2010-05-14 08:37:54 -05:00
# Authors:
# Rob Crittenden <rcritten@redhat.com>
#
# Copyright (C) 2010 Red Hat
# see file 'COPYING' for use and warranty information
#
2010-12-09 06:59:11 -06:00
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
2010-05-14 08:37:54 -05:00
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
2010-12-09 06:59:11 -06:00
# along with this program. If not, see <http://www.gnu.org/licenses/>.
2011-08-24 21:48:30 -05:00
from ipalib import api , errors
2014-06-10 10:27:51 -05:00
from ipalib . plugable import Registry
2011-08-24 21:48:30 -05:00
from ipalib . plugins . baseldap import *
from ipalib import _ , ngettext
__doc__ = _ ( """
2010-05-14 08:37:54 -05:00
HBAC Service Groups
2010-06-02 13:08:50 -05:00
2010-08-24 22:40:32 -05:00
HBAC service groups can contain any number of individual services ,
2010-10-26 12:56:54 -05:00
or " members " . Every group must have a description .
2010-06-02 13:08:50 -05:00
EXAMPLES :
2010-08-24 22:40:32 -05:00
2011-03-04 10:08:54 -06:00
Add a new HBAC service group :
2010-06-02 13:08:50 -05:00
ipa hbacsvcgroup - add - - desc = " login services " login
2011-03-04 10:08:54 -06:00
Add members to an HBAC service group :
2013-02-22 07:48:50 -06:00
ipa hbacsvcgroup - add - member - - hbacsvcs = sshd - - hbacsvcs = login login
2010-06-02 13:08:50 -05:00
2010-08-24 22:40:32 -05:00
Display information about a named group :
2010-06-02 13:08:50 -05:00
ipa hbacsvcgroup - show login
2011-03-04 10:08:54 -06:00
Delete an HBAC service group :
2010-06-02 13:08:50 -05:00
ipa hbacsvcgroup - del login
2011-08-24 21:48:30 -05:00
""" )
2010-05-14 08:37:54 -05:00
2014-06-10 10:27:51 -05:00
register = Registry ( )
2011-08-24 16:27:32 -05:00
topic = ( ' hbac ' , _ ( ' Host based access control commands ' ) )
2010-05-14 08:37:54 -05:00
2014-06-10 10:27:51 -05:00
@register ( )
2010-05-14 08:37:54 -05:00
class hbacsvcgroup ( LDAPObject ) :
"""
HBAC service group object .
"""
container_dn = api . env . container_hbacservicegroup
2011-07-12 11:01:25 -05:00
object_name = _ ( ' HBAC service group ' )
object_name_plural = _ ( ' HBAC service groups ' )
2010-05-21 15:27:40 -05:00
object_class = [ ' ipaobject ' , ' ipahbacservicegroup ' ]
2014-03-26 09:33:49 -05:00
permission_filter_objectclasses = [ ' ipahbacservicegroup ' ]
2010-10-26 12:56:54 -05:00
default_attributes = [ ' cn ' , ' description ' , ' member ' ]
2010-05-21 15:27:40 -05:00
uuid_attribute = ' ipauniqueid '
2010-05-14 08:37:54 -05:00
attribute_members = {
2010-10-26 12:56:54 -05:00
' member ' : [ ' hbacsvc ' ] ,
2010-05-14 08:37:54 -05:00
}
2014-03-26 09:33:49 -05:00
managed_permissions = {
' System: Read HBAC Service Groups ' : {
' replaces_global_anonymous_aci ' : True ,
' ipapermbindruletype ' : ' all ' ,
' ipapermright ' : { ' read ' , ' search ' , ' compare ' } ,
' ipapermdefaultattr ' : {
' businesscategory ' , ' cn ' , ' description ' , ' ipauniqueid ' ,
' member ' , ' o ' , ' objectclass ' , ' ou ' , ' owner ' , ' seealso ' ,
2014-06-10 05:31:29 -05:00
' memberuser ' , ' memberhost ' ,
2014-03-26 09:33:49 -05:00
} ,
} ,
2014-06-04 10:39:10 -05:00
' System: Add HBAC Service Groups ' : {
' ipapermright ' : { ' add ' } ,
' replaces ' : [
' (target = " ldap:///cn=*,cn=hbacservicegroups,cn=hbac,$SUFFIX " )(version 3.0;acl " permission:Add HBAC service groups " ;allow (add) groupdn = " ldap:///cn=Add HBAC service groups,cn=permissions,cn=pbac,$SUFFIX " ;) ' ,
] ,
' default_privileges ' : { ' HBAC Administrator ' } ,
} ,
' System: Delete HBAC Service Groups ' : {
' ipapermright ' : { ' delete ' } ,
' replaces ' : [
' (target = " ldap:///cn=*,cn=hbacservicegroups,cn=hbac,$SUFFIX " )(version 3.0;acl " permission:Delete HBAC service groups " ;allow (delete) groupdn = " ldap:///cn=Delete HBAC service groups,cn=permissions,cn=pbac,$SUFFIX " ;) ' ,
] ,
' default_privileges ' : { ' HBAC Administrator ' } ,
} ,
' System: Manage HBAC Service Group Membership ' : {
' ipapermright ' : { ' write ' } ,
' ipapermdefaultattr ' : { ' member ' } ,
' replaces ' : [
' (targetattr = " member " )(target = " ldap:///cn=*,cn=hbacservicegroups,cn=hbac,$SUFFIX " )(version 3.0;acl " permission:Manage HBAC service group membership " ;allow (write) groupdn = " ldap:///cn=Manage HBAC service group membership,cn=permissions,cn=pbac,$SUFFIX " ;) ' ,
] ,
' default_privileges ' : { ' HBAC Administrator ' } ,
} ,
2014-03-26 09:33:49 -05:00
}
2010-05-14 08:37:54 -05:00
2011-06-24 11:39:48 -05:00
label = _ ( ' HBAC Service Groups ' )
2011-07-13 21:10:47 -05:00
label_singular = _ ( ' HBAC Service Group ' )
2010-05-14 08:37:54 -05:00
takes_params = (
Str ( ' cn ' ,
cli_name = ' name ' ,
label = _ ( ' Service group name ' ) ,
primary_key = True ,
normalizer = lambda value : value . lower ( ) ,
) ,
2014-09-26 01:54:28 -05:00
Str ( ' description? ' ,
2010-05-14 08:37:54 -05:00
cli_name = ' desc ' ,
label = _ ( ' Description ' ) ,
doc = _ ( ' HBAC service group description ' ) ,
) ,
)
2014-06-10 10:27:51 -05:00
@register ( )
2010-05-14 08:37:54 -05:00
class hbacsvcgroup_add ( LDAPCreate ) :
2011-08-24 21:48:30 -05:00
__doc__ = _ ( ' Add a new HBAC service group. ' )
2011-02-04 07:03:30 -06:00
msg_summary = _ ( ' Added HBAC service group " %(value)s " ' )
2010-05-14 08:37:54 -05:00
2014-06-10 10:27:51 -05:00
@register ( )
2010-05-14 08:37:54 -05:00
class hbacsvcgroup_del ( LDAPDelete ) :
2011-08-24 21:48:30 -05:00
__doc__ = _ ( ' Delete an HBAC service group. ' )
2011-02-04 07:03:30 -06:00
msg_summary = _ ( ' Deleted HBAC service group " %(value)s " ' )
2010-05-14 08:37:54 -05:00
2014-06-10 10:27:51 -05:00
@register ( )
2010-05-14 08:37:54 -05:00
class hbacsvcgroup_mod ( LDAPUpdate ) :
2011-08-24 21:48:30 -05:00
__doc__ = _ ( ' Modify an HBAC service group. ' )
2011-02-04 07:03:30 -06:00
msg_summary = _ ( ' Modified HBAC service group " %(value)s " ' )
2010-05-14 08:37:54 -05:00
2014-06-10 10:27:51 -05:00
@register ( )
2010-05-14 08:37:54 -05:00
class hbacsvcgroup_find ( LDAPSearch ) :
2011-08-24 21:48:30 -05:00
__doc__ = _ ( ' Search for an HBAC service group. ' )
2010-05-17 12:38:00 -05:00
msg_summary = ngettext (
2011-02-04 07:03:30 -06:00
' %(count)d HBAC service group matched ' , ' %(count)d HBAC service groups matched ' , 0
2010-05-17 12:38:00 -05:00
)
2010-05-14 08:37:54 -05:00
2014-06-10 10:27:51 -05:00
@register ( )
2010-05-14 08:37:54 -05:00
class hbacsvcgroup_show ( LDAPRetrieve ) :
2011-08-24 21:48:30 -05:00
__doc__ = _ ( ' Display information about an HBAC service group. ' )
2010-05-14 08:37:54 -05:00
2014-06-10 10:27:51 -05:00
@register ( )
2010-05-14 08:37:54 -05:00
class hbacsvcgroup_add_member ( LDAPAddMember ) :
2011-08-24 21:48:30 -05:00
__doc__ = _ ( ' Add members to an HBAC service group. ' )
2010-05-14 08:37:54 -05:00
2014-06-10 10:27:51 -05:00
@register ( )
2010-05-14 08:37:54 -05:00
class hbacsvcgroup_remove_member ( LDAPRemoveMember ) :
2011-08-24 21:48:30 -05:00
__doc__ = _ ( ' Remove members from an HBAC service group. ' )
2010-05-14 08:37:54 -05:00