freeipa

Clone
Source Code
GIT

b6258d0 Make sure member* attrs are always granted together in read permissions

Authored and Committed by pviktori 9 years ago
raw patch tree parent
13 files changed. 43 lines added. 20 lines removed.
ACI.txt
file modified
+11 -11
ipalib/plugins/group.py
file modified
+1 -1
ipalib/plugins/hbacrule.py
file modified
+1 -1
ipalib/plugins/hbacsvcgroup.py
file modified
+1 -0
ipalib/plugins/hostgroup.py
file modified
+1 -1
ipalib/plugins/netgroup.py
file modified
+2 -1
ipalib/plugins/permission.py
file modified
+1 -1
ipalib/plugins/privilege.py
file modified
+2 -1
ipalib/plugins/role.py
file modified
+2 -1
ipalib/plugins/selinuxusermap.py
file modified
+1 -1
ipalib/plugins/sudocmdgroup.py
file modified
+1 -0
ipalib/plugins/sudorule.py
file modified
+1 -1
makeaci
file modified
+18 -0 
    Make sure member* attrs are always granted together in read permissions
    
    Memberofindirect processing of an entry doesn't work if the user doesn't
    have rights to any one of these attributes:
    - member
    - memberuser
    - memberhost
    
    Add all of these to any read permission that specifies any of them.
    
    Add a check to makeaci that will enforce this for any future permissions.
    
    Reviewed-By: Martin Kosek <mkosek@redhat.com>
file modified
+11 -11
file modified
+1 -1
file modified
+1 -1
file modified
+1 -0
file modified
+1 -1
file modified
+2 -1
file modified
+1 -1
file modified
+2 -1
file modified
+2 -1
file modified
+1 -1
file modified
+1 -0
file modified
+1 -1
file modified
+18 -0
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.