[Freeipa-devel] [PATCH] 0520 Add managed read permission to service

Mon, 14 Apr 2014 04:06:18 -0700 

Read access is given to all authenticated users.

Exposed attributes are:
[top]
  objectClass
[ipaObject]
  ipaUniqueID
[ipaService]
  managedBy
  memberOf
  ipaKrbAuthzData  (a.k.a. pac_type)
[pkiUser]
  userCertificate
[krbPrincipalAux]
  krbPrincipalName
  krbCanonicalName
  krbPrincipalAliases
  krbPrincipalExpiration
  krbPasswordExpiration
  krbLastPwdChange
[krbTicketPolicyAux] - none
[ipaKrbPrincipal]
  krbPrincipalName
  ipaKrbPrincipalAlias
[krbPrincipal]
  krbPrincipalName
  krbObjectReferences
Kerberos-related attributes were discussed for hosts here: http://www.redhat.com/archives/freeipa-devel/2014-April/msg00242.html 

--
PetrĀ³

From 1eadd2dbafd757abe6e2ac93316754f337da7ba6 Mon Sep 17 00:00:00 2001
From: Petr Viktorin <[email protected]>
Date: Wed, 26 Mar 2014 17:11:23 +0100
Subject: [PATCH] Add managed read permission to service

Part of the work for: https://fedorahosted.org/freeipa/ticket/3566
---
 ipalib/plugins/service.py | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/ipalib/plugins/service.py b/ipalib/plugins/service.py
index 25f02cd129e58190131b46e1523ce6db39457776..1568bb2fd11daadaf63af7bde1b020f2f0529e07 100644
--- a/ipalib/plugins/service.py
+++ b/ipalib/plugins/service.py
@@ -312,6 +312,21 @@ class service(LDAPObject):
         'managedby': ('Managed by', 'man_by_', 'not_man_by_'),
     }
     password_attributes = [('krbprincipalkey', 'has_keytab')]
+    managed_permissions = {
+        'System: Read Services': {
+            'replaces_global_anonymous_aci': True,
+            'ipapermbindruletype': 'all',
+            'ipapermright': {'read', 'search', 'compare'},
+            'ipapermdefaultattr': {
+                'objectclass',
+                'ipauniqueid', 'managedby', 'memberof', 'usercertificate',
+                'krbprincipalname', 'krbcanonicalname', 'krbprincipalaliases',
+                'krbprincipalexpiration', 'krbpasswordexpiration',
+                'krblastpwdchange', 'ipakrbauthzdata', 'ipakrbprincipalalias',
+                'krbobjectreferences',
+            },
+        },
+    }
 
     label = _('Services')
     label_singular = _('Service')
-- 
1.9.0


_______________________________________________
Freeipa-devel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to