control:
	AddInstallable = ( samba samba_reload )
	
	#
	# Variables for shares
	# You can change the paths here and it will be changed both in
	# the conf file and in the filesystem - But once it is implemented,
	# it is not wise to change it - the data in the shares doesn't get
	# moved!
	# You can change the rights on the shares in the "directories:"
	# section.
	#
	pcprvdir	= ( "/home/%u" )
	commonsharedir	= ( /home/fsadmin )
	profilshare	= ( /home/fsadmin/pc_userprofiles )
	xchngshare	= ( /home/fsadmin/pc_xchange )
	netlog		= ( "netlogon" )
	netlogtxt	= ( "Network logon" )
	netlogshare	= ( /etc/samba/netlogon )
	privpctxt	= ( "Pers. PC Documents" )
	privpcshare	= ( pc )
	privmac		= ( "pers_mac" )
	privmactxt	= ( "Pers. Mac Documents" )
	privmacshare	= ( mac )
	privwww		= ( "pers_www" )
	privwwwtxt	= ( "Pers. Web Documents" )
	privwwwshare	= ( public_html )
	privxchng	= ( "pers_shared" )
	privxchngtxt	= ( "Pers. Shared Documents" )
	privxchngshare	= ( xchange )
	data		= ( "docs" )
	datatxt		= ( "Shared Documents" )
	datashare 	= ( /home/fsadmin/pc_doc )
	soft		= ( "software" )
	softtxt		= ( "Shared Software" )
	softshare	= ( /home/fsadmin/pc_software )
	admin		= ( "admin" )
	admintxt	= ( "Documentation and Admin Tools" )
	adminshare	= ( /home/fsadmin/pc_admin )

	#
	# Shared group
	#
	sharedgrp	= ( users )

	#
	# Administrative user and group
	#
	adminuser	= ( fsadmin )
	admingrp	= ( fsadmin )

	#
	# Misc common strings
	#
	pcvetofiles	= ( "/.AppleDouble/.AppleDesktop/Network Trash Folder/DesktopFolderDB/resource.frk/Icon^M/TheVolumeSettingsFolder/" )	
	
editfiles:
    samba::
	    { /etc/samba/smb-shares-$(site).conf
		#
		# This file contains the shares common to a site.
		# We check if the proper sections are there and add them if they
		# isn't. We don't check the file line for line.
		#
		AutoCreate
		#
		# [$(netlog)]
		#
		BeginGroupIfNoLineMatching "^\[$(netlog)\]"
			Append '[$(netlog)]'
			Append '	comment = $(netlogtxt)'
			Append '	path = $(netlogshare)'
			Append '	browsable = no'
			Append '	writeable = no'
			Append '	share modes = no'
		EndGroup
		#
		# [userprofiles]
		#
		BeginGroupIfNoLineMatching "^\[userprofiles\]"
			Append '[userprofiles]'
			Append '	path = $(profilshare)'
			Append '	force user = %u'
			Append '	browsable = yes'
			Append '	writable = yes'
			Append '	root preexec = /bin/mkdir $(profilshare)/%U \'
			Append '		    /bin/chown %U: $(profilshare)/%U \'
			Append '		    /bin/chmod 700 $(profilshare)/%U'
		EndGroup
		#
		# [homes]
		#
		BeginGroupIfNoLineMatching "^\[homes\]"
			Append '[homes]'
			Append '	comment = $(privpctxt)'
			Append '	path = $(pcprvdir)/$(privpcshare)'
			Append '	browsable = no'
			Append '	writable = yes'
			Append '	root preexec = /bin/mkdir $(pcprvdir)/$(privpcshare) \'
			Append '		    /bin/chown %U: $(pcprvdir)/$(privpcshare) \'
			Append '		    /bin/chmod 640 $(pcprvdir)/$(privpcshare)'
		EndGroup
		#
		# [$(privmac)]
		#
		BeginGroupIfNoLineMatching "^\[$(privmac)\]"
			Append '[$(privmac)]'
			Append '	comment = $(privmactxt)'
			Append '	path = $(pcprvdir)/$(privmacshare)'
			Append '	browsable = no'
			Append '	writable = no'
		EndGroup
		#
		# [$(privweb)]
		#
		BeginGroupIfNoLineMatching "^\[$(privwww)\]"
			Append '[$(privwww)]'
			Append '	comment = $(privwwwtxt)'
			Append '	path = $(pcprvdir)/$(privwwwshare)'
			Append '	browsable = no'
			Append '	writable = yes'
			Append '	root preexec = /bin/mkdir $(pcprvdir)/$(privwwwshare) \'
			Append '		    /bin/chown %U: $(pcprvdir)/$(privwwwshare) \'
			Append '		    /bin/chmod 644 $(pcprvdir)/$(privwwwshare)'
		EndGroup
		#
		# [$(privxchng)]
		#
		BeginGroupIfNoLineMatching "^\[$(privxchng)\]"
			Append '[$(privxchng)]'
			Append '	comment = $(privxchngtxt)'
			Append '	path = $(pcprvdir)/$(privxchngshare)'
			Append '	browsable = no'
			Append '	writable = yes'
			Append '	valid users = @$(sharedgrp)'
			Append '	force group = +$(sharedgrp)'
			Append '	root preexec = /bin/mkdir $(pcprvdir)/$(privpcshare) \'
			Append '			/bin/chown %U:$(sharedgrp) $(pcprvdir)/$(privpcshare) \'
			Append '			/bin/chmod 644 $(pcprvdir)/$(privpcshare) \'
			Append '			/bin/rm -f $(xchngshare) \'
			Append '			/bin/ln -dfs $(pcprvdir)/$(privxchngshare) $(xchngshare)'
		EndGroup
		#
		# [$(data)]
		#
		BeginGroupIfNoLineMatching "^\[$(data)\]"
			Append '[$(data)]'
			Append '	comment = $(datatxt)'
			Append '	path = $(datashare)'
			Append '	browsable = yes'
			Append '	guest ok = no'
			Append '	writeable = yes'
			Append '	create mask = 0660'
			Append '	directory mask = 0770'
			Append '	valid users = @$(admingrp)'
			Append '	force group = +$(admingrp)'
			Append '	delete veto files = Yes'
			Append '	veto files = $(pcvetofiles)'
		EndGroup
		#
		# [$(soft)]
		#
		BeginGroupIfNoLineMatching "^\[$(soft)\]"
			Append '[$(soft)]'
			Append '	comment = $(softtxt)'
			Append '	path = $(softshare)'
			Append '	browsable = yes'
			Append '	guest ok = no'
			Append '	writeable = yes'
			Append '	create mask = 0660'
			Append '	directory mask = 0770'
			Append '	valid users = @$(admingrp)'
			Append '	force group = +$(admingrp)'
			Append '	delete veto files = Yes'
			Append '	veto files = $(pcvetofiles)'
		EndGroup
		#
		# [$(admin)]
		#
		BeginGroupIfNoLineMatching "^\[$(admin)\]"
			Append '[$(admin)]'
			Append '	comment = $(admintxt)'
			Append '	path = $(adminshare)'
			Append '	browsable = yes'
			Append '	guest ok = yes'
			Append '	writeable = no'
			Append '	valid users = @$(admingrp)'
			Append '	force group = +$(admingrp)'
		EndGroup
		DefineClasses "samba_reload"
	    }

    samba_reload::
	    { /etc/samba/smb-shares-$(site).conf
			LocateLineMatching "^; EDITED BY CFENGINE .*"
			ReplaceAll '; EDITED BY CFENGINE .*$' With '; EDITED BY CFENGINE $(date)'
			CatchAbort
			BeginGroupIfNoMatch "^; EDITED BY CFENGINE .*"
			    Append '; EDITED BY CFENGINE $(date)'
			EndGroup
	    }

directories:
    any::
	$(commonsharedir)
		mode=755
		owner=$(adminuser)
		group=$(admingrp)
	$(softshare)
		mode=775
		owner=$(adminuser)
		group=$(admingrp)
	$(datashare)
		mode=775
		owner=$(adminuser)
		group=$(admingrp)
    samba::
	$(netlogshare)
		mode=755
		owner=root
		group=root
	$(xchngshare)
		mode=755
		owner=root
		group=root
	$(profilshare)
		mode=775
		owner=$(adminuser)
		group=$(admingrp)
	$(adminshare)
		mode=755
		owner=$(adminuser)
		group=$(admingrp)

processes:
	"smbd"	restart "/etc/init.d/samba restart"

shellcommands:
    samba_reload::
	"/etc/init.d/samba force-reload"