diff options
| author | Michael Scherer <misc@mageia.org> | 2010-11-23 01:11:10 +0000 |
|---|---|---|
| committer | Michael Scherer <misc@mageia.org> | 2010-11-23 01:11:10 +0000 |
| commit | 01cae5b08f26d3ca9034bd02b13b21e762e81149 (patch) | |
| tree | 6ad9e3d5cca42b564f0a8eb91fd138a378e6e561 /modules/restrictshell | |
| parent | 7c1cb4b1fa96fede6e6912d9698107cd5d4efb06 (diff) | |
| download | puppet-01cae5b08f26d3ca9034bd02b13b21e762e81149.tar puppet-01cae5b08f26d3ca9034bd02b13b21e762e81149.tar.gz puppet-01cae5b08f26d3ca9034bd02b13b21e762e81149.tar.bz2 puppet-01cae5b08f26d3ca9034bd02b13b21e762e81149.tar.xz puppet-01cae5b08f26d3ca9034bd02b13b21e762e81149.zip | |
- split the module in 2 part, and add class to allow to more easyly
combine the autorized shell
Diffstat (limited to 'modules/restrictshell')
| -rw-r--r-- | modules/restrictshell/manifests/init.pp | 51 | ||||
| -rwxr-xr-x | modules/restrictshell/templates/membersh-conf.pl | 10 |
2 files changed, 44 insertions, 17 deletions
diff --git a/modules/restrictshell/manifests/init.pp b/modules/restrictshell/manifests/init.pp index 9d65f183..3ce1e0d0 100644 --- a/modules/restrictshell/manifests/init.pp +++ b/modules/restrictshell/manifests/init.pp @@ -1,5 +1,12 @@ class restrictshell { class shell { + file {"/etc/membersh-conf.d": + ensure => directory, + owner => root, + group => root, + mode => 755, + } + file { '/usr/local/bin/sv_membersh.pl': ensure => present, owner => root, @@ -7,16 +14,7 @@ class restrictshell { mode => 755, content => template("restrictshell/sv_membersh.pl"), } - } - class base { - include shell - $allow_svn = "0" - $allow_git = "0" - $allow_rsync = "0" - $allow_pkgsubmit = "0" - - $ldap_pwfile = "/etc/ldap.secret" file { '/etc/membersh-conf.pl': ensure => present, owner => root, @@ -24,6 +22,9 @@ class restrictshell { mode => 755, content => template("restrictshell/membersh-conf.pl"), } + } + + class ssh_keys_from_ldap { package { 'python-ldap': ensure => installed, @@ -37,6 +38,7 @@ class restrictshell { mode => 755, } + $ldap_pwfile = "/etc/ldap.secret" file { '/usr/local/bin/ldap-sshkey2file.py': ensure => present, owner => root, @@ -47,9 +49,32 @@ class restrictshell { } } - class allow_svn_git_pkgsubmit inherits base { - $allow_svn = "1" - $allow_git = "1" - $allow_pkgsubmit = "1" + define allow { + include shell + file { "/etc/membersh-conf.d/allow_$name.pl": + ensure => "present", + owner => root, + group => root, + mode => 755, + content => "\$use_$name = 1;\n", + } + } + + # yes, we could directly use the allow, but this is + # a nicer syntax + class allow_git { + allow{ "git": } + } + + class allow_rsync { + allow{ "rsync": } + } + + class allow_pkgsubmit { + allow{ "pkgsubmit": } + } + + class allow_svn { + allow{ "svn": } } } diff --git a/modules/restrictshell/templates/membersh-conf.pl b/modules/restrictshell/templates/membersh-conf.pl index 0d9887e1..203a2c94 100755 --- a/modules/restrictshell/templates/membersh-conf.pl +++ b/modules/restrictshell/templates/membersh-conf.pl @@ -1,16 +1,18 @@ -$use_svn = "<%= allow_svn %>"; + + $bin_svn = "/usr/bin/svnserve"; $regexp_svn = "^svnserve -t\$"; #@prepend_args_svn = ( '-r', '/svn' ); @prepend_args_svn = (); -$use_git = "<%= allow_git %>"; $bin_git = "/usr/bin/git-shell"; -$use_rsync = "<%= allow_rsync %>"; $bin_rsync = "/usr/bin/rsync"; $regexp_rsync = "^rsync --server"; $regexp_dir_rsync = "^/.*"; -$use_pkgsubmit = "<%= allow_pkgsubmit %>"; +foreach my $f (glob("/etc/membersh-conf.d/allow_*pl")) { + do($f) +} +1; |