| 1 |
class restrictshell { |
| 2 |
class shell { |
| 3 |
file {"/etc/membersh-conf.d": |
| 4 |
ensure => directory, |
| 5 |
owner => root, |
| 6 |
group => root, |
| 7 |
mode => 755, |
| 8 |
} |
| 9 |
|
| 10 |
file { '/usr/local/bin/sv_membersh.pl': |
| 11 |
ensure => present, |
| 12 |
owner => root, |
| 13 |
group => root, |
| 14 |
mode => 755, |
| 15 |
content => template("restrictshell/sv_membersh.pl"), |
| 16 |
} |
| 17 |
|
| 18 |
file { '/etc/membersh-conf.pl': |
| 19 |
ensure => present, |
| 20 |
owner => root, |
| 21 |
group => root, |
| 22 |
mode => 755, |
| 23 |
content => template("restrictshell/membersh-conf.pl"), |
| 24 |
} |
| 25 |
} |
| 26 |
|
| 27 |
class ssh_keys_from_ldap { |
| 28 |
|
| 29 |
package { 'python-ldap': |
| 30 |
ensure => installed, |
| 31 |
} |
| 32 |
|
| 33 |
$pubkeys_directory = "/var/lib/pubkeys" |
| 34 |
file { $pubkeys_directory: |
| 35 |
ensure => directory, |
| 36 |
owner => root, |
| 37 |
group => root, |
| 38 |
mode => 755, |
| 39 |
} |
| 40 |
|
| 41 |
$ldap_pwfile = "/etc/ldap.secret" |
| 42 |
file { '/usr/local/bin/ldap-sshkey2file.py': |
| 43 |
ensure => present, |
| 44 |
owner => root, |
| 45 |
group => root, |
| 46 |
mode => 755, |
| 47 |
content => template("restrictshell/ldap-sshkey2file.py"), |
| 48 |
requires => Package['python-ldap'] |
| 49 |
} |
| 50 |
} |
| 51 |
|
| 52 |
define allow { |
| 53 |
include shell |
| 54 |
file { "/etc/membersh-conf.d/allow_$name.pl": |
| 55 |
ensure => "present", |
| 56 |
owner => root, |
| 57 |
group => root, |
| 58 |
mode => 755, |
| 59 |
content => "\$use_$name = 1;\n", |
| 60 |
} |
| 61 |
} |
| 62 |
|
| 63 |
# yes, we could directly use the allow, but this is |
| 64 |
# a nicer syntax |
| 65 |
class allow_git { |
| 66 |
allow{ "git": } |
| 67 |
} |
| 68 |
|
| 69 |
class allow_rsync { |
| 70 |
allow{ "rsync": } |
| 71 |
} |
| 72 |
|
| 73 |
class allow_pkgsubmit { |
| 74 |
allow{ "pkgsubmit": } |
| 75 |
} |
| 76 |
|
| 77 |
class allow_svn { |
| 78 |
allow{ "svn": } |
| 79 |
} |
| 80 |
} |
Parent Directory
| 
Revision Log