We use "keyinfo" in all kinda of places. Rename it to something more generic

[dsa-puppet.git] / modules / portforwarder / templates / authorized_keys.erb

diff --git a/modules/portforwarder/templates/authorized_keys.erb b/modules/portforwarder/templates/authorized_keys.erb
index 0a15aa661b712009958279493f2206d8c68270cf..d119bf2fe544ea3293d6c2e40d04b01b2400a8a8 100644 (file)
--- a/modules/portforwarder/templates/authorized_keys.erb
+++ b/modules/portforwarder/templates/authorized_keys.erb
@@ -1,24 +1,43 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
 <%=
+def getportforwarderkey(host)
+       key = nil
+       begin
+               facts = YAML.load(File.open("/var/lib/puppet/yaml/facts/#{host}.yaml").read)
+               return facts.values['portforwarder_key']
+       rescue Exception => e
+       end
+       return key
+end
+
+
 lines = []
 config = YAML.load(File.open('/etc/puppet/modules/portforwarder/misc/config.yaml').read)
 config.each_pair do |sourcehost, services|
-       lines << "# sourcehost is #{sourcehost}"
+       allowed_ports = []
+
+       ##lines << "# sourcehost is #{sourcehost}"
        services.each do |service|
-               lines << "# targethost is #{service['target_host']}, my hostname #{hostname}"
-               next if service['target_host'] != hostname
+               ##lines << "# targethost is #{service['target_host']}, my hostname #{hostname}, fqdn is #{fqdn}"
+               next if service['target_host'] != fqdn
+               allowed_ports << service['target_port'] if service['target_port']
+       end
 
-               sshkey = nil
-               remote_ip = keyinfo[sourcehost][0]['ipHostNumber'].join(',')
-               forward_to_port = service['target_port']
-               local_bind = '127.0.0.2'
+       if allowed_ports.length > 0
+               sshkey = getportforwarderkey(sourcehost)
+               remote_ip = ldapall[sourcehost]['ipHostNumber'].join(',')
+               local_bind = '127.101.%d.%d'%[ (sourcehost.hash / 256 % 256), sourcehost.hash % 256 ]
 
-               lines << "# from #{sourcehost} on local port #{service['source_bind_port']}"
-               if remote_ip.nil? or forward_to_port.nil? or local_bind.nil?
-               #if sshkey.nil? or remote_ip.nil? or forward_to_port.nil? or local_bind.nil?
+               lines << "# from #{sourcehost}"
+               if sshkey.nil? or remote_ip.nil? or local_bind.nil?
                        lines << "# insufficient config values"
                else
-                       #lines << "from=\"#{remote_ip}\",command=\"/bin/nc -s #{local_bind} 127.0.0.1 #{forward_to_port}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding #{sshkey}"
-                       lines << "#from=\"#{remote_ip}\",command=\"/bin/nc -s #{local_bind} 127.0.0.1 #{forward_to_port}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding <sshkey here>"
+                       command = "/usr/bin/portforwarder-ssh-wrap #{sourcehost} #{local_bind} #{allowed_ports.join(' ')}"
+                       lines << "from=\"#{remote_ip}\",command=\"#{command}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding #{sshkey}"
                end
        end
 end