initial check-in

too young to have a name
author: Joey Hess <joey@kitenet.net> 2014-03-29 23:10:52 -0400
committer: Joey Hess <joey@kitenet.net> 2014-03-29 23:16:43 -0400
commit: d9af8bac5eb7836a3c90e37e870fd73d30b841fd (patch)
tree: 40443efd384415172cf393571fe3f1651ea57423 /Property/Ssh.hs
1 files changed, 41 insertions, 0 deletions
diff --git a/Property/Ssh.hs b/Property/Ssh.hs
new file mode 100644
index 00000000..cca021a4
--- /dev/null
+++ b/Property/Ssh.hs
@@ -0,0 +1,41 @@
+module Property.Ssh where
+
+import Control.Applicative
+import Control.Monad
+import System.FilePath
+
+import Property
+import Property.User
+import Utility.SafeCommand
+import Utility.Exception
+
+sshBool :: Bool -> String
+sshBool True = "yes"
+sshBool False = "no"
+
+sshdConfig :: FilePath
+sshdConfig = "/etc/ssh/sshd_config"
+
+setSshdConfig :: String -> Bool -> Property
+setSshdConfig setting allowed = combineProperties desc
+	[ lineNotInFile sshdConfig (setting ++ sshBool (not allowed))
+	, lineInFile sshdConfig (setting ++ sshBool allowed)
+	] `onChange` restartSshd
+  where
+	desc = unwords [ "ssh config:", setting, sshBool allowed ]
+
+permitRootLogin :: Bool -> Property
+permitRootLogin = setSshdConfig "PermitRootLogin"
+
+passwordAuthentication :: Bool -> Property
+passwordAuthentication = setSshdConfig "PasswordAuthentication"
+
+hasAuthorizedKeys :: UserName -> IO Bool
+hasAuthorizedKeys = go <=< homedir
+  where
+	go Nothing = return False
+	go (Just home) = not . null <$> catchDefaultIO ""
+		(readFile $ home </> ".ssh" </> "authorized_keys")
+
+restartSshd :: Property
+restartSshd = CmdProperty "ssh restart" "service" [Param "sshd", Param "restart"]
author	Joey Hess <joey@kitenet.net>	2014-03-29 23:10:52 -0400
committer	Joey Hess <joey@kitenet.net>	2014-03-29 23:16:43 -0400
commit	d9af8bac5eb7836a3c90e37e870fd73d30b841fd (patch)
tree	40443efd384415172cf393571fe3f1651ea57423 /Property/Ssh.hs