Re: [Freeipa-devel] [Fwd: [freeipa] #402: SUDO command attribute should be case sensitive]

2010-10-26 Thread Rob Crittenden

Dmitri Pal wrote:

Dmitri Pal wrote:

Simo Sorce wrote:


On Wed, 20 Oct 2010 15:42:17 -0400
Dmitri Pald...@redhat.com  wrote:




Any suggestions what it should be?
Should we create a new attribute or there is something handy to reuse?



Probably makes sense to add a custom attribute, properly named.




Ok I will propose one.



The attached patch should address the issue.
I did the change but I have not done the build so view this patch as a
proposal.


ACK and pushed to master.

I had to hand-apply this because it didn't apply cleanly.

Please send all patches with [PATCH] in the subject so they don't get 
lost in the shuffle.


rob

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [Fwd: [freeipa] #402: SUDO command attribute should be case sensitive]

2010-10-24 Thread Dmitri Pal
Dmitri Pal wrote:
 Simo Sorce wrote:
   
 On Wed, 20 Oct 2010 15:42:17 -0400
 Dmitri Pal d...@redhat.com wrote:

   
 
 Any suggestions what it should be?
 Should we create a new attribute or there is something handy to reuse?
 
   
 Probably makes sense to add a custom attribute, properly named.

   
 
 Ok I will propose one.
   

The attached patch should address the issue.
I did the change but I have not done the build so view this patch as a
proposal.


-- 
Thank you,
Dmitri Pal

Engineering Manager IPA project,
Red Hat Inc.


---
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

From 34896a5f24a9fba8e3483b53a7b30c1bb737 Mon Sep 17 00:00:00 2001
From: Dmitri Pal d...@redhat.com
Date: Sun, 24 Oct 2010 22:37:27 -0400
Subject: [PATCH] [SUDO] 3. Changing command attr to be case sensitive

* Fixed comments
* Added attribute
* Fixed objectclass
---
 install/share/60sudo.ldif |8 +---
 1 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/install/share/60sudo.ldif b/install/share/60sudo.ldif
index d7080859be12abd7b1f27a5f9cbeebee44af8969..638f131ba7b2f50dd767f5ea958934d7564429a8 100644
--- a/install/share/60sudo.ldif
+++ b/install/share/60sudo.ldif
@@ -5,9 +5,9 @@ dn: cn=schema
 ## Attributes:  2.16.840.1.113730.3.8.7.x
 ## ObjectClasses:   2.16.840.1.113730.3.8.8.x
 ##
-## Attribute to store DN of a SUDO command or a group of SUDO commands
+## Attribute to store DN of an allowed SUDO command or a group of SUDO commands
 attributetypes: (2.16.840.1.113730.3.8.7.1 NAME 'memberAllowCmd' DESC 'Reference to a command or group of the commands that are allowed by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
-## Attribute to store command category
+## Attribute to store DN of a prohibited SUDO command or a group of SUDO commands
 attributetypes: (2.16.840.1.113730.3.8.7.2 NAME 'memberDenyCmd' DESC 'Reference to a command or group of the commands that are denied by the rule.' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'IPA v2' )
 ## Attribute to store command category
 attributeTypes: (2.16.840.1.113730.3.8.7.3 NAME 'cmdCategory' DESC 'Additional classification for commands' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
@@ -29,9 +29,11 @@ attributeTypes: (2.16.840.1.113730.3.8.7.10 NAME 'ipaSudoRunAsExtGroup' DESC 'Mu
 attributeTypes: (2.16.840.1.113730.3.8.7.11 NAME 'ipaSudoRunAsGroupCategory' DESC 'Additional classification for groups' SUP userCategory X-ORIGIN 'IPA v2' )
 ## Attribute to store host mask
 attributeTypes: (2.16.840.1.113730.3.8.7.12 NAME 'hostMask' DESC 'IP mask to identify a subnet.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
+## Attribute to store sudo command
+attributeTypes: (2.16.840.1.113730.3.8.7.13 NAME 'sudoCmd' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactMatch ORDERING caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'IPA v2' )
 ## Object class for SUDO rules
 objectClasses: (2.16.840.1.113730.3.8.8.1 NAME 'ipaSudoRule' SUP ipaAssociation STRUCTURAL MAY ( externalUser $ externalHost $ hostMask $ memberAllowCmd $ memberDenyCmd $ cmdCategory $ ipaSudoOpt $ ipaSudoRunAs $ ipaSudoRunAsExtUser $ ipaSudoRunAsUserCategory $ ipaSudoRunAsGroup $ ipaSudoRunAsExtGroup $ ipaSudoRunAsGroupCategory ) X-ORIGIN 'IPA v2' )
 ## Object class for SUDO commands
-objectClasses: (2.16.840.1.113730.3.8.8.2 NAME 'ipaSudoCmd' DESC 'IPA object class for SUDO command' STRUCTURAL MUST ( ipaUniqueID $ cn ) MAY  ( memberOf $ description ) X-ORIGIN 'IPA v2' )
+objectClasses: (2.16.840.1.113730.3.8.8.2 NAME 'ipaSudoCmd' DESC 'IPA object class for SUDO command' STRUCTURAL MUST ( ipaUniqueID $ sudoCmd ) MAY  ( memberOf $ description ) X-ORIGIN 'IPA v2' )
 ## Object class for groups of the SUDO commands
 objectClasses: (2.16.840.1.113730.3.8.8.3 NAME 'ipaSudoCmdGrp' DESC 'IPA object class to store groups of SUDO commands' SUP groupOfNames MUST ( ipaUniqueID ) STRUCTURAL X-ORIGIN 'IPA v2' )
-- 
1.5.5.6

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel