summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--ipalib/plugins/sudorule.py62
1 files changed, 60 insertions, 2 deletions
diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py
index 0005e136f..420f5fdbe 100644
--- a/ipalib/plugins/sudorule.py
+++ b/ipalib/plugins/sudorule.py
@@ -34,8 +34,10 @@ class sudorule(LDAPObject):
object_name_plural = 'Sudo Rules'
object_class = ['ipaassociation', 'ipasudorule']
default_attributes = [
- 'cn', 'description',
-
+ 'cn', 'ipaenabledflag',
+ 'description', 'usercategory', 'hostcategory',
+ 'cmdcategory', 'memberuser', 'memberhost',
+ 'memberallowcmd', 'memberdenycmd',
]
uuid_attribute = 'ipauniqueid'
rdn_attribute = 'ipauniqueid'
@@ -118,6 +120,10 @@ class sudorule_add(LDAPCreate):
"""
Create new Sudo Rule.
"""
+ def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
+ # Sudo rules are enabled by default
+ entry_attrs['ipaenabledflag'] = 'TRUE'
+ return dn
msg_summary = _('Added sudo rule "%(value)s"')
@@ -156,6 +162,58 @@ class sudorule_show(LDAPRetrieve):
api.register(sudorule_show)
+class sudorule_enable(LDAPQuery):
+ """
+ Enable a Sudo rule.
+ """
+ def execute(self, cn):
+ ldap = self.obj.backend
+
+ dn = self.obj.get_dn(cn)
+ entry_attrs = {'ipaenabledflag': 'TRUE'}
+
+ try:
+ ldap.update_entry(dn, entry_attrs)
+ except errors.EmptyModlist:
+ pass
+ except errors.NotFound:
+ self.obj.handle_not_found(cn)
+
+ return dict(result=True)
+
+ def output_for_cli(self, textui, result, cn):
+ textui.print_name(self.name)
+ textui.print_dashed('Enabled Sudo rule "%s".' % cn)
+
+api.register(sudorule_enable)
+
+
+class sudorule_disable(LDAPQuery):
+ """
+ Disable a Sudo rule.
+ """
+ def execute(self, cn):
+ ldap = self.obj.backend
+
+ dn = self.obj.get_dn(cn)
+ entry_attrs = {'ipaenabledflag': 'FALSE'}
+
+ try:
+ ldap.update_entry(dn, entry_attrs)
+ except errors.EmptyModlist:
+ pass
+ except errors.NotFound:
+ self.obj.handle_not_found(cn)
+
+ return dict(result=True)
+
+ def output_for_cli(self, textui, result, cn):
+ textui.print_name(self.name)
+ textui.print_dashed('Disabled Sudo rule "%s".' % cn)
+
+api.register(sudorule_disable)
+
+
class sudorule_add_allow_command(LDAPAddMember):
"""
Add commands and sudo command groups affected by Sudo Rule.