summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2011-02-23 17:10:08 -0500
committerEndi S. Dewata <edewata@redhat.com>2011-02-23 18:44:23 -0500
commitaf9f9052393697383c79576490127a4426452ba8 (patch)
tree68ccfa8cb3c50a51eadc5962f3882038f211125c
parent1770750b8adad6d9f2d98c0c9debc54d61f341cf (diff)
downloadfreeipa-af9f9052393697383c79576490127a4426452ba8.zip
freeipa-af9f9052393697383c79576490127a4426452ba8.tar.gz
freeipa-af9f9052393697383c79576490127a4426452ba8.tar.xz
Collect memberof information for sudo commands.
We weren't searching the cn=sudo container so all members of a sudocmdgroup looked indirect. Add a label for sudo command groups. Update the tests to include verifying that membership is done properly. ticket 1003
-rw-r--r--ipalib/plugins/baseldap.py3
-rw-r--r--ipalib/plugins/sudocmd.py5
-rw-r--r--ipaserver/plugins/ldap2.py8
-rw-r--r--tests/test_xmlrpc/test_sudocmdgroup_plugin.py21
4 files changed, 34 insertions, 3 deletions
diff --git a/ipalib/plugins/baseldap.py b/ipalib/plugins/baseldap.py
index 3cb72d7..0581ea3 100644
--- a/ipalib/plugins/baseldap.py
+++ b/ipalib/plugins/baseldap.py
@@ -65,6 +65,9 @@ global_output_params = (
Str('memberof_role?',
label=_('Roles'),
),
+ Str('memberof_sudocmdgroup?',
+ label=_('Sudo Command Groups'),
+ ),
Str('member_privilege?',
label='Granted to Privilege',
),
diff --git a/ipalib/plugins/sudocmd.py b/ipalib/plugins/sudocmd.py
index 50da722..528d790 100644
--- a/ipalib/plugins/sudocmd.py
+++ b/ipalib/plugins/sudocmd.py
@@ -55,8 +55,11 @@ class sudocmd(LDAPObject):
'sudocmd', 'description',
]
default_attributes = [
- 'sudocmd', 'description',
+ 'sudocmd', 'description', 'memberof',
]
+ attribute_members = {
+ 'memberof': ['sudocmdgroup'],
+ }
uuid_attribute = 'ipauniqueid'
label = _('SUDO Commands')
diff --git a/ipaserver/plugins/ldap2.py b/ipaserver/plugins/ldap2.py
index d1e31f5..568792d 100644
--- a/ipaserver/plugins/ldap2.py
+++ b/ipaserver/plugins/ldap2.py
@@ -1002,6 +1002,14 @@ class ldap2(CrudBackend, Encoder):
except errors.NotFound:
pbacresults = []
results = results + pbacresults
+ try:
+ (sudoresults, truncated) = self.find_entries(searchfilter,
+ attr_list, 'cn=sudo,%s' % api.env.basedn,
+ time_limit=time_limit, size_limit=size_limit,
+ normalize=normalize)
+ except errors.NotFound:
+ sudoresults = []
+ results = results + sudoresults
direct = []
indirect = []
diff --git a/tests/test_xmlrpc/test_sudocmdgroup_plugin.py b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py
index 3bd2b3e..ad84ab6 100644
--- a/tests/test_xmlrpc/test_sudocmdgroup_plugin.py
+++ b/tests/test_xmlrpc/test_sudocmdgroup_plugin.py
@@ -42,7 +42,7 @@ class test_sudocmdgroup(Declarative):
dict(
desc='Create %r' % sudocmd1,
command=(
- 'sudocmd_add', [], dict(sudocmd=sudocmd1,)
+ 'sudocmd_add', [], dict(sudocmd=sudocmd1, description=u'Test sudo command 1')
),
expected=dict(
value=sudocmd1,
@@ -51,6 +51,7 @@ class test_sudocmdgroup(Declarative):
objectclass=objectclasses.sudocmd,
sudocmd=[u'/usr/bin/sudotestcmd1'],
ipauniqueid=[fuzzy_uuid],
+ description=[u'Test sudo command 1'],
dn=u'sudocmd=%s,cn=sudocmds,cn=sudo,%s' % (sudocmd1,
api.env.basedn),
),
@@ -66,6 +67,7 @@ class test_sudocmdgroup(Declarative):
summary=None,
result=dict(
sudocmd=[sudocmd1],
+ description=[u'Test sudo command 1'],
dn=u'sudocmd=%s,cn=sudocmds,cn=sudo,%s' % (sudocmd1,
api.env.basedn),
),
@@ -373,7 +375,22 @@ class test_sudocmdgroup(Declarative):
),
dict(
- # FIXME: Shouldn't this raise a NotFound instead?
+ desc='Retrieve %r to show membership' % sudocmd1,
+ command=('sudocmd_show', [sudocmd1], {}),
+ expected=dict(
+ value=sudocmd1,
+ summary=None,
+ result=dict(
+ dn=u'sudocmd=%s,cn=sudocmds,cn=sudo,%s' % (sudocmd1,
+ api.env.basedn),
+ sudocmd=[sudocmd1],
+ description=[u'Test sudo command 1'],
+ memberof_sudocmdgroup = [u'testsudocmdgroup1'],
+ ),
+ ),
+ ),
+
+ dict(
desc='Try to add non-existent member to %r' % sudocmdgroup1,
command=(
'sudocmdgroup_add_member', [sudocmdgroup1],