1 |
class restrictshell { |
class restrictshell { |
2 |
class shell { |
class shell { |
3 |
|
file {"/etc/membersh-conf.d": |
4 |
|
ensure => directory, |
5 |
|
owner => root, |
6 |
|
group => root, |
7 |
|
mode => 755, |
8 |
|
} |
9 |
|
|
10 |
file { '/usr/local/bin/sv_membersh.pl': |
file { '/usr/local/bin/sv_membersh.pl': |
11 |
ensure => present, |
ensure => present, |
12 |
owner => root, |
owner => root, |
14 |
mode => 755, |
mode => 755, |
15 |
content => template("restrictshell/sv_membersh.pl"), |
content => template("restrictshell/sv_membersh.pl"), |
16 |
} |
} |
|
} |
|
17 |
|
|
|
class base { |
|
|
include shell |
|
|
$allow_svn = "0" |
|
|
$allow_git = "0" |
|
|
$allow_rsync = "0" |
|
|
$allow_pkgsubmit = "0" |
|
|
|
|
|
$ldap_pwfile = "/etc/ldap.secret" |
|
18 |
file { '/etc/membersh-conf.pl': |
file { '/etc/membersh-conf.pl': |
19 |
ensure => present, |
ensure => present, |
20 |
owner => root, |
owner => root, |
22 |
mode => 755, |
mode => 755, |
23 |
content => template("restrictshell/membersh-conf.pl"), |
content => template("restrictshell/membersh-conf.pl"), |
24 |
} |
} |
25 |
|
} |
26 |
|
|
27 |
|
class ssh_keys_from_ldap { |
28 |
|
|
29 |
package { 'python-ldap': |
package { 'python-ldap': |
30 |
ensure => installed, |
ensure => installed, |
38 |
mode => 755, |
mode => 755, |
39 |
} |
} |
40 |
|
|
41 |
|
$ldap_pwfile = "/etc/ldap.secret" |
42 |
file { '/usr/local/bin/ldap-sshkey2file.py': |
file { '/usr/local/bin/ldap-sshkey2file.py': |
43 |
ensure => present, |
ensure => present, |
44 |
owner => root, |
owner => root, |
49 |
} |
} |
50 |
} |
} |
51 |
|
|
52 |
class allow_svn_git_pkgsubmit inherits base { |
define allow { |
53 |
$allow_svn = "1" |
include shell |
54 |
$allow_git = "1" |
file { "/etc/membersh-conf.d/allow_$name.pl": |
55 |
$allow_pkgsubmit = "1" |
ensure => "present", |
56 |
|
owner => root, |
57 |
|
group => root, |
58 |
|
mode => 755, |
59 |
|
content => "\$use_$name = 1;\n", |
60 |
|
} |
61 |
|
} |
62 |
|
|
63 |
|
# yes, we could directly use the allow, but this is |
64 |
|
# a nicer syntax |
65 |
|
class allow_git { |
66 |
|
allow{ "git": } |
67 |
|
} |
68 |
|
|
69 |
|
class allow_rsync { |
70 |
|
allow{ "rsync": } |
71 |
|
} |
72 |
|
|
73 |
|
class allow_pkgsubmit { |
74 |
|
allow{ "pkgsubmit": } |
75 |
|
} |
76 |
|
|
77 |
|
class allow_svn { |
78 |
|
allow{ "svn": } |
79 |
} |
} |
80 |
} |
} |