diff options
author | Alexander Bokovoy <abokovoy@redhat.com> | 2011-10-11 11:25:24 +0300 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-10-10 17:09:37 -0400 |
commit | caaacc9a611c5e3230189b2c4636e7d568c21f45 (patch) | |
tree | 1f3eaf5c033da29c3e8888ca8eb84dfae5e1ec1d /ipapython/certdb.py | |
parent | d487571849be9e19c059a546b2899d0a1e97fb34 (diff) | |
download | freeipa-caaacc9a611c5e3230189b2c4636e7d568c21f45.tar.gz freeipa-caaacc9a611c5e3230189b2c4636e7d568c21f45.tar.xz freeipa-caaacc9a611c5e3230189b2c4636e7d568c21f45.zip |
Include indirect membership and canonicalize hosts during HBAC rules testing
When users and hosts are included into groups indirectly, make sure that
during HBAC test e fill in all indirect groups properly into an HBAC request.
Also, if hosts provided for test are not specified fully, canonicalize them
using IPA domain.
This makes possible following requests:
ipa hbactest --user foobar --srchost vm-101 --host vm-101 --service sshd
Request to evaluate:
<user <name foobar groups [hbacusers,ipausers]>
service <name sshd groups []>
targethost <name vm-101.ipa.local groups []>
srchost <name vm-101.ipa.local groups []>
>
Fixes:
https://fedorahosted.org/freeipa/ticket/1862
https://fedorahosted.org/freeipa/ticket/1949
Diffstat (limited to 'ipapython/certdb.py')
0 files changed, 0 insertions, 0 deletions