[Freeipa-devel] [PATCH] Allow using external hosts in HBAC test

Alexander Bokovoy abokovoy at redhat.com
Tue Sep 13 08:54:46 UTC 2011 

When external host is specified in HBAC rule, allow its use in simulation

https://fedorahosted.org/freeipa/ticket/1763

When external host is specified in HBAC rule, it needs to be added to
the set of source hosts this rule applies to. Add (list of external hosts)
explicitly when converting FreeIPA rules to PyHBAC objects.

-- 
/ Alexander Bokovoy
-------------- next part --------------
>From 27f44edb48fdcbf1f007282b17bbb5206f676c39 Mon Sep 17 00:00:00 2001
From: Alexander Bokovoy <abokovoy at redhat.com>
Date: Tue, 13 Sep 2011 11:49:27 +0300
Subject: [PATCH] When external host is specified in HBAC rule, allow its use
 in simulation

https://fedorahosted.org/freeipa/ticket/1763

When external host is specified in HBAC rule, it needs to be added to
the set of source hosts this rule applies to. Add (list of external hosts)
explicitly when converting FreeIPA rules to PyHBAC objects.
---
 ipalib/plugins/hbactest.py |    5 ++++-
 1 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/ipalib/plugins/hbactest.py b/ipalib/plugins/hbactest.py
index 5fce2e5fbf89b19a315e721d5237c1f1b2267421..43151e3407cba5808035259d36f99f09d6fd759f 100644
--- a/ipalib/plugins/hbactest.py
+++ b/ipalib/plugins/hbactest.py
@@ -131,7 +131,8 @@ def convert_to_ipa_rule(rule):
     ipa_rule = pyhbac.HbacRule(rule['cn'][0])
     ipa_rule.enabled = rule['ipaenabledflag'][0]
     # Following code attempts to process rule systematically
-    structure = (('user',       'memberuser',    'user',    'group',        ipa_rule.users),
+    structure = \
+        (('user',       'memberuser',    'user',    'group',        ipa_rule.users),
          ('host',       'memberhost',    'host',    'hostgroup',    ipa_rule.targethosts),
          ('sourcehost', 'sourcehost',    'host',    'hostgroup',    ipa_rule.srchosts),
          ('service',    'memberservice', 'hbacsvc', 'hbacsvcgroup', ipa_rule.services),
@@ -151,6 +152,8 @@ def convert_to_ipa_rule(rule):
             attr_name = '%s_%s' % (element[1], element[3])
             if attr_name in rule:
                 element[4].groups = rule[attr_name]
+    if 'externalhost' in rule:
+            ipa_rule.srchosts.names.extend(rule['externalhost'])
     return ipa_rule
 
 
-- 
1.7.6.1

More information about the Freeipa-devel mailing list