From 01cae5b08f26d3ca9034bd02b13b21e762e81149 Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@mageia.org>
Date: Tue, 23 Nov 2010 01:11:10 +0000
Subject: - split the module in 2 part, and add class to allow to more easyly
 combine the autorized shell

---
 modules/restrictshell/manifests/init.pp | 51 ++++++++++++++++++++++++---------
 1 file changed, 38 insertions(+), 13 deletions(-)

(limited to 'modules/restrictshell/manifests')

diff --git a/modules/restrictshell/manifests/init.pp b/modules/restrictshell/manifests/init.pp
index 9d65f183..3ce1e0d0 100644
--- a/modules/restrictshell/manifests/init.pp
+++ b/modules/restrictshell/manifests/init.pp
@@ -1,5 +1,12 @@
 class restrictshell {
     class shell {
+        file {"/etc/membersh-conf.d":
+            ensure => directory,
+            owner => root,
+            group => root,
+            mode => 755,
+        }
+
         file { '/usr/local/bin/sv_membersh.pl':
             ensure => present,
             owner => root,
@@ -7,16 +14,7 @@ class restrictshell {
             mode => 755,
             content => template("restrictshell/sv_membersh.pl"),
         }
-    }
 
-    class base {
-        include shell
-        $allow_svn = "0"
-        $allow_git = "0"
-        $allow_rsync = "0"
-        $allow_pkgsubmit = "0"
-
-        $ldap_pwfile = "/etc/ldap.secret"
         file { '/etc/membersh-conf.pl':
             ensure => present,
             owner => root,
@@ -24,6 +22,9 @@ class restrictshell {
             mode => 755,
             content => template("restrictshell/membersh-conf.pl"),
         }
+    }
+    
+    class ssh_keys_from_ldap {
 
         package { 'python-ldap':
             ensure => installed,
@@ -37,6 +38,7 @@ class restrictshell {
             mode => 755,
         }
 
+        $ldap_pwfile = "/etc/ldap.secret"
         file { '/usr/local/bin/ldap-sshkey2file.py':
             ensure => present,
             owner => root,
@@ -47,9 +49,32 @@ class restrictshell {
         } 
     }
 
-    class allow_svn_git_pkgsubmit inherits base {
-        $allow_svn = "1"
-        $allow_git = "1"
-        $allow_pkgsubmit = "1"
+    define allow {
+        include shell
+        file { "/etc/membersh-conf.d/allow_$name.pl":
+            ensure => "present",
+            owner => root,
+            group => root,
+            mode => 755,
+            content => "\$use_$name = 1;\n",
+        }
+    }
+
+    # yes, we could directly use the allow, but this is
+    # a nicer syntax
+    class allow_git {
+        allow{ "git": }
+    }
+
+    class allow_rsync {
+        allow{ "rsync": }
+    }
+
+    class allow_pkgsubmit {
+        allow{ "pkgsubmit": }
+    }
+
+    class allow_svn {
+        allow{ "svn": }
     }
 }
-- 
cgit v1.2.1