karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guillaume Nodet <gno...@gmail.com>
Subject Re: Securing shell commands
Date Tue, 30 Oct 2012 12:06:56 GMT
It's just on my laptop for now, but I can commit anywhere, either github
for other people to have a look or any karaf branch.

On Tue, Oct 30, 2012 at 1:04 PM, Jean-Baptiste Onofré <jb@nanthrax.net>wrote:

> You don't put it on your github fork (it's what I understood) ?
>
> Regards
> JB
>
>
> On 10/30/2012 01:01 PM, Guillaume Nodet wrote:
>
>> Well, I haven't committed anything yet, I was looking for feedback before
>> ...
>>
>> On Tue, Oct 30, 2012 at 12:25 PM, Jean-Baptiste Onofré <jb@nanthrax.net
>> >wrote:
>>
>>  Thanks for the update Guillaume and great job !
>>>
>>> I gonna experiment (in combination with sub-shell) and extend to JMX, but
>>> it looks very good.
>>>
>>> Thanks again,
>>> Regards
>>> JB
>>>
>>>
>>> On 10/30/2012 12:20 PM, Guillaume Nodet wrote:
>>>
>>>  I've worked last week on a solution for KARAF-979, i.e. providing a way
>>>> to
>>>> secure shell commands.
>>>> What I came up with is the following.
>>>>
>>>> A new simple authentication service, exposed as an OSGi service with the
>>>> following interface
>>>>
>>>> public interface AuthorizationService {
>>>>
>>>>       void checkPermission(Subject subject, String permission);
>>>>
>>>>       boolean isPermitted(Subject subject, String permission);
>>>>
>>>> }
>>>>
>>>>
>>>> This service would be used transparently by karaf commands by modifying
>>>> the
>>>> BlueprintCommand class and calling checkPermission with the current
>>>> Subject
>>>> and a permission which is
>>>>      "command:" + [scope] + ":" + [command]
>>>>
>>>> Permissions can be set through ConfigAdmin using a single property which
>>>> contains an xml which looks like:
>>>>       <entries>
>>>>          <entry permission="[xxx]" roles="[xxx]" type="add|set|modify"
>>>> />
>>>>          [ more entries ]
>>>>       </entries>
>>>>
>>>> The matching is done by checking the permission given in the call to the
>>>> AuthorizationService with the entries in the configuration.  Matching
>>>> entries are used to compute the list of authorized roles and those roles
>>>> are checked against the roles of the authenticated Subject.
>>>> This mechanism is the same we had in ServiceMix 3.x.
>>>>
>>>> This allows to define permissions for a subshell or a single command.
>>>>  It
>>>> does not provide a very easy way to split read operations from write
>>>> operations and this would have to be done in an example configuration
>>>> maybe
>>>> to ease the user task.
>>>> That said, the mechanism is easily extensible and we can later add
>>>> permissions for JMX access or any other part of Karaf that would benefit
>>>> from that.
>>>>
>>>> Thoughts welcomed, as usual.
>>>>
>>>>
>>>>
>>>>
>>>>  --
>>> Jean-Baptiste Onofré
>>> jbonofre@apache.org
>>> http://blog.nanthrax.net
>>> Talend - http://www.talend.com
>>>
>>>
>>
>>
>>
> --
> Jean-Baptiste Onofré
> jbonofre@apache.org
> http://blog.nanthrax.net
> Talend - http://www.talend.com
>



-- 
------------------------
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
FuseSource, Integration everywhere
http://fusesource.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message