#! /usr/bin/perl -T # vim: set filetype=perl ts=4 sw=4 sts=4 et: # KEYSUDOERS # as a gatekeeper, to be able to add the servers to /home/allowkeeper/ACCOUNT/allowed.partial.%GROUP% file # KEYSUDOERS SUPEROWNERS, %%GROUP%-gatekeeper ALL=(allowkeeper) NOPASSWD: /usr/bin/env perl -T %BASEPATH%/bin/helper/osh-accountAddGroupServer --group %GROUP% * # FILEMODE 0750 # FILEOWN 0 allowkeeper #>HEADER use common::sense; use Getopt::Long qw(:config no_auto_abbrev no_ignore_case); use File::Basename; use lib dirname(__FILE__) . '/../../lib/perl'; use OVH::Bastion; use OVH::Bastion::Helper; # Fetch command options my $fnret; my ($result, @optwarns); my ($account, $group, $ip, $user, $port, $action, $ttl, $comment, $forceKey); eval { local $SIG{__WARN__} = sub { push @optwarns, shift }; $result = GetOptions( "account=s" => sub { $account //= $_[1] }, "group=s" => sub { $group //= $_[1] }, "ip=s" => sub { $ip //= $_[1] }, "user=s" => sub { $user //= $_[1] }, "port=i" => sub { $port //= $_[1] }, "action=s" => sub { $action //= $_[1] }, "ttl=i" => sub { $ttl //= $_[1] }, "comment=s" => sub { $comment //= $_[1] }, "force-key=s" => sub { $forceKey //= $_[1] }, ); }; if ($@) { die $@ } if (!$result) { local $" = ", "; HEXIT('ERR_BAD_OPTIONS', msg => "Error parsing options: @optwarns"); } OVH::Bastion::Helper::check_spurious_args(); if (not $action or not $ip or not $account or not $group) { HEXIT('ERR_MISSING_PARAMETER', msg => "Missing argument 'action' or 'ip' or 'account' or 'group'"); } #
PARAMS:ACTION if (not grep { $action eq $_ } qw{ add del }) { return R('ERR_INVALID_PARAMETER', msg => "expected 'add' or 'del' as an action"); } #CODE # access_modify validates all its parameters, don't do it ourselves here for clarity $fnret = OVH::Bastion::access_modify( way => 'groupguest', account => $account, group => $group, action => $action, user => $user, ip => $ip, port => $port, ttl => $ttl, comment => $comment, forceKey => $forceKey ); HEXIT($fnret);