[Mageia-sysadm] [408] - split the module in 2 part, and add class to allow to more easyly

Tue Nov 23 02:11:10 CET 2010

Revision: 408
+Author:   misc
+Date:     2010-11-23 02:11:10 +0100 (Tue, 23 Nov 2010)
+Log Message:
+-----------
+- split the module in 2 part, and add class to allow to more easyly
+combine the autorized shell
+
+Modified Paths:
+--------------
+    puppet/modules/restrictshell/manifests/init.pp
+    puppet/modules/restrictshell/templates/membersh-conf.pl
+
+Modified: puppet/modules/restrictshell/manifests/init.pp
+===================================================================
+--- puppet/modules/restrictshell/manifests/init.pp	2010-11-23 01:11:08 UTC (rev 407)
++++ puppet/modules/restrictshell/manifests/init.pp	2010-11-23 01:11:10 UTC (rev 408)
+@@ -1,5 +1,12 @@
+ class restrictshell {
+     class shell {
++        file {"/etc/membersh-conf.d":
++            ensure => directory,
++            owner => root,
++            group => root,
++            mode => 755,
++        }
++
+         file { '/usr/local/bin/sv_membersh.pl':
+             ensure => present,
+             owner => root,
+@@ -7,16 +14,7 @@
+             mode => 755,
+             content => template("restrictshell/sv_membersh.pl"),
+         }
+-    }
+ 
+-    class base {
+-        include shell
+-        $allow_svn = "0"
+-        $allow_git = "0"
+-        $allow_rsync = "0"
+-        $allow_pkgsubmit = "0"
+-
+-        $ldap_pwfile = "/etc/ldap.secret"
+         file { '/etc/membersh-conf.pl':
+             ensure => present,
+             owner => root,
+@@ -24,6 +22,9 @@
+             mode => 755,
+             content => template("restrictshell/membersh-conf.pl"),
+         }
++    }
++    
++    class ssh_keys_from_ldap {
+ 
+         package { 'python-ldap':
+             ensure => installed,
+@@ -37,6 +38,7 @@
+             mode => 755,
+         }
+ 
++        $ldap_pwfile = "/etc/ldap.secret"
+         file { '/usr/local/bin/ldap-sshkey2file.py':
+             ensure => present,
+             owner => root,
+@@ -47,9 +49,32 @@
+         } 
+     }
+ 
+-    class allow_svn_git_pkgsubmit inherits base {
+-        $allow_svn = "1"
+-        $allow_git = "1"
+-        $allow_pkgsubmit = "1"
++    define allow {
++        include shell
++        file { "/etc/membersh-conf.d/allow_$name.pl":
++            ensure => "present",
++            owner => root,
++            group => root,
++            mode => 755,
++            content => "\$use_$name = 1;\n",
++        }
+     }
++
++    # yes, we could directly use the allow, but this is
++    # a nicer syntax
++    class allow_git {
++        allow{ "git": }
++    }
++
++    class allow_rsync {
++        allow{ "rsync": }
++    }
++
++    class allow_pkgsubmit {
++        allow{ "pkgsubmit": }
++    }
++
++    class allow_svn {
++        allow{ "svn": }
++    }
+ }
+
+Modified: puppet/modules/restrictshell/templates/membersh-conf.pl
+===================================================================
+--- puppet/modules/restrictshell/templates/membersh-conf.pl	2010-11-23 01:11:08 UTC (rev 407)
++++ puppet/modules/restrictshell/templates/membersh-conf.pl	2010-11-23 01:11:10 UTC (rev 408)
+@@ -1,16 +1,18 @@
+-$use_svn = "<%= allow_svn %>";
++
++
+ $bin_svn = "/usr/bin/svnserve";
+ $regexp_svn = "^svnserve -t\$";
+ #@prepend_args_svn = ( '-r', '/svn' );
+ @prepend_args_svn = ();
+ 
+-$use_git = "<%= allow_git %>";
+ $bin_git = "/usr/bin/git-shell";
+ 
+-$use_rsync = "<%= allow_rsync %>";
+ $bin_rsync = "/usr/bin/rsync";
+ $regexp_rsync = "^rsync --server";
+ $regexp_dir_rsync = "^/.*";
+ 
+-$use_pkgsubmit = "<%= allow_pkgsubmit %>";
+ 
++foreach my $f (glob("/etc/membersh-conf.d/allow_*pl")) {
++    do($f)
++}
++1;
+-------------- next part --------------
+An HTML attachment was scrubbed...
+URL: </pipermail/mageia-sysadm/attachments/20101123/0c4827d6/attachment-0001.html>
+