From 330dc602267aa7efa635fbb429d9ff1a2af4557c Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Fri, 29 Feb 2008 15:25:05 -0800 Subject: [PATCH 1/4] * Update copyright date. --- fas/fas/safasprovider.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fas/fas/safasprovider.py b/fas/fas/safasprovider.py index 4572247..c425096 100644 --- a/fas/fas/safasprovider.py +++ b/fas/fas/safasprovider.py @@ -1,6 +1,6 @@ # -*- coding: utf-8 -*- # -# Copyright © 2007 Red Hat, Inc. All rights reserved. +# Copyright © 2007-2008 Red Hat, Inc. All rights reserved. # # This copyrighted material is made available to anyone wishing to use, modify, # copy, or redistribute it subject to the terms and conditions of the GNU From cf4088bfcbbb5aafd1558ddc8cbc7bf2ccd188ec Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Fri, 29 Feb 2008 15:27:03 -0800 Subject: [PATCH 2/4] * Add an allowed_connections table to show connections that have been approved. --- fas/fas2.sql | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/fas/fas2.sql b/fas/fas2.sql index 5a27db3..63e7199 100644 --- a/fas/fas2.sql +++ b/fas/fas2.sql @@ -216,6 +216,35 @@ create table log ( create index log_changetime_idx on log(changetime); cluster log_changetime_idx on log; +-- +-- This table allows certain services to be restricted by hostname/ip/person. +-- +-- Any time a request for a restricted action is requested, the FAS server +-- consults this table to see if the user@(hostname/ip) is allowed to access +-- the resource. If approved is true, the request is granted. If false or +-- null, the request is denied. +-- +-- New records are created when a request is first made by a specific +-- username@(hostname/id) +-- +create table allowed_connections ( + id serial primary key; + person_id INTEGER not null references people(id), + hostname TEXT not null, + ip TEXT not null, + action TEXT not null default 'trust_all', + last_request TIMESTAMP default now() not null, + approved boolean, + unique (person_id, hostname, ip, action) +); + +create index allowed_connections_changetime_idx on + allowed_connections(changetime); +create index hostname_idx on allowed_connections(hostname); +create index ip_idx on allowed_connections(ip); +create index person_id_idx on allowed_connections(person_id); +cluster allowed_connection_changetime_idx on allowed_connections; + -- -- turbogears session tables -- From a1da7e1ee73617ff3e1fd8cc96865944d8750f88 Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Fri, 29 Feb 2008 15:36:24 -0800 Subject: [PATCH 3/4] * Rename the allowed_connections table to requests. * Map the requests table. --- fas/fas/model.py | 12 +++++++++++- fas/fas2.sql | 13 ++++++------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/fas/fas/model.py b/fas/fas/model.py index 9af25ed..c701fdd 100644 --- a/fas/fas/model.py +++ b/fas/fas/model.py @@ -62,6 +62,7 @@ GroupEmailsTable = Table('group_emails', metadata, autoload=True) GroupRolesTable = Table('group_roles', metadata, autoload=True) BugzillaQueueTable = Table('bugzilla_queue', metadata, autoload=True) LogTable = Table('log', metadata, autoload=True) +RequestsTable = Table('requests', metadata, autoload=True) # # Selects for filtering roles @@ -331,7 +332,13 @@ class BugzillaQueue(SABase): pass class Log(SABase): - '''Write simple logs of changesto the database.''' + '''Write simple logs of changes to the database.''' + pass + +class Requests(SABase): + ''' + Requests for certain resources may be restricted based on the user or host. + ''' pass # @@ -431,6 +438,9 @@ mapper(Log, LogTable, properties = { ### TODO: test to be sure SQLAlchemy only loads the backref on demand 'author': relation(People, backref='changes') }) +mapper(Requests, RequestsTable, properties = { + 'person': relation(People, backref='requests') + }) # TurboGears Identity mapper(Visit, visits_table) diff --git a/fas/fas2.sql b/fas/fas2.sql index 8a1207a..05e39d8 100644 --- a/fas/fas2.sql +++ b/fas/fas2.sql @@ -227,7 +227,7 @@ cluster log_changetime_idx on log; -- New records are created when a request is first made by a specific -- username@(hostname/id) -- -create table allowed_connections ( +create table requests ( id serial primary key; person_id INTEGER not null references people(id), hostname TEXT not null, @@ -238,12 +238,11 @@ create table allowed_connections ( unique (person_id, hostname, ip, action) ); -create index allowed_connections_changetime_idx on - allowed_connections(changetime); -create index hostname_idx on allowed_connections(hostname); -create index ip_idx on allowed_connections(ip); -create index person_id_idx on allowed_connections(person_id); -cluster allowed_connection_changetime_idx on allowed_connections; +create index requests_changetime_idx on requests(changetime); +create index hostname_idx on requests(hostname); +create index ip_idx on requests(ip); +create index person_id_idx on requests(person_id); +cluster requests_changetime_idx on requests; -- -- turbogears session tables From 38254ef66050e8e749014398b440c16640418148 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Toshio=20=E3=81=8F=E3=82=89=E3=81=A8=E3=81=BF?= Date: Fri, 29 Feb 2008 23:40:33 +0000 Subject: [PATCH 4/4] * Fix some syntax errors in the db schema. --- fas/fas2.sql | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fas/fas2.sql b/fas/fas2.sql index 05e39d8..7d598f9 100644 --- a/fas/fas2.sql +++ b/fas/fas2.sql @@ -228,7 +228,7 @@ cluster log_changetime_idx on log; -- username@(hostname/id) -- create table requests ( - id serial primary key; + id serial primary key, person_id INTEGER not null references people(id), hostname TEXT not null, ip TEXT not null, @@ -238,11 +238,11 @@ create table requests ( unique (person_id, hostname, ip, action) ); -create index requests_changetime_idx on requests(changetime); +create index requests_last_request_idx on requests(last_request); create index hostname_idx on requests(hostname); create index ip_idx on requests(ip); create index person_id_idx on requests(person_id); -cluster requests_changetime_idx on requests; +cluster requests_last_request_idx on requests; -- -- turbogears session tables