Permalink
Browse files

Add the ability to manage sudo users and groups from GUI

  • Loading branch information...
1 parent f2d6ba7 commit 72a7e36420040768837ec5a829c2237d2afa8686 @jhixson74 jhixson74 committed Nov 5, 2013
View
@@ -389,6 +389,7 @@ class Meta:
'bsdusr_password2',
'bsdusr_password_disabled',
'bsdusr_locked',
+ 'bsdusr_sudo',
'bsdusr_sshpubkey',
'bsdusr_to_group',
)
@@ -11,8 +11,17 @@ class Migration(DataMigration):
def forwards(self, orm):
from django.core.management import call_command
- call_command("loaddata", "bsdGroups.json")
- #call_command("loaddata", "bsdUsers.json")
+ jf = os.path.join(os.path.abspath(os.path.dirname(__file__)), "..", "fixtures", "bsdGroups.json")
+ with open(jf) as json_fd:
+ json = json_fd.read()
+ groups = simplejson.loads(json)
+ for entry in groups:
+ group = orm.bsdGroups(pk=entry['pk'])
+ for field in entry['fields']:
+ mfield = orm.bsdGroups._meta.get_field(field)
+ setattr(group, field, entry['fields'].get(field))
+ group.save()
+
jf = os.path.join(os.path.abspath(os.path.dirname(__file__)), "..", "fixtures", "bsdUsers.json")
with open(jf) as json_fd:
json = json_fd.read()
@@ -0,0 +1,88 @@
+# -*- coding: utf-8 -*-
+import datetime
+from south.db import db
+from south.v2 import SchemaMigration
+from django.db import models
+
+
+class Migration(SchemaMigration):
+
+ def forwards(self, orm):
+ # Removing unique constraint on 'bsdUsers', fields ['bsdusr_uid']
+ db.delete_unique(u'account_bsdusers', ['bsdusr_uid'])
+
+ # Adding field 'bsdUsers.bsdusr_sudo'
+ db.add_column(u'account_bsdusers', 'bsdusr_sudo',
+ self.gf('django.db.models.fields.BooleanField')(default=False),
+ keep_default=False)
+
+
+ # Changing field 'bsdUsers.bsdusr_username'
+ db.alter_column(u'account_bsdusers', 'bsdusr_username', self.gf('django.db.models.fields.CharField')(unique=True, max_length=16))
+
+ # Changing field 'bsdUsers.bsdusr_uid'
+ db.alter_column(u'account_bsdusers', 'bsdusr_uid', self.gf('django.db.models.fields.IntegerField')())
+
+ # Changing field 'bsdUsers.bsdusr_home'
+ db.alter_column(u'account_bsdusers', 'bsdusr_home', self.gf('freenasUI.freeadmin.models.fields.PathField')(max_length=255))
+ # Adding field 'bsdGroups.bsdgrp_sudo'
+ db.add_column(u'account_bsdgroups', 'bsdgrp_sudo',
+ self.gf('django.db.models.fields.BooleanField')(default=False),
+ keep_default=False)
+
+
+ def backwards(self, orm):
+ # Deleting field 'bsdUsers.bsdusr_sudo'
+ db.delete_column(u'account_bsdusers', 'bsdusr_sudo')
+
+
+ # Changing field 'bsdUsers.bsdusr_username'
+ db.alter_column(u'account_bsdusers', 'bsdusr_username', self.gf('django.db.models.fields.CharField')(max_length=30, unique=True))
+
+ # Changing field 'bsdUsers.bsdusr_uid'
+ db.alter_column(u'account_bsdusers', 'bsdusr_uid', self.gf('django.db.models.fields.IntegerField')(max_length=10, unique='True'))
+ # Adding unique constraint on 'bsdUsers', fields ['bsdusr_uid']
+ db.create_unique(u'account_bsdusers', ['bsdusr_uid'])
+
+
+ # Changing field 'bsdUsers.bsdusr_home'
+ db.alter_column(u'account_bsdusers', 'bsdusr_home', self.gf('django.db.models.fields.CharField')(max_length=120))
+ # Deleting field 'bsdGroups.bsdgrp_sudo'
+ db.delete_column(u'account_bsdgroups', 'bsdgrp_sudo')
+
+
+ models = {
+ u'account.bsdgroupmembership': {
+ 'Meta': {'object_name': 'bsdGroupMembership'},
+ 'bsdgrpmember_group': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['account.bsdGroups']"}),
+ 'bsdgrpmember_user': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['account.bsdUsers']"}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'})
+ },
+ u'account.bsdgroups': {
+ 'Meta': {'object_name': 'bsdGroups'},
+ 'bsdgrp_builtin': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+ 'bsdgrp_gid': ('django.db.models.fields.IntegerField', [], {}),
+ 'bsdgrp_group': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '120'}),
+ 'bsdgrp_sudo': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'})
+ },
+ u'account.bsdusers': {
+ 'Meta': {'object_name': 'bsdUsers'},
+ 'bsdusr_builtin': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+ 'bsdusr_email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
+ 'bsdusr_full_name': ('django.db.models.fields.CharField', [], {'max_length': '120'}),
+ 'bsdusr_group': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['account.bsdGroups']"}),
+ 'bsdusr_home': ('freenasUI.freeadmin.models.fields.PathField', [], {'default': "'/nonexistent'", 'max_length': '255'}),
+ 'bsdusr_locked': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+ 'bsdusr_password_disabled': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+ 'bsdusr_shell': ('django.db.models.fields.CharField', [], {'default': "'/bin/csh'", 'max_length': '120'}),
+ 'bsdusr_smbhash': ('django.db.models.fields.CharField', [], {'default': "'*'", 'max_length': '128', 'blank': 'True'}),
+ 'bsdusr_sudo': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+ 'bsdusr_uid': ('django.db.models.fields.IntegerField', [], {}),
+ 'bsdusr_unixhash': ('django.db.models.fields.CharField', [], {'default': "'*'", 'max_length': '128', 'blank': 'True'}),
+ 'bsdusr_username': ('django.db.models.fields.CharField', [], {'default': "u'User &'", 'unique': 'True', 'max_length': '16'}),
+ u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'})
+ }
+ }
+
+ complete_apps = ['account']
View
@@ -47,6 +47,10 @@ class bsdGroups(Model):
editable=False,
verbose_name=_("Built-in Group"),
)
+ bsdgrp_sudo = models.BooleanField(
+ default=False,
+ verbose_name=_("Permit Sudo"),
+ )
class Meta:
verbose_name = _("Group")
@@ -137,6 +141,10 @@ class bsdUsers(Model):
verbose_name=_("Lock user"),
default=False,
)
+ bsdusr_sudo = models.BooleanField(
+ verbose_name=_("Permit Sudo"),
+ default=False,
+ )
is_active = True
is_staff = True
@@ -2187,6 +2187,7 @@ def save_pubkey(self, homedir, pubkey, username, groupname):
def _reload_user(self):
self._system("/usr/sbin/service ix-passwd quietstart")
self._system("/usr/sbin/service ix-aliases quietstart")
+ self._system("/usr/sbin/service ix-sudoers quietstart")
self.reload("cifs")
def mp_change_permission(self, path='/mnt', user='root', group='wheel',
@@ -0,0 +1,48 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ix-sudoers
+# REQUIRE: FILESYSTEMS
+
+. /etc/rc.freenas
+
+SUDOERS_FILE="/usr/local/etc/sudoers"
+
+sudoers_start()
+{
+ local IFS="|"
+
+ cp /conf/base/etc/local/sudoers "${SUDOERS_FILE}"
+ ${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "\
+ SELECT
+ bsdusr_username
+ FROM
+ account_bsdusers
+ WHERE
+ bsdusr_sudo = 1
+ " | while read -r username
+ do
+ echo "${username} ALL=(ALL) ALL" >> "${SUDOERS_FILE}"
+ done
+
+ ${FREENAS_SQLITE_CMD} ${FREENAS_CONFIG} "\
+ SELECT
+ bsdgrp_group
+ FROM
+ account_bsdgroups
+ WHERE
+ bsdgrp_sudo = 1
+ " | while read -r group
+ do
+ echo "%${group} ALL=(ALL) ALL" >> "${SUDOERS_FILE}"
+ done
+}
+
+name="ix-sudoers"
+start_cmd='sudoers_start'
+stop_cmd=':'
+
+load_rc_config $name
+run_rc_command "$1"

0 comments on commit 72a7e36

Please sign in to comment.