On Sat, 2011-07-02 at 01:27 +0200, Jakub Hrozek wrote:
On Thu, Jun 09, 2011 at 09:34:51AM +0200, Jakub Hrozek wrote:
> On 06/09/2011 09:31 AM, Jakub Hrozek wrote:
> > On 06/07/2011 03:11 PM, Jakub Hrozek wrote:
> >> On 06/07/2011 02:46 PM, Jakub Hrozek wrote:
> >>> Hi,
> >>> the attached patch provides a new python module "pyhbac" that
> >>> python bindings for the HBAC evaluator library.
> >>> The patch depends on Stephen's last patches which are on review as
> >>> now, but the test suite passed, so I think the bindings can be
> >>> in parallel.
> >>> "make check" loads the built python module from tree by doing
> >>> sys.path magic. If you'd like to experiment with the module
> >>> you must either install it or set PYTHONPATH to $SSSD_BUILD_DIR/.libs
> >> btw when I started reading Stephen's patches I noticed that there is a
> >> new subpackage libipa_hbac - the module should belong there.
> >> Also I left one FIXME in Makefile.am -- I'll fix these two issues with
> >> any other that will come up during the review :-)
> > I've done enough changes so that the patch needs resending. I got rid of
> > talloc in favor of Py_Malloc - it would be wasteful if just the bindings
> > dragged in talloc and I places the module in libipa_hbac-python subpackage.
> And now with the patch attached.
Another revision that reflects the recent changes is attached.
The C evaluate() function passes the hbac_info structure on either success
or failure as an output parameter. The python equivalent returns just
an integer status code and sets a new HbacRequest attribute "rule_name"
to the name of the rule that matched on success or to None in case of
access denial or error.