diff options
| author | Sumit Bose <sbose@nb.localdomain> | 2008-10-07 11:18:58 +0200 |
|---|---|---|
| committer | Sumit Bose <sbose@nb.localdomain> | 2008-10-07 11:18:58 +0200 |
| commit | 3af8a59bbae275bfd9031729b661c512b4641a72 (patch) | |
| tree | 9c0e21a12bcb1e5ca50fa17158f6b1f584732b5c | |
| parent | 20a43ad2146c07ae6188fa477bf4c8901c155dd6 (diff) | |
| download | ipa_policy-3af8a59bbae275bfd9031729b661c512b4641a72.tar.gz ipa_policy-3af8a59bbae275bfd9031729b661c512b4641a72.tar.xz ipa_policy-3af8a59bbae275bfd9031729b661c512b4641a72.zip | |
played with associations
| -rw-r--r-- | sudoers/policy_association.rng | 20 | ||||
| -rw-r--r-- | sudoers/policy_metadata.rng | 57 | ||||
| -rw-r--r-- | sudoers/sudoers.rng | 97 | ||||
| -rw-r--r-- | sudoers/sudoers.xslt | 3 |
4 files changed, 110 insertions, 67 deletions
diff --git a/sudoers/policy_association.rng b/sudoers/policy_association.rng new file mode 100644 index 0000000..89037e0 --- /dev/null +++ b/sudoers/policy_association.rng @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="utf-8"?> +<element name="association" xmlns="http://relaxng.org/ns/structure/1.0" +datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes" +xmlns:a="http://freeipa.org/xml/rng/ns/annotations/1.0"> +<a:doc>This section describes the associations of a policy, i.e. on which host for what users or groups it should apply. This means, that i a generic policy this section does not exists. It is filled when a client downloads his policies based on the association which are valid for this client.</a:doc> + <attribute name="name"> + <data type="string"> + <param name="pattern">[A-Za-z0-9_-]{1,16}</param> + </data> + </attribute> + <attribute name="type"> + <choice> + <value>user</value> + <value>posixGroup</value> + <value>netgroup</value> + <value>host</value> + <value>hostGroup</value> + </choice> + </attribute> +</element> diff --git a/sudoers/policy_metadata.rng b/sudoers/policy_metadata.rng new file mode 100644 index 0000000..5deb0e8 --- /dev/null +++ b/sudoers/policy_metadata.rng @@ -0,0 +1,57 @@ +<?xml version="1.0" encoding="utf-8"?> +<element name="metadata" +xmlns="http://relaxng.org/ns/structure/1.0" +datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes" +xmlns:a="http://freeipa.org/xml/rng/ns/annotations/1.0" +xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> + + <a:doc>The metadata information should be generic for all policies. The RelaxNG schema can be found in a separate file (this file :) and can be included by the schema file of a specific policy with the externalRef pattern. With this separation the policy and the metadata schema can be modified independently and the metadata schema can be used by the UI to render a separate page for the metadata of a policy.</a:doc> + + <element name="name"> + <text/> + </element> + + <element name="author" ui:edit="no"> + <a:doc>should be added automatically, use login information</a:doc> + <text/> + </element> + + <element name="version" ui:edit="no"> + <a:doc>should be added automatically</a:doc> + <text/> + </element> + + <element name="neededAssociation" ui:label="What kind of association is needed"> + <choice> + <value ui:label="Host only">host</value> + <value ui:label="User only">user</value> + <value ui:label="Host and User">hostAndUser</value> + </choice> + </element> + + <element name="mergeStrategyXML" ui:label="Howto merge with other policies"> + <choice> + <value ui:label="Use only this policy">exclusive</value> + <value ui:label="Merge with other policies">merge</value> + <value ui:label="Ignore this, if other policies apply">ignore</value> + </choice> + </element> + + <element name="mergeStrategyLocal" ui:label="Howto merge with local files"> + <choice> + <value ui:label="Use only this policy">exclusive</value> + <value ui:label="Merge with local file">merge</value> + <value ui:label="Ignore this, if local file exsits">ignore</value> + </choice> + </element> + + <element name="XSLTfile" ui:label="Name of the XSLT file"> + <a:doc>should be added automatically from RelaxNG metadata</a:doc> + <text/> + </element> + + <element name="description" ui:label="Description, what should the policy do and why, maybe a changelog"> + <text/> + <element> + +</element> diff --git a/sudoers/sudoers.rng b/sudoers/sudoers.rng index e3330fb..e865118 100644 --- a/sudoers/sudoers.rng +++ b/sudoers/sudoers.rng @@ -1,44 +1,29 @@ <?xml version="1.0" encoding="utf-8"?> <grammar xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes" -xmlns:a="http://freeipa.org/xml/rng/ns/annotations/1.0" +xmlns:a="http://relaxng.org/ns/compatibility/annotations/1.0" xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> - <a:doc>Sudo configuration (/etc/sudoers)</a:doc> + <a:documentation>Sudo configuration (/etc/sudoers)</a:documentation> - <a:doc>The following section can be used to register the RNG schema file for the UI</a:doc> + <a:documentation>The following section can be used to register the RNG schema file for the UI</a:documentation> <a:name>sudo</a:name> <a:description>Creates configuration items for sudo which will be written to /etc/sudoers</a:description> <a:author>sbose@redhat.com, based on the work of fcusack@redhat.com</a:author> + <a:xslt>sudoers.xsl</a:xslt> <a:version>0.5</a:version> <start ns="http://freeipa.org/xml/rng/sudo/sudoers/1.0"> <element name="ipa"> + <a:documentation>Doc test.</a:documentation> - <element name="metadata"> - </element> - - <a:doc>This section describes the associations of a policy, i.e. on which host for what users or groups it should apply. This means, that i a generic policy this section does not exists. It is filled when a client downloads his policies based on the association which are valid for this client.</a:doc> <zeroOrMore> - <element name="association" ui:noDisplay="on"> - <attribute name="name"> - <data type="string"> - <param name="pattern">[A-Za-z0-9_-]{1,16}</param> - </data> - </attribute> - <attribute name="type"> - <choice> - <value>user</value> - <value>posixGroup</value> - <value>netgroup</value> - <value>host</value> - <value>hostGroup</value> - </choice> - </attribute> - </element> + <externalRef href="policy_association.rng"/> </zeroOrMore> - <a:doc>Here the definition for the generic part of the policy starts.</a:doc> + <externalRef href="policy_metadata.rng"/> + + <a:documentation>Here the definition for the generic part of the policy starts.</a:documentation> <oneOrMore> <element name="sudoers"> <optional> @@ -46,8 +31,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <oneOrMore> <choice> <!-- flag options --> - <element name="always_set_home" - a:defaultValue="off"> + <element name="always_set_home" a:defaultValue="off"> <choice> <value>on</value> <value>off</value> @@ -87,8 +71,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> </element> --> <!-- global option only --> - <element name="ignore_local_sudoers" - a:defaultValue="off"> + <element name="ignore_local_sudoers" a:defaultValue="off"> <choice> <value>on</value> <value>off</value> @@ -112,8 +95,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <value>off</value> </choice> </element> - <element name="long_otp_prompt" - a:defaultValue="off"> + <element name="long_otp_prompt" a:defaultValue="off"> <choice> <value>on</value> <value>off</value> @@ -164,15 +146,13 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <value>off</value> </choice> </element> - <element name="passprompt_override" - a:defaultValue="off"> + <element name="passprompt_override" a:defaultValue="off"> <choice> <value>on</value> <value>off</value> </choice> </element> - <element name="preserve_groups" - a:defaultValue="off"> + <element name="preserve_groups" a:defaultValue="off"> <choice> <value>on</value> <value>off</value> @@ -220,8 +200,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <value>off</value> </choice> </element> - <element name="shell_noargs" - a:defaultValue="off"> + <element name="shell_noargs" a:defaultValue="off"> <choice> <value>on</value> <value>off</value> @@ -261,16 +240,14 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <!-- ??? --> </data> </element> - <element name="passwd_timeout" - a:defaultValue="0"> + <element name="passwd_timeout" a:defaultValue="0"> <data type="integer"> <param name="minInclusive">0</param> <param name="maxInclusive">65535</param> <!-- ??? --> </data> </element> - <element name="timestamp_timeout" - a:defaultValue="5"> + <element name="timestamp_timeout" a:defaultValue="5"> <data type="integer"> <param name="minInclusive">-1</param> <param name="maxInclusive">65535</param> @@ -283,42 +260,34 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> </data> </element> <!-- string options --> - <element name="badpass_message" - a:defaultValue="Sorry, try again."> + <element name="badpass_message" a:defaultValue="Sorry, try again."> <text /> </element> - <element name="editor" - a:defaultValue="/PATH/TO/VI"> + <element name="editor" a:defaultValue="/PATH/TO/VI"> <!-- NOTE: absolute path not required --> <text /> </element> - <element name="mailsub" - a:defaultValue="*** SECURITY information for %h ***"> - + <element name="mailsub" a:defaultValue="*** SECURITY information for %h ***"> <text /> </element> - <element name="noexec_file" - a:defaultValue="/PATH/TO/SUDO_NOEXEC.SO"> + <element name="noexec_file" a:defaultValue="/PATH/TO/SUDO_NOEXEC.SO"> <data type="string"> <param name="pattern">/.*</param> </data> </element> - <element name="passprompt" - a:defaultValue="Password:"> + <element name="passprompt" a:defaultValue="Password:"> <text /> </element> <element name="role" a:defaultValue=""> <text /> </element> - <element name="runas_default" - a:defaultValue="root"> + <element name="runas_default" a:defaultValue="root"> <data type="string"> <param name="pattern"> [A-Za-z0-9_-]{1,16}</param> </data> </element> - <element name="syslog_badpri" - a:defaultValue="alert"> + <element name="syslog_badpri" a:defaultValue="alert"> <choice> <value>emerg</value> <value>alert</value> @@ -330,8 +299,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <value>debug</value> </choice> </element> - <element name="syslog_goodpri" - a:defaultValue="notice"> + <element name="syslog_goodpri" a:defaultValue="notice"> <choice> <value>emerg</value> <value>alert</value> @@ -343,14 +311,12 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <value>debug</value> </choice> </element> - <element name="timestampdir" - a:defaultValue="/var/db/sudo"> + <element name="timestampdir" a:defaultValue="/var/db/sudo"> <data type="string"> <param name="pattern">/.*</param> </data> </element> - <element name="timestampowner" - a:defaultValue="root"> + <element name="timestampowner" a:defaultValue="root"> <data type="string"> <param name="pattern"> [A-Za-z0-9_-]{1,16}</param> @@ -361,8 +327,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> </element> <!-- string/boolean options --> <!-- possibly bad option for us --> - <element name="exempt_group" - a:defaultValue="off"> + <element name="exempt_group" a:defaultValue="off"> <text /> </element> <element name="lecture" a:defaultValue="once"> @@ -372,8 +337,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <value>once</value> </choice> </element> - <element name="lecture_file" - a:defaultValue="built-in"> + <element name="lecture_file" a:defaultValue="built-in"> <data type="string"> <param name="pattern">(/.*|built-in)</param> </data> @@ -395,8 +359,7 @@ xmlns:ui="http://freeipa.org/xml/rng/ns/ui/1.0"> <element name="mailerflags" a:defaultValue="-t"> <text /> </element> - <element name="mailerpath" - a:defaultValue="/PATH/TO/SENDMAIL"> + <element name="mailerpath" a:defaultValue="/PATH/TO/SENDMAIL"> <text /> </element> <element name="syslog" a:defaultValue="authpriv"> diff --git a/sudoers/sudoers.xslt b/sudoers/sudoers.xslt index ab6bd67..933d93b 100644 --- a/sudoers/sudoers.xslt +++ b/sudoers/sudoers.xslt @@ -21,6 +21,9 @@ </xsl:template> + <xsl:template match="sudoers:metadata"> + </xsl:template> + <xsl:template match="sudoers:sudoers"> <xsl:variable name="name"> <xsl:call-template name="format_name"> |