summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/hbac.py
diff options
context:
space:
mode:
authorRob Crittenden <rcritten@redhat.com>2010-12-03 13:57:19 -0500
committerRob Crittenden <rcritten@redhat.com>2010-12-06 11:42:13 -0500
commitbfb3e4699643308e4787fd52067b38f1cb278f47 (patch)
tree8750383dc1cc389bda1ed6305a1a495c424eb1e5 /ipalib/plugins/hbac.py
parent19049d1a64d55921980103cbb3ce36d40fc9ffff (diff)
downloadfreeipa-bfb3e4699643308e4787fd52067b38f1cb278f47.tar.gz
freeipa-bfb3e4699643308e4787fd52067b38f1cb278f47.tar.xz
freeipa-bfb3e4699643308e4787fd52067b38f1cb278f47.zip
Remove accessTime from HBAC.
ticket 545
Diffstat (limited to 'ipalib/plugins/hbac.py')
-rw-r--r--ipalib/plugins/hbac.py43
1 files changed, 24 insertions, 19 deletions
diff --git a/ipalib/plugins/hbac.py b/ipalib/plugins/hbac.py
index 117b0753..8e3e44e4 100644
--- a/ipalib/plugins/hbac.py
+++ b/ipalib/plugins/hbac.py
@@ -21,16 +21,12 @@ Host-based access control
Control who can access what services on what hosts and from where. You
can use HBAC to control which users or groups on a source host can
-access a service, or group of services, on a target host. You can also
-control the times that the rule is active.
+access a service, or group of services, on a target host.
You can also specify a category of users, target hosts, and source
hosts. This is currently limited to "all", but might be expanded in the
future.
-The access time(s) of a host are cumulative and are not guaranteed to be
-applied in the order displayed.
-
Target hosts and source hosts in HBAC rules must be hosts managed by IPA.
The available services and groups of services are controlled by the
@@ -46,13 +42,6 @@ EXAMPLES:
Display the properties of a named HBAC rule:
ipa hbac-show test1
- Specify that the rule "test1" be active every day between 0800 and 1400:
- ipa hbac-add-accesstime --time='periodic daily 0800-1400' test1
-
- Specify that the rule "test1" be active once, from 10:32 until 10:33 on
- December 16, 2010:
- ipa hbac-add-accesstime --time='absolute 201012161032 ~ 201012161033' test1
-
Create a rule for a specific service. This lets the user john access
the sshd service on any machine from any machine:
ipa hbac-add --type=allow --hostcat=all --srchostcat=all john_sshd
@@ -75,6 +64,22 @@ EXAMPLES:
ipa hbac-del allow_server
"""
+
+# AccessTime support is being removed for now.
+#
+# You can also control the times that the rule is active.
+#
+# The access time(s) of a host are cumulative and are not guaranteed to be
+# applied in the order displayed.
+#
+# Specify that the rule "test1" be active every day between 0800 and 1400:
+# ipa hbac-add-accesstime --time='periodic daily 0800-1400' test1
+#
+# Specify that the rule "test1" be active once, from 10:32 until 10:33 on
+# December 16, 2010:
+# ipa hbac-add-accesstime --time='absolute 201012161032 ~ 201012161033' test1
+
+
from ipalib import api, errors
from ipalib import AccessTime, Password, Str, StrEnum
from ipalib.plugins.baseldap import *
@@ -102,7 +107,7 @@ class hbac(LDAPObject):
object_class = ['ipaassociation', 'ipahbacrule']
default_attributes = [
'cn', 'accessruletype', 'ipaenabledflag',
- 'accesstime', 'description', 'usercategory', 'hostcategory',
+ 'description', 'usercategory', 'hostcategory',
'sourcehostcategory', 'servicecategory', 'ipaenabledflag',
'memberuser', 'sourcehost', 'memberhost', 'memberservice',
'memberhostgroup',
@@ -155,10 +160,10 @@ class hbac(LDAPObject):
doc=_('Service category the rule applies to'),
values=(u'all', ),
),
- AccessTime('accesstime?',
- cli_name='time',
- label=_('Access time'),
- ),
+# AccessTime('accesstime?',
+# cli_name='time',
+# label=_('Access time'),
+# ),
Str('description?',
cli_name='desc',
label=_('Description'),
@@ -346,7 +351,7 @@ class hbac_add_accesstime(LDAPQuery):
)
)
-api.register(hbac_add_accesstime)
+#api.register(hbac_add_accesstime)
class hbac_remove_accesstime(LDAPQuery):
@@ -386,7 +391,7 @@ class hbac_remove_accesstime(LDAPQuery):
)
)
-api.register(hbac_remove_accesstime)
+#api.register(hbac_remove_accesstime)
class hbac_add_user(LDAPAddMember):