From 8d1e9a303e4d185e360c3e311a92aceca1c2ba66 Mon Sep 17 00:00:00 2001
From: Razvan Dobre <dobre@adobe.com>
Date: Mon, 29 Feb 2016 15:37:59 +0200
Subject: [PATCH] Add support for external auth

---
 manifests/config/extauth.pp | 47 ++++++++++++++++++++++
 manifests/init.pp           | 15 ++++++-
 manifests/params.pp         |  2 +
 templates/pure-authd.erb    | 79 +++++++++++++++++++++++++++++++++++++
 4 files changed, 142 insertions(+), 1 deletion(-)
 create mode 100644 manifests/config/extauth.pp
 create mode 100644 templates/pure-authd.erb

diff --git a/manifests/config/extauth.pp b/manifests/config/extauth.pp
new file mode 100644
index 0000000..2cc0ff6
--- /dev/null
+++ b/manifests/config/extauth.pp
@@ -0,0 +1,47 @@
+# == Class: pureftpd::config::exauth
+#
+# Manages the pure-ftpd external authentication.  This class should be considered
+# private.
+#
+#
+
+class pureftpd::config::extauth($extauth_handler) {
+
+
+  notify {$extauth_handler:}
+
+  if $extauth_handler =~ /^puppet:\/\// {
+
+    $tmp = split($extauth_handler,'/')
+    $leght = size($tmp)
+    $filename = $tmp[$size-1]
+
+    file {"/etc/pure-ftpd/${filename}":
+      ensure  => file,
+      owner   => 'root',
+      group   => 'root',
+      mode    => '0755',
+      source  => $extauth_handler,
+      notify  => Service['pure-authd'],
+    }
+  } else {
+    $filename = $extauth_handler
+  }
+
+  file {'/etc/init.d/pure-authd':
+    ensure  => file,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0755',
+    content => template('pureftpd/pure-authd.erb')
+  }
+
+  service {'pure-authd':
+    ensure     => running,
+    enable     => true,
+    hasrestart => true,
+    hasstatus  => true,
+    require    => File['/etc/init.d/pure-authd']
+  }
+
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index cd4da03..b53d1f6 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -46,12 +46,16 @@
   $config_ldap  = {},
   $config_mysql = {},
   $config_pgsql = {},
+  $extauth_enabled = false,
+  $extauth_handler = '',
 ) {
   validate_bool($use_selinux)
   validate_hash($config)
   validate_hash($config_ldap)
   validate_hash($config_mysql)
   validate_hash($config_pgsql)
+  validate_bool($extauth_enabled)
+  validate_string($extauth_handler)
 
   include pureftpd::service
 
@@ -112,12 +116,21 @@
     Class[ 'pureftpd::config::pgsql' ]
   }
 
+  if extauth_enabled  {
+    $extauth_config = { extauth => $pureftpd::params::authd_socket }
+
+    create_resources('class',
+      {'pureftpd::config::extauth' => {extauth_handler => $extauth_handler}}
+    )
+  }
+
   $safe_config = merge(
     $config,
     { notify => Class[ 'pureftpd::service' ] },
     $enable_ldap,
     $enable_mysql,
-    $enable_pgsql
+    $enable_pgsql,
+    $extauth_config
   )
 
   create_resources( 'class', { 'pureftpd::config' => $safe_config } )
diff --git a/manifests/params.pp b/manifests/params.pp
index 91ec27d..aee9862 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -23,6 +23,8 @@
 
       $pgsql_conf_erb  = 'pure-ftpd.conf.erb'
       $pgsql_conf_path = "${config_dir}/pureftpd-pgsql.conf"
+
+      $authd_socket    = '/var/run/ftpd.sock'
     }
     default:{
       fail("Module ${module_name} is not supported on ${::operatingsystem}")
diff --git a/templates/pure-authd.erb b/templates/pure-authd.erb
new file mode 100644
index 0000000..3d2d770
--- /dev/null
+++ b/templates/pure-authd.erb
@@ -0,0 +1,79 @@
+#!/bin/bash
+#
+# Startup script for the pure-authd FTP Server	$Revision: 1.1 $
+#
+# chkconfig: - 85 15
+# description: Pure-FTPd is an FTP auth daemon based upon Troll-FTPd
+# processname: pure-authd
+# pidfile: /var/run/pure-authd.pid
+
+# Source function library.
+. /etc/init.d/functions
+
+# Source networking configuration.
+. /etc/sysconfig/network
+
+# Check that networking is configured.
+[ ${NETWORKING} = "no" ] && exit 0
+
+RETVAL=0
+
+prog="pure-authd"
+
+# Path to the pure-ftp binaries.
+fullpath=/usr/sbin/pure-authd
+pidfile="/var/run/pure-authd.pid"
+pure_config="-p $pidfile -B -s /var/run/ftpd.sock -r <%= @filename %>"
+
+
+start() {
+	echo -n $"Starting $prog: "
+	daemon --pidfile $pidfile "$fullpath $pure_config > /dev/null"
+	RETVAL=$?
+	[ $RETVAL = 0 ] && touch /var/lock/subsys/pure-authd
+	echo
+}
+
+stop() {
+	echo -n $"Stopping $prog: "
+	killproc pure-authd
+	RETVAL=$?
+	[ $RETVAL = 0 ] && rm -f /var/lock/subsys/pure-authd
+	echo
+}
+
+# See how we were called.
+case "$1" in
+	start)
+		start
+		;;
+	stop)
+		stop
+		;;
+	restart)
+		stop
+		start
+		;;
+	reload)
+		echo -n $"Reloading $prog: "
+		killproc pure-ftpd -HUP
+		RETVAL=$?
+		echo
+		;;
+	condrestart)
+		if [ -f /var/lock/subsys/pure-authd ] ; then
+			stop
+			# avoid race
+			sleep 3
+			start
+		fi
+		;;
+	status)
+		status pure-authd
+		RETVAL=$?
+		;;
+	*)
+		echo $"Usage: pure-authd {start|stop|restart|status}"
+		RETVAL=1
+esac
+exit $RETVAL