[Freeipa-devel] URI in HBAC rules - patch - request for feedback
Lukáš Hellebrandt
lhellebr at redhat.com
Fri Feb 26 12:17:31 UTC 2016
Hi, FreeIPA and SSSD communities!
I am working on adding URI to HBAC as my thesis [1]. The goal is to
control access not only based on (user, host, service), but on (user,
host, service, resource's URI).
I created a patch for FreeIPA [2] so it is capable of storing URI as
part of HBAC rule. I created a patch for SSSD [3] so it is able to get
this URI from FreeIPA and use it in HBAC evaluation.
I still need to develop a part of SSSD receiving URI-aware requests. It
will either be an enhancement of Infopipe or I will use PAM responder
(any suggestions?).
I wanted to kindly ask you for review and your opinions on the patches
and generally on my approach. This would be my first contribution to
FreeIPA and SSSD so there might be bugs. What do you think?
Btw, is there some better place to share patches than a pasting tool?
Maybe some form of pull request?
Thanks for your opinions!
[1]
https://diplomky.redhat.com/topic/show/326/store-and-manage-access-to-uris-in-freeipa
[2]
http://pastebin.com/rsHzXeAR
[3]
http://pastebin.com/atcZMuP1
--
Lukas Hellebrandt
More information about the Freeipa-devel
mailing list