From f802845a7abfca0b414ad6801968d33e6788916b Mon Sep 17 00:00:00 2001
From: Petr Viktorin <pviktori@redhat.com>
Date: Wed, 14 May 2014 15:10:10 +0200
Subject: Add missing attributes to 'Modify Sudo rule' permission

https://fedorahosted.org/freeipa/ticket/4344

Reviewed-By: Martin Kosek <mkosek@redhat.com>
---
 ipalib/plugins/sudorule.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'ipalib/plugins/sudorule.py')

diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py
index 658cc06ba..5520a37ee 100644
--- a/ipalib/plugins/sudorule.py
+++ b/ipalib/plugins/sudorule.py
@@ -169,7 +169,10 @@ class sudorule(LDAPObject):
                 'hostcategory', 'cmdcategory', 'ipasudorunasusercategory',
                 'ipasudorunasgroupcategory', 'externaluser',
                 'ipasudorunasextuser', 'ipasudorunasextgroup', 'memberdenycmd',
-                'memberallowcmd', 'memberuser',
+                'memberallowcmd', 'memberuser', 'memberhost', 'externalhost',
+                'sudonotafter', 'hostmask', 'sudoorder', 'sudonotbefore',
+                'ipasudorunas', 'externalhost', 'ipasudorunasgroup',
+                'ipasudoopt', 'memberhost',
             },
             'replaces': [
                 '(targetattr = "description || ipaenabledflag || usercategory || hostcategory || cmdcategory || ipasudorunasusercategory || ipasudorunasgroupcategory || externaluser || ipasudorunasextuser || ipasudorunasextgroup || memberdenycmd || memberallowcmd || memberuser")(target = "ldap:///ipauniqueid=*,cn=sudorules,cn=sudo,$SUFFIX")(version 3.0;acl "permission:Modify Sudo rule";allow (write) groupdn = "ldap:///cn=Modify Sudo rule,cn=permissions,cn=pbac,$SUFFIX";)',
-- 
cgit