On Fri, 2011-07-08 at 13:20 -0400, Stephen Gallagher wrote:
On Sat, 2011-07-02 at 01:27 +0200, Jakub Hrozek wrote:
> On Thu, Jun 09, 2011 at 09:34:51AM +0200, Jakub Hrozek wrote:
> > On 06/09/2011 09:31 AM, Jakub Hrozek wrote:
> > > On 06/07/2011 03:11 PM, Jakub Hrozek wrote:
> > >> On 06/07/2011 02:46 PM, Jakub Hrozek wrote:
> > >>> Hi,
> > >>>
> > >>> the attached patch provides a new python module "pyhbac"
that implements
> > >>> python bindings for the HBAC evaluator library.
> > >>>
> > >>> The patch depends on Stephen's last patches which are on
review as of
> > >>> now, but the test suite passed, so I think the bindings can be
reviewed
> > >>> in parallel.
> > >>>
> > >>> "make check" loads the built python module from tree by
doing some
> > >>> sys.path magic. If you'd like to experiment with the module
yourself,
> > >>> you must either install it or set PYTHONPATH to
$SSSD_BUILD_DIR/.libs
> > >>>
> > >>>
> > >>
> > >> btw when I started reading Stephen's patches I noticed that there
is a
> > >> new subpackage libipa_hbac - the module should belong there.
> > >>
> > >> Also I left one FIXME in Makefile.am -- I'll fix these two issues
with
> > >> any other that will come up during the review :-)
> > >>
> > >
> > > I've done enough changes so that the patch needs resending. I got rid
of
> > > talloc in favor of Py_Malloc - it would be wasteful if just the bindings
> > > dragged in talloc and I places the module in libipa_hbac-python
subpackage.
> > >
> >
> > And now with the patch attached.
>
> Another revision that reflects the recent changes is attached.
>
> The C evaluate() function passes the hbac_info structure on either success
> or failure as an output parameter. The python equivalent returns just
> an integer status code and sets a new HbacRequest attribute "rule_name"
> to the name of the rule that matched on success or to None in case of
> access denial or error.
Ack.
Pushed to master.