From 21ce038839cd14a9243b0de136f0d639bddef670 Mon Sep 17 00:00:00 2001
From: Rick Sherman <shermdog@swbell.net>
Date: Tue, 25 Jun 2013 17:42:52 -0500
Subject: [PATCH 1/3] Allow keymaster_storage to be overridden upon
 declaration.

---
 manifests/init.pp                | 7 +++++--
 manifests/keymaster.pp           | 4 ++--
 manifests/set_authorized_keys.pp | 4 ++--
 manifests/set_client_key_pair.pp | 4 ++--
 manifests/setup_key_master.pp    | 4 ++--
 5 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index bcec184..044ef22 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,2 +1,5 @@
-class sshkeys {
-}
+class sshkeys (
+  $keymaster_storage = $sshkeys::var::keymaster_storage  
+ )
+  inherits sshkeys::var  {
+ }
diff --git a/manifests/keymaster.pp b/manifests/keymaster.pp
index c5013b1..872b6cc 100644
--- a/manifests/keymaster.pp
+++ b/manifests/keymaster.pp
@@ -1,8 +1,8 @@
 # Keymaster host:
 # Create key storage; create, regenerate, and remove key pairs
 class sshkeys::keymaster {
-  include sshkeys::var
-  file { $sshkeys::var::keymaster_storage:
+
+  file { $sshkeys::keymaster_storage:
     ensure => directory,
     owner  => puppet,
     group  => puppet,
diff --git a/manifests/set_authorized_keys.pp b/manifests/set_authorized_keys.pp
index 6bbbb1b..092d2e2 100644
--- a/manifests/set_authorized_keys.pp
+++ b/manifests/set_authorized_keys.pp
@@ -7,11 +7,11 @@
   $options = '',
   $user
 ) {
-  include sshkeys::var
+  
   $_keyname = $keyname ? { '' => $title, default => $keyname }
   $_home = $home ? { "" => "/home/${user}", default => $home }
   # on the keymaster:
-  $key_src_dir = "${sshkeys::var::keymaster_storage}/${_keyname}"
+  $key_src_dir = "${sshkeys::keymaster_storage}/${_keyname}"
   $key_src_file = "${key_src_dir}/key.pub"
   # on the server:
   $key_tgt_file = "${_home}/.ssh/authorized_keys"
diff --git a/manifests/set_client_key_pair.pp b/manifests/set_client_key_pair.pp
index 4cb4281..b06ef02 100644
--- a/manifests/set_client_key_pair.pp
+++ b/manifests/set_client_key_pair.pp
@@ -7,7 +7,7 @@
   $home = '',
   $user
 ) {
-  include sshkeys::var
+
   File {
     owner   => $user,
     group   => $group ? { '' => $user, default => $group },
@@ -17,7 +17,7 @@
 
   $_keyname = $keyname ? { '' => $title, default => $keyname }
   $_home = $home ? { '' => "/home/${user}", default => $home }
-  $key_src_file = "${sshkeys::var::keymaster_storage}/${_keyname}/key" # on the keymaster
+  $key_src_file = "${sshkeys::keymaster_storage}/${_keyname}/key" # on the keymaster
   $key_tgt_file = "${_home}/.ssh/${filename}" # on the client
 
   $key_src_content_pub = file("${key_src_file}.pub", "/dev/null")
diff --git a/manifests/setup_key_master.pp b/manifests/setup_key_master.pp
index d87e20c..f8dcbb8 100644
--- a/manifests/setup_key_master.pp
+++ b/manifests/setup_key_master.pp
@@ -10,7 +10,7 @@
   $maxdays,
   $mindate
 ) {
-  include sshkeys::var
+
   Exec { path => "/usr/bin:/usr/sbin:/bin:/sbin" }
   File {
     owner => puppet,
@@ -18,7 +18,7 @@
     mode  => 600,
   }
 
-  $keydir = "${sshkeys::var::keymaster_storage}/${title}"
+  $keydir = "${sshkeys::keymaster_storage}/${title}"
   $keyfile = "${keydir}/key"
 
   file {

From 33fe043e9f50eb8abd0ab32718cd13ffe7c66b69 Mon Sep 17 00:00:00 2001
From: Rick Sherman <shermdog@swbell.net>
Date: Wed, 26 Jun 2013 14:46:37 -0500
Subject: [PATCH 2/3] Parameterized users home directory.

---
 manifests/init.pp                | 3 ++-
 manifests/set_authorized_keys.pp | 2 +-
 manifests/set_client_key_pair.pp | 2 +-
 manifests/var.pp                 | 4 ++--
 4 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 044ef22..3f9d8ff 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,5 +1,6 @@
 class sshkeys (
-  $keymaster_storage = $sshkeys::var::keymaster_storage  
+  $keymaster_storage = $sshkeys::var::keymaster_storage,
+  $home = $sshkeys::var::home  
  )
   inherits sshkeys::var  {
  }
diff --git a/manifests/set_authorized_keys.pp b/manifests/set_authorized_keys.pp
index 092d2e2..eff8ceb 100644
--- a/manifests/set_authorized_keys.pp
+++ b/manifests/set_authorized_keys.pp
@@ -9,7 +9,7 @@
 ) {
   
   $_keyname = $keyname ? { '' => $title, default => $keyname }
-  $_home = $home ? { "" => "/home/${user}", default => $home }
+  $_home = $home ? { "" => "${sshkeys::home}/${user}", default => $home }
   # on the keymaster:
   $key_src_dir = "${sshkeys::keymaster_storage}/${_keyname}"
   $key_src_file = "${key_src_dir}/key.pub"
diff --git a/manifests/set_client_key_pair.pp b/manifests/set_client_key_pair.pp
index b06ef02..a9ee440 100644
--- a/manifests/set_client_key_pair.pp
+++ b/manifests/set_client_key_pair.pp
@@ -16,7 +16,7 @@
   }
 
   $_keyname = $keyname ? { '' => $title, default => $keyname }
-  $_home = $home ? { '' => "/home/${user}", default => $home }
+  $_home = $home ? { '' => "${sshkeys::home}/${user}", default => $home }
   $key_src_file = "${sshkeys::keymaster_storage}/${_keyname}/key" # on the keymaster
   $key_tgt_file = "${_home}/.ssh/${filename}" # on the client
 
diff --git a/manifests/var.pp b/manifests/var.pp
index 16b1c03..e855970 100644
--- a/manifests/var.pp
+++ b/manifests/var.pp
@@ -1,4 +1,4 @@
-class sshkeys::var(
+class sshkeys::var {
   $keymaster_storage = "/var/lib/puppet-sshkeys"
-) {
+  $home = "/home"
 }

From a03c6a5bd5e75079fbf1b12ff9aff695fc88e355 Mon Sep 17 00:00:00 2001
From: Rick Sherman <shermdog@swbell.net>
Date: Fri, 28 Jun 2013 17:56:43 -0500
Subject: [PATCH 3/3] Enable sending email after creating key Cleaned up some
 issues

---
 files/emailKey.py                | 90 ++++++++++++++++++++++++++++++++
 manifests/create_key.pp          |  2 +
 manifests/set_authorized_keys.pp |  2 +-
 manifests/set_client_key_pair.pp | 13 ++---
 manifests/setup_key_master.pp    | 22 +++++++-
 5 files changed, 120 insertions(+), 9 deletions(-)
 create mode 100644 files/emailKey.py

diff --git a/files/emailKey.py b/files/emailKey.py
new file mode 100644
index 0000000..399efca
--- /dev/null
+++ b/files/emailKey.py
@@ -0,0 +1,90 @@
+#! /usr/bin/python
+#
+# emailKey.py
+# Script to send user keys
+# https://github.com/shermdog/puppet-sshkeys
+# v1.0
+# 6.28.13
+
+# Params:
+#   filename (absolute path)
+#   emailaddress
+
+import sys
+import socket
+import smtplib
+from email import encoders
+from email.mime.base import MIMEBase
+from email.mime.text import MIMEText
+from email.mime.multipart import MIMEMultipart
+
+
+# Script defaults - You need to set these!
+sender = 'sender@host.com'
+server = 'smtp.server.com'
+port = 465
+user = 'username'
+password = 'password'
+
+
+def printUsage ():
+  print "Incorrect or invalid arguments."
+  print "Usage: emailKey.py <filename> <emailaddress>"
+  sys.exit(2) #Invalid sytax error code
+
+
+# Start main program code
+if len(sys.argv) != 3:
+  printUsage()
+
+fileName = sys.argv[1]
+address = sys.argv[2]
+
+# Create the enclosing (outer) message
+outer = MIMEMultipart()
+outer['Subject'] = 'SSH Access Key Updated'
+outer['From'] = sender
+outer['To'] = address
+
+# Text inside of the email
+body = MIMEText("""Your SSH access key has been updated and is included in this message.
+
+This key will be installed in the next 30 minutes.  Your previous key will be removed.
+
+
+
+
+
+
+
+
+"I am Vinz, Vinz Clortho, Keymaster of Gozer...Volguus Zildrohoar, Lord of the Seboullia. Are you the Gatekeeper?"
+""")
+
+outer.attach(body)
+
+# Attach certificate
+fp = open(fileName, 'rb')
+# SES has some strict MIME types, this allows any extension
+msg = MIMEBase('application', "pgp-encrypted")
+msg.set_payload(fp.read())
+fp.close()
+
+# Encode the payload using Base64
+encoders.encode_base64(msg)
+msg.add_header('Content-Disposition', 'attachment', filename=fileName.rsplit('/',1)[1])
+outer.attach(msg)
+
+# Send email and cath errors
+try:
+    s = smtplib.SMTP_SSL(server, port, timeout=1)
+    s.login(user,password)
+    s.sendmail(sender, address, outer.as_string())
+    s.quit()
+    print "Successfully sent email."
+    sys.exit() #Successful exit code 0
+except Exception, e:    
+    print "Unable to send email. Error: %s" % e
+    sys.exit(1) #Exit with error
+
+# It's over!
diff --git a/manifests/create_key.pp b/manifests/create_key.pp
index 8d40c03..a84b231 100644
--- a/manifests/create_key.pp
+++ b/manifests/create_key.pp
@@ -6,6 +6,7 @@
   $length = 2048,
   $maxdays = "",
   $mindate = "",
+  $email = ""
 ) {
   sshkeys::namecheck { "${title}-title": parm => "title", value => $title }
 
@@ -25,5 +26,6 @@
     length  => $_length,
     maxdays => $maxdays,
     mindate => $mindate,
+    email   => $email
   }
 }
diff --git a/manifests/set_authorized_keys.pp b/manifests/set_authorized_keys.pp
index eff8ceb..a5b33a3 100644
--- a/manifests/set_authorized_keys.pp
+++ b/manifests/set_authorized_keys.pp
@@ -12,7 +12,7 @@
   $_home = $home ? { "" => "${sshkeys::home}/${user}", default => $home }
   # on the keymaster:
   $key_src_dir = "${sshkeys::keymaster_storage}/${_keyname}"
-  $key_src_file = "${key_src_dir}/key.pub"
+  $key_src_file = "${key_src_dir}/${_keyname}.pub"
   # on the server:
   $key_tgt_file = "${_home}/.ssh/authorized_keys"
 
diff --git a/manifests/set_client_key_pair.pp b/manifests/set_client_key_pair.pp
index a9ee440..9c8e555 100644
--- a/manifests/set_client_key_pair.pp
+++ b/manifests/set_client_key_pair.pp
@@ -8,18 +8,19 @@
   $user
 ) {
 
+
+  $_keyname = $keyname ? { '' => $title, default => $keyname }
+  $_home = $home ? { '' => "${sshkeys::home}/${user}", default => $home }
+  $key_src_file = "${sshkeys::keymaster_storage}/${_keyname}/${_keyname}" # on the keymaster
+  $key_tgt_file = "${_home}/.ssh/${filename}" # on the client
+  
   File {
     owner   => $user,
     group   => $group ? { '' => $user, default => $group },
     mode    => 600,
-    require => [ User[$user], File[$home]],
+    require => [ User[$user], File[$_home]],
   }
 
-  $_keyname = $keyname ? { '' => $title, default => $keyname }
-  $_home = $home ? { '' => "${sshkeys::home}/${user}", default => $home }
-  $key_src_file = "${sshkeys::keymaster_storage}/${_keyname}/key" # on the keymaster
-  $key_tgt_file = "${_home}/.ssh/${filename}" # on the client
-
   $key_src_content_pub = file("${key_src_file}.pub", "/dev/null")
   if $ensure == "absent" or $key_src_content_pub =~ /^(ssh-...) ([^ ]+)/ {
     $keytype = $1
diff --git a/manifests/setup_key_master.pp b/manifests/setup_key_master.pp
index f8dcbb8..1e9d2b9 100644
--- a/manifests/setup_key_master.pp
+++ b/manifests/setup_key_master.pp
@@ -8,7 +8,8 @@
   $keytype,
   $length,
   $maxdays,
-  $mindate
+  $mindate,
+  $email
 ) {
 
   Exec { path => "/usr/bin:/usr/sbin:/bin:/sbin" }
@@ -19,7 +20,8 @@
   }
 
   $keydir = "${sshkeys::keymaster_storage}/${title}"
-  $keyfile = "${keydir}/key"
+  
+  $keyfile = "${keydir}/${title}"
 
   file {
     "$keydir":
@@ -83,5 +85,21 @@
       require => File[$keydir],
       before  => File[$keyfile, "${keyfile}.pub"],
     }
+    
+    if $email {
+	    # Command to email key to user
+	    # Idea courtesy of http://www.warden.pl/2012/09/05/puppet-send-an-email-to-the-client-when-a-new-key-is-generated/
+	    exec { "Notify user ${email}":
+	      command => "/usr/bin/python /common/puppet/emailKey.py ${keyfile} ${email}",	      
+	      timeout => 30,
+	      tries => 3,
+	      try_sleep => 10,
+	      require => File[$keyfile],
+	      subscribe => Exec["Create key $title: $keytype, $length bits"],
+	      refreshonly => true
+	    }      
+    }
   }
 }
+
+# I am Vinz, Vinz Clortho, Keymaster of Gozer...Volguus Zildrohoar, Lord of the Seboullia. Are you the Gatekeeper?