diff options
author | Jr Aquino <Jr.Aquino@citrix.com> | 2010-12-08 07:58:13 -0800 |
---|---|---|
committer | Endi Sukma Dewata <edewata@redhat.com> | 2010-12-08 11:32:55 -0500 |
commit | 751ee81771aca741e6b79ddb97c0e1813d6ba047 (patch) | |
tree | 82bf3258bd5a60b94eb36e615aa0fd2d4b98018d /ipalib/plugins/sudorule.py | |
parent | cdf360151bf7212e90f6ae9983785d19ec2dfc9e (diff) | |
download | freeipa-751ee81771aca741e6b79ddb97c0e1813d6ba047.tar.gz freeipa-751ee81771aca741e6b79ddb97c0e1813d6ba047.tar.xz freeipa-751ee81771aca741e6b79ddb97c0e1813d6ba047.zip |
Enable/Disable SudoRule https://fedorahosted.org/freeipa/ticket/570
Diffstat (limited to 'ipalib/plugins/sudorule.py')
-rw-r--r-- | ipalib/plugins/sudorule.py | 62 |
1 files changed, 60 insertions, 2 deletions
diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index 0005e136..420f5fdb 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -34,8 +34,10 @@ class sudorule(LDAPObject): object_name_plural = 'Sudo Rules' object_class = ['ipaassociation', 'ipasudorule'] default_attributes = [ - 'cn', 'description', - + 'cn', 'ipaenabledflag', + 'description', 'usercategory', 'hostcategory', + 'cmdcategory', 'memberuser', 'memberhost', + 'memberallowcmd', 'memberdenycmd', ] uuid_attribute = 'ipauniqueid' rdn_attribute = 'ipauniqueid' @@ -118,6 +120,10 @@ class sudorule_add(LDAPCreate): """ Create new Sudo Rule. """ + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): + # Sudo rules are enabled by default + entry_attrs['ipaenabledflag'] = 'TRUE' + return dn msg_summary = _('Added sudo rule "%(value)s"') @@ -156,6 +162,58 @@ class sudorule_show(LDAPRetrieve): api.register(sudorule_show) +class sudorule_enable(LDAPQuery): + """ + Enable a Sudo rule. + """ + def execute(self, cn): + ldap = self.obj.backend + + dn = self.obj.get_dn(cn) + entry_attrs = {'ipaenabledflag': 'TRUE'} + + try: + ldap.update_entry(dn, entry_attrs) + except errors.EmptyModlist: + pass + except errors.NotFound: + self.obj.handle_not_found(cn) + + return dict(result=True) + + def output_for_cli(self, textui, result, cn): + textui.print_name(self.name) + textui.print_dashed('Enabled Sudo rule "%s".' % cn) + +api.register(sudorule_enable) + + +class sudorule_disable(LDAPQuery): + """ + Disable a Sudo rule. + """ + def execute(self, cn): + ldap = self.obj.backend + + dn = self.obj.get_dn(cn) + entry_attrs = {'ipaenabledflag': 'FALSE'} + + try: + ldap.update_entry(dn, entry_attrs) + except errors.EmptyModlist: + pass + except errors.NotFound: + self.obj.handle_not_found(cn) + + return dict(result=True) + + def output_for_cli(self, textui, result, cn): + textui.print_name(self.name) + textui.print_dashed('Disabled Sudo rule "%s".' % cn) + +api.register(sudorule_disable) + + class sudorule_add_allow_command(LDAPAddMember): """ Add commands and sudo command groups affected by Sudo Rule. |