haskal
/
vagrant
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add ssh key permissions set caps to hosts

This commit is contained in:
Chris Roberts 2018-06-12 10:49:10 -07:00
parent 5ba91de4d8
commit a5582eb1c8
9 changed files with 123 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
plugins/hosts/bsd/cap/ssh.rb Normal file
View File

@ -0,0 +1,16 @@
module VagrantPlugins
module HostBSD
module Cap
class SSH
# Set the ownership and permissions for SSH
# private key
#
# @param [Vagrant::Environment] env
# @param [Pathname] key_path
def self.set_ssh_key_permissions(env, key_path)
key_path.chmod(0600)
end
end
end
end
end

5
plugins/hosts/bsd/plugin.rb
View File

@ -35,6 +35,11 @@ module VagrantPlugins
require_relative "cap/nfs"
Cap::NFS
end
host_capability("bsd", "set_ssh_key_permissions") do
require_relative "cap/ssh"
Cap::SSH
end
end
end
end

16
plugins/hosts/linux/cap/ssh.rb Normal file
View File

@ -0,0 +1,16 @@
module VagrantPlugins
module HostLinux
module Cap
class SSH
# Set the ownership and permissions for SSH
# private key
#
# @param [Vagrant::Environment] env
# @param [Pathname] key_path
def self.set_ssh_key_permissions(env, key_path)
key_path.chmod(0600)
end
end
end
end
end

5
plugins/hosts/linux/plugin.rb
View File

@ -47,6 +47,11 @@ module VagrantPlugins
require_relative "cap/nfs"
Cap::NFS
end
host_capability("linux", "set_ssh_key_permissions") do
require_relative "cap/ssh"
Cap::SSH
end
end
end
end

25
plugins/hosts/windows/cap/ssh.rb Normal file
View File

@ -0,0 +1,25 @@
module VagrantPlugins
module HostWindows
module Cap
class SSH
# Set the ownership and permissions for SSH
# private key
#
# @param [Vagrant::Environment] env
# @param [Pathname] key_path
def self.set_ssh_key_permissions(env, key_path)
script_path = Host.scripts_path.join("set_ssh_key_permissions.ps1")
result = Vagrant::Util::PowerShell.execute(
script_path.to_s, path.to_s,
module_path: Host.module_path.to_s
)
if result.exit_code != 0
raise Vagrant::Errors::PowerShellError,
script: script_path,
stderr: result.stderr
end
end
end
end
end
end

10
plugins/hosts/windows/host.rb
View File

@ -8,6 +8,16 @@ module VagrantPlugins
def detect?(env)
Vagrant::Util::Platform.windows?
end
# @return [Pathname] Path to scripts directory
def self.scripts_path
Pathname.new(File.expand_path("..", __FILE__))
end
# @return [Pathname] Path to modules directory
def self.modules_path
scripts_path.join("utils")
end
end
end
end

5
plugins/hosts/windows/plugin.rb
View File

@ -55,6 +55,11 @@ module VagrantPlugins
require_relative "cap/configured_ip_addresses"
Cap::ConfiguredIPAddresses
end
host_capability("windows", "set_ssh_key_permissions") do
require_relative "cap/ssh"
Cap::SSH
end
end
end
end

17
plugins/hosts/windows/scripts/set_ssh_key_permissions.ps1 Normal file
View File

@ -0,0 +1,17 @@
#Requires -Modules VagrantSSH
param(
[Parameter(Mandatory=$true)]
[string] $KeyPath,
[Parameter(Mandatory=$false)]
[string] $Principal=$null
)
$ErrorActionPreference = "Stop"
try {
Set-SSHKeyPermissions -SSHKeyPath $KeyPath -Principal $Principal
} catch {
Write-Error "Failed to set permissions on key: ${PSItem}"
exit 1
}

24
plugins/hosts/windows/scripts/utils/VagrantSSH/VagrantSSH.psm1 Normal file
View File

@ -0,0 +1,24 @@
# Vagrant SSH capability functions
function Set-SSHKeyPermissions {
param (
[parameter(Mandatory=$true)]
[string] $SSHKeyPath,
[parameter(Mandatory=$false)]
[string] $Principal=$null
)
if(!$Principal) {
$Principal = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name
}
# Create the new ACL we want to apply
$NewAccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule(
$Principal, "FullControl", "None", "None", "Allow")
# Scrub all existing ACLs from the file
$ACL = Get-ACL "${SSHKeyPath}"
$ACL.Access | %{$ACL.RemoveAccessRule($_)}
# Apply the new ACL
$ACL.SetAccessRule($NewAccessRule)
Set-ACL "${SSHKeyPath}" $ACL
}