1 |
class restrictshell { |
2 |
class shell { |
3 |
file {"/etc/membersh-conf.d": |
4 |
ensure => directory, |
5 |
owner => root, |
6 |
group => root, |
7 |
mode => 755, |
8 |
} |
9 |
|
10 |
file { '/usr/local/bin/sv_membersh.pl': |
11 |
ensure => present, |
12 |
owner => root, |
13 |
group => root, |
14 |
mode => 755, |
15 |
content => template("restrictshell/sv_membersh.pl"), |
16 |
} |
17 |
|
18 |
file { '/etc/membersh-conf.pl': |
19 |
ensure => present, |
20 |
owner => root, |
21 |
group => root, |
22 |
mode => 755, |
23 |
content => template("restrictshell/membersh-conf.pl"), |
24 |
} |
25 |
} |
26 |
|
27 |
class ssh_keys_from_ldap { |
28 |
|
29 |
package { 'python-ldap': |
30 |
ensure => installed, |
31 |
} |
32 |
|
33 |
$pubkeys_directory = "/var/lib/pubkeys" |
34 |
file { $pubkeys_directory: |
35 |
ensure => directory, |
36 |
owner => root, |
37 |
group => root, |
38 |
mode => 755, |
39 |
} |
40 |
|
41 |
$ldap_pwfile = "/etc/ldap.secret" |
42 |
file { '/usr/local/bin/ldap-sshkey2file.py': |
43 |
ensure => present, |
44 |
owner => root, |
45 |
group => root, |
46 |
mode => 755, |
47 |
content => template("restrictshell/ldap-sshkey2file.py"), |
48 |
requires => Package['python-ldap'] |
49 |
} |
50 |
} |
51 |
|
52 |
define allow { |
53 |
include shell |
54 |
file { "/etc/membersh-conf.d/allow_$name.pl": |
55 |
ensure => "present", |
56 |
owner => root, |
57 |
group => root, |
58 |
mode => 755, |
59 |
content => "\$use_$name = 1;\n", |
60 |
} |
61 |
} |
62 |
|
63 |
# yes, we could directly use the allow, but this is |
64 |
# a nicer syntax |
65 |
class allow_git { |
66 |
allow{ "git": } |
67 |
} |
68 |
|
69 |
class allow_rsync { |
70 |
allow{ "rsync": } |
71 |
} |
72 |
|
73 |
class allow_pkgsubmit { |
74 |
allow{ "pkgsubmit": } |
75 |
} |
76 |
|
77 |
class allow_svn { |
78 |
allow{ "svn": } |
79 |
} |
80 |
} |