diff options
author | Rob Crittenden <rcritten@redhat.com> | 2011-11-23 16:59:21 -0500 |
---|---|---|
committer | Alexander Bokovoy <abokovoy@redhat.com> | 2011-12-09 16:46:25 +0200 |
commit | 55512dc938eb4a9a6655e473beab587e340af55c (patch) | |
tree | 27805ce2bcbd5b9fbb759cfab781ad3575a83792 /API.txt | |
parent | a1c9e3618c9d0e03fc926031f2c65d92da7a8b03 (diff) | |
download | freeipa-55512dc938eb4a9a6655e473beab587e340af55c.tar.gz freeipa-55512dc938eb4a9a6655e473beab587e340af55c.tar.xz freeipa-55512dc938eb4a9a6655e473beab587e340af55c.zip |
Add SELinux user mapping framework.
This will allow one to define what SELinux context a given user gets
on a given machine. A rule can contain a set of users and hosts or it
can point to an existing HBAC rule that defines them.
https://fedorahosted.org/freeipa/ticket/755
Diffstat (limited to 'API.txt')
-rw-r--r-- | API.txt | 130 |
1 files changed, 129 insertions, 1 deletions
@@ -444,7 +444,7 @@ args: 1,0,1 arg: Str('request_id') output: Output('result', None, None) command: config_mod -args: 0,20,3 +args: 0,22,3 option: Int('ipamaxusernamelength', attribute=True, autofill=False, cli_name='maxusername', minvalue=1, multivalue=False, required=False) option: IA5Str('ipahomesrootdir', attribute=True, autofill=False, cli_name='homedirectory', multivalue=False, required=False) option: Str('ipadefaultloginshell', attribute=True, autofill=False, cli_name='defaultshell', multivalue=False, required=False) @@ -458,6 +458,8 @@ option: Bool('ipamigrationenabled', attribute=True, autofill=False, cli_name='en option: Str('ipagroupobjectclasses', attribute=True, autofill=False, cli_name='groupobjectclasses', csv=True, multivalue=True, required=False) option: Str('ipauserobjectclasses', attribute=True, autofill=False, cli_name='userobjectclasses', csv=True, multivalue=True, required=False) option: Int('ipapwdexpadvnotify', attribute=True, autofill=False, cli_name='pwdexpnotify', minvalue=0, multivalue=False, required=False) +option: Str('ipaselinuxusermaporder', attribute=True, autofill=False, cli_name='ipaselinuxusermaporder', multivalue=False, required=False) +option: Str('ipaselinuxusermapdefault', attribute=True, autofill=False, cli_name='ipaselinuxusermapdefault', multivalue=False, required=False) option: Str('setattr*', cli_name='setattr', exclude='webui') option: Str('addattr*', cli_name='addattr', exclude='webui') option: Str('delattr*', cli_name='delattr', exclude='webui') @@ -2314,6 +2316,132 @@ option: Str('version?', exclude='webui') output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) output: Output('value', <type 'unicode'>, None) +command: selinuxusermap_add +args: 1,10,3 +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, required=True) +option: Str('ipaselinuxuser', attribute=True, cli_name='selinuxuser', multivalue=False, required=True) +option: Str('seealso', attribute=True, cli_name='hbacrule', multivalue=False, required=False) +option: StrEnum('usercategory', attribute=True, cli_name='usercat', multivalue=False, required=False, values=(u'all',)) +option: StrEnum('hostcategory', attribute=True, cli_name='hostcat', multivalue=False, required=False, values=(u'all',)) +option: Str('description', attribute=True, cli_name='desc', multivalue=False, required=False) +option: Str('setattr*', cli_name='setattr', exclude='webui') +option: Str('addattr*', cli_name='addattr', exclude='webui') +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('version?', exclude='webui') +output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) +output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) +output: Output('value', <type 'unicode'>, None) +command: selinuxusermap_add_host +args: 1,5,3 +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('version?', exclude='webui') +option: Str('host*', alwaysask=True, cli_name='hosts', csv=True) +option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups', csv=True) +output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) +output: Output('failed', <type 'dict'>, None) +output: Output('completed', <type 'int'>, None) +command: selinuxusermap_add_user +args: 1,5,3 +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('version?', exclude='webui') +option: Str('user*', alwaysask=True, cli_name='users', csv=True) +option: Str('group*', alwaysask=True, cli_name='groups', csv=True) +output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) +output: Output('failed', <type 'dict'>, None) +output: Output('completed', <type 'int'>, None) +command: selinuxusermap_del +args: 1,1,3 +arg: Str('cn', attribute=True, cli_name='name', multivalue=True, primary_key=True, query=True, required=True) +option: Flag('continue', autofill=True, cli_name='continue', default=False) +output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) +output: Output('result', <type 'dict'>, None) +output: Output('value', <type 'unicode'>, None) +command: selinuxusermap_disable +args: 1,0,3 +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) +output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) +output: Output('result', <type 'bool'>, None) +output: Output('value', <type 'unicode'>, None) +command: selinuxusermap_enable +args: 1,0,3 +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) +output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) +output: Output('result', <type 'bool'>, None) +output: Output('value', <type 'unicode'>, None) +command: selinuxusermap_find +args: 1,12,4 +arg: Str('criteria?', noextrawhitespace=False) +option: Str('cn', attribute=True, autofill=False, cli_name='name', multivalue=False, primary_key=True, query=True, required=False) +option: Str('ipaselinuxuser', attribute=True, autofill=False, cli_name='selinuxuser', multivalue=False, query=True, required=False) +option: Str('seealso', attribute=True, autofill=False, cli_name='hbacrule', multivalue=False, query=True, required=False) +option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, query=True, required=False, values=(u'all',)) +option: StrEnum('hostcategory', attribute=True, autofill=False, cli_name='hostcat', multivalue=False, query=True, required=False, values=(u'all',)) +option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, query=True, required=False) +option: Int('timelimit?', autofill=False, minvalue=0) +option: Int('sizelimit?', autofill=False, minvalue=0) +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('version?', exclude='webui') +option: Flag('pkey_only?', autofill=True, default=False) +output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) +output: ListOfEntries('result', (<type 'list'>, <type 'tuple'>), Gettext('A list of LDAP entries', domain='ipa', localedir=None)) +output: Output('count', <type 'int'>, None) +output: Output('truncated', <type 'bool'>, None) +command: selinuxusermap_mod +args: 1,12,3 +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) +option: Str('ipaselinuxuser', attribute=True, autofill=False, cli_name='selinuxuser', multivalue=False, required=False) +option: Str('seealso', attribute=True, autofill=False, cli_name='hbacrule', multivalue=False, required=False) +option: StrEnum('usercategory', attribute=True, autofill=False, cli_name='usercat', multivalue=False, required=False, values=(u'all',)) +option: StrEnum('hostcategory', attribute=True, autofill=False, cli_name='hostcat', multivalue=False, required=False, values=(u'all',)) +option: Str('description', attribute=True, autofill=False, cli_name='desc', multivalue=False, required=False) +option: Str('setattr*', cli_name='setattr', exclude='webui') +option: Str('addattr*', cli_name='addattr', exclude='webui') +option: Str('delattr*', cli_name='delattr', exclude='webui') +option: Flag('rights', autofill=True, default=False) +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('version?', exclude='webui') +output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) +output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) +output: Output('value', <type 'unicode'>, None) +command: selinuxusermap_remove_host +args: 1,5,3 +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('version?', exclude='webui') +option: Str('host*', alwaysask=True, cli_name='hosts', csv=True) +option: Str('hostgroup*', alwaysask=True, cli_name='hostgroups', csv=True) +output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) +output: Output('failed', <type 'dict'>, None) +output: Output('completed', <type 'int'>, None) +command: selinuxusermap_remove_user +args: 1,5,3 +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('version?', exclude='webui') +option: Str('user*', alwaysask=True, cli_name='users', csv=True) +option: Str('group*', alwaysask=True, cli_name='groups', csv=True) +output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) +output: Output('failed', <type 'dict'>, None) +output: Output('completed', <type 'int'>, None) +command: selinuxusermap_show +args: 1,4,3 +arg: Str('cn', attribute=True, cli_name='name', multivalue=False, primary_key=True, query=True, required=True) +option: Flag('rights', autofill=True, default=False) +option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui') +option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui') +option: Str('version?', exclude='webui') +output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), None) +output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None)) +output: Output('value', <type 'unicode'>, None) command: service_add args: 1,5,3 arg: Str('krbprincipalname', attribute=True, cli_name='principal', multivalue=False, primary_key=True, required=True) |