_expire - days since Jan 1, 1970 when  account  will  be
+
+
+5. ����
+
+getspent, getspname, fgetspent, sgetspent��Shadow::Passwd::Entry
+���ȥ饯������֤��ޤ���getspent �ϥե����뤫�鼡�Υѥ���
+���ɥ���ȥ���֤���fgetspent ��Ϳ����줿IO���鼡�Υ����
+����֤��ޤ���sgetspent��Ϳ����줿ʸ���󤫤�Shadow::Passwd::Entry
+���ȥ饯������֤��ޤ���getspnam�ϥ桼��̾��Ϳ�����/etc/shadow
+���餽�Υ桼����Shadow::Passwd::Entry���ȥ饯������֤��ޤ���
+�ե�����ν�ü��ã�����nil���ͤ��֤��ޤ���
+
+setspent,endspent�Ϥ��줾�졢�ե�����ؤΥ��������ΤϤ����
+�����˻Ȥ��ޤ���
+
+lckpwdf(lock),ulckpwdf(unlock)��/etc/shadow�ؤ���¾Ū��������
+��¸����뤿��ˤ���ޤ���
+lock�˼��Ԥ����Shadow::FileLock�Ȥ����㳰��ȯ�������ޤ���
+lock�򥤥ƥ졼���Ȥ��ƻȤ����Ȥˤ�äơ����ƥ졼���֥��å���ȴ����
+�Ȥ��˼�ưŪ��unlock��Ԥʤ��ޤ���
+
+
+6. ����
+
+* man shadow
+* /usr/include/shadow.h
+
+
+
+					ttate@jaist.ac.jp

data/cookbooks/upstream/ruby-shadow/files/default/shadow-1.4.1/depend

@@ -0,0 +1 @@
+shadow.o : shadow.c $(hdrdir)/ruby.h $(hdrdir)/rubyio.h

data/cookbooks/upstream/ruby-shadow/files/default/shadow-1.4.1/extconf.rb

@@ -0,0 +1,26 @@
+#                                          -*- ruby -*-
+# extconf.rb
+#
+# Modified at: <1999/8/19 06:38:55 by ttate> 
+#
+
+require 'mkmf'
+
+$CFLAGS = ""
+$LDFLAGS = "-lshadow"
+
+if( ! (ok = have_library("shadow","getspent")) )
+  $LDFLAGS = ""
+  ok = have_func("getspent")
+end
+
+ok &= have_func("sgetspent")
+ok &= have_func("fgetspent")
+ok &= have_func("setspent")
+ok &= have_func("endspent")
+ok &= have_func("lckpwdf")
+ok &= have_func("ulckpwdf")
+
+if ok
+  create_makefile("shadow")
+end

data/cookbooks/upstream/ruby-shadow/files/default/shadow-1.4.1/shadow.c

@@ -0,0 +1,281 @@
+/*
+ * shadow.c
+ *
+ * Ruby extention module for using Linux shadow password.
+ *
+ * Copyright (C) 1998-1999 by Takaaki.Tateishi(ttate@jaist.ac.jp)
+ * License: Free for any use with your own risk!
+ * Modified at: <1999/8/19 06:48:18 by ttate>
+ */
+
+#include <shadow.h>
+#include "ruby.h"
+#include "rubyio.h"
+
+static VALUE rb_mShadow;
+static VALUE rb_mPasswd;
+static VALUE rb_sPasswdEntry;
+static VALUE rb_mGroup;
+static VALUE rb_sGroupEntry;
+static VALUE rb_eFileLock;
+
+
+static VALUE
+rb_shadow_setspent(VALUE self)
+{
+  setspent();
+  return Qnil;
+};
+
+
+static VALUE
+rb_shadow_endspent(VALUE self)
+{
+  endspent();
+  return Qnil;
+};
+
+
+static VALUE
+rb_shadow_sgetspent(VALUE self, VALUE str)
+{
+  struct spwd *entry;
+  VALUE result;
+
+  if( TYPE(str) != T_STRING )
+    rb_raise(rb_eException,"argument must be a string.");
+
+  entry = sgetspent(STR2CSTR(str));
+
+  if( entry == NULL )
+    return Qnil;
+
+  result = rb_struct_new(rb_sPasswdEntry,
+		      rb_tainted_str_new2(entry->sp_namp),
+		      rb_tainted_str_new2(entry->sp_pwdp),
+		      INT2FIX(entry->sp_lstchg),
+		      INT2FIX(entry->sp_min),
+		      INT2FIX(entry->sp_max),
+		      INT2FIX(entry->sp_warn),
+		      INT2FIX(entry->sp_inact),
+		      INT2FIX(entry->sp_expire),
+		      INT2FIX(entry->sp_flag),
+		      0);
+  free(entry);
+  return result;
+};
+
+static VALUE
+rb_shadow_fgetspent(VALUE self, VALUE file)
+{
+  struct spwd *entry;
+  VALUE result;
+
+  if( TYPE(file) != T_FILE )
+    rb_raise(rb_eTypeError,"argument must be a File.");
+
+  entry = fgetspent((RFILE(file)->fptr)->f);
+
+  if( entry == NULL )
+    return Qnil;
+
+  result = rb_struct_new(rb_sPasswdEntry,
+		      rb_tainted_str_new2(entry->sp_namp),
+		      rb_tainted_str_new2(entry->sp_pwdp),
+		      INT2FIX(entry->sp_lstchg),
+		      INT2FIX(entry->sp_min),
+		      INT2FIX(entry->sp_max),
+		      INT2FIX(entry->sp_warn),
+		      INT2FIX(entry->sp_inact),
+		      INT2FIX(entry->sp_expire),
+		      INT2FIX(entry->sp_flag),
+		      0);
+  return result;
+};
+
+static VALUE
+rb_shadow_getspent(VALUE self)
+{
+  struct spwd *entry;
+  VALUE result;
+
+  entry = getspent();
+
+  if( entry == NULL )
+    return Qnil;
+
+  result = rb_struct_new(rb_sPasswdEntry,
+		      rb_tainted_str_new2(entry->sp_namp),
+		      rb_tainted_str_new2(entry->sp_pwdp),
+		      INT2FIX(entry->sp_lstchg),
+		      INT2FIX(entry->sp_min),
+		      INT2FIX(entry->sp_max),
+		      INT2FIX(entry->sp_warn),
+		      INT2FIX(entry->sp_inact),
+		      INT2FIX(entry->sp_expire),
+		      INT2FIX(entry->sp_flag),
+		      0);
+  return result;
+};
+
+static VALUE
+rb_shadow_getspnam(VALUE self, VALUE name)
+{
+  struct spwd *entry;
+  VALUE result;
+
+  if( TYPE(name) != T_STRING )
+    rb_raise(rb_eException,"argument must be a string.");
+
+  entry = getspnam(STR2CSTR(name));
+
+  if( entry == NULL )
+    return Qnil;
+
+  result = rb_struct_new(rb_sPasswdEntry,
+		      rb_tainted_str_new2(entry->sp_namp),
+		      rb_tainted_str_new2(entry->sp_pwdp),
+		      INT2FIX(entry->sp_lstchg),
+		      INT2FIX(entry->sp_min),
+		      INT2FIX(entry->sp_max),
+		      INT2FIX(entry->sp_warn),
+		      INT2FIX(entry->sp_inact),
+		      INT2FIX(entry->sp_expire),
+		      INT2FIX(entry->sp_flag),
+		      0);
+  return result;
+};
+
+
+static VALUE
+rb_shadow_putspent(VALUE self, VALUE entry, VALUE file)
+{
+  struct spwd centry;
+  FILE* cfile;
+  VALUE val[9];
+  int i;
+  int result;
+
+  for(i=0; i<=8; i++)
+    val[i] = RSTRUCT(entry)->ptr[i];
+  cfile = RFILE(file)->fptr->f;
+
+  centry.sp_namp = STR2CSTR(val[0]);
+  centry.sp_pwdp = STR2CSTR(val[1]);
+  centry.sp_lstchg = FIX2INT(val[2]);
+  centry.sp_min = FIX2INT(val[3]);
+  centry.sp_max = FIX2INT(val[4]);
+  centry.sp_warn = FIX2INT(val[5]);
+  centry.sp_inact = FIX2INT(val[6]);
+  centry.sp_expire = FIX2INT(val[7]);
+  centry.sp_flag = FIX2INT(val[8]);
+
+  result = putspent(&centry,cfile);
+
+  if( result == -1 )
+    rb_raise(rb_eStandardError,"can't change password");
+
+  return Qtrue;
+};
+
+
+static VALUE
+rb_shadow_lckpwdf(VALUE self)
+{
+  int result;
+  result = lckpwdf();
+  if( result == -1 )
+    rb_raise(rb_eFileLock,"password file was locked");
+  else
+    return Qtrue;
+};
+
+static int in_lock;
+
+static VALUE
+rb_shadow_lock(VALUE self)
+{
+  int result;
+
+  if( rb_iterator_p() ){
+    result = lckpwdf();
+    if( result == -1 ){
+      rb_raise(rb_eFileLock,"password file was locked");
+    }
+    else{
+      in_lock++;
+      rb_yield(Qnil);
+      in_lock--;
+      ulckpwdf();
+    };
+    return Qtrue;
+  }
+  else{
+    return rb_shadow_lckpwdf(self);
+  };
+};
+
+
+static VALUE
+rb_shadow_ulckpwdf(VALUE self)
+{
+  if( in_lock ){
+    rb_raise(rb_eFileLock,"you call unlock method in lock iterator.");
+  };
+  ulckpwdf();
+  return Qtrue;
+};
+
+static VALUE
+rb_shadow_unlock(VALUE self)
+{
+  return rb_shadow_ulckpwdf(self);
+};
+
+static VALUE
+rb_shadow_lock_p(VALUE self)
+{
+  int result;
+
+  result = lckpwdf();
+  if( result == -1 ){
+    return Qtrue;
+  }
+  else{
+    ulckpwdf();
+    return Qfalse;
+  };
+};
+
+
+void
+Init_shadow()
+{
+  rb_sPasswdEntry = rb_struct_define("PasswdEntry",
+				     "sp_namp","sp_pwdp","sp_lstchg",
+				     "sp_min","sp_max","sp_warn",
+				     "sp_inact","sp_expire","sp_flag",0);
+  rb_sGroupEntry = rb_struct_define("GroupEntry",
+				    "sg_name","sg_passwd",
+				    "sg_adm","sg_mem",0);
+
+  rb_mShadow = rb_define_module("Shadow");
+  rb_eFileLock = rb_define_class_under(rb_mShadow,"FileLock",rb_eException);
+  rb_mPasswd = rb_define_module_under(rb_mShadow,"Passwd");
+  rb_define_const(rb_mPasswd,"Entry",rb_sPasswdEntry);
+  rb_mGroup = rb_define_module_under(rb_mShadow,"Group");
+  rb_define_const(rb_mGroup,"Entry",rb_sGroupEntry);
+
+  rb_define_module_function(rb_mPasswd,"setspent",rb_shadow_setspent,0);
+  rb_define_module_function(rb_mPasswd,"endspent",rb_shadow_endspent,0);
+  rb_define_module_function(rb_mPasswd,"sgetspent",rb_shadow_sgetspent,1);
+  rb_define_module_function(rb_mPasswd,"fgetspent",rb_shadow_fgetspent,1);
+  rb_define_module_function(rb_mPasswd,"getspent",rb_shadow_getspent,0);
+  rb_define_module_function(rb_mPasswd,"getspnam",rb_shadow_getspnam,1);
+  rb_define_module_function(rb_mPasswd,"putspent",rb_shadow_putspent,2);
+  rb_define_module_function(rb_mPasswd,"lckpwdf",rb_shadow_lckpwdf,0);
+  rb_define_module_function(rb_mPasswd,"lock",rb_shadow_lock,0);
+  rb_define_module_function(rb_mPasswd,"ulckpwdf",rb_shadow_ulckpwdf,0);
+  rb_define_module_function(rb_mPasswd,"unlock",rb_shadow_unlock,0);
+  rb_define_module_function(rb_mPasswd,"lock?",rb_shadow_lock_p,0);
+};

data/cookbooks/upstream/ruby-shadow/recipes/default.rb

@@ -0,0 +1,15 @@
+remote_directory "/usr/local/src/shadow-1.4.1" do
+  source 'shadow-1.4.1'
+  not_if { File.exists?(File.join(node[:ruby_shadow][:site_ruby], "#{node[:languages][:ruby][:platform]}/shadow.so")) }
+end
+
+bash "install ruby shadow library" do
+  user "root"
+  cwd "/usr/local/src"
+  code <<-EOH
+  cd shadow-1.4.1
+  ruby extconf.rb
+  make install
+  EOH
+  not_if { File.exists?(File.join(node[:ruby_shadow][:site_ruby], "/#{node[:languages][:ruby][:platform]}/shadow.so")) }
+end

data/cookbooks/upstream/sudo/attributes/sudoers.rb

@@ -0,0 +1,21 @@
+#
+# Cookbook Name:: sudo
+# Attribute File:: sudoers
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+set_unless[:authorization][:sudo][:groups] = Array.new 
+set_unless[:authorization][:sudo][:users] = Array.new

data/cookbooks/upstream/sudo/metadata.json

@@ -0,0 +1,96 @@
+{
+  "maintainer": "Opscode, Inc.",
+  "description": "Installs and configures sudo",
+  "recommendations": {
+
+  },
+  "maintainer_email": "cookbooks@opscode.com",
+  "recipes": {
+    "sudo": ""
+  },
+  "suggestions": {
+
+  },
+  "platforms": {
+    "freebsd": [
+
+    ],
+    "ubuntu": [
+
+    ],
+    "fedora": [
+
+    ],
+    "centos": [
+
+    ],
+    "debian": [
+
+    ],
+    "redhat": [
+
+    ]
+  },
+  "version": "0.7.0",
+  "name": "sudo",
+  "conflicting": {
+
+  },
+  "attributes": {
+    "authorization\/sudoers\/groups": {
+      "default": "",
+      "type": "array",
+      "multiple_values": false,
+      "description": "Groups who are allowed sudo ALL",
+      "display_name": "Sudo Groups",
+      "recipes": [
+
+      ],
+      "required": false
+    },
+    "authorization\/sudoers\/users": {
+      "default": "",
+      "type": "array",
+      "multiple_values": false,
+      "description": "Users who are allowed sudo ALL",
+      "display_name": "Sudo Users",
+      "recipes": [
+
+      ],
+      "required": false
+    },
+    "authorization\/sudoers": {
+      "type": "hash",
+      "multiple_values": false,
+      "description": "Hash of Authorization\/Sudoers attributes",
+      "display_name": "Authorization Sudoers",
+      "recipes": [
+
+      ],
+      "required": false
+    },
+    "authorization": {
+      "type": "hash",
+      "multiple_values": false,
+      "description": "Hash of Authorization attributes",
+      "display_name": "Authorization",
+      "recipes": [
+
+      ],
+      "required": false
+    }
+  },
+  "providing": {
+    "sudo": [
+
+    ]
+  },
+  "license": "Apache 2.0",
+  "long_description": "",
+  "replacing": {
+
+  },
+  "dependencies": {
+
+  }
+}

data/cookbooks/upstream/sudo/metadata.rb

@@ -0,0 +1,31 @@
+maintainer        "Opscode, Inc."
+maintainer_email  "cookbooks@opscode.com"
+license           "Apache 2.0"
+description       "Installs and configures sudo"
+version           "0.7"
+
+%w{redhat centos fedora ubuntu debian freebsd}.each do |os|
+  supports os
+end
+
+attribute "authorization",
+  :display_name => "Authorization",
+  :description => "Hash of Authorization attributes",
+  :type => "hash"
+
+attribute "authorization/sudoers",
+  :display_name => "Authorization Sudoers",
+  :description => "Hash of Authorization/Sudoers attributes",
+  :type => "hash"
+
+attribute "authorization/sudoers/users",
+  :display_name => "Sudo Users",
+  :description => "Users who are allowed sudo ALL",
+  :type => "array",
+  :default => ""
+
+attribute "authorization/sudoers/groups",
+  :display_name => "Sudo Groups",
+  :description => "Groups who are allowed sudo ALL",
+  :type => "array",
+  :default => ""

data/cookbooks/upstream/sudo/recipes/default.rb

@@ -0,0 +1,33 @@
+#
+# Cookbook Name:: sudo
+# Recipe:: default
+#
+# Copyright 2008-2009, Opscode, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+package "sudo" do
+  action :upgrade
+end
+
+template "/etc/sudoers" do
+  source "sudoers.erb"
+  mode 0440
+  owner "root"
+  group "root"
+  variables(
+    :sudoers_groups => node[:authorization][:sudo][:groups], 
+    :sudoers_users => node[:authorization][:sudo][:users]
+  )
+end

data/cookbooks/upstream/sudo/templates/default/sudoers.erb

@@ -0,0 +1,22 @@
+#
+# /etc/sudoers
+# 
+# Generated by Chef for <%= @node[:fqdn] %>
+# 
+
+Defaults        !lecture,tty_tickets,!fqdn
+
+# User privilege specification
+root    			ALL=(ALL) ALL
+
+<% @sudoers_users.each do |user| -%>
+<%= user %> ALL=(ALL) ALL
+<% end -%>
+
+# Members of the sysadmin group may gain root privileges
+%sysadmin 		ALL=(ALL) ALL
+
+<% @sudoers_groups.each do |group| -%>
+# Members of the group '<%= group %>' may gain root privileges
+%<%= group %> ALL=(ALL) ALL
+<% end -%>

data/cookbooks/upstream/users/attributes/default.rb

@@ -0,0 +1,4 @@
+users Mash.new unless attribute?("users")
+
+# passwords must be in shadow password format with a salt. To generate: openssl passwd -1
+# users[:jose] = {:password => "shadowpass", :comment => "José Amador", :ssh_key => "..." }

data/cookbooks/upstream/users/definitions/add_keys.rb

@@ -0,0 +1,38 @@
+define :add_keys, :conf => {} do
+  config = params[:conf]
+  name = params[:name]
+  keys = Mash.new
+  keys[name] = node[:ssh_keys][name]
+
+  if config[:ssh_key_groups]
+    config[:ssh_key_groups].each do |group|
+      node[:users].find_all { |u| u.last[:groups].include?(group) }.each do |user|
+        keys[user.first] = node[:ssh_keys][user.first]
+      end
+    end
+  end
+  
+  if config[:extra_ssh_keys]
+    config[:extra_ssh_keys].each do |username|
+      keys[username] = node[:ssh_keys][username]
+    end
+  end
+  
+  directory "/home/#{name}/.ssh" do
+    action :create
+    owner name
+    group config[:groups] ? config[:groups].first.to_s : name
+    mode 0755
+    not_if { File.exists? "/home/#{name}/.ssh" }
+  end
+  
+  template "/home/#{name}/.ssh/authorized_keys" do
+    source "authorized_keys.erb"
+    action :create
+    owner name
+    group config[:groups] ? config[:groups].first.to_s : name
+    variables(:keys => keys)
+    mode 0600
+    not_if { defined?(node[:users][name][:preserve_keys]) ? node[:users][name][:preserve_keys] : false }
+  end
+end

data/cookbooks/upstream/users/libraries/roles.rb

@@ -0,0 +1,17 @@
+def user_is_in_role?(username)
+  return false if !@node[:role]
+  Chef::Log.info role[:groups].inspect
+  role[:groups].include? get_user(username)[:group]
+end
+
+def role
+  @node[:roles][@node[:role]]
+end
+
+# method name 'user' conflicts with chef, so we use 'get_user'
+def get_user(username)
+  Chef::Log.info username
+  user = @node[:users][username]
+  Chef::Log.info user.inspect
+  user
+end