diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2016-06-23 18:54:49 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-07-01 09:37:25 +0200 |
commit | c2af032c0333f7e210c54369159d1d9f5e3fec74 (patch) | |
tree | 5aae121cbe6be08755e8b4c6484a316b99eb997e /ipaserver/plugins/caacl.py | |
parent | 974eb7b5efd20ad2195b0ad578637ab31f4c1df4 (diff) | |
download | freeipa-c2af032c0333f7e210c54369159d1d9f5e3fec74.tar.gz freeipa-c2af032c0333f7e210c54369159d1d9f5e3fec74.tar.xz freeipa-c2af032c0333f7e210c54369159d1d9f5e3fec74.zip |
Migrate management framework plugins to use Principal parameter
All plugins will now use this parameter and common code for all operations on
Kerberos principals. Additional semantic validators and normalizers were
added to determine or append a correct realm so that the previous behavior is
kept intact.
https://fedorahosted.org/freeipa/ticket/3864
Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Diffstat (limited to 'ipaserver/plugins/caacl.py')
-rw-r--r-- | ipaserver/plugins/caacl.py | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/ipaserver/plugins/caacl.py b/ipaserver/plugins/caacl.py index a543a1de7..3f813a7ef 100644 --- a/ipaserver/plugins/caacl.py +++ b/ipaserver/plugins/caacl.py @@ -3,6 +3,7 @@ # import pyhbac +import six from ipalib import api, errors, output from ipalib import Bool, Str, StrEnum @@ -13,10 +14,11 @@ from .baseldap import ( LDAPUpdate, LDAPRetrieve, LDAPAddMember, LDAPRemoveMember, global_output_params, pkey_to_value) from .hbacrule import is_all -from .service import normalize_principal, split_any_principal from ipalib import _, ngettext from ipapython.dn import DN +if six.PY3: + unicode = str __doc__ = _(""" Manage CA ACL rules. @@ -58,24 +60,21 @@ register = Registry() def _acl_make_request(principal_type, principal, ca_id, profile_id): """Construct HBAC request for the given principal, CA and profile""" - service, name, realm = split_any_principal(principal) req = pyhbac.HbacRequest() req.targethost.name = ca_id req.service.name = profile_id - if principal_type == 'user': - req.user.name = name - elif principal_type == 'host': - req.user.name = name + if principal_type == 'user' or principal_type == 'host': + req.user.name = principal.username elif principal_type == 'service': - req.user.name = normalize_principal(principal) + req.user.name = unicode(principal) groups = [] if principal_type == 'user': - user_obj = api.Command.user_show(name)['result'] + user_obj = api.Command.user_show(principal.username)['result'] groups = user_obj.get('memberof_group', []) groups += user_obj.get('memberofindirect_group', []) elif principal_type == 'host': - host_obj = api.Command.host_show(name)['result'] + host_obj = api.Command.host_show(principal.hostname)['result'] groups = host_obj.get('memberof_hostgroup', []) groups += host_obj.get('memberofindirect_hostgroup', []) req.user.groups = sorted(set(groups)) |