+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
<%=
+
+require 'digest/sha1'
+def get_local_ip_addr(host)
+ hash = Digest::SHA1.digest(host)
+ return '127.101.%d.%d'%[hash[0].ord, hash[1].ord]
+end
+
def getportforwarderkey(host)
key = nil
begin
##lines << "# sourcehost is #{sourcehost}"
services.each do |service|
##lines << "# targethost is #{service['target_host']}, my hostname #{hostname}, fqdn is #{fqdn}"
- next if service['target_host'] != fqdn
+ next if service['target_host'] != @fqdn
allowed_ports << service['target_port'] if service['target_port']
end
if allowed_ports.length > 0
sshkey = getportforwarderkey(sourcehost)
- remote_ip = keyinfo[sourcehost][0]['ipHostNumber'].join(',')
- local_bind = '127.101.%d.%d'%[ (sourcehost.hash / 256 % 256), sourcehost.hash % 256 ]
+ remote_ip = scope.lookupvar('deprecated::allnodeinfo')[sourcehost]['ipHostNumber'].join(',')
+ local_bind = get_local_ip_addr(sourcehost)
lines << "# from #{sourcehost}"
if sshkey.nil? or remote_ip.nil? or local_bind.nil?
lines << "# insufficient config values"
else
command = "/usr/bin/portforwarder-ssh-wrap #{sourcehost} #{local_bind} #{allowed_ports.join(' ')}"
- lines << "from=\"#{remote_ip}\",command=\"#{command}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding #{sshkey}"
+ lines << "from=\"#{remote_ip}\",command=\"#{command}\",restrict #{sshkey}"
end
end
end
projects / mirror / dsa-puppet.git / blobdiff