diff options
| -rw-r--r-- | manifests/server.pp | 36 | ||||
| -rw-r--r-- | manifests/server/share.pp | 197 | ||||
| -rw-r--r-- | manifests/server/user.pp | 13 | ||||
| -rw-r--r-- | templates/add_samba_user | 16 | ||||
| -rw-r--r-- | templates/check_samba_user | 16 |
5 files changed, 137 insertions, 141 deletions
diff --git a/manifests/server.pp b/manifests/server.pp index bc1e3d7..2e4c2d9 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -2,16 +2,20 @@ class samba::server($interfaces = '', $security = '', $server_string = '', $unix_password_sync = '', - $workgroup = '') { + $workgroup = '', + $bind_interfaces_only = 'yes',) { include samba::server::install include samba::server::config include samba::server::service - $context = '/files/etc/samba/smb.conf' - $target = "target[. = 'global']" + $incl = '/etc/samba/smb.conf' + $context = "/files/etc/samba/smb.conf" + $target = "target[. = 'global']" augeas { 'global-section': + incl => $incl, + lens => 'Samba.lns', context => $context, changes => "set ${target} global", require => Class['samba::server::config'], @@ -21,23 +25,45 @@ class samba::server($interfaces = '', set_samba_option { 'interfaces': value => $interfaces; - 'bind interfaces only': value => 'yes'; + 'bind interfaces only': value => $bind_interfaces_only; 'security': value => $security; 'server string': value => $server_string; 'unix password sync': value => $unix_password_sync; 'workgroup': value => $workgroup; } + + file {'check_samba_user': + # script checks to see if a samba account exists for a given user + path => '/sbin/check_samba_user', + owner => root, + group => root, + mode => "0755", + content => template("${module_name}/check_samba_user"), + } + + file {'add_samba_user': + # script creates a new samba account for a given user and password + path => '/sbin/add_samba_user', + owner => root, + group => root, + mode => "0755", + content => template("${module_name}/add_samba_user"), + } } define set_samba_option ( $value = '', $signal = 'samba::server::service' ) { + $incl = $samba::server::incl $context = $samba::server::context - $target = $samba::server::target + $target = $samba::server::target + $changes = $value ? { default => "set \"${target}/$name\" \"$value\"", '' => "rm ${target}/$name", } augeas { "samba-$name": + incl => $incl, + lens => 'Samba.lns', context => $context, changes => $changes, require => Augeas['global-section'], diff --git a/manifests/server/share.pp b/manifests/server/share.pp index b4eb02f..b7274f9 100644 --- a/manifests/server/share.pp +++ b/manifests/server/share.pp @@ -15,12 +15,17 @@ define samba::server::share($ensure = present, $read_only = '', $public = '', $writable = '', - $printable = '') { - + $printable = '', + $valid_users = '', + ) { + + $incl = $samba::server::incl $context = $samba::server::context - $target = "target[. = '${name}']" + $target = "target[. = '${name}']" augeas { "${name}-section": + incl => $incl, + lens => 'Samba.lns', context => $context, changes => $ensure ? { present => "set ${target} '${name}'", @@ -31,178 +36,98 @@ define samba::server::share($ensure = present, } if $ensure == 'present' { - augeas { "${name}-browsable": - context => $context, - changes => $browsable ? { - true => "set ${target}/browsable yes", - false => "set ${target}/browsable no", - default => "rm ${target}/browsable", + $changes = [ + $browsable ? { + true => "set \"${target}/browsable\" yes", + false => "set \"${target}/browsable\" no", + default => "rm \"${target}/browsable\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-comment": - context => $context, - changes => $comment ? { - default => "set ${target}/comment '${comment}'", - '' => "rm ${target}/comment", + $comment ? { + default => "set \"${target}/comment\" '${comment}'", + '' => "rm \"${target}/comment\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-copy": - context => $context, - changes => $copy ? { - default => "set ${target}/copy '${copy}'", - '' => "rm ${target}/copy", + $copy ? { + default => "set \"${target}/copy\" '${copy}'", + '' => "rm \"${target}/copy\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-create_mask": - context => $context, - changes => $create_mask ? { + $create_mask ? { default => "set \"${target}/create mask\" '${create_mask}'", - '' => "rm \"${target}/create mask\"", + '' => "rm \"${target}/create mask\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-directory_mask": - context => $context, - changes => $directory_mask ? { + $directory_mask ? { default => "set \"${target}/directory mask\" '${directory_mask}'", - '' => "rm \"${target}/directory mask\"", + '' => "rm \"${target}/directory mask\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-force_create_mask": - context => $context, - changes => $force_create_mask ? { + $force_create_mask ? { default => "set \"${target}/force create mask\" '${force_create_mask}'", - '' => "rm \"${target}/force create mask\"", + '' => "rm \"${target}/force create mask\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-force_directory_mask": - context => $context, - changes => $force_directory_mask ? { + $force_directory_mask ? { default => "set \"${target}/force directory mask\" '${force_directory_mask}'", - '' => "rm \"${target}/force directory mask\"", + '' => "rm \"${target}/force directory mask\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-force_group": - context => $context, - changes => $force_group ? { + $force_group ? { default => "set \"${target}/force group\" '${force_group}'", - '' => "rm \"${target}/force group\"", + '' => "rm \"${target}/force group\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-force_user": - context => $context, - changes => $force_user ? { + $force_user ? { default => "set \"${target}/force user\" '${force_user}'", - '' => "rm \"${target}/force user\"", + '' => "rm \"${target}/force user\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-guest_account": - context => $context, - changes => $guest_account ? { + $guest_account ? { default => "set \"${target}/guest account\" '${guest_account}'", - '' => "rm \"${target}/guest account\"", + '' => "rm \"${target}/guest account\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-guest_ok": - context => $context, - changes => $guest_ok ? { + $guest_ok ? { true => "set \"${target}/guest ok\" yes", false => "set \"${target}/guest ok\" no", - default => "rm \"${target}/guest ok\"", + default => "rm \"${target}/guest ok\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-guest_only": - context => $context, - changes => $guest_only ? { + $guest_only ? { true => "set \"${target}/guest only\" yes", false => "set \"${target}/guest only\" no", - default => "rm \"${target}/guest only\"", + default => "rm \"${target}/guest only\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-path": - context => $context, - changes => $path ? { + $path ? { default => "set ${target}/path '${path}'", - '' => "rm ${target}/path", + '' => "rm ${target}/path", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-read_only": - context => $context, - changes => $read_only ? { + $read_only ? { true => "set \"${target}/read only\" yes", false => "set \"${target}/read only\" no", - default => "rm \"${target}/read_only\"", + default => "rm \"${target}/read only\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-public": - context => $context, - changes => $public ? { + $public ? { true => "set \"${target}/public\" yes", false => "set \"${target}/public\" no", - default => "rm \"${target}/public\"", + default => "rm \"${target}/public\"", }, - require => Augeas["${name}-section"], - notify => Class['samba::server::service'] - } - - augeas { "${name}-writable": - context => $context, - changes => $writable ? { + $writable ? { true => "set \"${target}/writable\" yes", false => "set \"${target}/writable\" no", - default => "rm \"${target}/writable\"", + default => "rm \"${target}/writable\"", + }, + $printable ? { + true => "set \"${target}/printable\" yes", + false => "set \"${target}/printable\" no", + default => "rm \"${target}/printable\"", }, + ] + + augeas { "${name}-changes": + incl => $incl, + lens => 'Samba.lns', + context => $context, + changes => $changes, require => Augeas["${name}-section"], notify => Class['samba::server::service'] } - augeas { "${name}-printable": + augeas { "${name}-valid_users": context => $context, - changes => $printable ? { - true => "set \"${target}/printable\" yes", - false => "set \"${target}/printable\" no", - default => "rm \"${target}/printable\"", + changes => $valid_users ? { + default => "set \"${target}/valid users\" '${valid_users}'", + '' => "rm \"${target}/valid users\"", }, require => Augeas["${name}-section"], notify => Class['samba::server::service'] diff --git a/manifests/server/user.pp b/manifests/server/user.pp new file mode 100644 index 0000000..2cffe3b --- /dev/null +++ b/manifests/server/user.pp @@ -0,0 +1,13 @@ +define samba::server::user( + $user_name = $name , + $password , + ) { + exec { "add smb account for ${user_name}": + command => "/sbin/add_samba_user '${user_name}' '${password}'" , + unless => "/sbin/check_samba_user '${user_name}'" , + require => [ + User["${user_name}"] + ] , + notify => Class['samba::server::service'] + } +} diff --git a/templates/add_samba_user b/templates/add_samba_user new file mode 100644 index 0000000..1385d4e --- /dev/null +++ b/templates/add_samba_user @@ -0,0 +1,16 @@ +#!/bin/bash + +# This script adds a samba account for a given user and password +# call as: +# > add_samba_user "USERNAME" "PASSWORD" + +/bin/echo -e "$2\n$2\n" | sudo /usr/bin/pdbedit -a "$1" -t 1>/dev/null +results=$? + +if [ $results = 0 ]; then + echo "added samba account for '$1'" +else + echo "could not add samba account for '$1'" +fi + +exit $results diff --git a/templates/check_samba_user b/templates/check_samba_user new file mode 100644 index 0000000..75cb4b5 --- /dev/null +++ b/templates/check_samba_user @@ -0,0 +1,16 @@ +#!/bin/bash + +# This script checks to see if a given user account exists on samba +# if so, it returns 0 +# otherwise it returns 1 + +sudo /usr/bin/pdbedit -L | egrep -q "^$1:" +exists=$? + +if [ $exists = 0 ]; then + echo "'$1' is a samba user" +else + echo "no samba account matching '$1'" +fi + +exit $exists |