[SSSD] URI in HBAC - update

2016-04-25 Thread Lukáš Hellebrandt
http://www.freeipa.org/page/V4/URI-based_HBAC I have made some important changes to the design document of this proposed feature. The difference is mainly changing regular expression interpretation of URI to longest-prefix matching. This change was done mainly because of upstream's reactions. I

[SSSD] URI in HBAC - design page

2016-03-23 Thread Lukáš Hellebrandt
I created a design page for the feature: http://www.freeipa.org/page/URI-based-HBAC-design -- Lukas Hellebrandt Associate Quality Engineer lhell...@redhat.com ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org

[SSSD] URI in HBAC rules - patch - request for feedback

2016-03-22 Thread Lukáš Hellebrandt
Hi, FreeIPA and SSSD communities! I am working on adding URI to HBAC as my thesis [1]. The goal is to control access not only based on (user, host, service), but on (user, host, service, resource's URI). I created a patch for FreeIPA [2] so it is capable of storing URI as part of HBAC rule. I

[SSSD] Re: URI in HBAC rules - patch - request for feedback

2016-02-29 Thread Lukáš Hellebrandt
On 02/29/2016 12:44 PM, Jakub Hrozek wrote: > On Mon, Feb 29, 2016 at 11:50:06AM +0100, Lukáš Hellebrandt wrote: >> On 02/28/2016 11:42 AM, Jakub Hrozek wrote: >>> On Fri, Feb 26, 2016 at 02:03:37PM +0100, Lukáš Hellebrandt wrote: >>>>> First question I have is tha

[SSSD] Re: URI in HBAC rules - patch - request for feedback

2016-02-29 Thread Lukáš Hellebrandt
On 02/28/2016 11:42 AM, Jakub Hrozek wrote: > On Fri, Feb 26, 2016 at 02:03:37PM +0100, Lukáš Hellebrandt wrote: >>> First question I have is that the URLs only match on complete string >>> match. From past conversations I thought we wanted to add a more >>> gra

[SSSD] Re: URI in HBAC rules - patch - request for feedback

2016-02-26 Thread Lukáš Hellebrandt
>> >> Btw, is there some better place to share patches than a pasting tool? >> Maybe some form of pull request? > > You can clone SSSD on github and publish a branch in your clone > https://github.com/SSSD/sssd > https://github.com/lhellebr/sssd/commits/url_in_hbac

[SSSD] Re: URI in HBAC rules - patch - request for feedback

2016-02-26 Thread Lukáš Hellebrandt
> First question I have is that the URLs only match on complete string > match. From past conversations I thought we wanted to add a more > granular evaluation..? I am planning to interpret URI as a prefix. However, there might be problem getting enough granularity because FreeIPA has dropped

[SSSD] URI in HBAC rules - patch - request for feedback

2016-02-26 Thread Lukáš Hellebrandt
Hi, FreeIPA and SSSD communities! I am working on adding URI to HBAC as my thesis [1]. The goal is to control access not only based on (user, host, service), but on (user, host, service, resource's URI). I created a patch for FreeIPA [2] so it is capable of storing URI as part of HBAC rule. I