summaryrefslogtreecommitdiffstats
path: root/ipalib/plugins/sudorule.py
diff options
context:
space:
mode:
authorJr Aquino <Jr.Aquino@citrix.com>2010-12-08 07:58:13 -0800
committerEndi Sukma Dewata <edewata@redhat.com>2010-12-08 11:32:55 -0500
commit751ee81771aca741e6b79ddb97c0e1813d6ba047 (patch)
tree82bf3258bd5a60b94eb36e615aa0fd2d4b98018d /ipalib/plugins/sudorule.py
parentcdf360151bf7212e90f6ae9983785d19ec2dfc9e (diff)
downloadfreeipa-751ee81771aca741e6b79ddb97c0e1813d6ba047.tar.gz
freeipa-751ee81771aca741e6b79ddb97c0e1813d6ba047.tar.xz
freeipa-751ee81771aca741e6b79ddb97c0e1813d6ba047.zip
Enable/Disable SudoRule https://fedorahosted.org/freeipa/ticket/570
Diffstat (limited to 'ipalib/plugins/sudorule.py')
-rw-r--r--ipalib/plugins/sudorule.py62
1 files changed, 60 insertions, 2 deletions
diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py
index 0005e136..420f5fdb 100644
--- a/ipalib/plugins/sudorule.py
+++ b/ipalib/plugins/sudorule.py
@@ -34,8 +34,10 @@ class sudorule(LDAPObject):
object_name_plural = 'Sudo Rules'
object_class = ['ipaassociation', 'ipasudorule']
default_attributes = [
- 'cn', 'description',
-
+ 'cn', 'ipaenabledflag',
+ 'description', 'usercategory', 'hostcategory',
+ 'cmdcategory', 'memberuser', 'memberhost',
+ 'memberallowcmd', 'memberdenycmd',
]
uuid_attribute = 'ipauniqueid'
rdn_attribute = 'ipauniqueid'
@@ -118,6 +120,10 @@ class sudorule_add(LDAPCreate):
"""
Create new Sudo Rule.
"""
+ def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
+ # Sudo rules are enabled by default
+ entry_attrs['ipaenabledflag'] = 'TRUE'
+ return dn
msg_summary = _('Added sudo rule "%(value)s"')
@@ -156,6 +162,58 @@ class sudorule_show(LDAPRetrieve):
api.register(sudorule_show)
+class sudorule_enable(LDAPQuery):
+ """
+ Enable a Sudo rule.
+ """
+ def execute(self, cn):
+ ldap = self.obj.backend
+
+ dn = self.obj.get_dn(cn)
+ entry_attrs = {'ipaenabledflag': 'TRUE'}
+
+ try:
+ ldap.update_entry(dn, entry_attrs)
+ except errors.EmptyModlist:
+ pass
+ except errors.NotFound:
+ self.obj.handle_not_found(cn)
+
+ return dict(result=True)
+
+ def output_for_cli(self, textui, result, cn):
+ textui.print_name(self.name)
+ textui.print_dashed('Enabled Sudo rule "%s".' % cn)
+
+api.register(sudorule_enable)
+
+
+class sudorule_disable(LDAPQuery):
+ """
+ Disable a Sudo rule.
+ """
+ def execute(self, cn):
+ ldap = self.obj.backend
+
+ dn = self.obj.get_dn(cn)
+ entry_attrs = {'ipaenabledflag': 'FALSE'}
+
+ try:
+ ldap.update_entry(dn, entry_attrs)
+ except errors.EmptyModlist:
+ pass
+ except errors.NotFound:
+ self.obj.handle_not_found(cn)
+
+ return dict(result=True)
+
+ def output_for_cli(self, textui, result, cn):
+ textui.print_name(self.name)
+ textui.print_dashed('Disabled Sudo rule "%s".' % cn)
+
+api.register(sudorule_disable)
+
+
class sudorule_add_allow_command(LDAPAddMember):
"""
Add commands and sudo command groups affected by Sudo Rule.