From d059a1a5c51e1aa1882b2646f551ab2821dbcda9 Mon Sep 17 00:00:00 2001
From: Jr Aquino <jr.aquino@citrix.com>
Date: Mon, 13 Dec 2010 07:38:09 -0800
Subject: [PATCH] sudo run as user or group
 https://fedorahosted.org/freeipa/ticket/570

---
 ipalib/plugins/sudorule.py |   62 ++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 62 insertions(+), 0 deletions(-)

diff --git a/ipalib/plugins/sudorule.py b/ipalib/plugins/sudorule.py
index 420f5fd..8ca2d10 100644
--- a/ipalib/plugins/sudorule.py
+++ b/ipalib/plugins/sudorule.py
@@ -46,6 +46,8 @@ class sudorule(LDAPObject):
         'memberhost': ['host', 'hostgroup'],
         'memberallowcmd': ['sudocmd', 'sudocmdgroup'],
         'memberdenycmd': ['sudocmd', 'sudocmdgroup'],
+        'ipasudorunas': ['user'],
+        'ipasudorunasgroup': ['group'],
     }
 
     label = _('SUDO')
@@ -82,6 +84,18 @@ class sudorule(LDAPObject):
             doc=_('Command category the rule applies to'),
             values=(u'all', ),
         ),
+        StrEnum('ipasudorunasusercategory?',
+            cli_name='runasusercat',
+            label=_('Run As User category'),
+            doc=_('Run As User category the rule applies to'),
+            values=(u'all', ),
+        ),
+        StrEnum('ipasudorunasgroupcategory?',
+            cli_name='runasgroupcat',
+            label=_('Run As Group category'),
+            doc=_('Run As Group category the rule applies to'),
+            values=(u'all', ),
+        ),
             Str('memberuser_user?',
             label=_('Users'),
             flags=['no_create', 'no_update', 'no_search'],
@@ -110,6 +124,14 @@ class sudorule(LDAPObject):
             label=_('Sudo Command Groups'),
             flags=['no_create', 'no_update', 'no_search'],
         ),
+            Str('ipasudorunas_user?',
+            label=_('Run As User'),
+            flags=['no_create', 'no_update', 'no_search'],
+        ),
+            Str('ipasudorunasgroup_group?',
+            label=_('Run As Group'),
+            flags=['no_create', 'no_update', 'no_search'],
+        ),
 
     )
 
@@ -292,3 +314,43 @@ class sudorule_remove_host(LDAPRemoveMember):
     member_count_out = ('%i object removed.', '%i objects removed.')
 
 api.register(sudorule_remove_host)
+
+
+class sudorule_add_runasuser(LDAPAddMember):
+    """
+    Add user for Sudo to execute as.
+    """
+    member_attributes = ['ipasudorunas']
+    member_count_out = ('%i object added.', '%i objects added.')
+
+api.register(sudorule_add_runasuser)
+
+
+class sudorule_remove_runasuser(LDAPRemoveMember):
+    """
+    Remove user for Sudo to execute as.
+    """
+    member_attributes = ['ipasudorunas']
+    member_count_out = ('%i object removed.', '%i objects removed.')
+
+api.register(sudorule_remove_runasuser)
+
+
+class sudorule_add_runasgroup(LDAPAddMember):
+    """
+    Add group for Sudo to execute as.
+    """
+    member_attributes = ['ipasudorunasgroup']
+    member_count_out = ('%i object added.', '%i objects added.')
+
+api.register(sudorule_add_runasgroup)
+
+
+class sudorule_remove_runasgroup(LDAPRemoveMember):
+    """
+    Remove group for Sudo to execute as.
+    """
+    member_attributes = ['ipasudorunasgroup']
+    member_count_out = ('%i object removed.', '%i objects removed.')
+
+api.register(sudorule_remove_runasgroup)
-- 
1.7.2.3