From 01cae5b08f26d3ca9034bd02b13b21e762e81149 Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Tue, 23 Nov 2010 01:11:10 +0000 Subject: - split the module in 2 part, and add class to allow to more easyly combine the autorized shell --- modules/restrictshell/manifests/init.pp | 51 ++++++++++++++++++------ modules/restrictshell/templates/membersh-conf.pl | 10 +++-- 2 files changed, 44 insertions(+), 17 deletions(-) diff --git a/modules/restrictshell/manifests/init.pp b/modules/restrictshell/manifests/init.pp index 9d65f183..3ce1e0d0 100644 --- a/modules/restrictshell/manifests/init.pp +++ b/modules/restrictshell/manifests/init.pp @@ -1,5 +1,12 @@ class restrictshell { class shell { + file {"/etc/membersh-conf.d": + ensure => directory, + owner => root, + group => root, + mode => 755, + } + file { '/usr/local/bin/sv_membersh.pl': ensure => present, owner => root, @@ -7,16 +14,7 @@ class restrictshell { mode => 755, content => template("restrictshell/sv_membersh.pl"), } - } - class base { - include shell - $allow_svn = "0" - $allow_git = "0" - $allow_rsync = "0" - $allow_pkgsubmit = "0" - - $ldap_pwfile = "/etc/ldap.secret" file { '/etc/membersh-conf.pl': ensure => present, owner => root, @@ -24,6 +22,9 @@ class restrictshell { mode => 755, content => template("restrictshell/membersh-conf.pl"), } + } + + class ssh_keys_from_ldap { package { 'python-ldap': ensure => installed, @@ -37,6 +38,7 @@ class restrictshell { mode => 755, } + $ldap_pwfile = "/etc/ldap.secret" file { '/usr/local/bin/ldap-sshkey2file.py': ensure => present, owner => root, @@ -47,9 +49,32 @@ class restrictshell { } } - class allow_svn_git_pkgsubmit inherits base { - $allow_svn = "1" - $allow_git = "1" - $allow_pkgsubmit = "1" + define allow { + include shell + file { "/etc/membersh-conf.d/allow_$name.pl": + ensure => "present", + owner => root, + group => root, + mode => 755, + content => "\$use_$name = 1;\n", + } + } + + # yes, we could directly use the allow, but this is + # a nicer syntax + class allow_git { + allow{ "git": } + } + + class allow_rsync { + allow{ "rsync": } + } + + class allow_pkgsubmit { + allow{ "pkgsubmit": } + } + + class allow_svn { + allow{ "svn": } } } diff --git a/modules/restrictshell/templates/membersh-conf.pl b/modules/restrictshell/templates/membersh-conf.pl index 0d9887e1..203a2c94 100755 --- a/modules/restrictshell/templates/membersh-conf.pl +++ b/modules/restrictshell/templates/membersh-conf.pl @@ -1,16 +1,18 @@ -$use_svn = "<%= allow_svn %>"; + + $bin_svn = "/usr/bin/svnserve"; $regexp_svn = "^svnserve -t\$"; #@prepend_args_svn = ( '-r', '/svn' ); @prepend_args_svn = (); -$use_git = "<%= allow_git %>"; $bin_git = "/usr/bin/git-shell"; -$use_rsync = "<%= allow_rsync %>"; $bin_rsync = "/usr/bin/rsync"; $regexp_rsync = "^rsync --server"; $regexp_dir_rsync = "^/.*"; -$use_pkgsubmit = "<%= allow_pkgsubmit %>"; +foreach my $f (glob("/etc/membersh-conf.d/allow_*pl")) { + do($f) +} +1; -- cgit v1.2.1