summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2013-09-27 14:49:49 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-10-01 21:14:42 +0200
commitd1f3610aefcb634f212d4c099fac102b3e4dee59 (patch)
tree61f1f1fdbd97d68478792cf4e094c3de8114dbfb
parent4343b618051d295cbb1a805a85feb117a91c6945 (diff)
downloadsssd-d1f3610aefcb634f212d4c099fac102b3e4dee59.tar.gz
sssd-d1f3610aefcb634f212d4c099fac102b3e4dee59.tar.bz2
sssd-d1f3610aefcb634f212d4c099fac102b3e4dee59.zip
sudo: allow specifying only one time restriction
https://fedorahosted.org/sssd/ticket/2100
-rw-r--r--src/db/sysdb_sudo.c81
1 files changed, 34 insertions, 47 deletions
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
index d6cc3eae..65481f13 100644
--- a/src/db/sysdb_sudo.c
+++ b/src/db/sysdb_sudo.c
@@ -106,64 +106,51 @@ static errno_t sysdb_sudo_check_time(struct sysdb_attrs *rule,
/* check for sudoNotBefore */
ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_NOTBEFORE,
tmp_ctx, &values);
- if (ret == ENOENT) {
- DEBUG(SSSDBG_TRACE_LIBS,
- ("notBefore attribute is missing, the rule [%s] is valid\n",
- name));
- *result = true;
- ret = EOK;
- goto done;
- } else if (ret != EOK) {
- goto done;
- }
-
- for (i=0; values[i] ; i++) {
- ret = sysdb_sudo_convert_time(values[i], &converted);
- if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n",
- name));
- goto done;
- }
+ if (ret == EOK) {
+ for (i=0; values[i] ; i++) {
+ ret = sysdb_sudo_convert_time(values[i], &converted);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n",
+ name));
+ goto done;
+ }
- /* Grab the earliest */
- if (!notBefore) {
- notBefore = converted;
- } else if (notBefore > converted) {
- notBefore = converted;
+ /* Grab the earliest */
+ if (!notBefore) {
+ notBefore = converted;
+ } else if (notBefore > converted) {
+ notBefore = converted;
+ }
}
+ } else if (ret != ENOENT) {
+ goto done;
}
/* check for sudoNotAfter */
ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_NOTAFTER,
tmp_ctx, &values);
- if (ret == ENOENT) {
- DEBUG(SSSDBG_TRACE_LIBS,
- ("notAfter attribute is missing, the rule [%s] is valid\n",
- name));
- *result = true;
- ret = EOK;
- goto done;
- } else if (ret != EOK) {
- goto done;
- }
-
- for (i=0; values[i] ; i++) {
- ret = sysdb_sudo_convert_time(values[i], &converted);
- if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n",
- name));
- goto done;
- }
+ if (ret == EOK) {
+ for (i=0; values[i] ; i++) {
+ ret = sysdb_sudo_convert_time(values[i], &converted);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n",
+ name));
+ goto done;
+ }
- /* Grab the latest */
- if (!notAfter) {
- notAfter = converted;
- } else if (notAfter < converted) {
- notAfter = converted;
+ /* Grab the latest */
+ if (!notAfter) {
+ notAfter = converted;
+ } else if (notAfter < converted) {
+ notAfter = converted;
+ }
}
+ } else if (ret != ENOENT) {
+ goto done;
}
- if (now >= notBefore && now <= notAfter) {
+ if ((notBefore == 0 || now >= notBefore)
+ && (notAfter == 0 || now <= notAfter)) {
*result = true;
}