mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
Enable/Disable SudoRule https://fedorahosted.org/freeipa/ticket/570
This commit is contained in:
parent
cdf360151b
commit
751ee81771
@ -34,8 +34,10 @@ class sudorule(LDAPObject):
|
||||
object_name_plural = 'Sudo Rules'
|
||||
object_class = ['ipaassociation', 'ipasudorule']
|
||||
default_attributes = [
|
||||
'cn', 'description',
|
||||
|
||||
'cn', 'ipaenabledflag',
|
||||
'description', 'usercategory', 'hostcategory',
|
||||
'cmdcategory', 'memberuser', 'memberhost',
|
||||
'memberallowcmd', 'memberdenycmd',
|
||||
]
|
||||
uuid_attribute = 'ipauniqueid'
|
||||
rdn_attribute = 'ipauniqueid'
|
||||
@ -118,6 +120,10 @@ class sudorule_add(LDAPCreate):
|
||||
"""
|
||||
Create new Sudo Rule.
|
||||
"""
|
||||
def pre_callback(self, ldap, dn, entry_attrs, attrs_list, *keys, **options):
|
||||
# Sudo rules are enabled by default
|
||||
entry_attrs['ipaenabledflag'] = 'TRUE'
|
||||
return dn
|
||||
|
||||
msg_summary = _('Added sudo rule "%(value)s"')
|
||||
|
||||
@ -156,6 +162,58 @@ class sudorule_show(LDAPRetrieve):
|
||||
api.register(sudorule_show)
|
||||
|
||||
|
||||
class sudorule_enable(LDAPQuery):
|
||||
"""
|
||||
Enable a Sudo rule.
|
||||
"""
|
||||
def execute(self, cn):
|
||||
ldap = self.obj.backend
|
||||
|
||||
dn = self.obj.get_dn(cn)
|
||||
entry_attrs = {'ipaenabledflag': 'TRUE'}
|
||||
|
||||
try:
|
||||
ldap.update_entry(dn, entry_attrs)
|
||||
except errors.EmptyModlist:
|
||||
pass
|
||||
except errors.NotFound:
|
||||
self.obj.handle_not_found(cn)
|
||||
|
||||
return dict(result=True)
|
||||
|
||||
def output_for_cli(self, textui, result, cn):
|
||||
textui.print_name(self.name)
|
||||
textui.print_dashed('Enabled Sudo rule "%s".' % cn)
|
||||
|
||||
api.register(sudorule_enable)
|
||||
|
||||
|
||||
class sudorule_disable(LDAPQuery):
|
||||
"""
|
||||
Disable a Sudo rule.
|
||||
"""
|
||||
def execute(self, cn):
|
||||
ldap = self.obj.backend
|
||||
|
||||
dn = self.obj.get_dn(cn)
|
||||
entry_attrs = {'ipaenabledflag': 'FALSE'}
|
||||
|
||||
try:
|
||||
ldap.update_entry(dn, entry_attrs)
|
||||
except errors.EmptyModlist:
|
||||
pass
|
||||
except errors.NotFound:
|
||||
self.obj.handle_not_found(cn)
|
||||
|
||||
return dict(result=True)
|
||||
|
||||
def output_for_cli(self, textui, result, cn):
|
||||
textui.print_name(self.name)
|
||||
textui.print_dashed('Disabled Sudo rule "%s".' % cn)
|
||||
|
||||
api.register(sudorule_disable)
|
||||
|
||||
|
||||
class sudorule_add_allow_command(LDAPAddMember):
|
||||
"""
|
||||
Add commands and sudo command groups affected by Sudo Rule.
|
||||
|
Loading…
Reference in New Issue
Block a user