xml/schema/unix.xsd

<?xml version="1.0" encoding="UTF-8" ?>
<xs:schema targetNamespace="http://schema.xml.r00t2.io/unix.xsd"
           xmlns="http://schema.xml.r00t2.io/unix.xsd"
           xmlns:std="http://schema.xml.r00t2.io/std.xsd"
           xmlns:unix="http://schema.xml.r00t2.io/unix.xsd"
           xmlns:xs="http://www.w3.org/2001/XMLSchema"
           elementFormDefault="qualified"
           attributeFormDefault="unqualified">

    <xs:import namespace="http://schema.xml.r00t2.io/std.xsd" schemaLocation="http://schema.xml.r00t2.io/std.xsd"/>

    <xs:simpleType name="t_filepath">
        <xs:restriction base="xs:string">
            <xs:pattern value="(/[^/]+)+/?"/>
        </xs:restriction>
    </xs:simpleType>

    <xs:complexType name="t_nixpass">
        <xs:choice minOccurs="1" maxOccurs="1">
            <xs:element name="passwordPlain">
                <xs:complexType>
                    <xs:simpleContent>
                        <xs:extension base="xs:string">
                            <xs:attribute name="hashType" use="optional" default="md5" type="unix:t_passwd_hashtypes"/>
                            <xs:attribute name="rounds" use="optional" default="5000" type="xs:positiveInteger"/>
                        </xs:extension>
                    </xs:simpleContent>
                </xs:complexType>
            </xs:element>
            <xs:element name="passwordHash">
                <xs:complexType>
                    <xs:simpleContent>
                        <xs:extension base="unix:t_shadowhash">
                            <xs:attribute name="hashType" use="optional" default="md5" type="unix:t_passwd_hashtypes"/>
                        </xs:extension>
                    </xs:simpleContent>
                </xs:complexType>
            </xs:element>
        </xs:choice>
        <xs:attribute name="locked" use="optional" default="false" type="xs:boolean"/>
    </xs:complexType>

    <xs:simpleType name="t_passwd_hashtypes">
        <xs:restriction base="xs:string">
            <xs:enumeration value="md5"/>
        </xs:restriction>
    </xs:simpleType>

    <xs:simpleType name="t_posixUserGroup">
        <!-- https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_437
             https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_282
             https://unix.stackexchange.com/a/435120/284004 -->
        <xs:restriction base="xs:token">
            <xs:pattern value="[a-z_]([a-z0-9_-]{0,31}|[a-z0-9_-]{0,30}$)"/>
            <xs:whiteSpace value="collapse"/>
        </xs:restriction>
    </xs:simpleType>

    <xs:simpleType name="t_shadowhash">
        <!-- http://man7.org/linux/man-pages/man3/crypt.3.html#NOTES -->
        <xs:restriction base="xs:token">
            <xs:pattern value="($1)?($[a-zA-Z0-9./]{1,16})$[a-zA-Z0-9./]{22}"/><!-- md5 -->
            <xs:whiteSpace value="collapse"/>
        </xs:restriction>
    </xs:simpleType>

    <xs:complexType name="t_user">
        <xs:sequence>
            <xs:element name="password" minOccurs="0" maxOccurs="1" type="unix:t_nixpass"/>
            <xs:element name="xGroup" minOccurs="0" maxOccurs="unbounded">
                <xs:complexType>
                    <xs:attribute name="name" type="unix:t_posixUserGroup"
                                  use="required"/>
                    <xs:attribute name="create" type="xs:boolean" use="optional"
                                  default="false"/>
                    <xs:attribute name="gid" type="xs:positiveInteger"
                                  use="optional"/>
                </xs:complexType>
                <xs:unique name="uniq_grp">
                    <xs:selector xpath="unix:xGroup"/>
                    <xs:field xpath="@name"/>
                </xs:unique>
            </xs:element>
        </xs:sequence>
        <xs:attribute name="name" type="unix:t_posixUserGroup" use="required"/>
        <xs:attribute name="home" type="unix:t_filepath" use="optional"/>
        <xs:attribute name="uid" type="xs:positiveInteger" use="optional"/>
        <xs:attribute name="group" type="unix:t_posixUserGroup" use="optional"/>
        <xs:attribute name="gid" type="xs:positiveInteger" use="optional"/>
        <xs:attribute name="comment" type="std:t_nonempty" use="optional"/>
        <xs:attribute name="sudo" type="xs:boolean" use="optional"
                      default="false"/>
        <xs:attribute name="sudoPassword" type="xs:boolean" use="optional"
                      default="true"/>
        <xs:attribute name="shell" type="unix:t_filepath" use="optional"
                      default="/bin/bash"/>
        <!-- TODO: change the positiveIntegers to xs:duration? or union? -->
        <!-- Might be pointless since the smallest increment is 1 day in
             shadow(5). -->
        <xs:attribute name="minAge" type="xs:positiveInteger" use="optional"/>
        <xs:attribute name="maxAge" type="xs:positiveInteger" use="optional"/>
        <xs:attribute name="warnDays" type="xs:positiveInteger"
                      use="optional"/>
        <xs:attribute name="inactiveDays" type="xs:positiveInteger"
                      use="optional"/>
        <xs:attribute name="expireDate" type="std:t_epoch_or_iso"
                      use="optional"/>
    </xs:complexType>

</xs:schema>