IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Collect memberof information for sudo commands.

Browse Source 
We weren't searching the cn=sudo container so all members of a
sudocmdgroup looked indirect.

Add a label for sudo command groups.

Update the tests to include verifying that membership is done
properly.

ticket 1003
This commit is contained in:
Rob Crittenden
2011-02-23 17:10:08 -05:00
committed by Endi S. Dewata
parent 1770750b8a
commit af9f905239
4 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ipalib/plugins/baseldap.py
View File

@@ -65,6 +65,9 @@ global_output_params = (
Str('memberof_role?', Str('memberof_role?',
label=_('Roles'), label=_('Roles'),
), ),
Str('memberof_sudocmdgroup?',
label=_('Sudo Command Groups'),
),
Str('member_privilege?', Str('member_privilege?',
label='Granted to Privilege', label='Granted to Privilege',
), ),

5
ipalib/plugins/sudocmd.py
View File

@@ -55,8 +55,11 @@ class sudocmd(LDAPObject):
'sudocmd', 'description', 'sudocmd', 'description',
] ]
default_attributes = [ default_attributes = [
'sudocmd', 'description', 'sudocmd', 'description', 'memberof',
] ]
attribute_members = {
'memberof': ['sudocmdgroup'],
}
uuid_attribute = 'ipauniqueid' uuid_attribute = 'ipauniqueid'
label = _('SUDO Commands') label = _('SUDO Commands')

8
ipaserver/plugins/ldap2.py
View File

@@ -1002,6 +1002,14 @@ class ldap2(CrudBackend, Encoder):
except errors.NotFound: except errors.NotFound:
pbacresults = [] pbacresults = []
results = results + pbacresults results = results + pbacresults
try:
(sudoresults, truncated) = self.find_entries(searchfilter,
attr_list, 'cn=sudo,%s' % api.env.basedn,
time_limit=time_limit, size_limit=size_limit,
normalize=normalize)
except errors.NotFound:
sudoresults = []
results = results + sudoresults
direct = [] direct = []
indirect = [] indirect = []

21
tests/test_xmlrpc/test_sudocmdgroup_plugin.py
View File

@@ -42,7 +42,7 @@ class test_sudocmdgroup(Declarative):
dict( dict(
desc='Create %r' % sudocmd1, desc='Create %r' % sudocmd1,
command=( command=(
'sudocmd_add', [], dict(sudocmd=sudocmd1,) 'sudocmd_add', [], dict(sudocmd=sudocmd1, description=u'Test sudo command 1')
), ),
expected=dict( expected=dict(
value=sudocmd1, value=sudocmd1,
@@ -51,6 +51,7 @@ class test_sudocmdgroup(Declarative):
objectclass=objectclasses.sudocmd, objectclass=objectclasses.sudocmd,
sudocmd=[u'/usr/bin/sudotestcmd1'], sudocmd=[u'/usr/bin/sudotestcmd1'],
ipauniqueid=[fuzzy_uuid], ipauniqueid=[fuzzy_uuid],
description=[u'Test sudo command 1'],
dn=u'sudocmd=%s,cn=sudocmds,cn=sudo,%s' % (sudocmd1, dn=u'sudocmd=%s,cn=sudocmds,cn=sudo,%s' % (sudocmd1,
api.env.basedn), api.env.basedn),
), ),
@@ -66,6 +67,7 @@ class test_sudocmdgroup(Declarative):
summary=None, summary=None,
result=dict( result=dict(
sudocmd=[sudocmd1], sudocmd=[sudocmd1],
description=[u'Test sudo command 1'],
dn=u'sudocmd=%s,cn=sudocmds,cn=sudo,%s' % (sudocmd1, dn=u'sudocmd=%s,cn=sudocmds,cn=sudo,%s' % (sudocmd1,
api.env.basedn), api.env.basedn),
), ),
@@ -373,7 +375,22 @@ class test_sudocmdgroup(Declarative):
), ),
dict( dict(
# FIXME: Shouldn't this raise a NotFound instead? desc='Retrieve %r to show membership' % sudocmd1,
command=('sudocmd_show', [sudocmd1], {}),
expected=dict(
value=sudocmd1,
summary=None,
result=dict(
dn=u'sudocmd=%s,cn=sudocmds,cn=sudo,%s' % (sudocmd1,
api.env.basedn),
sudocmd=[sudocmd1],
description=[u'Test sudo command 1'],
memberof_sudocmdgroup = [u'testsudocmdgroup1'],
),
),
),
dict(
desc='Try to add non-existent member to %r' % sudocmdgroup1, desc='Try to add non-existent member to %r' % sudocmdgroup1,
command=( command=(
'sudocmdgroup_add_member', [sudocmdgroup1], 'sudocmdgroup_add_member', [sudocmdgroup1],