App-Regather
view release on metacpan or search on metacpan
lib/App/Regather/Config.pm view on Meta::CPAN
=item get_ldap_config_file
ldap.conf processing (with L<Config::Parser::ldap>) to add options
from it to config object
files searched are:
$ENV{LDAP_CONF}
/usr/local/etc/openldap/ldap.conf
/etc/ldap.conf
/etc/ldap/ldap.conf
/etc/openldap/ldap.conf );
the first one found is used.
=cut
sub get_ldap_config_file {
my $self = shift;
use Config::Parser::ldap;
my $ldap_config = {};
my @ldap_config_files = qw( /usr/local/etc/openldap/ldap.conf
/etc/ldap.conf
/etc/ldap/ldap.conf
/etc/openldap/ldap.conf );
unshift @ldap_config_files, $ENV{LDAP_CONF} if defined($ENV{LDAP_CONF});
my ( $cf, $val );
foreach (@ldap_config_files) {
if ( -e $_ ) {
$cf = new Config::Parser::ldap(filename => $_ );
foreach my $section ( keys %{ LDAP()} ) { # $section: bnd, opt or ssl
foreach my $item ( keys %{ LDAP->{$section} } ) { # $_: item in each of ones above
$self->add_value( 'ldap.' . $section . '.' . $item,
$section eq 'ssl' && $item eq 'verify' && $cf->is_set('tls_reqcert')
?
LDAP->{$section}->{$item}->{tls_reqcert}->{ $cf->get('tls_reqcert') }
:
$cf->get( LDAP->{$section}->{$item} ),
new Text::Locus("option \"$item\" provided from ldap.conf",1))
if LDAP->{$section}->{$item} ne '' &&
$cf->is_set( LDAP->{$section}->{$item} ) &&
! $self->is_set( 'ldap', $section, $item );
}
}
last;
}
}
}
=item mangle
modify the created source tree. (resolve I<uid/gid> symbolic to number, add I<altroot>)
=cut
sub mangle {
my $self = shift;
my ( $section, $item, $k, $v );
my $re_mod = qr(^Can.t locate.*);
if ( $self->is_set(qw(core uid)) ) {
$item = getpwnam( $self->get(qw(core uid)) );
if ( defined $item ) {
$self->{logger}->cc( pr => 'info', fm => "%s: setuid user %s(%s) confirmed",
ls => [ sprintf("%s:%s",__FILE__,__LINE__), $self->get(qw(core uid)), $item ] )
if $self->{verbose} > 1;
$self->set('core', 'uid_number', $item);
} else {
print "No user $self->get('uid') found\n\n";
exit 2;
}
}
if ( $self->is_set(qw(core gid)) ) {
$item = getgrnam( $self->get(qw(core gid)) );
if ( defined $item ) {
$self->{logger}->cc( pr => 'info', fm => "%s: setgid group %s(%s) confirmed",
ls => [ sprintf("%s:%s",__FILE__,__LINE__), $self->get(qw(core gid)), $item ] )
if $self->{verbose} > 1;
$self->set('core', 'gid_number', $item);
} else {
print "No group $self->get('gid') found\n\n";
exit 2;
}
}
foreach my $svc ( $self->names_of('service') ) {
if ( $self->is_set(qw($svc uid)) ) {
$item = getpwnam( $self->get(qw($svc uid)) );
if ( defined $item ) {
$self->{logger}->cc( pr => 'info', fm => "%s: setuid user %s(%s) confirmed",
ls => [ sprintf("%s:%s",__FILE__,__LINE__), $self->get(qw($svc uid)), $item ] )
if $self->{verbose} > 1;
$self->set($svc, 'uid_number', $item);
} else {
print "No user $self->get('uid') found\n\n";
exit 2;
}
}
if ( $self->is_set($svc, 'gid') ) {
$item = getgrnam( $self->get($svc, 'gid') );
if ( defined $item ) {
$self->{logger}->cc( pr => 'info', fm => "%s: setgid group %s(%s) confirmed",
ls => [ sprintf("%s:%s",__FILE__,__LINE__), $self->get(qw($svc gid)), $item ] )
if $self->{verbose} > 1;
$self->set($svc, 'gid_number', $item);
} else {
print "No group $self->get('gid') found\n\n";
exit 2;
}
}
if ( $self->is_set('service', $svc, 'plugin') ) {
foreach my $plg ( $self->get('service', $svc, 'plugin') ) {
if ( $plg eq 'nsupdate' ) {
eval { require Net::DNS };
if ( $@ =~ /$re_mod/ ) {
print "ERROR: ", sprintf("%s:%s",__FILE__,__LINE__), ": ", $@, "\n";
exit 2;
}
if ( ! $self->is_set('service', $svc, 'ns_attr') ) {
print sprintf("%s:%s",__FILE__,__LINE__), ": service $svc lacks ns_attr option\n";
exit 2;
}
}
if ($plg eq 'configfile' ) {
eval { require Template };
if ( $@ =~ /$re_mod/ ) {
print "ERROR: ", sprintf("%s:%s",__FILE__,__LINE__), ": ", $@, "\n";
exit 2;
}
eval { require File::Temp };
if ( $@ =~ /$re_mod/ ) {
print "ERROR: ", sprintf("%s:%s",__FILE__,__LINE__), ": ", $@, "\n";
exit 2;
}
if ( ! $self->is_set('service', $svc, 'tt_file') ) {
print sprintf("%s:%s",__FILE__,__LINE__), ": service $svc lacks tt_file option\n";
exit 2;
}
}
}
}
}
if ( $self->is_set(qw(core altroot)) ) {
chdir($self->get(qw(core altroot))) || do {
$self->{logger}->cc( pr => 'err', fm => "%s: unable to chdir to %s",
ls => [ sprintf("%s:%s",__FILE__,__LINE__), $self->get(qw(core altroot)) ] );
exit 1;
};
foreach ( $self->names_of('service') ) {
$self->add_value('service.' . $_ . '.out_path',
substr($self->get('service', $_, 'out_path'), 1),
new Text::Locus(sprintf("in \"%s\" ", $self->get(qw(core altroot))), 1)) ||
exit 1;
$self->{logger}->cc( pr => 'debug', fm => "%s: service %s out_path has been changed to %s",
ls => [ sprintf("%s:%s",__FILE__,__LINE__), $_, $self->get('service', $_, 'out_path') ] )
if $self->{verbose} > 1;
}
lib/App/Regather/Config.pm view on Meta::CPAN
attribute to check in event LDAP object. In case it is present,
the object is considered to be processed, in case it is absent,
we skip that event (since LDAP object has no I<ctrl_attr>)
2. one I<ctrl_srv_re> option which is regular expression to match
service against LDAP event object DN
3. at least one I<plugin> option.
B<This option should be placed in the end of the section>
=back
If both, 1. and 2. checks are positive, then object considered to be processed
for that service.
Each I<service> must have atleast one of two possible maps. Those maps
are for mapping .tt variables to LDAP attributes values. Maps have
names I<s> for single value attributes and I<m> for attributes which
can have multiple values.
=head1 SEE ALSO
L<App::Regather::Logg>,
L<Config::AST>,
L<Config::Parser>,
L<Config::Parser::Ini>,
L<Config::Parser::ldap>
=head1 AUTHOR
Zeus Panchenko E<lt>zeus@gnu.org.uaE<gt>
=head1 COPYRIGHT
Copyright 2019 Zeus Panchenko.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
=cut
1;
__DATA__
[core]
altroot = STRING :re="^/tmp/.*" :check=chk_dir
dryrun = NUMBER :default 0
gid = STRING
notify = NUMBER :default 0
notify_email = STRING :mandatory :array :check=chk_notify_email
pid_file = STRING :check=chk_dir_pid :default /var/run/openldap/regather.pid
tt_debug = NUMBER :default 0
tt_path = STRING :check=chk_dir :default /usr/local/etc/regather.d
tt_trim = NUMBER :default 0
uid = STRING
[log]
facility = STRING :default local4
colors = NUMBER :default 0
foreground = NUMBER :default 0
verbosity = NUMBER :default 0
altroot = STRING :check=core_only
dryrun = STRING :check=core_only
pid_file = STRING :check=core_only
tt_debug = STRING :check=core_only
tt_path = STRING :check=core_only
[ldap]
altroot = STRING :check=core_only
dryrun = STRING :check=core_only
pid_file = STRING :check=core_only
tt_debug = STRING :check=core_only
tt_path = STRING :check=core_only
ANY = STRING
[ldap srch]
attrs = STRING
base = STRING
filter = STRING :mandatory
raw = STRING
scope = STRING :default sub
sizelimit = NUMBER :default 0
timelimit = NUMBER :default 0
log_base = STRING
[ldap bnd]
anonymous = STRING
bindpw = STRING
dn = STRING
password = STRING
[ldap opt]
async = NUMBER :default 0
debug = NUMBER :default 0
inet4 = STRING
inet6 = STRING
keepalive = STRING
localaddr = STRING
multihomed = STRING
onerror = STRING
port = STRING
raw = STRING
scheme = STRING
timeout = STRING
uri = STRING
version = NUMBER :default 3
[ldap ssl]
cafile = STRING
capath = STRING
checkcrl = STRING
ciphers = STRING
clientcert = STRING
clientkey = STRING
keydecrypt = STRING
ssl = STRING
sslversion = STRING
verify = STRING
[service ANY]
all_attr = NUMBER :default 0
chmod = OCTAL :default 0640
chown = NUMBER :default 1
ctrl_attr = STRING :mandatory :array
ctrl_srv_re = STRING :mandatory
gid = STRING
out_ext = STRING
out_file = STRING
out_file_pfx = STRING
out_path = STRING :check=chk_dir
tt_file = STRING :check=chk_file_tt
uid = STRING
ns_attr = STRING
ns_keyfile = STRING
ns_ttl = NUMBER :default 600
ns_txt_pfx = STRING :default REGATHER:
ns_server = STRING :array
ns_zone = STRING :array
plugin = STRING :mandatory :array :check=chk_plugin
notify = NUMBER :default 0 :check=chk_depend_notify
post_process = STRING :array
skip = NUMBER :default 0
[service ANY map s]
ANY = STRING
altroot = STRING :check=core_only
dryrun = STRING :check=core_only
pid_file = STRING :check=core_only
tt_debug = STRING :check=core_only
tt_path = STRING :check=core_only
[service ANY map m]
ANY = STRING
altroot = STRING :check=core_only
dryrun = STRING :check=core_only
pid_file = STRING :check=core_only
tt_debug = STRING :check=core_only
tt_path = STRING :check=core_only
( run in 0.464 second using v1.01-cache-2.11-cpan-97f6503c9c8 )