diff options
Diffstat (limited to 'ipalib/plugins/sudorule.py')
-rw-r--r-- | ipalib/plugins/sudorule.py | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py index 93ca03f01..65a1d8541 100644 --- a/ipalib/plugins/sudorule.py +++ b/ipalib/plugins/sudorule.py @@ -472,13 +472,34 @@ class sudorule_remove_host(LDAPRemoveMember): api.register(sudorule_remove_host) - class sudorule_add_runasuser(LDAPAddMember): __doc__ = _('Add users and groups for Sudo to execute as.') member_attributes = ['ipasudorunas'] member_count_out = ('%i object added.', '%i objects added.') + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): + def check_validity(runas): + v = unicode(runas) + if v.upper() == u'ALL': + return False + return True + + if 'user' in options: + for name in options['user']: + if not check_validity(name): + raise errors.ValidationError(name='runas-user', + error=unicode(_("RunAsUser does not accept '%(name)s' as a user name")) % + dict(name=name)) + if 'group' in options: + for name in options['group']: + if not check_validity(name): + raise errors.ValidationError(name='runas-user', + error=unicode(_("RunAsUser does not accept '%(name)s' as a group name")) % + dict(name=name)) + + return dn + def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): completed_external = 0 # Sift through the user failures. We assume that these are all @@ -547,6 +568,22 @@ class sudorule_add_runasgroup(LDAPAddMember): member_attributes = ['ipasudorunasgroup'] member_count_out = ('%i object added.', '%i objects added.') + def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options): + def check_validity(runas): + v = unicode(runas) + if v.upper() == u'ALL': + return False + return True + + if 'group' in options: + for name in options['group']: + if not check_validity(name): + raise errors.ValidationError(name='runas-group', + error=unicode(_("RunAsGroup does not accept '%(name)s' as a group name")) % + dict(name=name)) + + return dn + def post_callback(self, ldap, completed, failed, dn, entry_attrs, *keys, **options): completed_external = 0 # Sift through the group failures. We assume that these are all |