Dne 13.1.2012 09:58, Jan Zelený napsal(a):
> Hi,
> I'm sending two patches with enhancements related to IPA HBAC code. I
> stumbled upon these while doing the SELinux work because I'm planning to
> re-use some parts of the HBAC code.
>
> #081:
> Comment ipa_host_search_base in man pages - nothing special about this
> one
NACK
Please, document the behaviour of dereference lookup when filter is set
in search base.
Done
> #082:
> Add support for multiple host search bases in HBAC code. I recall we
> discussed this one several weeks ago and the conclusion was that we
> wanted the support but it wasn't the number one topic at that moment.
>
> The only limitation in my implementation is related to multiple search
> bases in combination with dereference code. Basically, if
> ipa_support_srchost = false and there is a filter given in host search
> base, I ignore it. I believe something similar is already in other parts
> of SSSD using deref. Correct me if I'm wrong.
NACK, just minor issues.
ipa_hbac_hosts.c:168
ipa_hbac_hosts.c:310
Instead of building state->cur_filter by your own you should use
sdap_get_id_specific_filter().
I knew there was some kind of function for that. Thanks for pointing that out.
ipa_hbac_hosts.c:380
I suppose there should be 'Now' instead of 'No'
Actually no, the comment is correct.
ipa_hbac_hosts.c:187
Please, use new debug level macro.
That's what happens when I use copy & paste ;-)
New set of patches is in attachment.
Thanks
Jan