[Pki-devel] [PATCH] 285 - 293 Patches for fine grained authz in the KRA
Endi Sukma Dewata
edewata at redhat.com
Wed Apr 20 20:23:41 UTC 2016
On 4/19/2016 9:47 PM, Ade Lee wrote:
> Some comments inline, although most of this was discussed on #irc.
>
> I have added two additional patches which are to be applied on top
> of 258=293.
>
> 294: This patch fixes the problems identified in this review. In
> particular:
>
> Review comments addressed:
> 1. when archiving or generating keys, realm is checked
> 2. when no plugin is found for a realm, access is denied.
> 3. rename mFoo to foo for new variables.
> 4. add chaining of exceptions
> 5. remove attributes from KeyArchivalRequest etc. when realm is
> null
> 6. Add more detail to denial in BasicGroupAuthz
>
> 295 - Adds the ability for authz plugins to support multiple realms.
> In particular, the authorize() command has been extended to allow
> the realm to be passed in, and the ACL plugins have been modified
> to account for the realm.
>
> Please review,
ACK.
--
Endi S. Dewata
More information about the Pki-devel
mailing list