IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-14 01:13:58 -06:00
Code Issues Packages Projects Releases Wiki Activity

Sudo command groups are not supposed to allow nesting.

Browse Source 
It was a design decision to not allow nesting sudo command groups,
remove it.

ticket 1004
This commit is contained in:
Rob Crittenden 2011-02-23 17:49:09 -05:00 committed by Endi S. Dewata
parent af9f905239
commit d57dfc4e98
4 changed files with 5 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
API.txt
View File

@ -2232,13 +2232,12 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly
output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user")
command: sudocmdgroup_add_member
args: 1,5,3
args: 1,4,3
arg: Str('cn', attribute=True, cli_name='sudocmdgroup_name', label=Gettext('Sudo Command Group', domain='ipa', localedir=None), multivalue=False, normalizer=<lambda>, primary_key=True, query=True, required=True)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', flags=['no_output'])
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui', flags=['no_output'])
option: Str('version?', exclude='webui', flags=['no_option', 'no_output'])
option: List('sudocmd?', alwaysask=True, cli_name='sudocmds',ist('sudocmd?', alwaysask=True, cli_name='sudocmds', doc='comma-separated list of sudocmds to add', label='sudocmd', multivalue=True)
option: List('sudocmdgroup?', alwaysask=True, cli_name='sudocmdgroups',ist('sudocmdgroup?', alwaysask=True, cli_name='sudocmdgroups', doc='comma-separated list of sudocmdgroups to add', label='sudocmdgroup', multivalue=True)
output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
output: Output('failed', <type 'dict'>, Gettext('Members that could not be added', domain='ipa', localedir=None))
output: Output('completed', <type 'int'>, Gettext('Number of members added', domain='ipa', localedir=None))
@ -2277,13 +2276,12 @@ output: Output('summary', (<type 'unicode'>, <type 'NoneType'>), 'User-friendly
output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
output: Output('value', <type 'unicode'>, "The primary_key value of the entry, e.g. 'jdoe' for a user")
command: sudocmdgroup_remove_member
args: 1,5,3
args: 1,4,3
arg: Str('cn', attribute=True, cli_name='sudocmdgroup_name', label=Gettext('Sudo Command Group', domain='ipa', localedir=None), multivalue=False, normalizer=<lambda>, primary_key=True, query=True, required=True)
option: Flag('all', autofill=True, cli_name='all', default=False, exclude='webui', flags=['no_output'])
option: Flag('raw', autofill=True, cli_name='raw', default=False, exclude='webui', flags=['no_output'])
option: Str('version?', exclude='webui', flags=['no_option', 'no_output'])
option: List('sudocmd?', alwaysask=True, cli_name='sudocmds',ist('sudocmd?', alwaysask=True, cli_name='sudocmds', doc='comma-separated list of sudocmds to remove', label='sudocmd', multivalue=True)
option: List('sudocmdgroup?', alwaysask=True, cli_name='sudocmdgroups',ist('sudocmdgroup?', alwaysask=True, cli_name='sudocmdgroups', doc='comma-separated list of sudocmdgroups to remove', label='sudocmdgroup', multivalue=True)
output: Entry('result', <type 'dict'>, Gettext('A dictionary representing an LDAP entry', domain='ipa', localedir=None))
output: Output('failed', <type 'dict'>, Gettext('Members that could not be removed', domain='ipa', localedir=None))
output: Output('completed', <type 'int'>, Gettext('Number of members removed', domain='ipa', localedir=None))

11
ipalib/plugins/baseldap.py
View File

@ -66,7 +66,7 @@ global_output_params = (
label=_('Roles'),
),
Str('memberof_sudocmdgroup?',
label=_('Sudo Command Groups'),
label=_('SUDO Command Groups'),
),
Str('member_privilege?',
label='Granted to Privilege',
@ -95,9 +95,6 @@ global_output_params = (
Str('memberof_hbacsvcgroup?',
label='Member of HBAC service groups',
),
Str('member_sudocmdgroup?',
label='Member SUDO command groups',
),
Str('member_sudocmd?',
label='Member SUDO commands',
),
@ -128,12 +125,6 @@ global_output_params = (
Str('memberindirect_netgroup?',
label=_('Indirect Member netgroups'),
),
Str('memberindirect_sudocmdgroup?',
label='Indirect Member SUDO command groups',
),
Str('memberindirect_sudocmd?',
label='Indirect Member SUDO commands',
),
Str('memberofindirect_group?',
label='Indirect Member of group',
),

6
ipalib/plugins/sudocmdgroup.py
View File

@ -56,13 +56,11 @@ class sudocmdgroup(LDAPObject):
object_name_plural = 'sudocmdgroups'
object_class = ['ipaobject', 'ipasudocmdgrp']
default_attributes = [
'cn', 'description', 'member', 'memberof', 'memberindirect',
'cn', 'description', 'member',
]
uuid_attribute = 'ipauniqueid'
attribute_members = {
'member': ['sudocmd', 'sudocmdgroup'],
'memberof': ['sudocmdgroup'],
'memberindirect': ['sudocmd', 'sudocmdgroup'],
'member': ['sudocmd'],
}
label = _('SUDO Command Groups')

4
tests/test_xmlrpc/test_sudocmdgroup_plugin.py
View File

@ -360,7 +360,6 @@ class test_sudocmdgroup(Declarative):
completed=1,
failed=dict(
member=dict(
sudocmdgroup=tuple(),
sudocmd=tuple(),
),
),
@ -400,7 +399,6 @@ class test_sudocmdgroup(Declarative):
completed=0,
failed=dict(
member=dict(
sudocmdgroup=tuple(),
sudocmd=[(u'notfound', u'no such entry')],
),
),
@ -423,7 +421,6 @@ class test_sudocmdgroup(Declarative):
completed=1,
failed=dict(
member=dict(
sudocmdgroup=tuple(),
sudocmd=tuple(),
),
),
@ -446,7 +443,6 @@ class test_sudocmdgroup(Declarative):
completed=0,
failed=dict(
member=dict(
sudocmdgroup=tuple(),
sudocmd=[(u'notfound', u'This entry is not a member')],
),
),